#
# spec file for package libpng12
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


#
%define major   1
%define minor   2
%define micro   59
%define branch  %{major}%{minor}
%define libname libpng%{branch}-0

Name:           libpng12
Url:            http://www.libpng.org/pub/png/libpng.html
Version:        %{major}.%{minor}.%{micro}
Release:        2.2
Summary:        Library for the Portable Network Graphics Format (PNG)
License:        Zlib
Group:          Development/Libraries/C and C++
Source:         http://downloads.sourceforge.net/project/libpng/%{name}/%{version}/libpng-%{version}.tar.xz
Source2:        baselibs.conf
Patch0:         libpng-1.2.51-CVE-2013-7353.patch
Patch1:         libpng-1.2.51-CVE-2013-7354.patch
BuildRequires:  libtool
BuildRequires:  pkg-config
BuildRequires:  zlib-devel
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
%define debug_package_requires %{libname} = %{version}-%{release}

%package -n %{libname}

Summary:        Library for the Portable Network Graphics Format (PNG)
# bug437293
Group:          System/Libraries
%ifarch ppc64
Obsoletes:      libpng-64bit
%endif
#
Obsoletes:      libpng < %{version}
Provides:       libpng = %{version}-%{release}

%package devel
Summary:        Development tools for applications which will use libpng
Group:          Development/Libraries/C and C++
Requires:       %{libname} = %{version}
Requires:       glibc-devel
Requires:       pkg-config
Requires:       zlib-devel
Recommends:     libpng%{branch}-compat-devel
# bug437293
%ifarch ppc64
Obsoletes:      libpng-devel-64bit
%endif
#

%package compat-devel
Summary:        Development tools for applications which will use libpng
Group:          Development/Libraries/C and C++
Requires:       libpng%{branch}-devel = %{version}
Provides:       libpng-devel = %{version}
Obsoletes:      libpng-devel < 1.2.43
Conflicts:      otherproviders(libpng-devel)

%description
libpng is the official reference library for the Portable Network
Graphics format (PNG).

%description -n %{libname}
libpng is the official reference library for the Portable Network
Graphics format (PNG).

%description devel
The libpng%{branch}-devel package includes the header files, libraries,
configuration files and development tools necessary for compiling and
linking programs which will manipulate PNG files using libpng%{branch}.

libpng is the official reference library for the Portable Network
Graphics (PNG) format.

%description compat-devel
The libpng%{branch}-compat-devel package contains unversioned symlinks 
to the header files, libraries, configuration files and development 
tools necessary for compiling and linking programs that don't care 
about libpng version.

%prep
%setup -n libpng-%{version}
%patch0 
%patch1

%build
# PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1
export CFLAGS="%optflags -O3 -DPNG_SAFE_LIMITS_SUPPORTED -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)"
export LDFLAGS="-Wl,-z,relro,-z,now"

%configure \
              --disable-static
#              \
#              --with-libpng-compat=no
make %{?_smp_mflags}

%check
make -j1 check

%install
make install DESTDIR=$RPM_BUILD_ROOT 
rm $RPM_BUILD_ROOT/%{_libdir}/libpng*.la

%post -n %{libname} -p /sbin/ldconfig

%postun -n %{libname} -p /sbin/ldconfig

%files -n %{libname}
%defattr(-,root,root)
%{_libdir}/libpng%{branch}.so.*
%{_libdir}/libpng.so.*

%files devel
%defattr(-,root,root)
%{_bindir}/libpng%{branch}-config
%{_includedir}/libpng%{branch}
%{_libdir}/libpng%{branch}.so
%{_libdir}/pkgconfig/libpng%{branch}.pc
%doc CHANGES README TODO ANNOUNCE LICENSE libpng-*.txt

%files compat-devel
%defattr(-,root,root)
%{_bindir}/libpng-config
%{_includedir}/*.h
%{_libdir}/libpng.so
%{_libdir}/pkgconfig/libpng.pc
%doc %{_mandir}/man3/libpng.3.gz
%doc %{_mandir}/man3/libpngpf.3.gz
%doc %{_mandir}/man5/png.5.gz

%changelog
* Wed Jan 31 2018 pgajdos@suse.com
- check with -j1, be explicit
* Tue Jan 30 2018 jengelh@inai.de
- Fix SRPM group and grammar issues.
* Mon Jan  2 2017 pgajdos@suse.com
- updated to 1.2.57: fixes CVE-2016-10087
* Thu Dec 17 2015 pgajdos@suse.com
- updated to 1.2.56:
  Fixed an out-of-range read in png_check_keyword() (Bug report from
    Qixue Xiao, CVE-2015-8540).
  Added keyword checks to pngset.c
* Thu Dec  3 2015 pgajdos@suse.com
- updated to 1.2.55:
  Avoid potential pointer overflow in png_handle_iTXt(), png_handle_zTXt(),
    png_handle_sPLT(), and png_handle_pCAL() (Bug report by John Regehr).
  Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
    not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
    vulnerability.
* Fri Nov 13 2015 pgajdos@suse.com
- updated to 1.2.54
* Fri Aug  7 2015 pgajdos@suse.com
- build in build section
* Fri Feb 27 2015 pgajdos@suse.com
- updated to 1.2.53:
  Issue a png_error() instead of a png_warning() when width is
    potentially too large for the architecture, in case the calling
    application has overridden the default 1,000,000-column limit
    (fixes CVE-2014-9495 and CVE-2015-0973).
  Display user limits in the output from pngtest.
  Changed PNG_USER_CHUNK_MALLOC_MAX from unlimited to 8,000,000.
    This can only be changed at library-build time.  It only
    affects the maximum memory that can be allocated to an
    ancillary chunk; it does not limit the size of IDAT
    data, which is instead limited by PNG_USER_WIDTH_MAX.
* Mon Jan 19 2015 olaf@aepfle.de
- Fix CVE-2013-7354.patch, include limits.h for INT_MAX
* Thu Nov 20 2014 pgajdos@suse.com
- updated to 1.2.52:
  * Avoid out-of-bounds memory access while checking version string.
* Tue Apr 22 2014 pgajdos@suse.com
- security update:
  * CVE-2013-7353.patch [bnc#873124]
  * CVE-2013-7354.patch [bnc#873123]
* Fri Feb  7 2014 pgajdos@suse.com
- updated to 1.2.51:
  Ignore, with a warning, out-of-range value of num_trans in png_set_tRNS().
  Replaced AM_CONFIG_HEADER(config.h) with
    AC_CONFIG_HEADERS([config.h]) in configure.ac
  Changed default value of PNG_USER_CACHE_MAX from 0 to 32767 in pngconf.h.
  Avoid a possible memory leak in contrib/gregbook/readpng.c
  Revised libpng.3 so that "doclifter" can process it.
  Changed '"%%s"m' to '"%%s" m' in png_debug macros to improve portability
    among compilers.
  Rebuilt the configure scripts with autoconf-2.69 and automake-1.14.1
  Removed potentially misleading warning from png_check_IHDR().
  Quiet set-but-not-used warnings in pngset.c
  Quiet an uninitialized memory warning from VC2013 in png_get_png().
  Quiet unused variable warnings from clang by porting PNG_UNUSED() from
    libpng-1.4.6.
  Added -DZ_SOLO to CFLAGS in contrib/pngminim/*/makefile
  Added an #ifdef PNG_FIXED_POINT_SUPPORTED/#endif in pngset.c
* Wed Apr 17 2013 coolo@suse.com
- add conflicts in -32bit package
* Mon Apr 15 2013 mmeister@suse.com
- Added url as source.
  Please see http://en.opensuse.org/SourceUrls
* Wed Oct 24 2012 jengelh@inai.de
- Add missing baselib requires for compat-devel-32bit
* Wed Jul 11 2012 pgajdos@suse.com
- updated to 1.2.50:
  Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386.
* Thu Mar 29 2012 pgajdos@suse.com
- updated to 1.2.49: [bnc#754745]
  Revised png_set_text_2() to avoid potential memory corruption (fixes
    CVE-2011-3048).
  Prevent PNG_EXPAND+PNG_SHIFT doing the shift twice.
* Wed Mar 14 2012 pgajdos@suse.com
- updated to 1.2.48:
  * fixed CVE-2011-3045 [bnc#752008]
* Mon Feb 20 2012 pgajdos@suse.com
- updated to 1.2.47:
  * fixed CVE-2011-3026 [bnc#747311]
* Thu Dec  1 2011 idoenmez@suse.de
- Name field shouldn't contain a macro
* Thu Dec  1 2011 coolo@suse.com
- add libtool as buildrequire to avoid implicit dependency
* Wed Oct  5 2011 uli@suse.com
- cross-build fix: use %%configure macro
* Tue Jul 12 2011 pgajdos@novell.com
- updated to 1.2.46:
  * fixed CVE-2011-2501 [bnc#702578]
* Mon Aug 30 2010 coolo@novell.com
- fix baselibs.conf after previous change
* Thu Jul 29 2010 pgajdos@suse.cz
- add devel packages to baselibs.conf [bnc#625883]
* Mon Jun 28 2010 pgajdos@suse.cz
- updated to 1.2.44: fixed libpng overflow (CVE-2010-1205)
  and memory leak [bnc#617866]
* Fri Jun  4 2010 coolo@novell.com
- remove the devel packages from baselibs.conf, not convinced of
  their usefulness
* Sat Apr 24 2010 coolo@novell.com
- buildrequire pkg-config to fix provides
* Thu Feb 25 2010 pgajdos@suse.cz
- updated to 1.2.43 (fixes [bnc#585403]):
  * Removed "#define PNG_NO_ERROR_NUMBERS" that was inadvertently added
    to pngconf.h in version 1.2.41.
  * Removed leftover "-DPNG_CONFIGURE_LIBPNG" from scripts/makefile.darwin
    and contrib/pngminim/*/makefile
  * Relocated png_do_chop() to its original position in pngrtran.c; the
    change in version 1.2.41beta08 caused transparency to be handled wrong
    in some 16-bit datastreams (Yusaku Sugai).
  * Renamed libpng-pc.in back to libpng.pc.in and revised CMakeLists.txt
    (revising changes made in 1.2.41)
  * Swapped PNG_UNKNOWN_CHUNKS_SUPPORTED and PNG_HANDLE_AS_UNKNOWN_SUPPORTED
    in pngset.c to be consistent with other changes in version 1.2.38.
  * Avoid deprecated references to png_ptr-io_ptr and png_ptr->error_ptr
    in pngtest.c
* Mon Dec 14 2009 jengelh@medozas.de
- add baselibs.conf as a source
* Mon Dec  7 2009 pgajdos@suse.cz
- updated to 1.2.41:
  contains numerous cleanups, some new compile-time warnings about
  direct struct access (define PNG_NO_PEDANTIC_WARNINGS to enable),
  a new xcode build project, and a minor performance improvement
  (avoid building 16-bit gamma tables when not needed)
* Tue Nov 24 2009 pgajdos@suse.cz
- updated to 1.2.40:
  Removed an extra png_debug() recently added to png_write_find_filter().
  Fixed incorrect #ifdef in pngset.c regarding unknown chunk support.
  Various bugfixes and improvements to CMakeLists.txt (Philip Lowman)
* Tue Nov  3 2009 coolo@novell.com
- updated patches to apply with fuzz=0
* Thu Aug 13 2009 pgajdos@suse.cz
- updated to 1.2.39:
  * Added a prototype for png_64bit_product() in png.c
  * Avoid a possible NULL dereference in debug build,
    in png_set_text_2()
  * Relocated new png_64_bit_product() prototype into png.h
  * Replaced *.tar.lzma with *.txz in distribution.
  * Reject attempt to write iCCP chunk with negative embedded
    profile length.
* Mon Jul 20 2009 pgajdos@suse.cz
- updated to 1.2.38:
  * Revised libpng*.txt and libpng.3 to mention calling png_set_IHDR()
    multiple times and to specify the sample order in the tRNS chunk,
    because the ISO PNG specification has a typo in the tRNS table.
  * Changed several PNG_UNKNOWN_CHUNK_SUPPORTED to
    PNG_HANDLE_AS_UNKNOWN_SUPPORTED, to make the png_set_keep mechanism
    available for ignoring known chunks even when not saving unknown chunks.
  * Adopted preference for consistent use of "#ifdef" and "#ifndef" versus
    "#if defined()" and "if !defined()" where possible.
  * Added PNG_NO_HANDLE_AS_UNKNOWN in the PNG_LEGACY_SUPPORTED block of
    pngconf.h, and moved the various unknown chunk macro definitions
    outside of the PNG_READ|WRITE_ANCILLARY_CHUNK_SUPPORTED blocks.
* Thu Jun  4 2009 pgajdos@suse.cz
- updated to 1.2.37:
  * fixed bug with new png_memset() of the big_row_buffer
* Tue May 12 2009 pgajdos@suse.cz
- updated to 1.2.36 (see CHANGES)
* Mon Feb 23 2009 pgajdos@suse.cz
- fixes possible double free [bnc#472745]
  (CVE-2009-0040)
* Mon Jan 19 2009 pgajdos@suse.cz
- updated to 1.2.34:
  * fixes CVE-2008-3964 (removed CVE-2008-3964.patch)
* Tue Jan 13 2009 olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
* Mon Sep 15 2008 pgajdos@suse.cz
- fixed CVE-2008-3964 [bnc#424739]
  * CVE-2008-3964.patch
* Thu Sep 11 2008 pgajdos@suse.cz
- updated to version 1.2.31:
  * coding bugfixes and enhancements
* Mon Sep  1 2008 aj@suse.de
- Do not package la files.
* Mon Jun 23 2008 pgajdos@suse.cz
- updated to 1.2.29:
  * fixes to the configure-related build-scripts
  * security fix that affects programs that attempt to do
    special handling of unknown PNG chunks (presumably very
    few such programs), along with a reversion to previous
    behavior for handling of images with out-of-range tRNS-chunk
    values [bnc#378634]
  * fix for unintentional gray-to-RGB conversion in
    png_set_expand_gray_1_2_4_to_8()
  * various other minor fixes
- removed makefile-am.patch, issue fixed upstream
* Sun May 11 2008 coolo@suse.de
- fix rename of xxbit packages
* Tue Apr 22 2008 pgajdos@suse.cz
- $(ECHO) substituted by echo in Makefile.in -- fixes package
  build in beta (makefile-am.patch)
* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
  for multilib support
* Thu Apr  3 2008 pgajdos@suse.cz
- updated to 1.2.26:
  * fixed minor coding errors that could lead to crashes in
    exceptional cases
* Thu Dec  6 2007 mrueckert@suse.de
- added provides/obsoletes for the old package
* Fri Nov 30 2007 nadvornik@suse.cz
- updated to 1.2.23:
  * more sanity checks, fixes [#332249]
- adjusted to Shared Library Policy:
  * renamed package libpng to libpng12-0
  * created compatibility package libpng3
* Wed Jul 11 2007 nadvornik@suse.cz
- updated to 1.2.18:
  * security fixes merged upstream
* Thu Mar 29 2007 aj@suse.de
- Add zlib-devel to BuildRequires.
* Thu Nov 23 2006 nadvornik@suse.cz
- fixed crash on malformed sPLT chunks CVE-2006-5793 [#219007]
* Mon Jul 17 2006 nadvornik@suse.cz
- make sure PNG_NO_ASSEMBLER_CODE is used consistently
* Thu Jun 29 2006 nadvornik@suse.cz
- updated to 1.2.12:
  * fixed possible buffer overflow [#189241]
* Wed Jun 21 2006 nadvornik@suse.cz
- updated to 1.2.10:
  * use autoconf
  * many bugfixes
- libpng12-config no longer gives -Wl,-rpath,/usr/lib [#168627]
- spec file cleanup
* Fri Feb 24 2006 nadvornik@suse.cz
- removed libpng-64bit.diff [#153106]
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Thu Jan 12 2006 nadvornik@suse.cz
- compile with -fstack-protector
* Mon Oct 10 2005 nadvornik@suse.cz
- fixed incorrect inline asm usage
* Thu May 19 2005 ro@suse.de
- fix libdir in pkgconfig file libpng.pc
* Thu Jan 20 2005 nadvornik@suse.cz
- updated to 1.2.8:
  * fixed crash of applications that strip the alpha channel
  * fixed invalid zlib header within the PNG datastream
* Mon Sep 27 2004 sf@suse.de
-  fixed problem with wrong assumption for long on 64bit archs
  which prevents khunphan from working (#45738)
* Wed Aug 25 2004 kukuk@suse.de
- Avoid /bin/sh PreRequires
* Mon Aug 16 2004 nadvornik@suse.cz
- updated to 1.2.6: included security fixes
* Mon Jul 19 2004 nadvornik@suse.cz
- fixed several buffer overflows [#43008]
* Wed Jun 16 2004 nadvornik@suse.cz
- added missing part of pngtran overflow patch [#42043]
* Fri Apr 23 2004 nadvornik@suse.cz
- fixed reading behind end of string [#39180]
* Sat Jan 10 2004 adrian@suse.de
- build as user
* Fri Oct 10 2003 adrian@suse.de
- add %%run_ldconfig
* Mon Apr  7 2003 ro@suse.de
- fix tail calling syntax
* Mon Feb 10 2003 nadvornik@suse.cz
- link the shared library with -lz -lm -lc again
* Wed Jan 29 2003 kukuk@suse.de
- Fix libpng-devel requires (add zlib-devel) [Bug #23154]
* Fri Jan 24 2003 sbrabec@suse.cz
- Added missing pkgconfig files to %%files.
* Tue Jan  7 2003 nadvornik@suse.cz
- updated to 1.2.5
- fixed buffer overflow
* Wed Jul 31 2002 coolo@suse.de
- fix libz dependency, so the resulting libpng is self containing
* Fri Jul 26 2002 adrian@suse.de
- fix neededforbuild
* Wed Jul 24 2002 nadvornik@suse.cz
- updated to 1.2.4:
  - fixed buffer overflow in pngpread.c when IDAT is
    corrupted with extra data
* Fri Jul 12 2002 schwab@suse.de
- Fix makefile.
* Fri Jul  5 2002 kukuk@suse.de
- Use %%ix86 macro
* Tue Jul  2 2002 nadvornik@suse.cz
- updated to 1.2.3
- changed package version to match the version of source tarball
* Tue Mar  5 2002 nadvornik@suse.cz
- fixed permissions for man pages
* Tue Feb  5 2002 nadvornik@suse.cz
- added Provides: libpng:/usr/include/png.h to libpng-devel
* Thu Jan 31 2002 nadvornik@suse.cz
- back to 1.0.12, libpng 1.2.x will be packed in separate package
- created devel subpackage to allow parallel instalation of
  shared libraries
* Wed Jan  9 2002 nadvornik@suse.cz
- update to 1.2.1
- used macros %%{_lib} and %%{_libdir}
* Tue Dec  4 2001 nadvornik@suse.cz
- update to 1.2.0
  - shared library version changed to 3.1.2.0
  - new API for dynamically enabling and disabling certain optimizations
- added Provides: libpng-devel for compatibility [bug #11978]
* Tue Jul 17 2001 nadvornik@suse.cz
- update to 1.0.12
* Tue Apr  3 2001 nadvornik@suse.cz
- update to 1.0.10
- used pnggccrd.c - MMX support on intel
* Tue Feb 13 2001 nadvornik@suse.cz
- update to 1.0.9
* Fri Jan 19 2001 bk@suse.de
- call pngtest program to have some tests that libpng works.
- don't remove -O3 when adding RPM_OPT_FLAGS(still do -O3 optimisations)
* Thu Jan  4 2001 nadvornik@suse.cz
- changed rpm version to 2.1.0.8 (bug #5062)
- changed shared library name to libpng.so.2.1.0.8
* Wed Aug 23 2000 nadvornik@suse.cz
- update to 1.0.8
* Tue Jul 11 2000 adrian@suse.de
- seg fault fix in pngrutil.c
* Mon May 22 2000 nadvornik@suse.cz
- changed group
- changed URL
* Sat Apr 29 2000 kukuk@suse.de
- Make sure libpng.so.2 is linked against libz to avoid problems
  with missing dependencies.
* Mon Apr 10 2000 nadvornik@suse.cz
- added URL
* Tue Apr  4 2000 nadvornik@suse.cz
- update to 1.0.6
- added BuildRoot
* Tue Jan 25 2000 ro@suse.de
- update to 1.0.5
- manpages to /usr/share using macro
* Mon Sep 13 1999 bs@suse.de
- ran old prepare_spec on spec file to switch to new prepare_spec.
* Tue Jun 29 1999 ro@suse.de
- moved from /usr/X11R6 to /usr
* Mon Jun 28 1999 ro@suse.de
- update to 1.0.3
* Wed Feb 17 1999 ro@suse.de
- added .so.2 link
* Fri Jan 22 1999 ro@suse.de
- bump version to 2.1.0 (the version of the installed library)
* Fri Mar 20 1998 ro@suse.de
- extracted package from libgr tree
  update to version 1.0.1