# # spec file for package libXpm # # Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define lname libXpm4 Name: libXpm Version: 3.5.17 Release: 1.3 Summary: X Pixmap image file format library License: MIT Group: Development/Libraries/C and C++ URL: https://xorg.freedesktop.org/ #Git-Clone: git://anongit.freedesktop.org/xorg/lib/libXpm #Git-Web: http://cgit.freedesktop.org/xorg/lib/libXpm/ Source: https://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.xz Source1: https://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.xz.sig Source2: libXpm.keyring Source9: baselibs.conf BuildRequires: /usr/bin/gzip BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool BuildRequires: pkgconfig BuildRequires: pkgconfig(x11) BuildRequires: pkgconfig(xext) BuildRequires: pkgconfig(xextproto) BuildRequires: pkgconfig(xorg-macros) >= 1.8 BuildRequires: pkgconfig(xproto) >= 7.0.17 BuildRequires: pkgconfig(xt) %description libXpm facilitates working with XPM (X PixMap), a format for storing/retrieving X pixmaps to/from files. %package -n %{lname} Summary: X Pixmap image file format library Group: System/Libraries # Invokes 'gzip' and 'uncompress' at runtime. Requires: /usr/bin/gzip Requires: /usr/bin/uncompress # 'compress' (ncompress package) is not available on SLE Suggests: /usr/bin/compress %description -n %{lname} libXpm facilitates working with XPM (X PixMap), a format for storing/retrieving X pixmaps to/from files. %package devel Summary: Development files for the X Pixmap image file format library Group: Development/Libraries/C and C++ Requires: %{lname} = %{version} # O/P added for 12.2 Provides: xorg-x11-libXpm-devel = 7.6_%{version}-%{release} Obsoletes: xorg-x11-libXpm-devel < 7.6_%{version}-%{release} %description devel libXpm facilitates working with XPM (X PixMap), a format for storing/retrieving X pixmaps to/from files. This package contains the development headers for the library found in %{lname}. %package tools Summary: Conversion utilities for X Pixmap (XPM) files # O/P added for 12.2 Group: Productivity/Graphics/Convertors Provides: xorg-x11-libXpm = 7.6_%{version}-%{release} Obsoletes: xorg-x11-libXpm < 7.6_%{version}-%{release} %description tools The spxm tool converts XPM1/XPM2 files to XPM version 3. The cxpm tool will check whether an XPM file is correct or not with regard to its format. %prep %autosetup -p1 %build autoreconf -fi export XPM_PATH_COMPRESS=%{_bindir}/compress %configure --disable-static %make_build %install %make_install find %{buildroot} -type f -name "*.la" -delete -print %post -n %{lname} -p /sbin/ldconfig %postun -n %{lname} -p /sbin/ldconfig %files -n %{lname} %{_libdir}/libXpm.so.4* %files devel %{_includedir}/X11/* %{_libdir}/libXpm.so %{_libdir}/pkgconfig/xpm.pc %{_mandir}/man3/*.3%{?ext_man} %files tools %{_bindir}/cxpm %{_bindir}/sxpm %{_mandir}/man1/cxpm.1%{?ext_man} %{_mandir}/man1/sxpm.1%{?ext_man} %changelog * Tue Oct 3 2023 Stefan Dirsch - Update to 3.5.17 * This release contains fixes for the libXpm issues reported in security advisory here: https://lists.x.org/archives/xorg-announce/2023-October/003424.html * fixes CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (boo#1215686) * fixes CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap (boo#1215687) * Tue Apr 18 2023 Stefan Dirsch - update to 3.5.16: * test: skip compressed file tests when --disable-open-zfile is used * gitlab CI: build with each of --enable-open-zfile & --disable-open-zfile * configure: correct error message to suggest --disable-open-zfile * open-zfile: Make compress & uncompress commands optional * Require LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL * XpmCreateDataFromXpmImage: Fix misleading indentation * parse.c: Wrap FREE_CIDX definition in do { ... } while(0) * parse.c: remove unused function xstrlcpy() * test: Use PACKAGE_BUGREPORT instead of hard-coded URL's * test: Add simple test cases for functions in src/rgb.c * xpmReadRgbNames: constify filename argument * Fix a memleak in ParsePixels error code path * Thu Apr 13 2023 Stefan Dirsch - with switching to suggests making use of (n)compress no longer needs to be limited to openSUSE * Thu Apr 13 2023 Stefan Dirsch - suggests instead of require compress (see changelog below) * Wed Apr 12 2023 Stefan Dirsch - require compress (ncompress package) on openSUSE; it's not supported on SLE * Wed Apr 12 2023 Fabian Vogt - Drop n_no-compress-on-sle.patch and set XPM_PATH_COMPRESS instead (xpmPipeThrough function returns NULL when the command is not available; so same result as with the patch applied; that the child process for executing 'compress' returns with exit(1) doesn't matter much; it might even be useful to see the error message ...) * Wed Apr 12 2023 Stefan Dirsch - Depend also on /usr/bin/uncompress, not only /usr/bin/gzip; Requiring binaries instead of packages resolves the file conflict with busybox-gzip, which is used when building nginx opensuse images; dep chain was: nginx -> libdg3 -> libXpm4 -> gzip ==> conflict with busybox-gzip * Tue Apr 11 2023 Fabian Vogt - Depend on /usr/bin/gzip, not gzip * Mon Apr 3 2023 Stefan Dirsch - n_no-compress-on-sle.patch * we can't handle .Z files, since we don't have ncompress package on SLE; so disable this feature as before (bsc#1207031) - BuildRequires * removed again ncompress * added again autoconf, automake, libtool - run again autoreconf due to patch above * Mon Apr 3 2023 Dirk Müller - update to 3.5.15: * Use gzip -d instead of gunzip * Prevent a double free in the error code path * Fix CVE-2022-4883: compression commands depend on $PATH * Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height * test: add test cases for CVE-2022-44617 (zero-width w/enormous height) * Fix CVE-2022-46285: Infinite loop on unclosed comments * test: add test case for CVE-2022-46285 (unclosed comments) * cxpm: getc/ungetc wrappers should not adjust position when c == EOF * test: Add unit tests using glib framework * configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE * man pages: Apply standard man page style/formatting * man pages: Replace "See Also" entries with more useful ones * man pages: Fix typos and other minor editing - drop U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch, U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch, U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch, U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch, U_regression-bug1207029_1207030_1207031.patch U_regression2-bug1207029_1207030_1207031.patch: upstream - switch urls to https - spec file cleanups - add gpg keyring validation * Wed Jan 11 2023 Stefan Dirsch - U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch * needed by U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch - U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch * libXpm: Infinite loop on unclosed comments (CVE-2022-46285, bsc#1207029) - U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch * libXpm: Runaway loop on width of 0 and enormous height (CVE-2022-44617, bsc#1207030) - U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch * libXpm: compression commands depend on $PATH (CVE-2022-4883, bsc#1207031) - U_regression-bug1207029_1207030_1207031.patch * regression fix for above patches - U_regression2-bug1207029_1207030_1207031.patch * second regression fix: Use gzip -d instead of gunzip * Sun Nov 20 2022 Stefan Dirsch - Update to version 3.5.14 * Fix spelling/wording issues * man: strip trailing whitespace * gitlab CI: add a basic build test * man pages: Make file names consistent with their displayed names * man pages: Fix shadow man pages * man pages: Make function synopses more consistent with other pages * man pages: Add missing word 'function' where needed * man pages: Fix typos * man pages: Correct Copyright/License notices * add man pages based on doc/xpm.PS * update man pages * Sat Jan 4 2020 Stefan Dirsch - Update to version 3.5.13 The fixes here are some found by static analysers, and a build fix for Windows (which, curiously, is dated to 2012 so clearly we're at the top of the game here). Nothing overly exciting, but covscan, parfait, etc. should be a bit happier now. * Sun Jan 1 2017 sndirsch@suse.com - added baselibs.conf as source in specfile * Sun Jan 1 2017 sndirsch@suse.com - Update to version 3.5.12: * Fix abs() usage. * Fix out out boundary read on unknown colors * Gracefully handle EOF while parsing files. * Avoid OOB write when handling malicious XPM files. * Handle size_t in file/buffer length * Thu Sep 12 2013 zaitor@opensuse.org - Update to version 3.5.11: + Fix typo in COPYING (matches src/amigax.h). + Add noreturn attributes suggested by gcc. + Doclifter can't handle more than one dash in a name line. + Fix libXpm build with NO_ZPIPE. + Added 'const' attribute to all filename arguments in the API. + Added 'const' qualifier to the filename argument to internal functions. + Close fd if fdopen() or xpmPipeThrough() fails in OpenWriteFile(). + autogen.sh: Implement GNOME Build API. + configure: Remove AM_MAINTAINER_MODE. + Define NO_ZPIPE when building for MinGW. * Sun Feb 17 2013 jengelh@inai.de - Use more robust make install call * Wed Apr 11 2012 vuntz@opensuse.org - Update to version 3.5.10: + Compiler warning fixes + Janitorial cleanups + Build configuration improvements * Sun Feb 12 2012 jengelh@medozas.de - Rename xorg-x11-libXpm to libXpm and utilize shlib policy * Tue Dec 21 2010 sndirsch@novell.com - bumped version number to 7.6 * Sat Oct 30 2010 sndirsch@novell.com - libXpm 3.5.9 * This minor maintenance release provides a large collection of build configuration improvements and other janitorial cleanups. * Sun Apr 4 2010 sndirsch@suse.de - libXpm 3.5.8 - bumped version number to 7.5 * Mon Dec 14 2009 jengelh@medozas.de - add baselibs.conf as a source * Sat May 2 2009 eich@suse.de - revert static library and .la file removal for SUSE versions <= 11.1. * Tue Apr 21 2009 crrodriguez@suse.de - remove static libraries and "la" files - run ldconfig in postun * Thu Sep 11 2008 sndirsch@suse.de - bumped release number to 7.4 * Thu Apr 10 2008 ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support * Sat Sep 29 2007 sndirsch@suse.de - bumped version to 7.3 * Fri Aug 24 2007 sndirsch@suse.de - libXpm 3.5.7 * Sun bug 4486226: Xpm is not internationalized * Use AM_CFLAGS & AM_CPPFLAGS to replace per-program and obsolete macros * Include comment/copyright/license for AC_DEFINE_DIR in acinclude.m4 * Replace index/rindex with C89 standard strchr/strrchr * Use srcdir in paths passed to xgettext when making .po files * Replace strcpy with strncpy to match previous code block * X.Org Bug #11863: Build libXpm on MS Windows (with MinGW) * Sat Oct 14 2006 sndirsch@suse.de - updated to X.Org 7.2RC1 * Wed Aug 2 2006 sndirsch@suse.de - fix setup line * Fri Jul 28 2006 sndirsch@suse.de - use "-fno-strict-aliasing" * Thu Jul 27 2006 sndirsch@suse.de - use $RPM_OPT_FLAGS - remove existing /usr/include/X11 symlink in %%pre * Fri Jun 23 2006 sndirsch@suse.de - created package