baserev update by copy to link target

• Files Changed
• Browse Source

- Update to 3.5.17
  * This release contains fixes for the libXpm issues reported in
    security advisory here: 
    https://lists.x.org/archives/xorg-announce/2023-October/003424.html
  * fixes CVE-2023-43788 libXpm: out of bounds read in
    XpmCreateXpmImageFromBuffer() (boo#1215686)
  * fixes CVE-2023-43789 libXpm: out of bounds read on XPM with
    corrupted colormap (boo#1215687)

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- update to 3.5.16:
  * test: skip compressed file tests when --disable-open-zfile is used
  * gitlab CI: build with each of --enable-open-zfile & --disable-open-zfile
  * configure: correct error message to suggest --disable-open-zfile
  * open-zfile: Make compress & uncompress commands optional
  * Require LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL
  * XpmCreateDataFromXpmImage: Fix misleading indentation
  * parse.c: Wrap FREE_CIDX definition in do { ... } while(0)
  * parse.c: remove unused function xstrlcpy()
  * test: Use PACKAGE_BUGREPORT instead of hard-coded URL's
  * test: Add simple test cases for functions in src/rgb.c
  * xpmReadRgbNames: constify filename argument
  * Fix a memleak in ParsePixels error code path

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- with switching to suggests making use of (n)compress no longer
  needs to be limited to openSUSE

• Files Changed
• Browse Source

- suggests instead of require compress (see changelog below)

• Files Changed
• Browse Source

- require compress (ncompress package) on openSUSE; it's not
- improved latest changelog entry (better explnation)

• Files Changed
• Browse Source

- Drop n_no-compress-on-sle.patch and set XPM_PATH_COMPRESS instead

• Files Changed
• Browse Source

- Depend also on /usr/bin/uncompress, not only /usr/bin/gzip;
  Requiring binaries instead of packages resolves the file 
  conflict with busybox-gzip, which is used when building nginx
  opensuse images; dep chain was: nginx -> libdg3 -> libXpm4 -> gzip
  ==> conflict with busybox-gzip

• Files Changed
• Browse Source

- Depend on /usr/bin/gzip, not gzip

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- n_no-compress-on-sle.patch
  * we can't handle .Z files, since we don't have ncompress package
    on SLE; so disable this feature as before (bsc#1207031)
- BuildRequires
  * removed again ncompress
  * added again autoconf, automake, libtool
- run again autoreconf due to patch above

- update to 3.5.15:  
  * Use gzip -d instead of gunzip
  * Prevent a double free in the error code path
  * Fix CVE-2022-4883: compression commands depend on $PATH
  * Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
  * test: add test cases for CVE-2022-44617 (zero-width w/enormous height)
  * Fix CVE-2022-46285: Infinite loop on unclosed comments
  * test: add test case for CVE-2022-46285 (unclosed comments)
  * cxpm: getc/ungetc wrappers should not adjust position when c == EOF
  * test: Add unit tests using glib framework
  * configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE
  * man pages: Apply standard man page style/formatting
  * man pages: Replace "See Also" entries with more useful ones
  * man pages: Fix typos and other minor editing
- drop U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch,
      U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch,
      U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch,
      U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch,
      U_regression-bug1207029_1207030_1207031.patch
      U_regression2-bug1207029_1207030_1207031.patch: upstream
- switch urls to https
- spec file cleanups

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch
  * needed by U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
- U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch
  * libXpm: Infinite loop on unclosed comments (CVE-2022-46285, 
    bsc#1207029)
- U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch
  * libXpm: Runaway loop on width of 0 and enormous height 
    (CVE-2022-44617, bsc#1207030)
- U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
  * libXpm: compression commands depend on $PATH (CVE-2022-4883,
    bsc#1207031)
- U_regression-bug1207029_1207030_1207031.patch
  * regression fix for above patches
- U_regression2-bug1207029_1207030_1207031.patch
  * second regression fix: Use gzip -d instead of gunzip

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Update to version 3.5.14
  * Fix spelling/wording issues
  * man: strip trailing whitespace
  * gitlab CI: add a basic build test
  * man pages: Make file names consistent with their displayed names
  * man pages: Fix shadow man pages
  * man pages: Make function synopses more consistent with other pages
  * man pages: Add missing word 'function' where needed
  * man pages: Fix typos
  * man pages: Correct Copyright/License notices
  * add man pages based on doc/xpm.PS
  * update man pages

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Update to version 3.5.13
  The fixes here are some found by static analysers, and a build
  fix for Windows (which, curiously, is dated to 2012 so clearly
  we're at the top of the game here). Nothing overly exciting,
  but covscan, parfait, etc. should be a bit happier now.

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source