Overview Repositories Revisions Requests Users Attributes Meta

Revisions of libXpm

Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1115069 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 16) 
- Update to 3.5.17
  * This release contains fixes for the libXpm issues reported in
    security advisory here: 
    https://lists.x.org/archives/xorg-announce/2023-October/003424.html
  * fixes CVE-2023-43788 libXpm: out of bounds read in
    XpmCreateXpmImageFromBuffer() (boo#1215686)
  * fixes CVE-2023-43789 libXpm: out of bounds read on XPM with
    corrupted colormap (boo#1215687)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1080119 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 15) 
- update to 3.5.16:
  * test: skip compressed file tests when --disable-open-zfile is used
  * gitlab CI: build with each of --enable-open-zfile & --disable-open-zfile
  * configure: correct error message to suggest --disable-open-zfile
  * open-zfile: Make compress & uncompress commands optional
  * Require LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL
  * XpmCreateDataFromXpmImage: Fix misleading indentation
  * parse.c: Wrap FREE_CIDX definition in do { ... } while(0)
  * parse.c: remove unused function xstrlcpy()
  * test: Use PACKAGE_BUGREPORT instead of hard-coded URL's
  * test: Add simple test cases for functions in src/rgb.c
  * xpmReadRgbNames: constify filename argument
  * Fix a memleak in ParsePixels error code path
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1079097 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 14) 
- with switching to suggests making use of (n)compress no longer
  needs to be limited to openSUSE

- suggests instead of require compress (see changelog below) 

- require compress (ncompress package) on openSUSE; it's not
  supported on SLE

- Drop n_no-compress-on-sle.patch and set XPM_PATH_COMPRESS instead
  (xpmPipeThrough function returns NULL when the command is not 
   available; so same result as with the patch applied; that the
   child process for executing 'compress' returns with exit(1)
   doesn't matter much; it might even be useful to see the error
   message ...)

- Depend also on /usr/bin/uncompress, not only /usr/bin/gzip;
  Requiring binaries instead of packages resolves the file 
  conflict with busybox-gzip, which is used when building nginx
  opensuse images; dep chain was: nginx -> libdg3 -> libXpm4 -> gzip
  ==> conflict with busybox-gzip

- Depend on /usr/bin/gzip, not gzip
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1077087 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 13) 
- n_no-compress-on-sle.patch
  * we can't handle .Z files, since we don't have ncompress package
    on SLE; so disable this feature as before (bsc#1207031)
- BuildRequires
  * removed again ncompress
  * added again autoconf, automake, libtool
- run again autoreconf due to patch above

- update to 3.5.15:  
  * Use gzip -d instead of gunzip
  * Prevent a double free in the error code path
  * Fix CVE-2022-4883: compression commands depend on $PATH
  * Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
  * test: add test cases for CVE-2022-44617 (zero-width w/enormous height)
  * Fix CVE-2022-46285: Infinite loop on unclosed comments
  * test: add test case for CVE-2022-46285 (unclosed comments)
  * cxpm: getc/ungetc wrappers should not adjust position when c == EOF
  * test: Add unit tests using glib framework
  * configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE
  * man pages: Apply standard man page style/formatting
  * man pages: Replace "See Also" entries with more useful ones
  * man pages: Fix typos and other minor editing
- drop U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch,
      U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch,
      U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch,
      U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch,
      U_regression-bug1207029_1207030_1207031.patch
      U_regression2-bug1207029_1207030_1207031.patch: upstream
- switch urls to https
- spec file cleanups
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1059036 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 12) 
- U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch
  * needed by U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
- U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch
  * libXpm: Infinite loop on unclosed comments (CVE-2022-46285, 
    bsc#1207029)
- U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch
  * libXpm: Runaway loop on width of 0 and enormous height 
    (CVE-2022-44617, bsc#1207030)
- U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
  * libXpm: compression commands depend on $PATH (CVE-2022-4883,
    bsc#1207031)
- U_regression-bug1207029_1207030_1207031.patch
  * regression fix for above patches
- U_regression2-bug1207029_1207030_1207031.patch
  * second regression fix: Use gzip -d instead of gunzip
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1036996 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 11) 
- Update to version 3.5.14
  * Fix spelling/wording issues
  * man: strip trailing whitespace
  * gitlab CI: add a basic build test
  * man pages: Make file names consistent with their displayed names
  * man pages: Fix shadow man pages
  * man pages: Make function synopses more consistent with other pages
  * man pages: Add missing word 'function' where needed
  * man pages: Fix typos
  * man pages: Correct Copyright/License notices
  * add man pages based on doc/xpm.PS
  * update man pages
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 760856 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 10) 
- Update to version 3.5.13
  The fixes here are some found by static analysers, and a build
  fix for Windows (which, curiously, is dated to 2012 so clearly
  we're at the top of the game here). Nothing overly exciting,
  but covscan, parfait, etc. should be a bit happier now.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 448432 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 9) 
- added baselibs.conf as source in specfile 

- Update to version 3.5.12:
  * Fix abs() usage.
  * Fix out out boundary read on unknown colors
  * Gracefully handle EOF while parsing files.
  * Avoid OOB write when handling malicious XPM files.
  * Handle size_t in file/buffer length
Adrian Schröter's avatar Adrian Schröter (adrianSuSE) committed (revision 8) 
Split 13.2 from Factory
Adrian Schröter's avatar Adrian Schröter (adrianSuSE) committed (revision 7) 
Split 13.1 from Factory
Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_factory) accepted request 198894 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 6) 
Update to ver 3.5.11 (forwarded request 198755 from Zaitor)
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 160099 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 5) 
Automatic submission by obs-autosubmit
Adrian Schröter's avatar Adrian Schröter (adrianSuSE) committed (revision 4) 
Split 12.3 from Factory
Adrian Schröter's avatar Adrian Schröter (adrianSuSE) committed (revision 3) 
branched from openSUSE:Factory
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 115358 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 2) 
Pushing X11:XOrg
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 105464 from Stefan Dirsch's avatar Stefan Dirsch (sndirsch) (revision 1) 
- Rename xorg-x11-libXpm to libXpm and utilize shlib policy
Displaying all 16 revisions
openSUSE Build Service is sponsored by
Places