SLFO-pool/libXpm
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
778d4940fb
libXpm/libXpm.changes

293 lines
11 KiB
Plaintext
Raw Blame History

-------------------------------------------------------------------
Tue Oct 3 20:43:14 UTC 2023 - Stefan Dirsch <sndirsch@suse.com>
- Update to 3.5.17
* This release contains fixes for the libXpm issues reported in
security advisory here:
https://lists.x.org/archives/xorg-announce/2023-October/003424.html
* fixes CVE-2023-43788 libXpm: out of bounds read in
XpmCreateXpmImageFromBuffer() (boo#1215686)
* fixes CVE-2023-43789 libXpm: out of bounds read on XPM with
corrupted colormap (boo#1215687)
-------------------------------------------------------------------
Tue Apr 18 11:28:16 UTC 2023 - Stefan Dirsch <sndirsch@suse.com>
- update to 3.5.16:
* test: skip compressed file tests when --disable-open-zfile is used
* gitlab CI: build with each of --enable-open-zfile & --disable-open-zfile
* configure: correct error message to suggest --disable-open-zfile
* open-zfile: Make compress & uncompress commands optional
* Require LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL
* XpmCreateDataFromXpmImage: Fix misleading indentation
* parse.c: Wrap FREE_CIDX definition in do { ... } while(0)
* parse.c: remove unused function xstrlcpy()
* test: Use PACKAGE_BUGREPORT instead of hard-coded URL's
* test: Add simple test cases for functions in src/rgb.c
* xpmReadRgbNames: constify filename argument
* Fix a memleak in ParsePixels error code path
-------------------------------------------------------------------
Thu Apr 13 09:24:55 UTC 2023 - Stefan Dirsch <sndirsch@suse.com>
- with switching to suggests making use of (n)compress no longer
needs to be limited to openSUSE
-------------------------------------------------------------------
Thu Apr 13 08:18:00 UTC 2023 - Stefan Dirsch <sndirsch@suse.com>
- suggests instead of require compress (see changelog below)
-------------------------------------------------------------------
Wed Apr 12 16:01:36 UTC 2023 - Stefan Dirsch <sndirsch@suse.com>
- require compress (ncompress package) on openSUSE; it's not
supported on SLE
-------------------------------------------------------------------
Wed Apr 12 13:39:54 UTC 2023 - Fabian Vogt <fvogt@suse.com>
- Drop n_no-compress-on-sle.patch and set XPM_PATH_COMPRESS instead
(xpmPipeThrough function returns NULL when the command is not
available; so same result as with the patch applied; that the
child process for executing 'compress' returns with exit(1)
doesn't matter much; it might even be useful to see the error
message ...)
-------------------------------------------------------------------
Wed Apr 12 11:59:25 UTC 2023 - Stefan Dirsch <sndirsch@suse.com>
- Depend also on /usr/bin/uncompress, not only /usr/bin/gzip;
Requiring binaries instead of packages resolves the file
conflict with busybox-gzip, which is used when building nginx
opensuse images; dep chain was: nginx -> libdg3 -> libXpm4 -> gzip
==> conflict with busybox-gzip
-------------------------------------------------------------------
Tue Apr 11 13:41:44 UTC 2023 - Fabian Vogt <fvogt@suse.com>
- Depend on /usr/bin/gzip, not gzip
-------------------------------------------------------------------
Mon Apr 3 20:27:28 UTC 2023 - Stefan Dirsch <sndirsch@suse.com>
- n_no-compress-on-sle.patch
* we can't handle .Z files, since we don't have ncompress package
on SLE; so disable this feature as before (bsc#1207031)
- BuildRequires
* removed again ncompress
* added again autoconf, automake, libtool
- run again autoreconf due to patch above
-------------------------------------------------------------------
Mon Apr 3 19:01:52 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 3.5.15:
* Use gzip -d instead of gunzip
* Prevent a double free in the error code path
* Fix CVE-2022-4883: compression commands depend on $PATH
* Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
* test: add test cases for CVE-2022-44617 (zero-width w/enormous height)
* Fix CVE-2022-46285: Infinite loop on unclosed comments
* test: add test case for CVE-2022-46285 (unclosed comments)
* cxpm: getc/ungetc wrappers should not adjust position when c == EOF
* test: Add unit tests using glib framework
* configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE
* man pages: Apply standard man page style/formatting
* man pages: Replace "See Also" entries with more useful ones
* man pages: Fix typos and other minor editing
- drop U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch,
U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch,
U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch,
U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch,
U_regression-bug1207029_1207030_1207031.patch
U_regression2-bug1207029_1207030_1207031.patch: upstream
- switch urls to https
- spec file cleanups
- add gpg keyring validation
-------------------------------------------------------------------
Wed Jan 11 13:49:26 UTC 2023 - Stefan Dirsch <sndirsch@suse.com>
- U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch
* needed by U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
- U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch
* libXpm: Infinite loop on unclosed comments (CVE-2022-46285,
bsc#1207029)
- U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch
* libXpm: Runaway loop on width of 0 and enormous height
(CVE-2022-44617, bsc#1207030)
- U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
* libXpm: compression commands depend on $PATH (CVE-2022-4883,
bsc#1207031)
- U_regression-bug1207029_1207030_1207031.patch
* regression fix for above patches
- U_regression2-bug1207029_1207030_1207031.patch
* second regression fix: Use gzip -d instead of gunzip
-------------------------------------------------------------------
Sun Nov 20 22:52:35 UTC 2022 - Stefan Dirsch <sndirsch@suse.com>
- Update to version 3.5.14
* Fix spelling/wording issues
* man: strip trailing whitespace
* gitlab CI: add a basic build test
* man pages: Make file names consistent with their displayed names
* man pages: Fix shadow man pages
* man pages: Make function synopses more consistent with other pages
* man pages: Add missing word 'function' where needed
* man pages: Fix typos
* man pages: Correct Copyright/License notices
* add man pages based on doc/xpm.PS
* update man pages
-------------------------------------------------------------------
Sat Jan 4 22:46:08 UTC 2020 - Stefan Dirsch <sndirsch@suse.com>
- Update to version 3.5.13
The fixes here are some found by static analysers, and a build
fix for Windows (which, curiously, is dated to 2012 so clearly
we're at the top of the game here). Nothing overly exciting,
but covscan, parfait, etc. should be a bit happier now.
-------------------------------------------------------------------
Sun Jan 1 21:31:52 UTC 2017 - sndirsch@suse.com
- added baselibs.conf as source in specfile
-------------------------------------------------------------------
Sun Jan 1 20:44:12 UTC 2017 - sndirsch@suse.com
- Update to version 3.5.12:
* Fix abs() usage.
* Fix out out boundary read on unknown colors
* Gracefully handle EOF while parsing files.
* Avoid OOB write when handling malicious XPM files.
* Handle size_t in file/buffer length
-------------------------------------------------------------------
Thu Sep 12 18:38:52 UTC 2013 - zaitor@opensuse.org
- Update to version 3.5.11:
+ Fix typo in COPYING (matches src/amigax.h).
+ Add noreturn attributes suggested by gcc.
+ Doclifter can't handle more than one dash in a name line.
+ Fix libXpm build with NO_ZPIPE.
+ Added 'const' attribute to all filename arguments in the API.
+ Added 'const' qualifier to the filename argument to internal
functions.
+ Close fd if fdopen() or xpmPipeThrough() fails in
OpenWriteFile().
+ autogen.sh: Implement GNOME Build API.
+ configure: Remove AM_MAINTAINER_MODE.
+ Define NO_ZPIPE when building for MinGW.
-------------------------------------------------------------------
Sun Feb 17 17:21:53 UTC 2013 - jengelh@inai.de
- Use more robust make install call
-------------------------------------------------------------------
Wed Apr 11 15:42:59 UTC 2012 - vuntz@opensuse.org
- Update to version 3.5.10:
+ Compiler warning fixes
+ Janitorial cleanups
+ Build configuration improvements
-------------------------------------------------------------------
Sun Feb 12 01:08:12 UTC 2012 - jengelh@medozas.de
- Rename xorg-x11-libXpm to libXpm and utilize shlib policy
-------------------------------------------------------------------
Tue Dec 21 02:46:24 UTC 2010 - sndirsch@novell.com
- bumped version number to 7.6
-------------------------------------------------------------------
Sat Oct 30 15:45:53 UTC 2010 - sndirsch@novell.com
- libXpm 3.5.9
* This minor maintenance release provides a large collection of
build configuration improvements and other janitorial
cleanups.
-------------------------------------------------------------------
Sun Apr 4 15:45:51 CEST 2010 - sndirsch@suse.de
- libXpm 3.5.8
- bumped version number to 7.5
-------------------------------------------------------------------
Mon Dec 14 23:59:15 CET 2009 - jengelh@medozas.de
- add baselibs.conf as a source
-------------------------------------------------------------------
Sat May 2 14:42:17 CEST 2009 - eich@suse.de
- revert static library and .la file removal
for SUSE versions <= 11.1.
-------------------------------------------------------------------
Tue Apr 21 19:46:35 CEST 2009 - crrodriguez@suse.de
- remove static libraries and "la" files
- run ldconfig in postun
-------------------------------------------------------------------
Thu Sep 11 14:21:54 CEST 2008 - sndirsch@suse.de
- bumped release number to 7.4
-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
-------------------------------------------------------------------
Sat Sep 29 12:23:40 CEST 2007 - sndirsch@suse.de
- bumped version to 7.3
-------------------------------------------------------------------
Fri Aug 24 15:49:55 CEST 2007 - sndirsch@suse.de
- libXpm 3.5.7
* Sun bug 4486226: Xpm is not internationalized
* Use AM_CFLAGS & AM_CPPFLAGS to replace per-program and obsolete macros
* Include comment/copyright/license for AC_DEFINE_DIR in acinclude.m4
* Replace index/rindex with C89 standard strchr/strrchr
* Use srcdir in paths passed to xgettext when making .po files
* Replace strcpy with strncpy to match previous code block
* X.Org Bug #11863: Build libXpm on MS Windows (with MinGW)
-------------------------------------------------------------------
Sat Oct 14 06:16:47 CEST 2006 - sndirsch@suse.de
- updated to X.Org 7.2RC1
-------------------------------------------------------------------
Wed Aug 2 16:12:23 CEST 2006 - sndirsch@suse.de
- fix setup line
-------------------------------------------------------------------
Fri Jul 28 14:44:42 CEST 2006 - sndirsch@suse.de
- use "-fno-strict-aliasing"
-------------------------------------------------------------------
Thu Jul 27 11:47:25 CEST 2006 - sndirsch@suse.de
- use $RPM_OPT_FLAGS
- remove existing /usr/include/X11 symlink in %pre
-------------------------------------------------------------------
Fri Jun 23 16:51:11 CEST 2006 - sndirsch@suse.de
- created package
Reference in New Issue View Git Blame Copy Permalink