From 65d894ba8abd3d97e7d2d5bb48e09cd5522583dd5536821720fe3bf986abd3d2 Mon Sep 17 00:00:00 2001 From: Stefan Dirsch Date: Mon, 3 Apr 2023 20:33:37 +0000 Subject: [PATCH] - n_no-compress-on-sle.patch * we can't handle .Z files, since we don't have ncompress package on SLE; so disable this feature as before (bsc#1207031) - BuildRequires * removed again ncompress * added again autoconf, automake, libtool - run again autoreconf due to patch above - update to 3.5.15: * Use gzip -d instead of gunzip * Prevent a double free in the error code path * Fix CVE-2022-4883: compression commands depend on $PATH * Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height * test: add test cases for CVE-2022-44617 (zero-width w/enormous height) * Fix CVE-2022-46285: Infinite loop on unclosed comments * test: add test case for CVE-2022-46285 (unclosed comments) * cxpm: getc/ungetc wrappers should not adjust position when c == EOF * test: Add unit tests using glib framework * configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE * man pages: Apply standard man page style/formatting * man pages: Replace "See Also" entries with more useful ones * man pages: Fix typos and other minor editing - drop U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch, U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch, U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch, U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch, U_regression-bug1207029_1207030_1207031.patch U_regression2-bug1207029_1207030_1207031.patch: upstream - switch urls to https - spec file cleanups OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/libXpm?expand=0&rev=20 --- ...sable-open-zfile-instead-of-requirin.patch | 95 ----------- ...85-Infinite-loop-on-unclosed-comment.patch | 37 ----- ...17-Runaway-loop-with-width-of-0-and-.patch | 151 ------------------ ...3-compression-commands-depend-on-PAT.patch | 141 ---------------- U_regression-bug1207029_1207030_1207031.patch | 24 --- ...gression2-bug1207029_1207030_1207031.patch | 66 -------- libXpm-3.5.14.tar.xz | 3 - libXpm-3.5.15.tar.xz | 3 + libXpm-3.5.15.tar.xz.sig | Bin 0 -> 543 bytes libXpm.changes | 38 +++++ libXpm.keyring | 107 +++++++++++++ libXpm.spec | 85 +++++----- n_no-compress-on-sle.patch | 24 +++ 13 files changed, 208 insertions(+), 566 deletions(-) delete mode 100644 U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch delete mode 100644 U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch delete mode 100644 U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch delete mode 100644 U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch delete mode 100644 U_regression-bug1207029_1207030_1207031.patch delete mode 100644 U_regression2-bug1207029_1207030_1207031.patch delete mode 100644 libXpm-3.5.14.tar.xz create mode 100644 libXpm-3.5.15.tar.xz create mode 100644 libXpm-3.5.15.tar.xz.sig create mode 100644 libXpm.keyring create mode 100644 n_no-compress-on-sle.patch diff --git a/U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch b/U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch deleted file mode 100644 index 7584e0e..0000000 --- a/U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 4841039e5385f264d12757903894f47c64f59361 Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith -Date: Thu, 5 Jan 2023 15:42:36 -0800 -Subject: [PATCH] configure: add --disable-open-zfile instead of requiring - -DNO_ZPIPE - -Documents the two compression options in the README, makes their -configure options reflect the interdependency of their implementation, -and makes the configure script report their configuration. - -Signed-off-by: Alan Coopersmith ---- - README.md | 15 +++++++++++++++ - configure.ac | 36 +++++++++++++++++++++++------------- - 2 files changed, 38 insertions(+), 13 deletions(-) - -diff --git a/README.md b/README.md -index adc83c8..7895350 100644 ---- a/README.md -+++ b/README.md -@@ -16,3 +16,18 @@ For patch submission instructions, see: - - https://www.x.org/wiki/Development/Documentation/SubmittingPatches - -+------------------------------------------------------------------------------ -+ -+libXpm supports two optional features to handle compressed pixmap files. -+ -+--enable-open-zfile makes libXpm recognize file names ending in .Z and .gz -+and open a pipe to the appropriate command to compress the file when writing -+and uncompress the file when reading. This is enabled by default on platforms -+other than MinGW and can be disabled by passing the --disable-open-zfile flag -+to the configure script. -+ -+--enable-stat-zfile make libXpm search for a file name with .Z or .gz added -+if it can't find the file it was asked to open. It relies on the -+--enable-open-zfile feature to open the file, and is enabled by default -+when --enable-open-zfile is enabled, and can be disabled by passing the -+--disable-stat-zfile flag to the configure script. -diff --git a/configure.ac b/configure.ac -index 789a96e..1b64830 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -49,25 +49,35 @@ if test "x$USE_GETTEXT" = "xyes" ; then - fi - AM_CONDITIONAL(USE_GETTEXT, test "x$USE_GETTEXT" = "xyes") - -+# Optional feature: When a filename ending in .Z or .gz is requested, -+# open a pipe to a newly forked compress/uncompress/gzip/gunzip command to -+# handle it. -+AC_MSG_CHECKING([whether to handle compressed pixmaps]) -+case $host_os in -+ *mingw*) zpipe_default="no" ;; -+ *) zpipe_default="yes" ;; -+esac -+AC_ARG_ENABLE(open-zfile, -+ AS_HELP_STRING([--enable-open-zfile], -+ [Search for files with .Z & .gz extensions automatically @<:@default=auto@:>@]), -+ [OPEN_ZFILE=$enableval], [OPEN_ZFILE=yes]) -+AC_MSG_RESULT([$OPEN_ZFILE]) -+if test x$OPEN_ZFILE = xno ; then -+ AC_DEFINE(NO_ZPIPE, 1, [Define to 1 to disable decompression via pipes]) -+fi -+ - # Optional feature: When ___.xpm is requested, also look for ___.xpm.Z & .gz - # Replaces ZFILEDEF = -DSTAT_ZFILE in old Imakefile -+AC_MSG_CHECKING([whether to search for compressed pixmaps]) - AC_ARG_ENABLE(stat-zfile, -- AS_HELP_STRING([--enable-stat-zfile], -- [Search for files with .Z & .gz extensions automatically @<:@default=yes@:>@]), -- [STAT_ZFILE=$enableval], [STAT_ZFILE=yes]) -+ AS_HELP_STRING([--enable-stat-zfile], -+ [Search for files with .Z & .gz extensions automatically @<:@default=auto@:>@]), -+ [STAT_ZFILE=$enableval], [STAT_ZFILE=$OPEN_ZFILE]) -+AC_MSG_RESULT([$STAT_ZFILE]) - if test x$STAT_ZFILE = xyes ; then -- AC_DEFINE(STAT_ZFILE, 1, [Define to 1 to automatically look for files with .Z & .gz extensions]) -+ AC_DEFINE(STAT_ZFILE, 1, [Define to 1 to automatically look for files with .Z & .gz extensions]) - fi - -- --case $host_os in -- *mingw*) -- AC_DEFINE(NO_ZPIPE, 1, [Define to 1 to disable decompression via pipes]) -- ;; -- *) -- ;; --esac -- - AC_CONFIG_FILES([Makefile - doc/Makefile - include/Makefile --- -2.35.3 - diff --git a/U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch b/U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch deleted file mode 100644 index f48758f..0000000 --- a/U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 4636007dd4cebca8ee10738a7833f629d8687529 Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith -Date: Sat, 17 Dec 2022 12:23:45 -0800 -Subject: [PATCH libXpm 2/5] Fix CVE-2022-46285: Infinite loop on unclosed - comments - -When reading XPM images from a file with libXpm 3.5.14 or older, if a -comment in the file is not closed (i.e. a C-style comment starts with -"/*" and is missing the closing "*/"), the ParseComment() function will -loop forever calling getc() to try to read the rest of the comment, -failing to notice that it has returned EOF, which may cause a denial of -service to the calling program. - -Reported-by: Marco Ivaldi -Signed-off-by: Alan Coopersmith ---- - src/data.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/data.c b/src/data.c -index 898889c..bfad4ff 100644 ---- a/src/data.c -+++ b/src/data.c -@@ -174,6 +174,10 @@ ParseComment(xpmData *data) - notend = 0; - Ungetc(data, *s, file); - } -+ else if (c == EOF) { -+ /* hit end of file before the end of the comment */ -+ return XpmFileInvalid; -+ } - } - return 0; - } --- -2.15.2 - diff --git a/U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch b/U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch deleted file mode 100644 index c407e48..0000000 --- a/U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch +++ /dev/null @@ -1,151 +0,0 @@ -From 198839ca64dc117b35339f38c83d483ab6b561b6 Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith -Date: Sat, 7 Jan 2023 12:44:28 -0800 -Subject: [PATCH libXpm 4/5] Fix CVE-2022-44617: Runaway loop with width of 0 - and enormous height - -When reading XPM images from a file with libXpm 3.5.14 or older, if a -image has a width of 0 and a very large height, the ParsePixels() function -will loop over the entire height calling getc() and ungetc() repeatedly, -or in some circumstances, may loop seemingly forever, which may cause a -denial of service to the calling program when given a small crafted XPM -file to parse. - -Closes: #2 - -Reported-by: Martin Ettl -Signed-off-by: Alan Coopersmith ---- - src/data.c | 20 ++++++++++++++------ - src/parse.c | 31 +++++++++++++++++++++++++++---- - 2 files changed, 41 insertions(+), 10 deletions(-) - -diff --git a/src/data.c b/src/data.c -index bfad4ff..7524e65 100644 ---- a/src/data.c -+++ b/src/data.c -@@ -195,19 +195,23 @@ xpmNextString(xpmData *data) - register char c; - - /* get to the end of the current string */ -- if (data->Eos) -- while ((c = *data->cptr++) && c != data->Eos); -+ if (data->Eos) { -+ while ((c = *data->cptr++) && c != data->Eos && c != '\0'); -+ -+ if (c == '\0') -+ return XpmFileInvalid; -+ } - - /* - * then get to the beginning of the next string looking for possible - * comment - */ - if (data->Bos) { -- while ((c = *data->cptr++) && c != data->Bos) -+ while ((c = *data->cptr++) && c != data->Bos && c != '\0') - if (data->Bcmt && c == data->Bcmt[0]) - ParseComment(data); - } else if (data->Bcmt) { /* XPM2 natural */ -- while ((c = *data->cptr++) == data->Bcmt[0]) -+ while (((c = *data->cptr++) == data->Bcmt[0]) && c != '\0') - ParseComment(data); - data->cptr--; - } -@@ -216,9 +220,13 @@ xpmNextString(xpmData *data) - FILE *file = data->stream.file; - - /* get to the end of the current string */ -- if (data->Eos) -+ if (data->Eos) { - while ((c = Getc(data, file)) != data->Eos && c != EOF); - -+ if (c == EOF) -+ return XpmFileInvalid; -+ } -+ - /* - * then get to the beginning of the next string looking for possible - * comment -@@ -234,7 +242,7 @@ xpmNextString(xpmData *data) - Ungetc(data, c, file); - } - } -- return 0; -+ return XpmSuccess; - } - - -diff --git a/src/parse.c b/src/parse.c -index 037fc66..64f51ba 100644 ---- a/src/parse.c -+++ b/src/parse.c -@@ -427,6 +427,13 @@ ParsePixels( - { - unsigned int *iptr, *iptr2 = NULL; /* found by Egbert Eich */ - unsigned int a, x, y; -+ int ErrorStatus; -+ -+ if ((width == 0) && (height != 0)) -+ return (XpmFileInvalid); -+ -+ if ((height == 0) && (width != 0)) -+ return (XpmFileInvalid); - - if ((height > 0 && width >= UINT_MAX / height) || - width * height >= UINT_MAX / sizeof(unsigned int)) -@@ -464,7 +471,11 @@ ParsePixels( - colidx[(unsigned char)colorTable[a].string[0]] = a + 1; - - for (y = 0; y < height; y++) { -- xpmNextString(data); -+ ErrorStatus = xpmNextString(data); -+ if (ErrorStatus != XpmSuccess) { -+ XpmFree(iptr2); -+ return (ErrorStatus); -+ } - for (x = 0; x < width; x++, iptr++) { - int c = xpmGetC(data); - -@@ -511,7 +522,11 @@ do \ - } - - for (y = 0; y < height; y++) { -- xpmNextString(data); -+ ErrorStatus = xpmNextString(data); -+ if (ErrorStatus != XpmSuccess) { -+ XpmFree(iptr2); -+ return (ErrorStatus); -+ } - for (x = 0; x < width; x++, iptr++) { - int cc1 = xpmGetC(data); - if (cc1 > 0 && cc1 < 256) { -@@ -551,7 +566,11 @@ do \ - xpmHashAtom *slot; - - for (y = 0; y < height; y++) { -- xpmNextString(data); -+ ErrorStatus = xpmNextString(data); -+ if (ErrorStatus != XpmSuccess) { -+ XpmFree(iptr2); -+ return (ErrorStatus); -+ } - for (x = 0; x < width; x++, iptr++) { - for (a = 0, s = buf; a < cpp; a++, s++) { - int c = xpmGetC(data); -@@ -571,7 +590,11 @@ do \ - } - } else { - for (y = 0; y < height; y++) { -- xpmNextString(data); -+ ErrorStatus = xpmNextString(data); -+ if (ErrorStatus != XpmSuccess) { -+ XpmFree(iptr2); -+ return (ErrorStatus); -+ } - for (x = 0; x < width; x++, iptr++) { - for (a = 0, s = buf; a < cpp; a++, s++) { - int c = xpmGetC(data); --- -2.15.2 - diff --git a/U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch b/U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch deleted file mode 100644 index 8db528b..0000000 --- a/U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch +++ /dev/null @@ -1,141 +0,0 @@ -From 082a080672c3b8a964aa8100bee41930e12b03fa Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith -Date: Fri, 6 Jan 2023 12:50:48 -0800 -Subject: [PATCH libXpm 5/5] Fix CVE-2022-4883: compression commands depend on - $PATH - -By default, on all platforms except MinGW, libXpm will detect if a -filename ends in .Z or .gz, and will when reading such a file fork off -an uncompress or gunzip command to read from via a pipe, and when -writing such a file will fork off a compress or gzip command to write -to via a pipe. - -In libXpm 3.5.14 or older these are run via execlp(), relying on $PATH -to find the commands. If libXpm is called from a program running with -raised privileges, such as via setuid, then a malicious user could set -$PATH to include programs of their choosing to be run with those -privileges. - -Signed-off-by: Alan Coopersmith ---- - README.md | 12 ++++++++++++ - configure.ac | 14 ++++++++++++++ - src/RdFToI.c | 17 ++++++++++++++--- - src/WrFFrI.c | 4 ++-- - 4 files changed, 42 insertions(+), 5 deletions(-) - -Index: libXpm-3.5.14/README.md -=================================================================== ---- libXpm-3.5.14.orig/README.md -+++ libXpm-3.5.14/README.md -@@ -31,3 +31,15 @@ if it can't find the file it was asked t - --enable-open-zfile feature to open the file, and is enabled by default - when --enable-open-zfile is enabled, and can be disabled by passing the - --disable-stat-zfile flag to the configure script. -+ -+All of these commands will be executed with whatever userid & privileges the -+function is called with, relying on the caller to ensure the correct euid, -+egid, etc. are set before calling. -+ -+To reduce risk, the paths to these commands are now set at configure time to -+the first version found in the PATH used to run configure, and do not depend -+on the PATH environment variable set at runtime. -+ -+To specify paths to be used for these commands instead of searching $PATH, pass -+the XPM_PATH_COMPRESS, XPM_PATH_UNCOMPRESS, XPM_PATH_GZIP, and XPM_PATH_GUNZIP -+variables to the configure command. -Index: libXpm-3.5.14/configure.ac -=================================================================== ---- libXpm-3.5.14.orig/configure.ac -+++ libXpm-3.5.14/configure.ac -@@ -49,6 +49,14 @@ if test "x$USE_GETTEXT" = "xyes" ; then - fi - AM_CONDITIONAL(USE_GETTEXT, test "x$USE_GETTEXT" = "xyes") - -+dnl Helper macro to find absolute path to program and add a #define for it -+AC_DEFUN([XPM_PATH_PROG],[ -+AC_PATH_PROG([$1], [$2], []) -+AS_IF([test "x$$1" = "x"], -+ [AC_MSG_ERROR([$2 not found, set $1 or use --disable-open-zfile])]) -+AC_DEFINE_UNQUOTED([$1], ["$$1"], [Path to $2]) -+]) dnl End of AC_DEFUN([XPM_PATH_PROG]... -+ - # Optional feature: When a filename ending in .Z or .gz is requested, - # open a pipe to a newly forked compress/uncompress/gzip/gunzip command to - # handle it. -@@ -64,6 +72,11 @@ AC_ARG_ENABLE(open-zfile, - AC_MSG_RESULT([$OPEN_ZFILE]) - if test x$OPEN_ZFILE = xno ; then - AC_DEFINE(NO_ZPIPE, 1, [Define to 1 to disable decompression via pipes]) -+else -+ XPM_PATH_PROG([XPM_PATH_UNCOMPRESS], [uncompress]) -+ XPM_PATH_PROG([XPM_PATH_GZIP], [gzip]) -+ XPM_PATH_PROG([XPM_PATH_GUNZIP], [gunzip]) -+ AC_CHECK_FUNCS([closefrom close_range], [break]) - fi - - # Optional feature: When ___.xpm is requested, also look for ___.xpm.Z & .gz -Index: libXpm-3.5.14/src/RdFToI.c -=================================================================== ---- libXpm-3.5.14.orig/src/RdFToI.c -+++ libXpm-3.5.14/src/RdFToI.c -@@ -43,6 +43,7 @@ - #include - #include - #include -+#include - #else - #ifdef FOR_MSW - #include -@@ -161,7 +162,17 @@ xpmPipeThrough( - goto err; - if ( 0 == pid ) - { -- execlp(cmd, cmd, arg1, (char *)NULL); -+#ifdef HAVE_CLOSEFROM -+ closefrom(3); -+#elif defined(HAVE_CLOSE_RANGE) -+# ifdef CLOSE_RANGE_UNSHARE -+# define close_range_flags CLOSE_RANGE_UNSHARE -+# else -+# define close_range_flags 0 -+#endif -+ close_range(3, ~0U, close_range_flags); -+#endif -+ execl(cmd, cmd, arg1, (char *)NULL); - perror(cmd); - goto err; - } -@@ -235,12 +246,12 @@ OpenReadFile( - if ( ext && !strcmp(ext, ".Z") ) - { - mdata->type = XPMPIPE; -- mdata->stream.file = xpmPipeThrough(fd, "uncompress", "-c", "r"); -+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_UNCOMPRESS, "-c", "r"); - } - else if ( ext && !strcmp(ext, ".gz") ) - { - mdata->type = XPMPIPE; -- mdata->stream.file = xpmPipeThrough(fd, "gunzip", "-qc", "r"); -+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GUNZIP, "-qc", "r"); - } - else - #endif /* z-files */ -Index: libXpm-3.5.14/src/WrFFrI.c -=================================================================== ---- libXpm-3.5.14.orig/src/WrFFrI.c -+++ libXpm-3.5.14/src/WrFFrI.c -@@ -342,10 +342,10 @@ OpenWriteFile( - #ifndef NO_ZPIPE - len = strlen(filename); - if (len > 2 && !strcmp(".Z", filename + (len - 2))) { -- mdata->stream.file = xpmPipeThrough(fd, "compress", NULL, "w"); -- mdata->type = XPMPIPE; -+ /* No compress program available (any longer?) on Linux */ -+ mdata->stream.file = NULL; - } else if (len > 3 && !strcmp(".gz", filename + (len - 3))) { -- mdata->stream.file = xpmPipeThrough(fd, "gzip", "-q", "w"); -+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GZIP, "-q", "w"); - mdata->type = XPMPIPE; - } else - #endif diff --git a/U_regression-bug1207029_1207030_1207031.patch b/U_regression-bug1207029_1207030_1207031.patch deleted file mode 100644 index c524db3..0000000 --- a/U_regression-bug1207029_1207030_1207031.patch +++ /dev/null @@ -1,24 +0,0 @@ -@@ -, +, @@ ---- - src/create.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) ---- a/src/create.c -+++ a/src/create.c -@@ -994,11 +994,15 @@ CreateXImage( - #if !defined(FOR_MSW) && !defined(AMIGA) - if (height != 0 && (*image_return)->bytes_per_line >= INT_MAX / height) { - XDestroyImage(*image_return); -+ *image_return = NULL; - return XpmNoMemory; - } - /* now that bytes_per_line must have been set properly alloc data */ -- if((*image_return)->bytes_per_line == 0 || height == 0) -+ if((*image_return)->bytes_per_line == 0 || height == 0) { -+ XDestroyImage(*image_return); -+ *image_return = NULL; - return XpmNoMemory; -+ } - (*image_return)->data = - (char *) XpmMalloc((*image_return)->bytes_per_line * height); - --- diff --git a/U_regression2-bug1207029_1207030_1207031.patch b/U_regression2-bug1207029_1207030_1207031.patch deleted file mode 100644 index d9828d1..0000000 --- a/U_regression2-bug1207029_1207030_1207031.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 8178eb0834d82242e1edbc7d4fb0d1b397569c68 Mon Sep 17 00:00:00 2001 -From: Peter Hutterer -Date: Mon, 16 Jan 2023 19:44:52 +1000 -Subject: [PATCH libXpm 7/7] Use gzip -d instead of gunzip - -GNU gunzip [1] is a shell script that exec's `gzip -d`. Even if we call -/usr/bin/gunzip with the correct built-in path, the actual gzip call -will use whichever gzip it finds first, making our patch pointless. - -Fix this by explicitly calling gzip -d instead. - -https://git.savannah.gnu.org/cgit/gzip.git/tree/gunzip.in - -[Part of the fix for CVE-2022-4883] -Signed-off-by: Peter Hutterer ---- - README.md | 2 +- - configure.ac | 3 +-- - src/RdFToI.c | 2 +- - 3 files changed, 3 insertions(+), 4 deletions(-) - -Index: libXpm-3.5.14/README.md -=================================================================== ---- libXpm-3.5.14.orig/README.md -+++ libXpm-3.5.14/README.md -@@ -41,5 +41,5 @@ the first version found in the PATH used - on the PATH environment variable set at runtime. - - To specify paths to be used for these commands instead of searching $PATH, pass --the XPM_PATH_COMPRESS, XPM_PATH_UNCOMPRESS, XPM_PATH_GZIP, and XPM_PATH_GUNZIP -+the XPM_PATH_COMPRESS, XPM_PATH_UNCOMPRESS, and XPM_PATH_GZIP - variables to the configure command. -Index: libXpm-3.5.14/configure.ac -=================================================================== ---- libXpm-3.5.14.orig/configure.ac -+++ libXpm-3.5.14/configure.ac -@@ -58,7 +58,7 @@ AC_DEFINE_UNQUOTED([$1], ["$$1"], [Path - ]) dnl End of AC_DEFUN([XPM_PATH_PROG]... - - # Optional feature: When a filename ending in .Z or .gz is requested, --# open a pipe to a newly forked compress/uncompress/gzip/gunzip command to -+# open a pipe to a newly forked compress/uncompress/gzip command to - # handle it. - AC_MSG_CHECKING([whether to handle compressed pixmaps]) - case $host_os in -@@ -75,7 +75,6 @@ if test x$OPEN_ZFILE = xno ; then - else - XPM_PATH_PROG([XPM_PATH_UNCOMPRESS], [uncompress]) - XPM_PATH_PROG([XPM_PATH_GZIP], [gzip]) -- XPM_PATH_PROG([XPM_PATH_GUNZIP], [gunzip]) - AC_CHECK_FUNCS([closefrom close_range], [break]) - fi - -Index: libXpm-3.5.14/src/RdFToI.c -=================================================================== ---- libXpm-3.5.14.orig/src/RdFToI.c -+++ libXpm-3.5.14/src/RdFToI.c -@@ -251,7 +251,7 @@ OpenReadFile( - else if ( ext && !strcmp(ext, ".gz") ) - { - mdata->type = XPMPIPE; -- mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GUNZIP, "-qc", "r"); -+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GZIP, "-dqc", "r"); - } - else - #endif /* z-files */ diff --git a/libXpm-3.5.14.tar.xz b/libXpm-3.5.14.tar.xz deleted file mode 100644 index 5e47ec0..0000000 --- a/libXpm-3.5.14.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f7eb8f69c039281def8258ae6859adb5f050fbe161ab3d6a2d6ef109a603eac2 -size 392624 diff --git a/libXpm-3.5.15.tar.xz b/libXpm-3.5.15.tar.xz new file mode 100644 index 0000000..51ca691 --- /dev/null +++ b/libXpm-3.5.15.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:60bb906c5c317a6db863e39b69c4a83fdbd2ae2154fcf47640f8fefc9fdfd1c1 +size 459140 diff --git a/libXpm-3.5.15.tar.xz.sig b/libXpm-3.5.15.tar.xz.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..191cf8bc15b6e3155dd3d222f3f77988b218a3f84b38d2313445f422c919a805 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0SW*H1p;Hn&D{VB2@ucU6o@FsLZ_CC5Bv?+(0svb1*GDJZ`atH zD%d3t19E}s1HC}`?t^Jx*E4BEsGCP}*OiIN(0>59Kk>$-!9$iSKRFiVcHCG5y%rqH zWNt?gki6uV)?L$;cO_ZdfWev#w%zsN8bP_H0DKL$a~Jpegyd7_>7I?Oo&v~hrGFnA$4qn{>#1UFO*Pcn z{KA#2%qCQ-aT+;T_{W;REsT4`A+}ZVqNRYMJ3ERoWAl-qoI@-k?Eb_3oioOH zmw;LzGorI#MF{xpn+g|TzzTvxpyksJ=S{c)ey;FYPKDpk&iX>W%E`<&GP6@o!=?=E z=e==xWbpuh;@I8-^rNS@a%v2QHnNv$qEvM(@<_itG)8MQ!%7MRbu!Aynuv`48-DJ5 zNd)PZuR0FjbOk~OKr8k;iW+FcP1anz{e| + +- n_no-compress-on-sle.patch + * we can't handle .Z files, since we don't have ncompress package + on SLE; so disable this feature as before (bsc#1207031) +- BuildRequires + * removed again ncompress + * added again autoconf, automake, libtool +- run again autoreconf due to patch above + +------------------------------------------------------------------- +Mon Apr 3 19:01:52 UTC 2023 - Dirk Müller + +- update to 3.5.15: + * Use gzip -d instead of gunzip + * Prevent a double free in the error code path + * Fix CVE-2022-4883: compression commands depend on $PATH + * Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height + * test: add test cases for CVE-2022-44617 (zero-width w/enormous height) + * Fix CVE-2022-46285: Infinite loop on unclosed comments + * test: add test case for CVE-2022-46285 (unclosed comments) + * cxpm: getc/ungetc wrappers should not adjust position when c == EOF + * test: Add unit tests using glib framework + * configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE + * man pages: Apply standard man page style/formatting + * man pages: Replace "See Also" entries with more useful ones + * man pages: Fix typos and other minor editing +- drop U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch, + U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch, + U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch, + U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch, + U_regression-bug1207029_1207030_1207031.patch + U_regression2-bug1207029_1207030_1207031.patch: upstream +- switch urls to https +- spec file cleanups +- add gpg keyring validation + ------------------------------------------------------------------- Wed Jan 11 13:49:26 UTC 2023 - Stefan Dirsch diff --git a/libXpm.keyring b/libXpm.keyring new file mode 100644 index 0000000..0ee75c0 --- /dev/null +++ b/libXpm.keyring @@ -0,0 +1,107 @@ +pub 1024D/1F2D130E 2007-07-16 [expires: 2018-04-25] +uid [ unknown] Alan Coopersmith +uid [ unknown] Alan Coopersmith +uid [ unknown] Alan Coopersmith +sub 2048g/6E6132BD 2007-07-16 +sub 4096R/28C642A7 2013-04-26 [expires: 2018-04-25] + +pub 3072R/CAAA50B2 2017-10-04 +uid [ unknown] Adam Jackson +sub 3072R/AEF6BB88 2017-10-04 + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQGiBEab+moRBACDH5yKqS3wcc5bdxY7PBNuwKvF5TKMfagmSvuRDtZjjIIWaA/n +Z1KboV9Gq5g7kP7+Kfu+Qgd8u65eVsWwmPW10fXvj3aCU53glx2EdGdrHcgiyH2g +EQfPiyBw+trIppWFRV0IDXSLMA1FNC92t2nSG/VFHaPTVwcgkIRSfcXDvwCglGdE +a6f4uLqoNHP+m4yYnzapFuMD/R4+2AJDAvEWKDdYCGZzlawjAmmWyXrmT7/C/mx9 +8qUR473l4buXjHgDkkXXlHqdzil1vK85PhrKzNJDCCmlHUJNz+QwiAMOLwpD+kwV +Pb57RG7y+a5JQ5+jtVw4RlUxZIk/wj2An9YBO3A5vR7PdjM32ZJCN2+aM4dYfNzQ +xQKTA/47icvBaBVTl9rztjg2pd2Aqpc1P/GsIYLGj7XjnnJvGAENBHSH1QjpZMJG +CTS9oJ+B0/wrIr+pA+MdFgYAb6ojMQJOO6UChjWWSGjMFcs/CeXhxlLBido3DtAE +TbNTwO6OEfAvdosvTdhJFnwvZlJ+zZGGy5CrF2Fd9PUe9tmASbQoQWxhbiBDb29w +ZXJzbWl0aCA8YWxhbmNAZnJlZWRlc2t0b3Aub3JnPohoBBMRAgAoAhsDBgsJCAcD +AgYVCAIJCgsEFgIDAQIeAQIXgAUCUXnRYgUJFEPYeAAKCRCi+54IHy0TDonxAKCP +cAgXNojuujUg5Wqi6v0RBFVSUgCggq1SsVEdq9NDWvXvkeGyNaBivSK0K0FsYW4g +Q29vcGVyc21pdGggPGFsYW4uY29vcGVyc21pdGhAc3VuLmNvbT6IZgQTEQIAJgIb +AwYLCQgHAwIEFQIIAwQWAgMBAh4BAheABQJRedFiBQkUQ9h4AAoJEKL7nggfLRMO +6sUAn0jl3h9rY4OJ13Lu7nsKclyhDpOqAKCFgTmaDGRuDRxloLg9jftrn7a7vrQu +QWxhbiBDb29wZXJzbWl0aCA8YWxhbi5jb29wZXJzbWl0aEBvcmFjbGUuY29tPohr +BBMRAgArAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAIZAQUCUXnRYgUJFEPY +eAAKCRCi+54IHy0TDtBZAJ9IgVVNoFIPRjTsNjcSFaLznuDRJgCcC/WgV312IrxS +Q8PRAyEgozSB9Ke5Ag0ERpv6bxAIAJp5aUlho5rUhpS6ik7spsAQFPRuycPKMNu0 +J4F0v/OoPz085soV8ytLj4HqCGk2Zamh1jSgliZwuk9m7V7Wgxx+nBJawpWDX/eK +LObErfDwQ4dfOFvjbXLQMmNnQNaUGIWLPP3l8GuBOHMq60Bu+TPgh627vUntL5RE +QEQqTXIzWC6U10QsDblLwIvdOVSdGF5xl/N1myXzSKvrsZwWtoFc8G9v9hcCjhtN +1sm9b7Ojc51iZXvcetcvPy5RA6AUW3yEExaedUdLnvIF9sjFYIfJWFVYh2AgavnG +re6fF+NV2v3zfx3wRT7H9//m4YIDYJmgZgyQccXegTwfGBIq3osAAwYH/1FiMUMM +ES5Ilz2nDqId+DCWECAU6wgvIFRcXrZWxDxB+ZrnmTCXoAD0xedpfOkRHp8XTVc/ +9MU+wQ+lZRx2OQ6MJW0XGuFvHm94KZF/8HzWA2Ah7U4n0+3sLpk6zWceZq2zZNF0 +yVTjwD98+xNK1Q9sP8aOKdtg8yMH3hisKR6rdW+mfX5q0Q8Gol2hZsFH/qyIhnPz +hXDknuOh8E5iMkzrejVXUEn++Yzj23XjP59SObLznVkyxI+kBI9qvVEPfFBDybjH +WqLcgRcCpXAzjizEi+/d31iDa2ErJHV4R42obecFqiPnoDtiX3IiP7z9fmxM4aWP +ZZRqvq+1ht5wkn+ISQQYEQIACQUCRpv6bwIbDAAKCRCi+54IHy0TDoLoAKCHYRpw +/XfyEunw1YL/uMZzl78qIQCdFVcXNbqD83qVhW4Ly7hyDL8o0aK5Ag0EUXnVIQEQ +AKHpjOmY056n0tsZoW9q5egsMcl5tKC8uimrhO05nnq+5/60/YedC++V9c9b/3/X +7O28LyBkAtBgD0xJZSDQ0DhTzKAp6AzjQtBvI68uinGwxSjT+oQpPMxqhA1I0kzo +EDCdEqV+HsVOAEdbAi/tP9bbdTDzwVc8MWDriamBUqc53Rb00Mffy9435UgTS4gA +hMwANhy6XZmOMBhITOzxFJUEDTDJtLbE0b1jPRQS7NHQgak1inmuvPMc3wAuoEcS +CSt1xupbYsBoXOjK5wC/eE1LIdZoRyW2OkT140DqDZ8zfRID860hnirnYgb09TPN +tj93pudUAUt6T9+tcLN4/rxhxHOwse66KGHO4bQ1rZ6mfco6SYd9V60cL6hC2eMe +cyxZliMu17lj7EX8lxUH+omIgHc7HGoyUR6V+WB60cxWj5v05zdeLeZ2aLBcPFhx +lfDESm8f4ezdJSDS1QZmC0P5h3RJfhhfmdBr8kHzr7111D1/O71Av1VV5FyJ9YxU +Sxp4IPuzK7JbbgVHcA6PvXrDzWUslmZgPADpKH4hTmG/NdCqhEXcufvY6s5yNksB +8X3ReNvuSSyfGnRz3kvtyK0XzC7KRX2PquLI6A8KJprHwZGqEB1NDG8b2iaYnghO +jyfIYEVQF3nGfaBwv4lrCPEoZSUaK8f/NQZjNU8NQyTnABEBAAGJAm0EGBEKAA8F +AlF51SECGwIFCQlmAYACKQkQovueCB8tEw7BXSAEGQEKAAYFAlF51SEACgkQz98U +iCjGQqfW5g//dOdJHt23cdMyz5VADaE7u+L0E+eX9GtHF4J649eXsui59EtbHh2n +XdGhd5SqQ8FDi9GCEKaQ4S31n/YBLEBCkj7R0IMikW2o78/JxDovB8+aL606hgma +fNVx1aIshIglrl8Xlu3sjeAvG48W6YjdL2mfrIDHjIVwOZsMihbOJvST6Q3upHdn +mjDtM5HCQmI5NEXDWYj6IZuhJnnrDWwNsyYV4KPoUBxAcqIyCeZbVssuWWnHPXX8 +VavVq98vpVynfGzGYpJbDj19C/utMjKGI5dcvbVaucA7X/oktxrxS6SBDhuIaAE9 +4ZHlbxqfyHfETI/La2Z/ALDAtYdhJR2gSkTHyKSW1QqYlulSfB//lnna44mmTuRO +NbDNgb0FGSvtsBMZ80iHDqPgUfS60kxCfFrsSGfTFU+X4QAzpTtUJEcr+J4HULDe +MfwOgghVfmKxFXWfud8xDaCXuywLTtVgMCZp4P7MAyuJlaxsFTu+c1Vly94grk4U +MtALLMqCXSosA490gLTSdg3HSwxt2Q/LJdy427ZIMvjGXIruns8U/OmL9dVgWu3b +JHsL68Skx8Ts63qTN9QXM/PB+8VwOaC7PJ+g6t40DleOmdsS8cN31yf5KB8rsL4u +n4u1yrMJfpnSblPMu5wJi3kjoA+Dd5ZFqx9nTi4wBjfVYGCPsleq59K8kQCYx1Cn +lZcq630ITy9dB/aHCQry2gCbBwZ2Rsf9kr05S8uLhlwW3vRSvRuZAY0EWdVUUwEM +ALPn5XSzb8mMO6+60FsjiEA7dmBvyaWfLmcz9iCQIJV7v0yw4B7kqfgaP6VzwuLA +nh/Jg8BbHUUiWKvJgThGCmcqGKlCFkH9Ry8iZMdADi2ohq9F7Kgfijn4Js+BFjtc +0TbBFY6iBZ3da5J66r/fua7WA5GarcqiDO5quMm998s0vixoD7AnfsFdaFDc/55G +LIXSodqjN/5sx6eq1YTLSfQhASDnBRL/MZdWU5fd82El6ySr3dpRLRu7drFkvizE +4wrGeFErRcPOIVqIy78NOPhjRJYNeArSjCRxzs7DZ4BfnZn7O/Cb07ecFpC9BXtx +TE3BgGZzZaRW2z1cGsZPu1nceYUCTMHpjI991dhPhOnIUuh8tWwkO+lryJeQ6bLb +YlS6omVbfoh2ma//aM2QR+IhtvLfDBm040k4P3E3EKY6JUYDn36r4uCzRoJbOiY3 +HTvMw4R5W8s6P1+JxmFOp++FmuQ8PiIQ4ooilFGMLIPIxrQdNvtcCQNiT81xl7iR +CwARAQABtBxBZGFtIEphY2tzb24gPGFqYXhAbnduay5uZXQ+iQHOBBMBCAA4FiEE +mV7VyKYTjrCWHxhHTAndg8qqULIFAlnVVFMCGwMFCwkIBwIGFQgJCgsCBBYCAwEC +HgECF4AACgkQTAndg8qqULLoDgv9G7x0cV2w0q8q0Ef2zM2B3l2pyMRVbPDphkpF +NWmrDfQ725Nx+4fONXkBMhVM8R1cuSVB+JzIJviYZAvDEvarmRNgysa15PAG3ilg +TGj8NggRmibd/37vn46A3U+V5dD2lNij413DXwaycP+xbTgdfYggYpjepRfeqGXE +brN1ewdNMigIIFetZ6loP8h0D03Dfu2LJpOrY0f8KFzEU3tK5itJakGQ9GFyzEoO +O7uP6zgrM71/VBgUHZWLdNttgsQncEmDoDFWiJV7gH3F+Xop8JoRSMVYypSmtaI6 +PE0B1FSd8E3dQXY78HEC2BkyTdHBUYbt8ASR8AKTCzwbmVytpO6QdAkF/N2VtvCt +AbjTbSRFF02KFuU8dkBYjk8kbmOl0Zyp+3IP6VG+/iCWMekCD8h4wriseMYA1fe5 +C9wJ6U3Ap/xM9UgNMHm9i9aace1GYRCQh4eGsxHOOFl6P67M0MUWko9lrIafa7I8 +u/vtpkJCYSzU7URp9bPX4h8FYNSYuQGNBFnVVFMBDADkTlb8UMrB+b6jCQ96cbRV +ihdF8uWsEO8dx7Au3Th693KAdlnE11X1hymy970g10SDidMkePiZ/fTZ9pQYQK2I +wp6TvyZ/KbNsBdLSQRdzY2hpe0SAWU+Fq8zh7w+knloAoSxIedDUcxLYonhs9sM1 +IulaRPgcEMDOwkc4U0O7RnpOzIb9sDVUuiPSIwL2MvzFbPWU4E2ICG6QySMc6+Z6 +rgEDaS0fkJSHyrCfyITLDiymzlFwUpqch6u7eyDxJV53jDSgIh1PDniZI0Te/MaI +r20OTTKENGragVPsRHivQKvdy3ICwM8kLCGBUnZhYAZ0d7B1+DqXWF+y+Y7WiaNH +VJAFIRvDoW2XobJJ33Wuy9P2Ln7cuI0iliBhvYvrA2ftxJdz00VFcNa3DTs/WZEm +JGsEfBfUGuujuH228VPvnUXnJZIN1qHl1RqpuXQLdyZcygz4Uu8TR0QJ+4z+bA6+ +2+VjMvWG11NItlFvbl111nqdOUfewuRWl32hlFJ3uR0AEQEAAYkBtgQYAQgAIBYh +BJle1cimE46wlh8YR0wJ3YPKqlCyBQJZ1VRTAhsMAAoJEEwJ3YPKqlCyN34L+wdk +UXPfNIsGjWxQgcIaXo/YNgdq0ShBM/tHyDWQAd3XjmkAau9fNHgXpPlKAzy3hrTg +hrZIktqm01el/WklcqUSkRoJv+gOEH94K3yw6KVypKiOQSal7vPXFlj9481LNuxc +NZM5qBMzvRR1rGANqd3V3Eyzarz5DfLfFmW1dxgOYzjxr+ZHB7uu08rry/cDnhlt +xeiM1wgxLUkGT5dy4FuZ4jTJ8aRyps7aGI/xbzWfWZv3qN9n/CNCE3MuojfPFGcU +c+IEwvL20XSh00JFxxDaZsp1XZx84gXlYoLiWtzKrPd6K3ZFh1Jbc89SpLfHbr3o +jjTMjYqgWNGfthxYnpP6yRk9ZblscJVxQ3nu/vbvQgbYwIDoPppG2jubrJRss2AZ +p0PIiNNCVp1M3Vopgr9ACzFLjL4SGQA95pBG9nEGFkShyMgATQEParNyj52rsi5A +ciFdOcZEYSxLRtB0SelAChNAxVGjuWhHb9erMIiOQbjQkfsKv+uA9JF0stg4ug== +=aTYk +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libXpm.spec b/libXpm.spec index 4c17d59..e9542dc 100644 --- a/libXpm.spec +++ b/libXpm.spec @@ -16,32 +16,27 @@ # -Name: libXpm %define lname libXpm4 -Version: 3.5.14 +Name: libXpm +Version: 3.5.15 Release: 0 Summary: X Pixmap image file format library License: MIT Group: Development/Libraries/C and C++ -URL: http://xorg.freedesktop.org/ - +URL: https://xorg.freedesktop.org/ #Git-Clone: git://anongit.freedesktop.org/xorg/lib/libXpm #Git-Web: http://cgit.freedesktop.org/xorg/lib/libXpm/ -Source: http://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.xz -Source1: baselibs.conf -Patch1207001: U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch -Patch1207029: U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch -Patch1207030: U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch -Patch1207031: U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch -Patch1207129: U_regression-bug1207029_1207030_1207031.patch -Patch1207130: U_regression2-bug1207029_1207030_1207031.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build -#git#BuildRequires: autoconf >= 2.60, automake, libtool -BuildRequires: pkgconfig +Source: https://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.xz +Source1: https://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.xz.sig +Source2: libXpm.keyring +Source9: baselibs.conf +Patch0: n_no-compress-on-sle.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: gzip BuildRequires: libtool + +BuildRequires: pkgconfig BuildRequires: pkgconfig(x11) BuildRequires: pkgconfig(xext) BuildRequires: pkgconfig(xextproto) @@ -53,35 +48,37 @@ BuildRequires: pkgconfig(xt) libXpm facilitates working with XPM (X PixMap), a format for storing/retrieving X pixmaps to/from files. -%package -n %lname +%package -n %{lname} Summary: X Pixmap image file format library Group: System/Libraries +# Invokes 'uncompress' and 'gzip' at runtim +Requires: gzip -%description -n %lname +%description -n %{lname} libXpm facilitates working with XPM (X PixMap), a format for storing/retrieving X pixmaps to/from files. %package devel Summary: Development files for the X Pixmap image file format library Group: Development/Libraries/C and C++ -Requires: %lname = %version +Requires: %{lname} = %{version} # O/P added for 12.2 -Provides: xorg-x11-libXpm-devel = 7.6_%version-%release -Obsoletes: xorg-x11-libXpm-devel < 7.6_%version-%release +Provides: xorg-x11-libXpm-devel = 7.6_%{version}-%{release} +Obsoletes: xorg-x11-libXpm-devel < 7.6_%{version}-%{release} %description devel libXpm facilitates working with XPM (X PixMap), a format for storing/retrieving X pixmaps to/from files. This package contains the development headers for the library found -in %lname. +in %{lname}. %package tools Summary: Conversion utilities for X Pixmap (XPM) files # O/P added for 12.2 Group: Productivity/Graphics/Convertors -Provides: xorg-x11-libXpm = 7.6_%version-%release -Obsoletes: xorg-x11-libXpm < 7.6_%version-%release +Provides: xorg-x11-libXpm = 7.6_%{version}-%{release} +Obsoletes: xorg-x11-libXpm < 7.6_%{version}-%{release} %description tools The spxm tool converts XPM1/XPM2 files to XPM version 3. @@ -89,43 +86,33 @@ The cxpm tool will check whether an XPM file is correct or not with regard to its format. %prep -%setup -q -%patch1207001 -p1 -%patch1207029 -p1 -%patch1207030 -p1 -%patch1207031 -p1 -%patch1207129 -p1 -%patch1207130 -p1 +%autosetup -p1 %build autoreconf -fi %configure --disable-static -make %{?_smp_mflags} +%make_build %install -make install DESTDIR="%buildroot" -rm -f "%buildroot/%_libdir"/*.la +%make_install +find %{buildroot} -type f -name "*.la" -delete -print -%post -n %lname -p /sbin/ldconfig +%post -n %{lname} -p /sbin/ldconfig +%postun -n %{lname} -p /sbin/ldconfig -%postun -n %lname -p /sbin/ldconfig - -%files -n %lname -%defattr(-,root,root) -%_libdir/libXpm.so.4* +%files -n %{lname} +%{_libdir}/libXpm.so.4* %files devel -%defattr(-,root,root) -%_includedir/X11/* -%_libdir/libXpm.so -%_libdir/pkgconfig/xpm.pc -%_mandir/man3/*.3* +%{_includedir}/X11/* +%{_libdir}/libXpm.so +%{_libdir}/pkgconfig/xpm.pc +%{_mandir}/man3/*.3%{?ext_man} %files tools -%defattr(-,root,root) -%_bindir/cxpm -%_bindir/sxpm -%_mandir/man1/cxpm.1* -%_mandir/man1/sxpm.1* +%{_bindir}/cxpm +%{_bindir}/sxpm +%{_mandir}/man1/cxpm.1%{?ext_man} +%{_mandir}/man1/sxpm.1%{?ext_man} %changelog diff --git a/n_no-compress-on-sle.patch b/n_no-compress-on-sle.patch new file mode 100644 index 0000000..29d2400 --- /dev/null +++ b/n_no-compress-on-sle.patch @@ -0,0 +1,24 @@ +diff -u -r libXpm-3.5.15.orig/configure.ac libXpm-3.5.15/configure.ac +--- libXpm-3.5.15.orig/configure.ac 2023-04-03 22:10:42.223223000 +0200 ++++ libXpm-3.5.15/configure.ac 2023-04-03 22:11:35.264112000 +0200 +@@ -74,7 +74,6 @@ + if test x$OPEN_ZFILE = xno ; then + AC_DEFINE(NO_ZPIPE, 1, [Define to 1 to disable decompression via pipes]) + else +- XPM_PATH_PROG([XPM_PATH_COMPRESS], [compress]) + XPM_PATH_PROG([XPM_PATH_UNCOMPRESS], [uncompress]) + XPM_PATH_PROG([XPM_PATH_GZIP], [gzip]) + AC_CHECK_FUNCS([closefrom close_range], [break]) +diff -u -r libXpm-3.5.15.orig/src/WrFFrI.c libXpm-3.5.15/src/WrFFrI.c +--- libXpm-3.5.15.orig/src/WrFFrI.c 2023-04-03 22:10:41.615310000 +0200 ++++ libXpm-3.5.15/src/WrFFrI.c 2023-04-03 22:17:45.861160000 +0200 +@@ -342,8 +342,7 @@ + #ifndef NO_ZPIPE + len = strlen(filename); + if (len > 2 && !strcmp(".Z", filename + (len - 2))) { +- mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_COMPRESS, NULL, "w"); +- mdata->type = XPMPIPE; ++ mdata->stream.file = NULL; + } else if (len > 3 && !strcmp(".gz", filename + (len - 3))) { + mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GZIP, "-q", "w"); + mdata->type = XPMPIPE;