SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libXpm4-3.5.17-1.8.x86_64.rpm :

* Tue Oct 03 2023 sndirschAATTsuse.com- Update to 3.5.17
* This release contains fixes for the libXpm issues reported in security advisory here: https://lists.x.org/archives/xorg-announce/2023-October/003424.html
* fixes CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (boo#1215686)
* fixes CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap (boo#1215687)
* Tue Apr 18 2023 sndirschAATTsuse.com- update to 3.5.16:
* test: skip compressed file tests when --disable-open-zfile is used
* gitlab CI: build with each of --enable-open-zfile & --disable-open-zfile
* configure: correct error message to suggest --disable-open-zfile
* open-zfile: Make compress & uncompress commands optional
* Require LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL
* XpmCreateDataFromXpmImage: Fix misleading indentation
* parse.c: Wrap FREE_CIDX definition in do { ... } while(0)
* parse.c: remove unused function xstrlcpy()
* test: Use PACKAGE_BUGREPORT instead of hard-coded URL\'s
* test: Add simple test cases for functions in src/rgb.c
* xpmReadRgbNames: constify filename argument
* Fix a memleak in ParsePixels error code path
* Thu Apr 13 2023 sndirschAATTsuse.com- with switching to suggests making use of (n)compress no longer needs to be limited to openSUSE
* Thu Apr 13 2023 sndirschAATTsuse.com- suggests instead of require compress (see changelog below)
* Wed Apr 12 2023 sndirschAATTsuse.com- require compress (ncompress package) on openSUSE; it\'s not supported on SLE
* Wed Apr 12 2023 fvogtAATTsuse.com- Drop n_no-compress-on-sle.patch and set XPM_PATH_COMPRESS instead (xpmPipeThrough function returns NULL when the command is not available; so same result as with the patch applied; that the child process for executing \'compress\' returns with exit(1) doesn\'t matter much; it might even be useful to see the error message ...)
* Wed Apr 12 2023 sndirschAATTsuse.com- Depend also on /usr/bin/uncompress, not only /usr/bin/gzip; Requiring binaries instead of packages resolves the file conflict with busybox-gzip, which is used when building nginx opensuse images; dep chain was: nginx -> libdg3 -> libXpm4 -> gzip ==> conflict with busybox-gzip
* Tue Apr 11 2023 fvogtAATTsuse.com- Depend on /usr/bin/gzip, not gzip
* Mon Apr 03 2023 sndirschAATTsuse.com- n_no-compress-on-sle.patch
* we can\'t handle .Z files, since we don\'t have ncompress package on SLE; so disable this feature as before (bsc#1207031)- BuildRequires
* removed again ncompress
* added again autoconf, automake, libtool- run again autoreconf due to patch above
* Mon Apr 03 2023 dmuellerAATTsuse.com- update to 3.5.15:
* Use gzip -d instead of gunzip
* Prevent a double free in the error code path
* Fix CVE-2022-4883: compression commands depend on $PATH
* Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
* test: add test cases for CVE-2022-44617 (zero-width w/enormous height)
* Fix CVE-2022-46285: Infinite loop on unclosed comments
* test: add test case for CVE-2022-46285 (unclosed comments)
* cxpm: getc/ungetc wrappers should not adjust position when c == EOF
* test: Add unit tests using glib framework
* configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE
* man pages: Apply standard man page style/formatting
* man pages: Replace \"See Also\" entries with more useful ones
* man pages: Fix typos and other minor editing- drop U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch, U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch, U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch, U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch, U_regression-bug1207029_1207030_1207031.patch U_regression2-bug1207029_1207030_1207031.patch: upstream- switch urls to https- spec file cleanups- add gpg keyring validation
* Wed Jan 11 2023 sndirschAATTsuse.com- U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch
* needed by U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch- U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch
* libXpm: Infinite loop on unclosed comments (CVE-2022-46285, bsc#1207029)- U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch
* libXpm: Runaway loop on width of 0 and enormous height (CVE-2022-44617, bsc#1207030)- U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
* libXpm: compression commands depend on $PATH (CVE-2022-4883, bsc#1207031)- U_regression-bug1207029_1207030_1207031.patch
* regression fix for above patches- U_regression2-bug1207029_1207030_1207031.patch
* second regression fix: Use gzip -d instead of gunzip
* Sun Nov 20 2022 sndirschAATTsuse.com- Update to version 3.5.14
* Fix spelling/wording issues
* man: strip trailing whitespace
* gitlab CI: add a basic build test
* man pages: Make file names consistent with their displayed names
* man pages: Fix shadow man pages
* man pages: Make function synopses more consistent with other pages
* man pages: Add missing word \'function\' where needed
* man pages: Fix typos
* man pages: Correct Copyright/License notices
* add man pages based on doc/xpm.PS
* update man pages
* Sat Jan 04 2020 sndirschAATTsuse.com- Update to version 3.5.13 The fixes here are some found by static analysers, and a build fix for Windows (which, curiously, is dated to 2012 so clearly we\'re at the top of the game here). Nothing overly exciting, but covscan, parfait, etc. should be a bit happier now.
* Sun Jan 01 2017 sndirschAATTsuse.com- added baselibs.conf as source in specfile
* Sun Jan 01 2017 sndirschAATTsuse.com- Update to version 3.5.12:
* Fix abs() usage.
* Fix out out boundary read on unknown colors
* Gracefully handle EOF while parsing files.
* Avoid OOB write when handling malicious XPM files.
* Handle size_t in file/buffer length
* Thu Sep 12 2013 zaitorAATTopensuse.org- Update to version 3.5.11: + Fix typo in COPYING (matches src/amigax.h). + Add noreturn attributes suggested by gcc. + Doclifter can\'t handle more than one dash in a name line. + Fix libXpm build with NO_ZPIPE. + Added \'const\' attribute to all filename arguments in the API. + Added \'const\' qualifier to the filename argument to internal functions. + Close fd if fdopen() or xpmPipeThrough() fails in OpenWriteFile(). + autogen.sh: Implement GNOME Build API. + configure: Remove AM_MAINTAINER_MODE. + Define NO_ZPIPE when building for MinGW.
* Sun Feb 17 2013 jengelhAATTinai.de- Use more robust make install call
* Wed Apr 11 2012 vuntzAATTopensuse.org- Update to version 3.5.10: + Compiler warning fixes + Janitorial cleanups + Build configuration improvements
* Sun Feb 12 2012 jengelhAATTmedozas.de- Rename xorg-x11-libXpm to libXpm and utilize shlib policy
* Tue Dec 21 2010 sndirschAATTnovell.com- bumped version number to 7.6
* Sat Oct 30 2010 sndirschAATTnovell.com- libXpm 3.5.9
* This minor maintenance release provides a large collection of build configuration improvements and other janitorial cleanups.
* Sun Apr 04 2010 sndirschAATTsuse.de- libXpm 3.5.8- bumped version number to 7.5
* Mon Dec 14 2009 jengelhAATTmedozas.de- add baselibs.conf as a source
* Sat May 02 2009 eichAATTsuse.de- revert static library and .la file removal for SUSE versions <= 11.1.
* Tue Apr 21 2009 crrodriguezAATTsuse.de- remove static libraries and \"la\" files- run ldconfig in postun
* Thu Sep 11 2008 sndirschAATTsuse.de- bumped release number to 7.4
* Thu Apr 10 2008 roAATTsuse.de- added baselibs.conf file to build xxbit packages for multilib support
* Sat Sep 29 2007 sndirschAATTsuse.de- bumped version to 7.3
* Fri Aug 24 2007 sndirschAATTsuse.de- libXpm 3.5.7
* Sun bug 4486226: Xpm is not internationalized
* Use AM_CFLAGS & AM_CPPFLAGS to replace per-program and obsolete macros
* Include comment/copyright/license for AC_DEFINE_DIR in acinclude.m4
* Replace index/rindex with C89 standard strchr/strrchr
* Use srcdir in paths passed to xgettext when making .po files
* Replace strcpy with strncpy to match previous code block
* X.Org Bug #11863: Build libXpm on MS Windows (with MinGW)
* Sat Oct 14 2006 sndirschAATTsuse.de- updated to X.Org 7.2RC1
* Wed Aug 02 2006 sndirschAATTsuse.de- fix setup line
* Fri Jul 28 2006 sndirschAATTsuse.de- use \"-fno-strict-aliasing\"
* Thu Jul 27 2006 sndirschAATTsuse.de- use $RPM_OPT_FLAGS- remove existing /usr/include/X11 symlink in %pre
* Fri Jun 23 2006 sndirschAATTsuse.de- created package
  
ICM