2019-08-02 08:11:56 +00:00
|
|
|
Summary: X.Org X11 libXpm runtime library
|
|
|
|
Name: libXpm
|
|
|
|
Version: 3.5.12
|
2024-03-27 19:57:02 +00:00
|
|
|
Release: 11%{?dist}
|
2019-08-02 08:11:56 +00:00
|
|
|
License: MIT
|
|
|
|
Group: System Environment/Libraries
|
|
|
|
URL: http://www.x.org
|
|
|
|
|
|
|
|
Source0: https://www.x.org/pub/individual/lib/%{name}-%{version}.tar.bz2
|
|
|
|
|
|
|
|
BuildRequires: xorg-x11-util-macros
|
|
|
|
BuildRequires: autoconf automake libtool
|
|
|
|
BuildRequires: gettext
|
|
|
|
BuildRequires: pkgconfig(xext) pkgconfig(xt) pkgconfig(xau)
|
2023-03-28 11:25:54 +00:00
|
|
|
BuildRequires: ncompress gzip
|
2019-08-02 08:11:56 +00:00
|
|
|
|
2020-01-21 23:05:03 +00:00
|
|
|
Patch0: 0001-After-fdopen-use-fclose-instead-of-close-in-error-pa.patch
|
|
|
|
|
2023-03-28 11:25:54 +00:00
|
|
|
# CVE-2022-46285
|
|
|
|
Patch0001: 0001-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch
|
|
|
|
# CVE-2022-44617
|
|
|
|
Patch0002: 0002-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch
|
|
|
|
Patch0003: 0003-Prevent-a-double-free-in-the-error-code-path.patch
|
|
|
|
# CVE-2022-4883
|
|
|
|
Patch0004: 0004-configure-add-disable-open-zfile-instead-of-requirin.patch
|
|
|
|
Patch0005: 0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
|
|
|
|
Patch0006: 0006-Use-gzip-d-instead-of-gunzip.patch
|
2024-03-27 19:57:02 +00:00
|
|
|
# CVE-2023-43788
|
|
|
|
Patch0007: 0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch
|
|
|
|
# CVE-2023-43789
|
|
|
|
Patch0008: 0001-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch
|
2023-03-28 11:25:54 +00:00
|
|
|
|
2019-08-02 08:11:56 +00:00
|
|
|
%description
|
|
|
|
X.Org X11 libXpm runtime library
|
|
|
|
|
|
|
|
%package devel
|
|
|
|
Summary: X.Org X11 libXpm development package
|
|
|
|
Group: Development/Libraries
|
|
|
|
Requires: %{name} = %{version}-%{release}
|
|
|
|
|
|
|
|
%description devel
|
|
|
|
X.Org X11 libXpm development package
|
|
|
|
|
|
|
|
%prep
|
|
|
|
%setup -q
|
2020-01-21 23:05:03 +00:00
|
|
|
%patch0 -p1 -b .covscan
|
2023-03-28 11:25:54 +00:00
|
|
|
%patch0001 -p1
|
|
|
|
%patch0002 -p1
|
|
|
|
%patch0003 -p1
|
|
|
|
%patch0004 -p1
|
|
|
|
%patch0005 -p1
|
|
|
|
%patch0006 -p1
|
2024-03-27 19:57:02 +00:00
|
|
|
%patch0007 -p1
|
|
|
|
%patch0008 -p1
|
2019-08-02 08:11:56 +00:00
|
|
|
|
|
|
|
%build
|
|
|
|
autoreconf -v --install --force
|
|
|
|
%configure --disable-static
|
|
|
|
make %{?_smp_mflags}
|
|
|
|
|
|
|
|
%install
|
|
|
|
rm -rf $RPM_BUILD_ROOT
|
|
|
|
|
|
|
|
make install DESTDIR=$RPM_BUILD_ROOT
|
|
|
|
|
|
|
|
# We intentionally don't ship *.la files
|
|
|
|
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
|
|
|
|
|
|
|
%ldconfig_post
|
|
|
|
%ldconfig_postun
|
|
|
|
|
|
|
|
%files
|
|
|
|
%doc AUTHORS COPYING ChangeLog
|
|
|
|
%{_libdir}/libXpm.so.4
|
|
|
|
%{_libdir}/libXpm.so.4.11.0
|
|
|
|
|
|
|
|
%files devel
|
|
|
|
%{_bindir}/cxpm
|
|
|
|
%{_bindir}/sxpm
|
|
|
|
%{_includedir}/X11/xpm.h
|
|
|
|
%{_libdir}/libXpm.so
|
|
|
|
%{_libdir}/pkgconfig/xpm.pc
|
|
|
|
#%dir %{_mandir}/man1x
|
|
|
|
%{_mandir}/man1/*.1*
|
|
|
|
#%{_mandir}/man1/*.1x*
|
|
|
|
|
|
|
|
%changelog
|
2024-03-27 19:57:02 +00:00
|
|
|
* Wed Oct 11 2023 José Expósito <jexposit@redhat.com> - 3.5.12-11
|
|
|
|
- Drop hardening patches from previous version to keep ABI compatibility
|
|
|
|
|
|
|
|
* Wed Oct 11 2023 José Expósito <jexposit@redhat.com> - 3.5.12-10
|
|
|
|
- CVE-2023-43786 libX11: stack exhaustion from infinite recursion
|
|
|
|
in PutSubImage()
|
|
|
|
- CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to
|
|
|
|
a heap overflow
|
|
|
|
- CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer()
|
|
|
|
- CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap
|
|
|
|
|
2023-03-28 11:25:54 +00:00
|
|
|
* Mon Jan 16 2023 Peter Hutterer <peter.hutterer@redhat.com> - 3.5.12-9
|
2024-03-27 19:57:02 +00:00
|
|
|
- Fix CVE-2022-46285: infinite loop on unclosed comments (#2160229)
|
|
|
|
- Fix CVE-2022-44617: runaway loop with width of 0 (#2160231)
|
|
|
|
- Fix CVE-2022-4883: compression depends on $PATH (#2160239)
|
2023-03-28 11:25:54 +00:00
|
|
|
|
|
|
|
* Mon Dec 09 2019 Benjamin Tissoires <benjamin.tissoires@redhat.com> 3.5.12-8
|
2020-01-21 23:05:03 +00:00
|
|
|
- add covscan fixes (#1602606)
|
|
|
|
|
2019-08-02 08:11:56 +00:00
|
|
|
* Thu Jul 05 2018 Adam Jackson <ajax@redhat.com> - 3.5.12-7
|
|
|
|
- Drop useless %%defattr
|
|
|
|
|
|
|
|
* Fri Jun 29 2018 Adam Jackson <ajax@redhat.com> - 3.5.12-6
|
|
|
|
- Use ldconfig scriptlet macros
|
|
|
|
|
|
|
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-5
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
|
|
|
|
|
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-4
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
|
|
|
|
|
|
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-3
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
|
|
|
|
|
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.12-2
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
|
|
|
|
|
* Thu Jan 05 2017 Benjamin Tissoires <benjamin.tissoires@redhat.com> 3.5.12-1
|
|
|
|
- libXpm 3.5.12
|
|
|
|
|
|
|
|
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.11-5
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
|
|
|
|
|
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.11-4
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
|
|
|
|
|
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.11-3
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
|
|
|
|
|
|
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.11-2
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
|
|
|
|
|
* Wed Feb 12 2014 Adam Jackson <ajax@redhat.com> 3.5.11-1
|
|
|
|
- libXpm 3.5.11
|
|
|
|
- Drop pre-F18 changelog
|
|
|
|
|
|
|
|
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.10-5
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
|
|
|
|
|
|
|
* Thu Mar 07 2013 Peter Hutterer <peter.hutterer@redhat.com> - 3.5.10-4
|
|
|
|
- autoreconf for aarch64
|
|
|
|
|
|
|
|
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.10-3
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
|
|
|
|
|
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.10-2
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
|
|
|
|
|
|
* Thu Mar 08 2012 Adam Jackson <ajax@redhat.com> 3.5.10-1
|
|
|
|
- libXpm 3.5.10
|