| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search | 
| Name: libXpm4 | Distribution: SUSE Linux 16 | 
| Version: 3.5.17 | Vendor: SUSE LLC <https://www.suse.com/> | 
| Release: 160000.2.2 | Build date: Tue Oct 3 22:43:14 2023 | 
| Group: System/Libraries | Build host: reproducible | 
| Size: 79992 | Source RPM: libXpm-3.5.17-160000.2.2.src.rpm | 
| Packager: https://www.suse.com/ | |
| Url: https://xorg.freedesktop.org/ | |
| Summary: X Pixmap image file format library | |
libXpm facilitates working with XPM (X PixMap), a format for storing/retrieving X pixmaps to/from files.
MIT
* Tue Oct 03 2023 sndirsch@suse.com
  - Update to 3.5.17
    * This release contains fixes for the libXpm issues reported in
      security advisory here:
      https://lists.x.org/archives/xorg-announce/2023-October/003424.html
    * fixes CVE-2023-43788 libXpm: out of bounds read in
      XpmCreateXpmImageFromBuffer() (boo#1215686)
    * fixes CVE-2023-43789 libXpm: out of bounds read on XPM with
      corrupted colormap (boo#1215687)
* Tue Apr 18 2023 sndirsch@suse.com
  - update to 3.5.16:
    * test: skip compressed file tests when --disable-open-zfile is used
    * gitlab CI: build with each of --enable-open-zfile & --disable-open-zfile
    * configure: correct error message to suggest --disable-open-zfile
    * open-zfile: Make compress & uncompress commands optional
    * Require LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL
    * XpmCreateDataFromXpmImage: Fix misleading indentation
    * parse.c: Wrap FREE_CIDX definition in do { ... } while(0)
    * parse.c: remove unused function xstrlcpy()
    * test: Use PACKAGE_BUGREPORT instead of hard-coded URL's
    * test: Add simple test cases for functions in src/rgb.c
    * xpmReadRgbNames: constify filename argument
    * Fix a memleak in ParsePixels error code path
* Thu Apr 13 2023 sndirsch@suse.com
  - with switching to suggests making use of (n)compress no longer
    needs to be limited to openSUSE
* Thu Apr 13 2023 sndirsch@suse.com
  - suggests instead of require compress (see changelog below)
* Wed Apr 12 2023 sndirsch@suse.com
  - require compress (ncompress package) on openSUSE; it's not
    supported on SLE
* Wed Apr 12 2023 fvogt@suse.com
  - Drop n_no-compress-on-sle.patch and set XPM_PATH_COMPRESS instead
    (xpmPipeThrough function returns NULL when the command is not
    available; so same result as with the patch applied; that the
    child process for executing 'compress' returns with exit(1)
    doesn't matter much; it might even be useful to see the error
    message ...)
* Wed Apr 12 2023 sndirsch@suse.com
  - Depend also on /usr/bin/uncompress, not only /usr/bin/gzip;
    Requiring binaries instead of packages resolves the file
    conflict with busybox-gzip, which is used when building nginx
    opensuse images; dep chain was: nginx -> libdg3 -> libXpm4 -> gzip
    ==> conflict with busybox-gzip
* Tue Apr 11 2023 fvogt@suse.com
  - Depend on /usr/bin/gzip, not gzip
* Mon Apr 03 2023 sndirsch@suse.com
  - n_no-compress-on-sle.patch
    * we can't handle .Z files, since we don't have ncompress package
      on SLE; so disable this feature as before (bsc#1207031)
  - BuildRequires
    * removed again ncompress
    * added again autoconf, automake, libtool
  - run again autoreconf due to patch above
* Mon Apr 03 2023 dmueller@suse.com
  - update to 3.5.15:
    * Use gzip -d instead of gunzip
    * Prevent a double free in the error code path
    * Fix CVE-2022-4883: compression commands depend on $PATH
    * Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
    * test: add test cases for CVE-2022-44617 (zero-width w/enormous height)
    * Fix CVE-2022-46285: Infinite loop on unclosed comments
    * test: add test case for CVE-2022-46285 (unclosed comments)
    * cxpm: getc/ungetc wrappers should not adjust position when c == EOF
    * test: Add unit tests using glib framework
    * configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE
    * man pages: Apply standard man page style/formatting
    * man pages: Replace "See Also" entries with more useful ones
    * man pages: Fix typos and other minor editing
  - drop U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch,
      U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch,
      U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch,
      U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch,
      U_regression-bug1207029_1207030_1207031.patch
      U_regression2-bug1207029_1207030_1207031.patch: upstream
  - switch urls to https
  - spec file cleanups
  - add gpg keyring validation
* Wed Jan 11 2023 sndirsch@suse.com
  - U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch
    * needed by U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
  - U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch
    * libXpm: Infinite loop on unclosed comments (CVE-2022-46285,
      bsc#1207029)
  - U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch
    * libXpm: Runaway loop on width of 0 and enormous height
      (CVE-2022-44617, bsc#1207030)
  - U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
    * libXpm: compression commands depend on $PATH (CVE-2022-4883,
      bsc#1207031)
  - U_regression-bug1207029_1207030_1207031.patch
    * regression fix for above patches
  - U_regression2-bug1207029_1207030_1207031.patch
    * second regression fix: Use gzip -d instead of gunzip
* Sun Nov 20 2022 sndirsch@suse.com
  - Update to version 3.5.14
    * Fix spelling/wording issues
    * man: strip trailing whitespace
    * gitlab CI: add a basic build test
    * man pages: Make file names consistent with their displayed names
    * man pages: Fix shadow man pages
    * man pages: Make function synopses more consistent with other pages
    * man pages: Add missing word 'function' where needed
    * man pages: Fix typos
    * man pages: Correct Copyright/License notices
    * add man pages based on doc/xpm.PS
    * update man pages
* Sat Jan 04 2020 sndirsch@suse.com
  - Update to version 3.5.13
    The fixes here are some found by static analysers, and a build
    fix for Windows (which, curiously, is dated to 2012 so clearly
    we're at the top of the game here). Nothing overly exciting,
    but covscan, parfait, etc. should be a bit happier now.
* Sun Jan 01 2017 sndirsch@suse.com
  - added baselibs.conf as source in specfile
* Sun Jan 01 2017 sndirsch@suse.com
  - Update to version 3.5.12:
    * Fix abs() usage.
    * Fix out out boundary read on unknown colors
    * Gracefully handle EOF while parsing files.
    * Avoid OOB write when handling malicious XPM files.
    * Handle size_t in file/buffer length
* Thu Sep 12 2013 zaitor@opensuse.org
  - Update to version 3.5.11:
    + Fix typo in COPYING (matches src/amigax.h).
    + Add noreturn attributes suggested by gcc.
    + Doclifter can't handle more than one dash in a name line.
    + Fix libXpm build with NO_ZPIPE.
    + Added 'const' attribute to all filename arguments in the API.
    + Added 'const' qualifier to the filename argument to internal
      functions.
    + Close fd if fdopen() or xpmPipeThrough() fails in
      OpenWriteFile().
    + autogen.sh: Implement GNOME Build API.
    + configure: Remove AM_MAINTAINER_MODE.
    + Define NO_ZPIPE when building for MinGW.
* Sun Feb 17 2013 jengelh@inai.de
  - Use more robust make install call
* Wed Apr 11 2012 vuntz@opensuse.org
  - Update to version 3.5.10:
    + Compiler warning fixes
    + Janitorial cleanups
    + Build configuration improvements
* Sun Feb 12 2012 jengelh@medozas.de
  - Rename xorg-x11-libXpm to libXpm and utilize shlib policy
* Tue Dec 21 2010 sndirsch@novell.com
  - bumped version number to 7.6
* Sat Oct 30 2010 sndirsch@novell.com
  - libXpm 3.5.9
    * This minor maintenance release provides a large collection of
      build configuration improvements and other janitorial
      cleanups.
* Sun Apr 04 2010 sndirsch@suse.de
  - libXpm 3.5.8
  - bumped version number to 7.5
* Mon Dec 14 2009 jengelh@medozas.de
  - add baselibs.conf as a source
* Sat May 02 2009 eich@suse.de
  - revert static library and .la file removal
    for SUSE versions <= 11.1.
* Tue Apr 21 2009 crrodriguez@suse.de
  - remove static libraries and "la" files
  - run ldconfig in postun
* Thu Sep 11 2008 sndirsch@suse.de
  - bumped release number to 7.4
* Thu Apr 10 2008 ro@suse.de
  - added baselibs.conf file to build xxbit packages
    for multilib support
* Sat Sep 29 2007 sndirsch@suse.de
  - bumped version to 7.3
* Fri Aug 24 2007 sndirsch@suse.de
  - libXpm 3.5.7
    * Sun bug 4486226: Xpm is not internationalized
    * Use AM_CFLAGS & AM_CPPFLAGS to replace per-program and obsolete macros
    * Include comment/copyright/license for AC_DEFINE_DIR in acinclude.m4
    * Replace index/rindex with C89 standard strchr/strrchr
    * Use srcdir in paths passed to xgettext when making .po files
    * Replace strcpy with strncpy to match previous code block
    * X.Org Bug #11863: Build libXpm on MS Windows (with MinGW)
* Sat Oct 14 2006 sndirsch@suse.de
  - updated to X.Org 7.2RC1
* Wed Aug 02 2006 sndirsch@suse.de
  - fix setup line
* Fri Jul 28 2006 sndirsch@suse.de
  - use "-fno-strict-aliasing"
* Thu Jul 27 2006 sndirsch@suse.de
  - use $RPM_OPT_FLAGS
  - remove existing /usr/include/X11 symlink in %pre
* Fri Jun 23 2006 sndirsch@suse.de
  - created package
/usr/lib64/libXpm.so.4 /usr/lib64/libXpm.so.4.11.0
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Sep 30 22:45:42 2025