From 3a217f7c5f0d2321e94e5111a6db1bb705f9bd12 Mon Sep 17 00:00:00 2001 From: Gwyn Ciesla Date: Wed, 31 Jul 2019 16:41:32 -0500 Subject: [PATCH 01/27] "Adding package.cfg file" --- package.cfg | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 package.cfg diff --git a/package.cfg b/package.cfg new file mode 100644 index 0000000..66ea79d --- /dev/null +++ b/package.cfg @@ -0,0 +1,2 @@ +[koji] +targets = epel8 epel8-playground \ No newline at end of file From 2d5023338f8c02a41d770b375c908ba71ed61ef7 Mon Sep 17 00:00:00 2001 From: Troy Dawson Date: Thu, 24 Sep 2020 16:05:44 +0000 Subject: [PATCH 02/27] remove package.cfg per new epel-playground policy --- package.cfg | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 package.cfg diff --git a/package.cfg b/package.cfg deleted file mode 100644 index 66ea79d..0000000 --- a/package.cfg +++ /dev/null @@ -1,2 +0,0 @@ -[koji] -targets = epel8 epel8-playground \ No newline at end of file From 396b7c4c7b86ddaf673826f740a1a6a4c47133ee Mon Sep 17 00:00:00 2001 From: Jeff Law Date: Mon, 27 Jul 2020 15:41:50 -0600 Subject: [PATCH 03/27] Force C++14 as the code is not ready for C++17 --- advancecomp.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/advancecomp.spec b/advancecomp.spec index c71e25b..365c96a 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -1,6 +1,6 @@ Name: advancecomp Version: 2.1 -Release: 11%{?dist} +Release: 15%{?dist} Summary: Recompression utilities for png, mng, zip and gz files License: GPLv3 URL: http://www.advancemame.it/ @@ -36,6 +36,7 @@ This package contains: dos2unix -k doc/*.txt %build +export CXXFLAGS="-std=c++14 $RPM_OPT_FLAGS" %configure make %{?_smp_mflags} @@ -50,6 +51,9 @@ make install DESTDIR=%{buildroot} %{_mandir}/man1/* %changelog +* Mon Jul 27 2020 Jeff Law - 2.1-15 +- Force C++14 as the code is not ready for C++17 + * Fri May 10 2019 Than Ngo - 2.1-11 - Backport for #1708563, CVE-2019-8383 - denial of service in function adv_png_unfilter_8 From 0282667b4f38ff5424d4d337b9813a2c7886942c Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Tue, 15 Dec 2020 01:54:25 +0000 Subject: [PATCH 04/27] Add BuildRequires: make https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot --- advancecomp.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/advancecomp.spec b/advancecomp.spec index 365c96a..88260e2 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -15,6 +15,7 @@ BuildRequires: gcc gcc-c++ BuildRequires: tofrodos BuildRequires: zlib-devel BuildRequires: dos2unix +BuildRequires: make %description AdvanceCOMP is a set of recompression utilities for .PNG, .MNG and .ZIP files. From fc2d51cd2e4a92ed92f73b35de86b855cf9933c8 Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Sat, 24 Sep 2022 09:16:00 -0400 Subject: [PATCH 05/27] Spec file formatting tweaks --- advancecomp.spec | 43 +++++++++++++++++++++++++++++-------------- 1 file changed, 29 insertions(+), 14 deletions(-) diff --git a/advancecomp.spec b/advancecomp.spec index 88260e2..4b61866 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -1,7 +1,8 @@ Name: advancecomp Version: 2.1 -Release: 15%{?dist} -Summary: Recompression utilities for png, mng, zip and gz files +Release: 21%{?dist} +Summary: Recompression utilities for .png, .mng, .zip and .gz files + License: GPLv3 URL: http://www.advancemame.it/ Source0: https://github.com/amadvance/advancecomp/releases/download/v%{version}/advancecomp-%{version}.tar.gz @@ -11,23 +12,29 @@ Patch0: advancecomp-CVE-2019-8383.patch # CVE-2019-9210 advancecomp: integer overflow in png_compress in pngex.cc Patch1: advancecomp-CVE-2019-9210.patch -BuildRequires: gcc gcc-c++ -BuildRequires: tofrodos -BuildRequires: zlib-devel +BuildRequires: gcc +BuildRequires: gcc-c++ +BuildRequires: make + BuildRequires: dos2unix -BuildRequires: make +BuildRequires: tofrodos + +BuildRequires: zlib-devel %description -AdvanceCOMP is a set of recompression utilities for .PNG, .MNG and .ZIP files. -The main features are : -* Recompress ZIP, PNG and MNG files using the Deflate 7-Zip implementation. -* Recompress MNG files using Delta and Move optimization. +AdvanceCOMP contains recompression utilities for your .zip archives, +.png images, .mng video clips and .gz files. + +The official site of AdvanceCOMP is: + + http://www.advancemame.it This package contains: -* advzip - Recompression and test utility for zip files -* advpng - Recompression utility for png files -* advmng - Recompression utility for mng files -* advdef - Recompression utility for deflate streams in png, mng and gz files + advzip - Recompression and test utility for zip files + advpng - Recompression utility for png files + advmng - Recompression utility for mng files + advdef - Recompression utility for deflate streams in .png, .mng and .gz files + %prep %setup -q @@ -36,22 +43,30 @@ This package contains: dos2unix -k doc/*.txt + %build export CXXFLAGS="-std=c++14 $RPM_OPT_FLAGS" %configure make %{?_smp_mflags} + %install make install DESTDIR=%{buildroot} + %files %license COPYING %doc AUTHORS HISTORY README %doc doc/{adv*,authors,history,readme}.txt + %{_bindir}/* %{_mandir}/man1/* + %changelog +* Sat Sep 24 2022 Benjamin A. Beasley - 2.1-21 +- Spec file formatting tweaks + * Mon Jul 27 2020 Jeff Law - 2.1-15 - Force C++14 as the code is not ready for C++17 From 4954db1f3309cd527240bbdf7c3a18f874f2d2c4 Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Sat, 24 Sep 2022 09:20:54 -0400 Subject: [PATCH 06/27] Convert URLs from HTTP to HTTPS --- advancecomp.spec | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/advancecomp.spec b/advancecomp.spec index 4b61866..03d773d 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -4,7 +4,7 @@ Release: 21%{?dist} Summary: Recompression utilities for .png, .mng, .zip and .gz files License: GPLv3 -URL: http://www.advancemame.it/ +URL: https://www.advancemame.it/ Source0: https://github.com/amadvance/advancecomp/releases/download/v%{version}/advancecomp-%{version}.tar.gz # CVE-2019-8383 advancecomp: denial of service in function adv_png_unfilter_8 @@ -27,7 +27,7 @@ AdvanceCOMP contains recompression utilities for your .zip archives, The official site of AdvanceCOMP is: - http://www.advancemame.it + https://www.advancemame.it This package contains: advzip - Recompression and test utility for zip files @@ -66,6 +66,7 @@ make install DESTDIR=%{buildroot} %changelog * Sat Sep 24 2022 Benjamin A. Beasley - 2.1-21 - Spec file formatting tweaks +- Convert URLs from HTTP to HTTPS * Mon Jul 27 2020 Jeff Law - 2.1-15 - Force C++14 as the code is not ready for C++17 From 9c670590d1d952bb8a7c536a46a6cf67f09be9b4 Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Sat, 24 Sep 2022 09:26:11 -0400 Subject: [PATCH 07/27] Use modern spec file macros (make_build/make_install/etc.) --- advancecomp.spec | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/advancecomp.spec b/advancecomp.spec index 03d773d..bb9579f 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -37,21 +37,21 @@ This package contains: %prep -%setup -q -%patch0 -p1 -b .CVE-2019-8383 -%patch1 -p1 -b .CVE-2019-9210 - +%autosetup -p1 dos2unix -k doc/*.txt %build -export CXXFLAGS="-std=c++14 $RPM_OPT_FLAGS" +# error: ISO C++17 does not allow dynamic exception specifications +%set_build_flags +export CXXFLAGS="-std=gnu++14 ${CXXFLAGS-}" + %configure -make %{?_smp_mflags} +%make_build %install -make install DESTDIR=%{buildroot} +%make_install %files @@ -67,6 +67,7 @@ make install DESTDIR=%{buildroot} * Sat Sep 24 2022 Benjamin A. Beasley - 2.1-21 - Spec file formatting tweaks - Convert URLs from HTTP to HTTPS +- Use modern spec file macros (make_build/make_install/etc.) * Mon Jul 27 2020 Jeff Law - 2.1-15 - Force C++14 as the code is not ready for C++17 From b03d0ea739a7c8aae6cf996d871f8c06e061129e Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Sat, 24 Sep 2022 09:44:07 -0400 Subject: [PATCH 08/27] Unbundle libdeflate --- advancecomp.spec | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/advancecomp.spec b/advancecomp.spec index bb9579f..9f31420 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -12,6 +12,9 @@ Patch0: advancecomp-CVE-2019-8383.patch # CVE-2019-9210 advancecomp: integer overflow in png_compress in pngex.cc Patch1: advancecomp-CVE-2019-9210.patch +BuildRequires: autoconf +BuildRequires: automake + BuildRequires: gcc BuildRequires: gcc-c++ BuildRequires: make @@ -19,8 +22,17 @@ BuildRequires: make BuildRequires: dos2unix BuildRequires: tofrodos +# System library supported by upstream BuildRequires: zlib-devel +%if 0%{?el7} +# No libdeflate package in EPEL7 +Provides: bundled(libdeflate) = 0.6 +%else +# Unbundled downstream +BuildRequires: pkgconfig(libdeflate) +%endif + %description AdvanceCOMP contains recompression utilities for your .zip archives, .png images, .mng video clips and .gz files. @@ -40,12 +52,33 @@ This package contains: %autosetup -p1 dos2unix -k doc/*.txt +%if ! 0%{?el7} +# Patch out bundled libdeflate +rm -rvf libdeflate +sed -r -i '/libdeflate/d' Makefile.am +# Fix up #include paths. The find-then-modify pattern keeps us from discarding +# mtimes on any sources that do not need modification. +find . -type f -exec gawk \ + '/^[[:blank:]]*#include.*libdeflate/ { print FILENAME; nextfile }' \ + '{}' '+' | + xargs -r -t sed -r -i 's@^([[:blank:]]*#include.*)libdeflate/@\1@' +%endif + %build +autoreconf --force --install --verbose + # error: ISO C++17 does not allow dynamic exception specifications %set_build_flags export CXXFLAGS="-std=gnu++14 ${CXXFLAGS-}" +%if ! 0%{?el7} +# Link against system libdeflate +export CFLAGS="$(pkgconf --cflags libdeflate) ${CFLAGS-}" +export CXXFLAGS="$(pkgconf --cflags libdeflate) ${CXXFLAGS-}" +export LDFLAGS="$(pkgconf --libs libdeflate) ${LDFLAGS-}" +%endif + %configure %make_build @@ -68,6 +101,7 @@ export CXXFLAGS="-std=gnu++14 ${CXXFLAGS-}" - Spec file formatting tweaks - Convert URLs from HTTP to HTTPS - Use modern spec file macros (make_build/make_install/etc.) +- Unbundle libdeflate * Mon Jul 27 2020 Jeff Law - 2.1-15 - Force C++14 as the code is not ready for C++17 From d7176d20f778c6ccae57bcf022e7fda9cc2a4d89 Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Sat, 24 Sep 2022 10:22:11 -0400 Subject: [PATCH 09/27] Unbundle zopfli where it is available as a system library (i.e., Fedora) --- advancecomp.spec | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/advancecomp.spec b/advancecomp.spec index 9f31420..f1b2780 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -33,6 +33,16 @@ Provides: bundled(libdeflate) = 0.6 BuildRequires: pkgconfig(libdeflate) %endif +%if 0%{?el9} || 0%{?el8} || 0%{?el7} +# No libzopfli/zopfli-devel in these distributions +# Version number based on HISTORY, which mentions that upstream commit +# 6818a0859063b946094fb6f94732836404a0d89a was used from +# https://github.com/google/zopfli/. +Provides: bundled(zopfli) = 1.0.2%{?!el7:^20160527git6818a08} +%else +BuildRequires: zopfli-devel +%endif + %description AdvanceCOMP contains recompression utilities for your .zip archives, .png images, .mng video clips and .gz files. @@ -55,7 +65,7 @@ dos2unix -k doc/*.txt %if ! 0%{?el7} # Patch out bundled libdeflate rm -rvf libdeflate -sed -r -i '/libdeflate/d' Makefile.am +sed -r -i '/libdeflate[\/_]/d' Makefile.am # Fix up #include paths. The find-then-modify pattern keeps us from discarding # mtimes on any sources that do not need modification. find . -type f -exec gawk \ @@ -64,6 +74,21 @@ find . -type f -exec gawk \ xargs -r -t sed -r -i 's@^([[:blank:]]*#include.*)libdeflate/@\1@' %endif +%if !(0%{?el9} || 0%{?el8} || 0%{?el7}) +# Patch out bundled zopfli +rm -rvf zopfli +sed -r -i \ + -e '/zopfli[\/_]/d' \ + -e 's/((\(7z_SOURCES\)|WindowOut\.h).*)[[:blank:]]*\\/\1/' \ + Makefile.am +# Fix up #include paths. The find-then-modify pattern keeps us from discarding +# mtimes on any sources that do not need modification. +find . -type f -exec gawk \ + '/^[[:blank:]]*#include.*zopfli/ { print FILENAME; nextfile }' \ + '{}' '+' | + xargs -r -t sed -r -i -e 's@^([[:blank:]]*#include.*)zopfli/@\1@' +%endif + %build autoreconf --force --install --verbose @@ -79,6 +104,11 @@ export CXXFLAGS="$(pkgconf --cflags libdeflate) ${CXXFLAGS-}" export LDFLAGS="$(pkgconf --libs libdeflate) ${LDFLAGS-}" %endif +%if !(0%{?el9} || 0%{?el8} || 0%{?el7}) +# Link against system zopfli +export LDFLAGS="-lzopfli ${LDFLAGS-}" +%endif + %configure %make_build @@ -102,6 +132,7 @@ export LDFLAGS="$(pkgconf --libs libdeflate) ${LDFLAGS-}" - Convert URLs from HTTP to HTTPS - Use modern spec file macros (make_build/make_install/etc.) - Unbundle libdeflate +- Unbundle zopfli where it is available as a system library (i.e., Fedora) * Mon Jul 27 2020 Jeff Law - 2.1-15 - Force C++14 as the code is not ready for C++17 From d02c67597f800d202fabcff5bb4531a79ea92f6c Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Wed, 28 Sep 2022 09:11:53 -0400 Subject: [PATCH 10/27] Remove unnecessary BR on tofrodos MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Makefile.am uses “todos”, but only when a tool called “advd2” is installed. --- advancecomp.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advancecomp.spec b/advancecomp.spec index f1b2780..de1f9de 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -20,7 +20,6 @@ BuildRequires: gcc-c++ BuildRequires: make BuildRequires: dos2unix -BuildRequires: tofrodos # System library supported by upstream BuildRequires: zlib-devel @@ -133,6 +132,7 @@ export LDFLAGS="-lzopfli ${LDFLAGS-}" - Use modern spec file macros (make_build/make_install/etc.) - Unbundle libdeflate - Unbundle zopfli where it is available as a system library (i.e., Fedora) +- Remove unnecessary BR on tofrodos * Mon Jul 27 2020 Jeff Law - 2.1-15 - Force C++14 as the code is not ready for C++17 From a8f339d4b08b8e3cbd764d5ba7cfdb87e8d75f3c Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Wed, 28 Sep 2022 10:49:35 -0400 Subject: [PATCH 11/27] Properly document bundled 7z code --- advancecomp.spec | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/advancecomp.spec b/advancecomp.spec index de1f9de..a71e053 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -3,6 +3,13 @@ Version: 2.1 Release: 21%{?dist} Summary: Recompression utilities for .png, .mng, .zip and .gz files +# The bundled and forked 7z (7-Zip code) in 7z/ is under the “LGPL” license. +# Based on https://www.7-zip.org/license.txt, and the absence of any mention of +# license changes in https://www.7-zip.org/history.txt, 7-Zip has always been +# licensed under LGPL-2.1-or-later, specifically; we thus assume this is the +# intended specific license for the contents of the 7z/ directory. None of the +# sources that would be covered by the “unRAR license restriction” or the +# BSD-3-Clause license for LZFSE are present in this fork. License: GPLv3 URL: https://www.advancemame.it/ Source0: https://github.com/amadvance/advancecomp/releases/download/v%{version}/advancecomp-%{version}.tar.gz @@ -42,6 +49,24 @@ Provides: bundled(zopfli) = 1.0.2%{?!el7:^20160527git6818a08} BuildRequires: zopfli-devel %endif +# From 7z/README: +# +# This directory contains some source files from the +# 7z archive utility. (www.7-zip.org) +# +# All the files in this directory was originally released +# with the LGPL license. +# +# All the modifications made on the original files must +# be considered Copyright (C) 2002 Andrea Mazzoleni and +# released under the LGPL license. +# +# It is not clear which version was forked. Because 7-Zip does not provide a +# library, and because the implementation is modified, there is no possibility +# of unbundling. Note that this was forked from the original 7-Zip, not from +# p7zip. +Provides: bundled(7z) + %description AdvanceCOMP contains recompression utilities for your .zip archives, .png images, .mng video clips and .gz files. @@ -133,6 +158,7 @@ export LDFLAGS="-lzopfli ${LDFLAGS-}" - Unbundle libdeflate - Unbundle zopfli where it is available as a system library (i.e., Fedora) - Remove unnecessary BR on tofrodos +- Properly document bundled 7z code * Mon Jul 27 2020 Jeff Law - 2.1-15 - Force C++14 as the code is not ready for C++17 From c8a3dcea64c895f2ab3901a28c1eb997ea02615d Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Wed, 28 Sep 2022 11:00:53 -0400 Subject: [PATCH 12/27] Convert to rpmautospec --- advancecomp.spec | 181 +---------------------------------------------- changelog | 178 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 180 insertions(+), 179 deletions(-) create mode 100644 changelog diff --git a/advancecomp.spec b/advancecomp.spec index a71e053..bf7859b 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -1,6 +1,6 @@ Name: advancecomp Version: 2.1 -Release: 21%{?dist} +Release: %autorelease Summary: Recompression utilities for .png, .mng, .zip and .gz files # The bundled and forked 7z (7-Zip code) in 7z/ is under the “LGPL” license. @@ -151,181 +151,4 @@ export LDFLAGS="-lzopfli ${LDFLAGS-}" %changelog -* Sat Sep 24 2022 Benjamin A. Beasley - 2.1-21 -- Spec file formatting tweaks -- Convert URLs from HTTP to HTTPS -- Use modern spec file macros (make_build/make_install/etc.) -- Unbundle libdeflate -- Unbundle zopfli where it is available as a system library (i.e., Fedora) -- Remove unnecessary BR on tofrodos -- Properly document bundled 7z code - -* Mon Jul 27 2020 Jeff Law - 2.1-15 -- Force C++14 as the code is not ready for C++17 - -* Fri May 10 2019 Than Ngo - 2.1-11 -- Backport for #1708563, CVE-2019-8383 - denial of service in function adv_png_unfilter_8 - -* Wed Mar 06 2019 Than Ngo - 2.1-10 -- Backport, fix a buffer overflow with image of invalid size - -* Fri Mar 01 2019 Than Ngo - 2.1-9 -- fixed CVE-2019-9210 advancecomp: integer overflow in png_compress in pngex.cc - -* Thu Jan 31 2019 Fedora Release Engineering - 2.1-8 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Tue Jan 29 2019 Matthias Saou 2.1-7 -- Fix doc EOL. -- Minor cosmetic updates (summary, description...). - -* Sat Jul 14 2018 Christian Dersch - 2.1-6 -- BuildRequires: gcc-c++ - -* Thu Jul 12 2018 Fedora Release Engineering - 2.1-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Wed Mar 07 2018 Than Ngo - 2.1-4 -- updated to 2.1 (fix CVE-2018-1056) - -* Wed Feb 07 2018 Fedora Release Engineering - 1.23-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Wed Aug 02 2017 Fedora Release Engineering - 1.23-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Wed Jul 26 2017 Fedora Release Engineering - 1.23-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Tue Feb 28 2017 Christian Dersch - 1.23-1 -- new version - -* Fri Feb 10 2017 Fedora Release Engineering - 1.20-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Sun Nov 13 2016 Christian Dersch - 1.20-3 -- revert to 1.20, 1.22 does not build and also needs unbundling of libdeflate first - -* Sun Nov 13 2016 Christian Dersch - 1.22-1 -- new version - -* Wed Feb 03 2016 Fedora Release Engineering - 1.20-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Mon Oct 05 2015 Christian Dersch - 1.20-1 -- new version 1.20 -- use license tag - -* Tue Jun 16 2015 Fedora Release Engineering - 1.19-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Sat May 02 2015 Kalev Lember - 1.19-4 -- Rebuilt for GCC 5 C++11 ABI change - -* Fri Aug 15 2014 Fedora Release Engineering - 1.19-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Sat Jun 07 2014 Fedora Release Engineering - 1.19-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Thu Mar 20 2014 Christopher Meng - 1.19-1 -- Update to 1.19 - -* Mon Feb 10 2014 Christopher Meng - 1.18-1 -- Update to 1.18 - -* Sat Aug 03 2013 Fedora Release Engineering - 1.15-19 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Wed Feb 13 2013 Fedora Release Engineering - 1.15-18 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild - -* Wed Jul 18 2012 Fedora Release Engineering - 1.15-17 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Fri Apr 27 2012 Peter Robinson - 1.15-16 -- Add disttag, modernise spec file - -* Tue Feb 28 2012 Fedora Release Engineering - 1.15-15 -- Rebuilt for c++ ABI breakage - -* Thu Jan 12 2012 Fedora Release Engineering - 1.15-14 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild - -* Mon Feb 07 2011 Fedora Release Engineering - 1.15-13 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Fri Jul 24 2009 Fedora Release Engineering - 1.15-12 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Mon Feb 23 2009 Fedora Release Engineering - 1.15-11 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - -* Tue Feb 19 2008 Fedora Release Engineering - 1.15-10 -- Autorebuild for GCC 4.3 - -* Wed Aug 22 2007 Matthias Saou 1.15-9 -- Rebuild for new BuildID feature. - -* Fri Aug 3 2007 Matthias Saou 1.15-8 -- Update License field. -- Remove dist tag, since the package will seldom change. - -* Thu Mar 29 2007 Matthias Saou 1.15-7 -- Switch to using DESTDIR install method. - -* Thu Mar 29 2007 Matthias Saou 1.15-6 -- Switch to use downloads.sf.net source URL. -- Tweak defattr. - -* Mon Aug 28 2006 Matthias Saou 1.15-5 -- FC6 rebuild, remove gcc-c++ build requirement (it's a default). - -* Mon Mar 6 2006 Matthias Saou 1.15-4 -- FC5 rebuild. - -* Wed Feb 8 2006 Matthias Saou 1.15-3 -- Rebuild for new gcc/glibc. - -* Tue Jan 24 2006 Matthias Saou 1.15-2 -- Rebuild for FC5. - -* Wed Nov 2 2005 Matthias Saou 1.15-1 -- Update to 1.15, includes 64bit fixes. - -* Fri May 27 2005 Matthias Saou 1.14-5 -- Update 64bit patch to a cleaner approach as Ralf suggested. - -* Thu May 26 2005 Jeremy Katz - 1.14-4 -- fix build on 64bit arches - -* Sun May 22 2005 Jeremy Katz - 1.14-3 -- rebuild on all arches - -* Thu Apr 7 2005 Michael Schwendt 1.14-2 -- rebuilt - -* Wed Feb 23 2005 Matthias Saou 1.14-1 -- Update to 1.14. - -* Mon Nov 29 2004 Matthias Saou 1.13-1 -- Update to 1.13. - -* Tue Nov 2 2004 Matthias Saou 1.12-1 -- Update to 1.12. - -* Tue Aug 24 2004 Matthias Saou 1.11-1 -- Update to 1.11. - -* Mon May 17 2004 Matthias Saou 1.10-1 -- Update to 1.10. - -* Mon Nov 3 2003 Matthias Saou 1.7-2 -- Rebuild for Fedora Core 1. -- Added missing build dependencies, thanks to mach. - -* Tue Aug 26 2003 Matthias Saou -- Update to 1.7. - -* Thu May 22 2003 Matthias Saou -- Initial RPM release. +%autochangelog diff --git a/changelog b/changelog new file mode 100644 index 0000000..ccf47d2 --- /dev/null +++ b/changelog @@ -0,0 +1,178 @@ +* Sat Sep 24 2022 Benjamin A. Beasley - 2.1-21 +- Spec file formatting tweaks +- Convert URLs from HTTP to HTTPS +- Use modern spec file macros (make_build/make_install/etc.) +- Unbundle libdeflate +- Unbundle zopfli where it is available as a system library (i.e., Fedora) +- Remove unnecessary BR on tofrodos +- Properly document bundled 7z code + +* Mon Jul 27 2020 Jeff Law - 2.1-15 +- Force C++14 as the code is not ready for C++17 + +* Fri May 10 2019 Than Ngo - 2.1-11 +- Backport for #1708563, CVE-2019-8383 - denial of service in function adv_png_unfilter_8 + +* Wed Mar 06 2019 Than Ngo - 2.1-10 +- Backport, fix a buffer overflow with image of invalid size + +* Fri Mar 01 2019 Than Ngo - 2.1-9 +- fixed CVE-2019-9210 advancecomp: integer overflow in png_compress in pngex.cc + +* Thu Jan 31 2019 Fedora Release Engineering - 2.1-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Tue Jan 29 2019 Matthias Saou 2.1-7 +- Fix doc EOL. +- Minor cosmetic updates (summary, description...). + +* Sat Jul 14 2018 Christian Dersch - 2.1-6 +- BuildRequires: gcc-c++ + +* Thu Jul 12 2018 Fedora Release Engineering - 2.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Mar 07 2018 Than Ngo - 2.1-4 +- updated to 2.1 (fix CVE-2018-1056) + +* Wed Feb 07 2018 Fedora Release Engineering - 1.23-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Aug 02 2017 Fedora Release Engineering - 1.23-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.23-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Feb 28 2017 Christian Dersch - 1.23-1 +- new version + +* Fri Feb 10 2017 Fedora Release Engineering - 1.20-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Sun Nov 13 2016 Christian Dersch - 1.20-3 +- revert to 1.20, 1.22 does not build and also needs unbundling of libdeflate first + +* Sun Nov 13 2016 Christian Dersch - 1.22-1 +- new version + +* Wed Feb 03 2016 Fedora Release Engineering - 1.20-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Oct 05 2015 Christian Dersch - 1.20-1 +- new version 1.20 +- use license tag + +* Tue Jun 16 2015 Fedora Release Engineering - 1.19-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat May 02 2015 Kalev Lember - 1.19-4 +- Rebuilt for GCC 5 C++11 ABI change + +* Fri Aug 15 2014 Fedora Release Engineering - 1.19-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 1.19-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu Mar 20 2014 Christopher Meng - 1.19-1 +- Update to 1.19 + +* Mon Feb 10 2014 Christopher Meng - 1.18-1 +- Update to 1.18 + +* Sat Aug 03 2013 Fedora Release Engineering - 1.15-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Feb 13 2013 Fedora Release Engineering - 1.15-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Jul 18 2012 Fedora Release Engineering - 1.15-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Apr 27 2012 Peter Robinson - 1.15-16 +- Add disttag, modernise spec file + +* Tue Feb 28 2012 Fedora Release Engineering - 1.15-15 +- Rebuilt for c++ ABI breakage + +* Thu Jan 12 2012 Fedora Release Engineering - 1.15-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon Feb 07 2011 Fedora Release Engineering - 1.15-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Jul 24 2009 Fedora Release Engineering - 1.15-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon Feb 23 2009 Fedora Release Engineering - 1.15-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Tue Feb 19 2008 Fedora Release Engineering - 1.15-10 +- Autorebuild for GCC 4.3 + +* Wed Aug 22 2007 Matthias Saou 1.15-9 +- Rebuild for new BuildID feature. + +* Fri Aug 3 2007 Matthias Saou 1.15-8 +- Update License field. +- Remove dist tag, since the package will seldom change. + +* Thu Mar 29 2007 Matthias Saou 1.15-7 +- Switch to using DESTDIR install method. + +* Thu Mar 29 2007 Matthias Saou 1.15-6 +- Switch to use downloads.sf.net source URL. +- Tweak defattr. + +* Mon Aug 28 2006 Matthias Saou 1.15-5 +- FC6 rebuild, remove gcc-c++ build requirement (it's a default). + +* Mon Mar 6 2006 Matthias Saou 1.15-4 +- FC5 rebuild. + +* Wed Feb 8 2006 Matthias Saou 1.15-3 +- Rebuild for new gcc/glibc. + +* Tue Jan 24 2006 Matthias Saou 1.15-2 +- Rebuild for FC5. + +* Wed Nov 2 2005 Matthias Saou 1.15-1 +- Update to 1.15, includes 64bit fixes. + +* Fri May 27 2005 Matthias Saou 1.14-5 +- Update 64bit patch to a cleaner approach as Ralf suggested. + +* Thu May 26 2005 Jeremy Katz - 1.14-4 +- fix build on 64bit arches + +* Sun May 22 2005 Jeremy Katz - 1.14-3 +- rebuild on all arches + +* Thu Apr 7 2005 Michael Schwendt 1.14-2 +- rebuilt + +* Wed Feb 23 2005 Matthias Saou 1.14-1 +- Update to 1.14. + +* Mon Nov 29 2004 Matthias Saou 1.13-1 +- Update to 1.13. + +* Tue Nov 2 2004 Matthias Saou 1.12-1 +- Update to 1.12. + +* Tue Aug 24 2004 Matthias Saou 1.11-1 +- Update to 1.11. + +* Mon May 17 2004 Matthias Saou 1.10-1 +- Update to 1.10. + +* Mon Nov 3 2003 Matthias Saou 1.7-2 +- Rebuild for Fedora Core 1. +- Added missing build dependencies, thanks to mach. + +* Tue Aug 26 2003 Matthias Saou +- Update to 1.7. + +* Thu May 22 2003 Matthias Saou +- Initial RPM release. From e2872b731fe748a2b722b589c2da5c5ba3177685 Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Wed, 28 Sep 2022 11:41:50 -0400 Subject: [PATCH 13/27] Drop {authors,history,readme}.txt These duplicate AUTHORS, HISTORY, and README, respectively. --- advancecomp.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advancecomp.spec b/advancecomp.spec index bf7859b..0950637 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -144,7 +144,7 @@ export LDFLAGS="-lzopfli ${LDFLAGS-}" %files %license COPYING %doc AUTHORS HISTORY README -%doc doc/{adv*,authors,history,readme}.txt +%doc doc/adv*.txt %{_bindir}/* %{_mandir}/man1/* From 6fd5ef730474db2d6482e84c8fdb0e9c02e2b82e Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Wed, 28 Sep 2022 10:58:02 -0400 Subject: [PATCH 14/27] Update License to SPDX --- advancecomp.spec | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/advancecomp.spec b/advancecomp.spec index 0950637..5afeef6 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -3,14 +3,24 @@ Version: 2.1 Release: %autorelease Summary: Recompression utilities for .png, .mng, .zip and .gz files -# The bundled and forked 7z (7-Zip code) in 7z/ is under the “LGPL” license. -# Based on https://www.7-zip.org/license.txt, and the absence of any mention of -# license changes in https://www.7-zip.org/history.txt, 7-Zip has always been -# licensed under LGPL-2.1-or-later, specifically; we thus assume this is the -# intended specific license for the contents of the 7z/ directory. None of the -# sources that would be covered by the “unRAR license restriction” or the -# BSD-3-Clause license for LZFSE are present in this fork. -License: GPLv3 +# Source file headers all specify GPL-2.0-or-later (see source file headers), +# except: +# +# The bundled and forked 7z (7-Zip code) in 7z/ is under the “LGPL” license. +# Based on https://www.7-zip.org/license.txt, and the absence of any mention +# of license changes in https://www.7-zip.org/history.txt, 7-Zip has always +# been licensed under LGPL-2.1-or-later, specifically; we thus assume this is +# the intended specific license for the contents of the 7z/ directory. None +# of the sources that would be covered by the “unRAR license restriction” or +# the BSD-3-Clause license for LZFSE are present in this fork. +# +# Certain build-system files, which do not contribute to the license of the +# binary RPM, are under other permissible licenses. +# +# However, in version 1.17, the COPYING file was updated to GPLv3, with a +# changelog message (in HISTORY and elsewhere) of “Changes to GPL3.” We +# interpret this as an overall license of GPL-3.0-only. +License: GPL-3.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later URL: https://www.advancemame.it/ Source0: https://github.com/amadvance/advancecomp/releases/download/v%{version}/advancecomp-%{version}.tar.gz From 6006c1a86c5bb3dbe10587d880b8d9ddfc93bc6c Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Wed, 28 Sep 2022 11:40:06 -0400 Subject: [PATCH 15/27] Update to 2.3 (close RHBZ#2075857) --- .gitignore | 1 + advancecomp-CVE-2019-8383.patch | 44 -------------- advancecomp-CVE-2019-9210.patch | 100 -------------------------------- advancecomp.spec | 14 +---- sources | 2 +- 5 files changed, 5 insertions(+), 156 deletions(-) delete mode 100644 advancecomp-CVE-2019-8383.patch delete mode 100644 advancecomp-CVE-2019-9210.patch diff --git a/.gitignore b/.gitignore index 7ed4cc9..2ec630f 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ advancecomp-1.15.tar.gz /advancecomp.spec /advancecomp-1.23.tar.gz /advancecomp-2.1.tar.gz +/advancecomp-2.3.tar.gz diff --git a/advancecomp-CVE-2019-8383.patch b/advancecomp-CVE-2019-8383.patch deleted file mode 100644 index 3a9b35e..0000000 --- a/advancecomp-CVE-2019-8383.patch +++ /dev/null @@ -1,44 +0,0 @@ -commit 78a56b21340157775be2462a19276b4d31d2bd01 -Author: Andrea Mazzoleni -Date: Fri Jan 4 20:49:25 2019 +0100 - - Fix a buffer overflow caused by invalid images - -diff --git a/lib/png.c b/lib/png.c -index 0939a5a..cbf140b 100644 ---- a/lib/png.c -+++ b/lib/png.c -@@ -603,6 +603,7 @@ adv_error adv_png_read_ihdr( - unsigned pixel; - unsigned width; - unsigned width_align; -+ unsigned scanline; - unsigned height; - unsigned depth; - int r; -@@ -719,9 +720,23 @@ adv_error adv_png_read_ihdr( - goto err_ptr; - } - -- *dat_size = height * (width_align * pixel + 1); -+ /* check for overflow */ -+ if (pixel == 0 || width_align >= UINT_MAX / pixel) { -+ error_set("Invalid image size"); -+ goto err_ptr; -+ } -+ -+ scanline = width_align * pixel + 1; -+ -+ /* check for overflow */ -+ if (scanline == 0 || height >= UINT_MAX / scanline) { -+ error_set("Invalid image size"); -+ goto err_ptr; -+ } -+ -+ *dat_size = height * scanline; - *dat_ptr = malloc(*dat_size); -- *pix_scanline = width_align * pixel + 1; -+ *pix_scanline = scanline; - *pix_ptr = *dat_ptr + 1; - - z.zalloc = 0; diff --git a/advancecomp-CVE-2019-9210.patch b/advancecomp-CVE-2019-9210.patch deleted file mode 100644 index dc40bc8..0000000 --- a/advancecomp-CVE-2019-9210.patch +++ /dev/null @@ -1,100 +0,0 @@ -commit 7894a6e684ce68ddff9f4f4919ab8e3911ac8040 -Author: Andrea Mazzoleni -Date: Fri Jan 4 20:49:48 2019 +0100 - - Fix a buffer overflow caused by invalid chunks - -diff --git a/pngex.cc b/pngex.cc -index 55d16f5..3f5b49f 100644 ---- a/pngex.cc -+++ b/pngex.cc -@@ -163,6 +163,10 @@ void png_print_chunk(unsigned type, unsigned char* data, unsigned size) - - switch (type) { - case ADV_MNG_CN_MHDR : -+ if (size < 28) { -+ cout << " invalid chunk size"; -+ break; -+ } - cout << " width:" << be_uint32_read(data+0) << " height:" << be_uint32_read(data+4) << " frequency:" << be_uint32_read(data+8); - cout << " simplicity:" << be_uint32_read(data+24); - cout << "(bit"; -@@ -174,6 +178,10 @@ void png_print_chunk(unsigned type, unsigned char* data, unsigned size) - cout << ")"; - break; - case ADV_MNG_CN_DHDR : -+ if (size < 4) { -+ cout << " invalid chunk size"; -+ break; -+ } - cout << " id:" << be_uint16_read(data+0); - switch (data[2]) { - case 0 : cout << " img:unspecified"; break; -@@ -243,6 +251,10 @@ void png_print_chunk(unsigned type, unsigned char* data, unsigned size) - } - break; - case ADV_MNG_CN_DEFI : -+ if (size < 2) { -+ cout << " invalid chunk size"; -+ break; -+ } - cout << " id:" << be_uint16_read(data+0); - if (size >= 3) { - switch (data[2]) { -@@ -266,6 +278,10 @@ void png_print_chunk(unsigned type, unsigned char* data, unsigned size) - } - break; - case ADV_MNG_CN_MOVE : -+ if (size < 13) { -+ cout << " invalid chunk size"; -+ break; -+ } - cout << " id_from:" << be_uint16_read(data+0) << " id_to:" << be_uint16_read(data+2); - switch (data[4]) { - case 0 : cout << " type:replace"; break; -@@ -275,6 +291,10 @@ void png_print_chunk(unsigned type, unsigned char* data, unsigned size) - cout << " x:" << (int)be_uint32_read(data + 5) << " y:" << (int)be_uint32_read(data + 9); - break; - case ADV_MNG_CN_PPLT : -+ if (size < 1) { -+ cout << " invalid chunk size"; -+ break; -+ } - switch (data[0]) { - case 0 : cout << " type:replacement_rgb"; break; - case 1 : cout << " type:delta_rgb"; break; -@@ -285,7 +305,7 @@ void png_print_chunk(unsigned type, unsigned char* data, unsigned size) - default : cout << " type:?"; break; - } - i = 1; -- while (i Date: Wed, 28 Sep 2022 14:21:59 -0400 Subject: [PATCH 16/27] Drop conditionals for Fedora and other EPELs --- advancecomp.spec | 38 +++----------------------------------- 1 file changed, 3 insertions(+), 35 deletions(-) diff --git a/advancecomp.spec b/advancecomp.spec index 5610ada..3a3ace9 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -36,23 +36,15 @@ BuildRequires: dos2unix # System library supported by upstream BuildRequires: zlib-devel -%if 0%{?el7} -# No libdeflate package in EPEL7 -Provides: bundled(libdeflate) = 0.6 -%else # Unbundled downstream BuildRequires: pkgconfig(libdeflate) -%endif -%if 0%{?el9} || 0%{?el8} || 0%{?el7} -# No libzopfli/zopfli-devel in these distributions +# No libzopfli/zopfli-devel in EPEL8 +# # Version number based on HISTORY, which mentions that upstream commit # 6818a0859063b946094fb6f94732836404a0d89a was used from # https://github.com/google/zopfli/. -Provides: bundled(zopfli) = 1.0.2%{?!el7:^20160527git6818a08} -%else -BuildRequires: zopfli-devel -%endif +Provides: bundled(zopfli) = 1.0.2^20160527git6818a08 # From 7z/README: # @@ -91,7 +83,6 @@ This package contains: %autosetup -p1 dos2unix -k doc/*.txt -%if ! 0%{?el7} # Patch out bundled libdeflate rm -rvf libdeflate sed -r -i '/libdeflate[\/_]/d' Makefile.am @@ -101,39 +92,16 @@ find . -type f -exec gawk \ '/^[[:blank:]]*#include.*libdeflate/ { print FILENAME; nextfile }' \ '{}' '+' | xargs -r -t sed -r -i 's@^([[:blank:]]*#include.*)libdeflate/@\1@' -%endif - -%if !(0%{?el9} || 0%{?el8} || 0%{?el7}) -# Patch out bundled zopfli -rm -rvf zopfli -sed -r -i \ - -e '/zopfli[\/_]/d' \ - -e 's/((\(7z_SOURCES\)|WindowOut\.h).*)[[:blank:]]*\\/\1/' \ - Makefile.am -# Fix up #include paths. The find-then-modify pattern keeps us from discarding -# mtimes on any sources that do not need modification. -find . -type f -exec gawk \ - '/^[[:blank:]]*#include.*zopfli/ { print FILENAME; nextfile }' \ - '{}' '+' | - xargs -r -t sed -r -i -e 's@^([[:blank:]]*#include.*)zopfli/@\1@' -%endif %build %set_build_flags autoreconf --force --install --verbose -%if ! 0%{?el7} # Link against system libdeflate export CFLAGS="$(pkgconf --cflags libdeflate) ${CFLAGS-}" export CXXFLAGS="$(pkgconf --cflags libdeflate) ${CXXFLAGS-}" export LDFLAGS="$(pkgconf --libs libdeflate) ${LDFLAGS-}" -%endif - -%if !(0%{?el9} || 0%{?el8} || 0%{?el7}) -# Link against system zopfli -export LDFLAGS="-lzopfli ${LDFLAGS-}" -%endif %configure %make_build From 09e3d4b2ddb05b4fe1d198a144b8c0eae73b9351 Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Wed, 28 Sep 2022 17:21:51 -0400 Subject: [PATCH 17/27] Stricter file globs --- advancecomp.spec | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/advancecomp.spec b/advancecomp.spec index 3a3ace9..ccbabfd 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -113,11 +113,13 @@ export LDFLAGS="$(pkgconf --libs libdeflate) ${LDFLAGS-}" %files %license COPYING -%doc AUTHORS HISTORY README -%doc doc/adv*.txt +%doc AUTHORS +%doc HISTORY +%doc README +%doc doc/adv{def,mng,png,zip}.txt -%{_bindir}/* -%{_mandir}/man1/* +%{_bindir}/adv{def,mng,png,zip} +%{_mandir}/man1/adv{def,mng,png,zip}.1* %changelog From 12184e4b346ca7e9d38da2d6acf6b562dc9ecd82 Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Wed, 28 Sep 2022 17:24:48 -0400 Subject: [PATCH 18/27] Add a comment about upstream tests --- advancecomp.spec | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/advancecomp.spec b/advancecomp.spec index ccbabfd..6ef125e 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -111,6 +111,11 @@ export LDFLAGS="$(pkgconf --libs libdeflate) ${LDFLAGS-}" %make_install +# We don’t run upstream tests (%%make_build check) because they are too +# brittle, expecting recompressed outputs to be identical. Across platforms, +# compilers, and unbundled library versions, this doesn’t hold up. + + %files %license COPYING %doc AUTHORS From 5b060e0446ca4a4133d5ef4b82e24e42f9bf3e55 Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Thu, 29 Sep 2022 08:21:33 -0400 Subject: [PATCH 19/27] =?UTF-8?q?Identify=20bundled=207-Zip=20as=20?= =?UTF-8?q?=E2=80=9C7zip=E2=80=9D=20rather=20than=20=E2=80=9C7z=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is closer to the upstream name, to “p7zip”, and to existing usage in the “retroarch” package. --- advancecomp.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advancecomp.spec b/advancecomp.spec index 6ef125e..64d9936 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -62,7 +62,7 @@ Provides: bundled(zopfli) = 1.0.2^20160527git6818a08 # library, and because the implementation is modified, there is no possibility # of unbundling. Note that this was forked from the original 7-Zip, not from # p7zip. -Provides: bundled(7z) +Provides: bundled(7zip) %description AdvanceCOMP contains recompression utilities for your .zip archives, From 885591d398bfedf358734560c68ed48ed119431d Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Wed, 23 Nov 2022 15:45:08 -0500 Subject: [PATCH 20/27] Update to 2.4 (close RHBZ#2145023) - Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020 --- .gitignore | 1 + advancecomp.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 2ec630f..90d97e9 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ advancecomp-1.15.tar.gz /advancecomp-1.23.tar.gz /advancecomp-2.1.tar.gz /advancecomp-2.3.tar.gz +/advancecomp-2.4.tar.gz diff --git a/advancecomp.spec b/advancecomp.spec index 64d9936..0298d0f 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -1,5 +1,5 @@ Name: advancecomp -Version: 2.3 +Version: 2.4 Release: %autorelease Summary: Recompression utilities for .png, .mng, .zip and .gz files diff --git a/sources b/sources index 59b074f..3b60e66 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (advancecomp-2.3.tar.gz) = 129bb820a044b03b94d9980c7fc675ee5c273ba8ba84f1fdd341c6b2d9847c3f379cc21e64bb75c0a3c5a45a3df9e560d92143728adb4e8834ae0525ff7d5d1c +SHA512 (advancecomp-2.4.tar.gz) = 648e89b684725743df4338a0958cdb9c37a7676f4b1a7209d016be0348d089eae9a0d20b3531838fc42887990f4c57749926c27e619887d8106a197961696a06 From d4758768d7761d6167cbb3681ab669389faf4a26 Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Sun, 22 Jan 2023 13:43:51 -0500 Subject: [PATCH 21/27] Update to 2.5 (close RHBZ#2162990; fix RHBZ#2161641) --- .gitignore | 1 + advancecomp.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 90d97e9..91d5d6f 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ advancecomp-1.15.tar.gz /advancecomp-2.1.tar.gz /advancecomp-2.3.tar.gz /advancecomp-2.4.tar.gz +/advancecomp-2.5.tar.gz diff --git a/advancecomp.spec b/advancecomp.spec index 0298d0f..065eddd 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -1,5 +1,5 @@ Name: advancecomp -Version: 2.4 +Version: 2.5 Release: %autorelease Summary: Recompression utilities for .png, .mng, .zip and .gz files diff --git a/sources b/sources index 3b60e66..04420d1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (advancecomp-2.4.tar.gz) = 648e89b684725743df4338a0958cdb9c37a7676f4b1a7209d016be0348d089eae9a0d20b3531838fc42887990f4c57749926c27e619887d8106a197961696a06 +SHA512 (advancecomp-2.5.tar.gz) = c508526415dc002dad442e3f55202494ab2c49ecac3f5ea6e1a3fe27d224dd9a1a33dace02f59c18123d3f4bc74e3f03556b1cff6541cb88dcaaa32ac35c0043 From 23432ba995740cf04667e73e9f10d14a04d9a7f9 Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Thu, 11 May 2023 10:19:34 -0400 Subject: [PATCH 22/27] Add an rpmlintrc file --- advancecomp.rpmlintrc | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 advancecomp.rpmlintrc diff --git a/advancecomp.rpmlintrc b/advancecomp.rpmlintrc new file mode 100644 index 0000000..f783f4d --- /dev/null +++ b/advancecomp.rpmlintrc @@ -0,0 +1,4 @@ +# There is really no version information available. +addFilter(r' unversioned-explicit-provides bundled\(7zip\)') +# Every RPM has this… +addFilter(r' strange-permission advancecomp\.spec 600$') From 364ab0fd72e08829d4f847055fdacf51773a0c09 Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Fri, 26 May 2023 09:28:09 -0400 Subject: [PATCH 23/27] Break a long line with a macro [skip changelog] --- advancecomp.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/advancecomp.spec b/advancecomp.spec index 065eddd..2b144c3 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -22,7 +22,8 @@ Summary: Recompression utilities for .png, .mng, .zip and .gz files # interpret this as an overall license of GPL-3.0-only. License: GPL-3.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later URL: https://www.advancemame.it/ -Source0: https://github.com/amadvance/advancecomp/archive/v%{version}/advancecomp-%{version}.tar.gz +%global forgeurl https://github.com/amadvance/advancecomp +Source0: %{forgeurl}/archive/v%{version}/advancecomp-%{version}.tar.gz BuildRequires: autoconf BuildRequires: automake From 20a4431a94a3d1f442d4532fbd01236ca26bdde0 Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Fri, 26 May 2023 09:29:06 -0400 Subject: [PATCH 24/27] Trivial tidying [skip changelog] --- advancecomp.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/advancecomp.spec b/advancecomp.spec index 2b144c3..c99252f 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -81,7 +81,8 @@ This package contains: %prep -%autosetup -p1 +%autosetup + dos2unix -k doc/*.txt # Patch out bundled libdeflate From c09be3ba4e1b4b643c006ee7b02833a6a77fcaad Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Tue, 5 Mar 2024 08:55:52 -0500 Subject: [PATCH 25/27] Improve the rpmlintrc file [skip changelog] --- advancecomp.rpmlintrc | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/advancecomp.rpmlintrc b/advancecomp.rpmlintrc index f783f4d..483f617 100644 --- a/advancecomp.rpmlintrc +++ b/advancecomp.rpmlintrc @@ -1,4 +1,6 @@ -# There is really no version information available. -addFilter(r' unversioned-explicit-provides bundled\(7zip\)') -# Every RPM has this… -addFilter(r' strange-permission advancecomp\.spec 600$') +# Spec file comment shows that exact version is unknown +addFilter(r" unversioned-explicit-provides bundled\(7zip\)") +# Not real spelling errors +addFilter(r" spelling-error \('[Rr]ecompression',") +addFilter(r" spelling-error \('([pm]ng|gz)',") +addFilter(r" spelling-error \('adv(zip|[pm]ng|def)',") From d91d9969df3c8465efd71494a813dfd2d7ddcafd Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Wed, 11 Dec 2024 14:03:31 -0500 Subject: [PATCH 26/27] Improve the license-breakdown spec-file comment --- advancecomp.spec | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/advancecomp.spec b/advancecomp.spec index c99252f..a372838 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -14,13 +14,17 @@ Summary: Recompression utilities for .png, .mng, .zip and .gz files # of the sources that would be covered by the “unRAR license restriction” or # the BSD-3-Clause license for LZFSE are present in this fork. # -# Certain build-system files, which do not contribute to the license of the -# binary RPM, are under other permissible licenses. -# # However, in version 1.17, the COPYING file was updated to GPLv3, with a # changelog message (in HISTORY and elsewhere) of “Changes to GPL3.” We # interpret this as an overall license of GPL-3.0-only. License: GPL-3.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later +# Additionally, the following bundled libraries are removed in %%prep and do +# not contribute to the licenses of the binary RPMs: +# +# Apache-2.0: +# - zopfli/ +# MIT: +# - libdeflate/ URL: https://www.advancemame.it/ %global forgeurl https://github.com/amadvance/advancecomp Source0: %{forgeurl}/archive/v%{version}/advancecomp-%{version}.tar.gz From a11986d8cc535c47ac67d3b895cf5ef61519c6ba Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Wed, 11 Dec 2024 18:52:18 -0500 Subject: [PATCH 27/27] Correct License field to account for bundled zopfli --- advancecomp.spec | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/advancecomp.spec b/advancecomp.spec index a372838..a08ed64 100644 --- a/advancecomp.spec +++ b/advancecomp.spec @@ -14,15 +14,21 @@ Summary: Recompression utilities for .png, .mng, .zip and .gz files # of the sources that would be covered by the “unRAR license restriction” or # the BSD-3-Clause license for LZFSE are present in this fork. # +# Apache-2.0: +# - zopfli/ +# # However, in version 1.17, the COPYING file was updated to GPLv3, with a # changelog message (in HISTORY and elsewhere) of “Changes to GPL3.” We # interpret this as an overall license of GPL-3.0-only. -License: GPL-3.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later +License: %{shrink: + GPL-3.0-only AND + GPL-2.0-or-later AND + LGPL-2.1-or-later AND + Apache-2.0 + } # Additionally, the following bundled libraries are removed in %%prep and do # not contribute to the licenses of the binary RPMs: # -# Apache-2.0: -# - zopfli/ # MIT: # - libdeflate/ URL: https://www.advancemame.it/