commit 9a05472d7ebcdf6deaa970515f3ddba2b0fc265e
Author: Olivier Fourdan <ofourdan@redhat.com>
Date:   Tue Apr 21 10:13:57 2026 +0200

    libXpm 3.5.19
    
    Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
    Part-of: <https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/31>

commit 5448e1bd7252780b16db869c2253d24e0fe0ae18
Author: Olivier Fourdan <ofourdan@redhat.com>
Date:   Tue Feb 17 11:59:56 2026 +0100

    Fix CVE-2026-4367: Out-of-bounds read in xpmNextWord()
    
    xpmNextWord() checks for the terminator character to detect the end of
    the file, but a very small malformed XPM file may cause the function to
    read past the end of the buffer, causing out-of-bound reads:
    
      == Invalid read of size 1
      ==    at 0x48AD3A4: xpmParseColors (parse.c:239)
      ==    by 0x48AF9D8: xpmParseData (parse.c:783)
      ==    by 0x48B1C18: XpmCreateXpmImageFromBuffer (CrIFrBuf.c:101)
      ==    by 0x4005A6: main ()
      ==  Address 0x4c413bf is 0 bytes after a block of size 15 alloc'd
      ==    at 0x4841B26: malloc (vg_replace_malloc.c:447)
      ==    by 0x48B2809: XpmReadFileToBuffer (RdFToBuf.c:96)
      ==    by 0x400554: main ()
      ==
      == Invalid read of size 1
      ==    at 0x48AC8D5: xpmNextWord.constprop.0 (data.c:262)
      ==    by 0x48AD492: xpmParseColors (parse.c:266)
      ==    by 0x48AF9D8: xpmParseData (parse.c:783)
      ==    by 0x48B1C18: XpmCreateXpmImageFromBuffer (CrIFrBuf.c:101)
      ==    by 0x4005A6: main ()
      ==  Address 0x4c413c0 is 1 bytes after a block of size 15 alloc'd
      ==    at 0x4841B26: malloc (vg_replace_malloc.c:447)
      ==    by 0x48B2809: XpmReadFileToBuffer (RdFToBuf.c:96)
      ==    by 0x400554: main ()
      ==
      == Invalid read of size 1
      ==    at 0x48AC965: xpmNextWord.constprop.0 (data.c:265)
      ==    by 0x48AD492: xpmParseColors (parse.c:266)
      ==    by 0x48AF9D8: xpmParseData (parse.c:783)
      ==    by 0x48B1C18: XpmCreateXpmImageFromBuffer (CrIFrBuf.c:101)
      ==    by 0x4005A6: main ()
      ==  Address 0x4c413c0 is 1 bytes after a block of size 15 alloc'd
      ==    at 0x4841B26: malloc (vg_replace_malloc.c:447)
      ==    by 0x48B2809: XpmReadFileToBuffer (RdFToBuf.c:96)
      ==    by 0x400554: main ()
    
    The problem actually comes from xpmNextString() and xpmParseColors():
    
    1) xpmNextString() checks for the NULL terminator when looking for the
       end of the string (Eos) but not when looking for the beginning of the
       next string (Bos).
    
    2) xpmParseColors() does not check the return value from xpmNextString()
       and continues even when xpmNextString() raised an invalid XPM file.
    
    To avoid the issue, fix xpmNextString() to check for the NULL string
    terminator when looking for the beginning of the next string and fix
    xpmParseColors() to stop when xpmNextString() reported an invalid XPM
    error.
    
    CVE-2026-4367
    
    This vulnerability was discovered by:
    Naoki Wakamatsu
    
    v2: Fix the XPM 1 code path the same.
    
    Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
    Part-of: <https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/31>

commit 5b7e903025a8e162a3ee97c64304b1c55211094e
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Jan 25 16:05:09 2026 -0800

    libXpm 3.5.18
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit a5549ac11b483ec86e1c79cd1e077998bcc98cdd
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Jan 11 11:20:41 2026 -0800

    gitlab CI: drop the ci-fairy check-mr job
    
    The only thing this checked was the checkbox for allowing maintainers to
    edit the MR. Changed permissions checks now fail this job but luckily
    the setting it checked has been the default for years anyway so we can
    drop it.
    
    https://gitlab.freedesktop.org/freedesktop/ci-templates/-/issues/81
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 10070a4e998c1a223dec437847c38dc27dbe85d4
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat Aug 30 11:26:54 2025 -0700

    Strip trailing whitespace from source files
    
    Performed with: `git ls-files | xargs perl -i -p -e 's{[ \t]+$}{}'`
    
    `git diff -w` & `git diff -b` show no diffs from this change
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Part-of: <https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/29>

commit 5679dd6b7d3b33e921ecb47fa526397619be8ced
Author: Zayd Rajab <zaydr@amazon.com>
Date:   Tue Aug 19 23:42:14 2025 +0000

    tests: poll for stable compressed output
    
    libXpm runs the compressor via a double fork. The previous fixed sleep
    could race on slow or busy runners, yielding 'gzip: stdin: unexpected
    end of file'.
    
    Replace the fixed sleep with wait_for_stable_file(): poll the output
    path every 10 ms until it exists and stops changing (mtime/size stable
    for 200 ms), with a 10s timeout (configurable).
    
    Signed-off-by: Zayd Rajab <zaydr@amazon.com>

commit 7ce39592bce4d57fa3cd07e4ee1aab3b47cd0436
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Tue Apr 22 16:23:12 2025 -0700

    man pages: adjust line breaks in source files
    
    Clears warnings of the form:
    mandoc: sxpm.1:72:83: STYLE: input text line longer than 80 bytes:
     Read from the file \...
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Part-of: <https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/26>

commit 60ee362e7cfda17d617aa0a61b37211a95c5e615
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Tue Apr 22 15:43:07 2025 -0700

    man pages: remove .PP after .SH or .SS lines
    
    Fixes warnings of the form:
    mandoc: XpmMisc.3:65:2: WARNING: skipping paragraph macro: PP after SH
    mandoc: XpmRead.3:70:2: WARNING: skipping paragraph macro: PP after SS
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Part-of: <https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/26>

commit 3ba5d81356c010d11253946e6a76ae335a9f69f9
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat Apr 19 12:29:38 2025 -0700

    man pages: ensure .BR macro has multiple arguments
    
    Fixes these warnings:
    an.tmac:man/XpmCreateImage.3:87: style: .BR expects at least 2 arguments, got 1
    an.tmac:man/XpmCreateXpmImage.3:103: style: .BR expects at least 2 arguments, got 1
    an.tmac:man/XpmMisc.3:74: style: .BR expects at least 2 arguments, got 1
    an.tmac:man/XpmWrite.3:153: style: .BR expects at least 2 arguments, got 1
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Part-of: <https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/26>

commit 3aa8a1e47521f2b56be0bf03eae36528ac8d3e64
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat Apr 19 12:26:40 2025 -0700

    man pages: make indentation arguments to .IP be numeric
    
    Fixes warnings of the form:
    troff:man/XpmMisc.3:49: warning: expected numeric expression, got 'l'
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Part-of: <https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/26>

commit 854c23a771c798e0185125c2f734571b9666b5ce
Author: Bjarni Ingi Gislason <bjarniig@simnet.is>
Date:   Sat Apr 12 20:17:09 2025 +0000

    XpmCreateBuffer.3: editorial changes for this man page [Debian bug #1102886]
    
    Originally from https://bugs.debian.org/1102886
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Part-of: <https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/26>

commit b7309b497b592beb23c841b6ccad324a3d3cc2d4
Author: Peter Harris <pharris2@rocketsoftware.com>
Date:   Mon Nov 11 10:55:50 2024 -0800

    Fix build with current Windows headers
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Part-of: <https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/25>

commit 28039296f726832f77d214df396175b47871a0dd
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Mon Nov 11 10:03:10 2024 -0800

    Use _stricmp() instead of strcasecmp() on Windows
    
    v2: Exclude include of <strings.h> as well
    
    Fixes: 73b69d7 ("Remove xpmstrcasecmp fallback for strcasecmp")
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Part-of: <https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/25>

commit bdb6c75fd667e43ce228f1a32e930a0f2966f29d
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Mon Feb 19 14:53:05 2024 -0800

    Remove xpmstrdup fallback for strdup
    
    It has never been used in the autoconf builds
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 73b69d794d98e0ccfada48836c4b28280353180f
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Mon Feb 19 14:48:46 2024 -0800

    Remove xpmstrcasecmp fallback for strcasecmp
    
    It was only ever used when FOR_MSW was defined, never in the autoconf builds
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit b30fd0918f8d99aa718ede3da30f9d29f87063e1
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Mon Feb 19 14:37:23 2024 -0800

    Remove ancient port to 16-bit Windows without X11 libraries
    
    Removes all the "FOR_MSW" code added back in 1994, which hasn't been
    buildable in the automake builds.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 0224b43072c5ce42ec4f3280e6f6022a2e5380c6
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Mon Feb 19 13:45:35 2024 -0800

    Remove ancient Amiga support
    
    There was no way to build this in the automake files
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit b72af4edce48e40fedd441f72df0d2338fd448c5
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Mon Feb 19 13:51:05 2024 -0800

    unifdef VAX11C
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 02702c20e70da35ea8a842bc79c8eaec66db0e6c
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Mon Feb 19 13:28:36 2024 -0800

    unifdef sequent
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit b4e217761e6a2bb7111290d77baf7f44d256351a
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat Feb 17 14:56:45 2024 -0800

    Remove outdated ifdef checks for including stdint.h
    
    Assumes all platforms have provided C99 required headers in the 25 years
    since the C99 standard was finalized.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit a154f12b6e56f131bd5880fc96f11615ff940b29
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Tue Oct 3 08:43:57 2023 -0700

    libXpm 3.5.17
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 91f887b41bf75648df725a4ed3be036da02e911e
Author: Yair Mizrahi <yairm@jfrog.com>
Date:   Thu Sep 7 16:59:07 2023 -0700

    Avoid CVE-2023-43787 (integer overflow in XCreateImage)
    
    This doesn't fix the CVE - that has to happen in libX11, this
    just tries to avoid triggering it from libXpm, and saves time
    in not pretending we can successfully create an X Image for
    which the width * depth would overflow the signed int used to
    store the bytes_per_line value.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 00348988396c88150f6ddfea3d3195cbf01d60c2
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Thu Sep 7 16:55:25 2023 -0700

    test: Add test case for CVE-2023-43787 (integer overflow in XCreateImage)
    
    Provided by Yair Mizrahi of the JFrog Vulnerability Research team
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 84fb14574c039f19ad7face87eb9acc31a50701c
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Wed Sep 6 17:34:33 2023 -0700

    Avoid CVE-2023-43786: stack exhaustion in XPutImage()
    
    This doesn't fix the CVE - that has to happen in libX11, this
    just tries to avoid triggering it from libXpm, and saves time
    in not pretending we can successfully create an X11 pixmap with
    dimensions larger than the unsigned 16-bit integers used in the
    X11 protocol for the dimensions.
    
    Reported by Yair Mizrahi of the JFrog Vulnerability Research team
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit edb97396620f019f8d2e707ad3fbaf6bbbd5ed36
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Tue Sep 5 17:01:58 2023 -0700

    test: Add test case for CVE-2023-43786 (stack exhaustion in PutImage)
    
    Provided by Yair Mizrahi of the JFrog Vulnerability Research team
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat Apr 29 18:30:34 2023 -0700

    Fix CVE-2023-43789: Out of bounds read on XPM with corrupted colormap
    
    Found with clang's libfuzzer
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit a21e7bcf0ca3d8c1605b2721a545440260870438
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat Apr 29 18:29:29 2023 -0700

    test: Add test case for CVE-2023-43789 (corrupt colormap info)
    
    Generated by clang's -fsanitize/libfuzzer
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 2fa554b01ef6079a9b35df9332bdc4f139ed67e0
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat Apr 29 17:50:39 2023 -0700

    Fix CVE-2023-43788: Out of bounds read in XpmCreateXpmImageFromBuffer
    
    When the test case for CVE-2022-46285 was run with the Address Sanitizer
    enabled, it found an out-of-bounds read in ParseComment() when reading
    from a memory buffer instead of a file, as it continued to look for the
    closing comment marker past the end of the buffer.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 7f60f3428aa21d5d643eb75bfd9417cfabf48970
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Tue Sep 5 17:35:55 2023 -0700

    Explicitly mark non-static symbols as export or hidden
    
    Hides private API from external linkage
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 2695ccda5df58af60ebb15bb17f1570437554adb
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat May 20 13:47:52 2023 -0700

    test: use g_pattern_spec_match_string if available
    
    g_pattern_spec_match_string was introduced in glib 2.70 to replace
    g_pattern_match_string which is deprecated in glib 2.70 and later.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 4524c578581b427145ae136844fc655a89e94777
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Mon Mar 27 18:35:46 2023 -0700

    Set close-on-exec when opening files
    
    Relies on platforms with O_CLOEXEC support following POSIX requirement
    to not copy the close-on-exec flag to the new fd in dup2(), but to leave
    it unset instead, since that's how fd's are passed to child processes
    to handled compressed files.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit f131de92d6c4e2f62934e85b012287276ecf009c
Author: Matt Turner <mattst88@gmail.com>
Date:   Mon Apr 17 15:22:35 2023 -0400

    libXpm 3.5.16
    
    Signed-off-by: Matt Turner <mattst88@gmail.com>

commit 8b9c4e4c5d278409dc41d19f0c8a8940403cd5c7
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Mon Mar 27 18:21:12 2023 -0700

    xpmReadRgbNames: constify filename argument
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit fd620b4f6c59674090b956a9d9e188a1250a4663
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Mon Mar 27 18:15:41 2023 -0700

    test: Add simple test cases for functions in src/rgb.c
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit e01d691aa684d0d1247f772b7c537ec3254bb9bc
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Mon Mar 27 18:03:13 2023 -0700

    test: Use PACKAGE_BUGREPORT instead of hard-coded URL's
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 92030dd4c221e8043521ae4dc9d32d50e6ff44c4
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Feb 12 13:22:57 2023 -0800

    parse.c: remove unused function xstrlcpy()
    
    parse.c:74:1: warning: unused function 'xstrlcpy' [-Wunused-function]
    xstrlcpy(char *dst, const char *src, size_t dstsize)
    ^
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 8e0e63519069bed43b3bf1ce1f11fd0cd516d3e4
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Feb 12 10:51:46 2023 -0800

    parse.c: Wrap FREE_CIDX definition in do { ... } while(0)
    
    Makes it match the definition in create.c and eliminates
    clang warnings:
    
    create.c:2409:13: warning: empty expression statement has no effect;
     remove unnecessary ';' to silence this warning [-Wextra-semi-stmt]
                            FREE_CIDX;
                                     ^
    create.c:2440:17: warning: empty expression statement has no effect;
     remove unnecessary ';' to silence this warning [-Wextra-semi-stmt]
                                FREE_CIDX;
                                         ^
    create.c:2444:13: warning: empty expression statement has no effect;
     remove unnecessary ';' to silence this warning [-Wextra-semi-stmt]
                            FREE_CIDX;
                                     ^
    create.c:2449:15: warning: empty expression statement has no effect;
     remove unnecessary ';' to silence this warning [-Wextra-semi-stmt]
                FREE_CIDX;
                         ^
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 25616112983cd3f8bfe5379771b5bfd63b3c3621
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Feb 12 09:23:09 2023 -0800

    XpmCreateDataFromXpmImage: Fix misleading indentation
    
    CrDatFrI.c: In function ‘XpmCreateDataFromXpmImage’:
    CrDatFrI.c:245:13: warning: this ‘if’ clause does not guard... [-Wmisleading-indentation]
      245 |             if (header[l])
          |             ^~
    In file included from CrDatFrI.c:40:
    XpmI.h:80:22: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the ‘if’
       80 | #define XpmFree(ptr) free(ptr)
          |                      ^~~~
    CrDatFrI.c:247:17: note: in expansion of macro ‘XpmFree’
      247 |                 XpmFree(header);
          |                 ^~~~~~~
    CrDatFrI.c: In function ‘CreateColors’:
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 45d8f4f20665c77dd1924b78559fb2494a77ad7a
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Feb 12 09:20:44 2023 -0800

    Require LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL
    
    AC_PROG_LIBTOOL was replaced by LT_INIT in libtool 2 in 2008,
    so it's time to rely on it.
    
    configure.ac:14: warning: The macro `AC_PROG_LIBTOOL' is obsolete.
    configure.ac:14: You should run autoupdate.
    m4/libtool.m4:100: AC_PROG_LIBTOOL is expanded from...
    configure.ac:14: the top level
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit c52082c6e4811958dd741d67e1178b4e36a09923
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Feb 5 12:14:43 2023 -0800

    open-zfile: Make compress & uncompress commands optional
    
    If compress is not found, we disable writing to .Z files,
    but leave the rest of the compression code active.
    
    If uncompress is not found, we use gzip to read .Z files.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 77e3b389eb92b8d8f94f5b83c1d3d7cd4db5b037
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date:   Mon Jan 23 19:57:28 2023 +1000

    Fix a memleak in ParsePixels error code path
    
    In this particular error path we have already allocated cidx[0..256]
    with 256 instances of fresh and juicy memory. Freeing that is annoying,
    but luckily there's a helpful FREE_CIDX macro that does exactly that.
    
    Fixes f80fa6a:
      Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
    
    Found by covscan
    
    Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

commit 71d7149cb356b96cc83e2ec95d06df4022039e2c
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Thu Jan 19 12:16:26 2023 -0800

    configure: correct error message to suggest --disable-open-zfile
    
    When one of the compression helper programs is not found, the message
    suggesting how to compile without it should say --disable-open-zfile,
    not --disable-stat-zfile.
    
    Fixes: 515294b ("Fix CVE-2022-4883: compression commands depend on $PATH")
    Closes: #4
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 9bc32a1a9c788eed2982d3fd35f2295a95af3817
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Thu Jan 19 12:06:38 2023 -0800

    gitlab CI: build with each of --enable-open-zfile & --disable-open-zfile
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit d9cbea1c6bc2b7f2c11964da0d437130bed82279
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Tue Jan 17 18:41:32 2023 -0800

    test: skip compressed file tests when --disable-open-zfile is used
    
    Reported-by: T.J. Townsend
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit ddd8339e262cbb7b25993599299ad40e0c95ccf6
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Tue Jan 17 08:19:26 2023 -0800

    libXpm 3.5.15
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 8178eb0834d82242e1edbc7d4fb0d1b397569c68
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date:   Mon Jan 16 19:44:52 2023 +1000

    Use gzip -d instead of gunzip
    
    GNU gunzip [1] is a shell script that exec's `gzip -d`. Even if we call
    /usr/bin/gunzip with the correct built-in path, the actual gzip call
    will use whichever gzip it finds first, making our patch pointless.
    
    Fix this by explicitly calling gzip -d instead.
    
    https://git.savannah.gnu.org/cgit/gzip.git/tree/gunzip.in
    
    [Part of the fix for CVE-2022-4883]
    Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

commit c5ab17bcc34914c0b0707d2135dbebe9a367c5f0
Author: Matthieu Herrb <matthieu@herrb.eu>
Date:   Thu Jan 12 15:05:39 2023 +1000

    Prevent a double free in the error code path
    
    xpmParseDataAndCreate() calls XDestroyImage() in the error path.
    Reproducible with sxpm "zero-width.xpm", that file is in the test/
    directory.
    
    The same approach is needed in the bytes_per_line == 0 condition though
    here it just plugs a memory leak.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 515294bb8023a45ff916696d0a14308ff4f3a376
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Jan 6 12:50:48 2023 -0800

    Fix CVE-2022-4883: compression commands depend on $PATH
    
    By default, on all platforms except MinGW, libXpm will detect if a
    filename ends in .Z or .gz, and will when reading such a file fork off
    an uncompress or gunzip command to read from via a pipe, and when
    writing such a file will fork off a compress or gzip command to write
    to via a pipe.
    
    In libXpm 3.5.14 or older these are run via execlp(), relying on $PATH
    to find the commands.  If libXpm is called from a program running with
    raised privileges, such as via setuid, then a malicious user could set
    $PATH to include programs of their choosing to be run with those
    privileges.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit f80fa6ae47ad4a5beacb287c0030c9913b046643
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat Jan 7 12:44:28 2023 -0800

    Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
    
    When reading XPM images from a file with libXpm 3.5.14 or older, if a
    image has a width of 0 and a very large height, the ParsePixels() function
    will loop over the entire height calling getc() and ungetc() repeatedly,
    or in some circumstances, may loop seemingly forever, which may cause a
    denial of service to the calling program when given a small crafted XPM
    file to parse.
    
    Closes: #2
    
    Reported-by: Martin Ettl <ettl.martin78@googlemail.com>
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit f7fbbb92f6d383b21dd1587c3703a5de37c625b5
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Tue Jan 3 17:23:58 2023 -0800

    test: add test cases for CVE-2022-44617 (zero-width w/enormous height)
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit a3a7c6dcc3b629d765014816c566c63165c63ca8
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat Dec 17 12:23:45 2022 -0800

    Fix CVE-2022-46285: Infinite loop on unclosed comments
    
    When reading XPM images from a file with libXpm 3.5.14 or older, if a
    comment in the file is not closed (i.e. a C-style comment starts with
    "/*" and is missing the closing "*/"), the ParseComment() function will
    loop forever calling getc() to try to read the rest of the comment,
    failing to notice that it has returned EOF, which may cause a denial of
    service to the calling program.
    
    Reported-by: Marco Ivaldi <raptor@0xdeadbeef.info>
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit f7a167a48a950b89b91f5123a0ec8d9a7cb97495
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat Dec 17 12:18:24 2022 -0800

    test: add test case for CVE-2022-46285 (unclosed comments)
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 0ff2c6af823ce7712c06150c43c9b403846a035f
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat Jan 7 15:43:20 2023 -0800

    cxpm: getc/ungetc wrappers should not adjust position when c == EOF
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 501494c6c68a84114fdd0b44d4b67ef9cde776c9
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat Jan 7 13:39:56 2023 -0800

    test: Add unit tests using glib framework
    
    Includes rudimentary tests for XpmReadFileToXpmImage, XpmReadFileToData,
    XpmReadFileToBuffer, XpmCreateXpmImageFromData, XpmCreateXpmImageFromBuffer,
    XpmWriteFileFromXpmImage, XpmWriteFileFromData, XpmWriteFileFromBuffer,
    XpmAttributesSize, XpmGetErrorString, XpmLibraryVersion
    
    Includes test cases for CVE-2004-0687
    
    Tests .Z and .gz files if --enable-open-zfile is active
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 4841039e5385f264d12757903894f47c64f59361
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Thu Jan 5 15:42:36 2023 -0800

    configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE
    
    Documents the two compression options in the README, makes their
    configure options reflect the interdependency of their implementation,
    and makes the configure script report their configuration.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit aef0c8dd129838ac35b3cf8a7cdf04c7fd67dff1
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Jan 1 14:19:17 2023 -0800

    man pages: Apply standard man page style/formatting
    
    Function & macro names in bold, argument names in italics.
    
    In the man page body, bold function names followed by plain ()
    for functions defined in this page, plain (3) for functions defined
    in other man pages.
    
    New paragraphs start with .PP, not just a blank line.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 5d55a0be3f8a8d3e53c65c286878fc3224fce135
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Jan 1 10:48:01 2023 -0800

    man pages: Replace "See Also" entries with more useful ones
    
    "See Also" entries in man pages should list other man pages to
    look at, not the alternate names for the current man page.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 392cb8fb444ae632176829076f412cb4029dbdbc
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Jan 1 10:21:38 2023 -0800

    man pages: Fix typos and other minor editing
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 08bc174f28af028b6ebaa9edeccd3ff56c396e92
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat Nov 19 12:23:53 2022 -0800

    libXpm 3.5.14
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit f0857c0de206e90777a5321cce9602083b283080
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat Aug 27 10:06:23 2022 -0700

    man pages: Correct Copyright/License notices
    
    Since the text was copied from doc/xpm.PS.gz, the copyright and license
    notices need to be copied from there as well.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit deb81a9a210527b0a00f002b1796e5e21e492879
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Aug 26 18:39:17 2022 -0700

    man pages: Fix typos
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 2d5fa4c2079494f502f9a576d749fa1e205f2144
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Aug 26 18:29:05 2022 -0700

    man pages: Add missing word 'function' where needed
    
    A number of instances of 'The Xpm... function' were missing the word
    "function", so read awkwardly.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 2b7357e83e38e2a860687ee4150ef60bd6c0a47f
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Aug 26 18:16:42 2022 -0700

    man pages: Make function synopses more consistent with other pages
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit fb8590c9c57d661ec4a29da243e05b9d87b999d3
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Aug 26 18:06:51 2022 -0700

    man pages: Fix shadow man pages
    
    Shadow man pages have a .so line that needs to list the file to be
    shown, not the name of the shadow page.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit bfaebfdcc92433a8b78c004de4bb3c5a8a545e75
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Aug 26 17:49:25 2022 -0700

    man pages: Make file names consistent with their displayed names
    
    Lets users view the pages using the name displayed on the pages
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 7a138a5278890e122731eb94b8e5a7d6ef543243
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Jul 17 16:29:35 2022 -0700

    gitlab CI: add a basic build test
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 3433f4334db7c30864c112639a929c5ae8bd3c3b
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Jul 17 16:27:01 2022 -0700

    man: strip trailing whitespace
    
    git diff -w shows no changes from this commit
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 961245427855ab6d30a5fa2dbb98aaffa571d728
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Jul 17 16:25:38 2022 -0700

    Fix spelling/wording issues
    
    Found by using:
        codespell --builtin clear,rare,usage,informal,code,names
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit fa16fbda9c90f932a74cd80c90eee88432d987d7
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Jul 17 16:23:04 2022 -0700

    Build xz tarballs instead of bzip2
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 83e5427f9cd5d32602bcf647547e0030ea361f00
Author: Walter Harms <wharms@bfs.de>
Date:   Wed Dec 25 20:40:04 2019 +0100

    update man pages
    
    move from k&r to ansi prototypes
    improve nroff coding
    
    Signed-off-by: Walter Harms <wharms@bfs.de>

commit e48e649eb04f95ffbdbd0c8bb77d7131142f5e9a
Author: Walter Harms <wharms@bfs.de>
Date:   Tue Dec 24 17:20:09 2019 +0100

    add man pages based on doc/xpm.PS
    
    More or less hand crafted man pages based on xpm.PS.
    Prototypes are still in K&R, see also is a dud
    
    Signed-off-by: Walter Harms <wharms@bfs.de>

commit b0fc485495a694816d76a43978e2cfd5575c554d
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date:   Fri Dec 13 14:25:06 2019 +1000

    libXpm 3.5.13
    
    Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

commit 5817fd4ac5308fe7c23301c652f174997009b7d5
Author: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Date:   Wed Dec 4 11:17:21 2019 +0100

    parse: simplify error paths in xpmParseColors()
    
    We introduced a new label to handle the errors, we should use it
    for the rest of the function.
    
    Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>

commit e1d8f704d52f70680869b7aae1da0ad2382db363
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date:   Thu Dec 5 06:17:00 2019 +1000

    parse: avoid memleak on error with STRLCAT/STRLCPY
    
    The original macro might exit the function without freeing `colorTable`.
    
    Move the macros into a slightly less awful helper function and use goto
    to clean up in case of error.
    
    Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

commit 7af7c5e275b69daedee3696bee1e880586f30373
Author: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date:   Fri May 3 07:59:09 2019 +0200

    Allow usage when fork() is not available
    
    When fork() is not available, we need to define NO_ZPIPE so that
    libXpm doesn't try to fork/exec to use a pipe to uncompress compressed
    .xpm files. There is obviously a loss of functionality, but loading
    uncompressed .xpm files should continue to work.
    
    Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
    [Retrieved from:
    https://git.buildroot.net/buildroot/tree/package/x11r7/xlib_libXpm/0001-fork-check.patch]
    Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

commit 0be2c6712728cea1fa1bcc640e564c45c2c82e37
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Dec 7 19:47:06 2018 -0800

    Update configure.ac bug URL for gitlab migration
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit c9f8faf1c05fb92abc6c5b1db5e45eb1a7942875
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Mon Nov 19 22:30:30 2018 -0800

    Update README for gitlab migration
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 73a1e769dcf2a603fc63f5c36626c1c6db815f46
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Sep 30 15:09:29 2018 -0700

    After fdopen(), use fclose() instead of close() in error path
    
    Found by Oracle's Parfait 2.2 static analyzer:
    
    Error: File Leak
       File Leak [file-ptr-leak]:
          Leaked File fp
            at line 94 of lib/libXpm/src/RdFToBuf.c in function 'XpmReadFileToBuffer
    '.
              fp initialized at line 86 with fdopen
              fp leaks when len < 0 at line 92.
    
    Introduced-by: commit 8b3024e6871ce50b34bf2dff924774bd654703bc
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>

commit bc1b4962f048cfa33b76be46493e10cfb256fe98
Author: Dave Bodenstab <the.tick@gmx.com>
Date:   Wed Feb 22 12:04:54 2012 +0000

    Windows build fixes
    
    https://bugs.freedesktop.org/show_bug.cgi?id=46475
    https://bugs.freedesktop.org/attachment.cgi?id=57479
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit e42ca7b484418b169fd19a4c68e23ad2a6ec7a11
Author: Mihail Konev <k.mvc@ya.ru>
Date:   Thu Jan 26 13:52:49 2017 +1000

    autogen: add default patch prefix
    
    Signed-off-by: Mihail Konev <k.mvc@ya.ru>

commit ed8f9c2e8b635eb63497c48b24a056f9e6f50609
Author: Emil Velikov <emil.l.velikov@gmail.com>
Date:   Mon Mar 9 12:00:52 2015 +0000

    autogen.sh: use quoted string variables
    
    Place quotes around the $srcdir, $ORIGDIR and $0 variables to prevent
    fall-outs, when they contain space.
    
    Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
    Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
    Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
