2023-10-03 22:28:15 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
libXpm: update to 3.5.17.
This release contains fixes for the issues reported in today's security
advisory: https://lists.x.org/archives/xorg-announce/2023-October/003424.html
Alan Coopersmith (10):
Set close-on-exec when opening files
test: use g_pattern_spec_match_string if available
Explicitly mark non-static symbols as export or hidden
Fix CVE-2023-43788: Out of bounds read in XpmCreateXpmImageFromBuffer
test: Add test case for CVE-2023-43789 (corrupt colormap info)
Fix CVE-2023-43789: Out of bounds read on XPM with corrupted colormap
test: Add test case for CVE-2023-43786 (stack exhaustion in PutImage)
Avoid CVE-2023-43786: stack exhaustion in XPutImage()
test: Add test case for CVE-2023-43787 (integer overflow in XCreateImage)
libXpm 3.5.17
Yair Mizrahi (1):
Avoid CVE-2023-43787 (integer overflow in XCreateImage)
|
2023-04-17 23:09:49 by Thomas Klausner | Files touched by this commit (3) | |
Log message:
libXpm: update to 3.5.16.
Alan Coopersmith (11):
test: skip compressed file tests when --disable-open-zfile is used
gitlab CI: build with each of --enable-open-zfile & --disable-open-zfile
configure: correct error message to suggest --disable-open-zfile
open-zfile: Make compress & uncompress commands optional
Require LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL
XpmCreateDataFromXpmImage: Fix misleading indentation
parse.c: Wrap FREE_CIDX definition in do { ... } while(0)
parse.c: remove unused function xstrlcpy()
test: Use PACKAGE_BUGREPORT instead of hard-coded URL's
test: Add simple test cases for functions in src/rgb.c
xpmReadRgbNames: constify filename argument
Matt Turner (1):
libXpm 3.5.16
Peter Hutterer (1):
Fix a memleak in ParsePixels error code path
|
2023-03-02 08:52:30 by Tobias Nygren | Files touched by this commit (1) |
Log message:
libXpm: wire down path to uncompress(1) as well
|
2023-02-10 10:07:22 by Tobias Nygren | Files touched by this commit (1) |
Log message:
libXpm: fix build on Linux
|
2023-01-23 09:30:02 by Adam Ciarcinski | Files touched by this commit (1) |
Log message:
libXpm: Explicitly define path to gzip
|
2023-01-17 19:42:39 by Thomas Klausner | Files touched by this commit (3) | |
Log message:
libXpm: update to 3.5.15.
This release contains fixes for the issues reported in today's security
advisory: https://lists.x.org/archives/xorg-announce/2023-January/003312.html
It also adds a new configure option --disable-open-zfile that makes it easy
for people building libXpm to completely disable the code to fork compression
and uncompression programs if they do not have a need for it in their use case.
The README.md file has been updated to document both of the configure options
to control the optional compression handling features.
Alan Coopersmith (12):
man pages: Fix typos and other minor editing
man pages: Replace "See Also" entries with more useful ones
man pages: Apply standard man page style/formatting
configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE
test: Add unit tests using glib framework
cxpm: getc/ungetc wrappers should not adjust position when c == EOF
test: add test case for CVE-2022-46285 (unclosed comments)
Fix CVE-2022-46285: Infinite loop on unclosed comments
test: add test cases for CVE-2022-44617 (zero-width w/enormous height)
Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
Fix CVE-2022-4883: compression commands depend on $PATH
libXpm 3.5.15
Matthieu Herrb (1):
Prevent a double free in the error code path
Peter Hutterer (1):
Use gzip -d instead of gunzip
|
2022-11-19 22:34:31 by Thomas Klausner | Files touched by this commit (5) | |
Log message:
libXpm: update to 3.5.14.
The only changes to the code in this release are typo fixes in the
comments, but the big change is the addition of man pages, thanks
to the work Walter Harms did to convert the API docs from the old
Postscript file into man page format.
Alan Coopersmith (11):
Build xz tarballs instead of bzip2
Fix spelling/wording issues
man: strip trailing whitespace
gitlab CI: add a basic build test
man pages: Make file names consistent with their displayed names
man pages: Fix shadow man pages
man pages: Make function synopses more consistent with other pages
man pages: Add missing word 'function' where needed
man pages: Fix typos
man pages: Correct Copyright/License notices
libXpm 3.5.14
Walter Harms (2):
add man pages based on doc/xpm.PS
update man pages
|
2022-11-09 14:14:32 by Joerg Sonnenberger | Files touched by this commit (223) |
Log message:
Reset MAINTAINER
|
2022-08-11 15:37:24 by Jonathan Perkin | Files touched by this commit (3) |
Log message:
libXpm: Add USE_EXPLICIT_LIBDEPS, set to no.
This variable controls whether we add the explicit library dependencies from
libiconv and gettext-lib, required by this package as it's a bit special in how
it handles libintl.
|
2022-04-10 10:53:24 by Nia Alarie | Files touched by this commit (90) |
Log message:
x11: adapt to new avoid-duplicate.mk usage
|