Subject: CVS commit: pkgsrc/graphics/xpm
From: Johnny C. Lam
Date: 2005-06-14 20:10:37
Message id: 20050614181037.9C9AE2DA27@cvs.netbsd.org
Log Message:
Apply fixes derived from the HEAD branch of X.Org (6.8.99) to address
problems noted in CAN-2004-0914:

    Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as
    used in XFree86 and other packages, include (1) multiple integer
    overflows, (2) out-of-bounds memory accesses, (3) directory
    traversal, (4) shell metacharacter, (5) endless loops, and (6)
    memory leaks, which could allow remote attackers to obtain
    sensitive information, cause a denial of service (application
    crash), or execute arbitary code via a certain XPM image file.

Bump PKGREVISION to 4.  Since this is a security-related fix, also
bump the BUILDLINK_RECOMMENDED version for this package.
Files:
RevisionActionfile
1.43modifypkgsrc/graphics/xpm/Makefile
1.18modifypkgsrc/graphics/xpm/buildlink3.mk
1.13modifypkgsrc/graphics/xpm/distinfo
1.3modifypkgsrc/graphics/xpm/patches/patch-ac
1.6modifypkgsrc/graphics/xpm/patches/patch-ad
1.2modifypkgsrc/graphics/xpm/patches/patch-ae
1.2modifypkgsrc/graphics/xpm/patches/patch-af
1.2modifypkgsrc/graphics/xpm/patches/patch-ag
1.2modifypkgsrc/graphics/xpm/patches/patch-ah
1.2modifypkgsrc/graphics/xpm/patches/patch-ai
1.2modifypkgsrc/graphics/xpm/patches/patch-aj
1.3modifypkgsrc/graphics/xpm/patches/patch-ak
1.1addpkgsrc/graphics/xpm/patches/patch-al
1.1addpkgsrc/graphics/xpm/patches/patch-am
1.1addpkgsrc/graphics/xpm/patches/patch-an
1.1addpkgsrc/graphics/xpm/patches/patch-ao
1.1addpkgsrc/graphics/xpm/patches/patch-ap
1.1addpkgsrc/graphics/xpm/patches/patch-aq
1.1addpkgsrc/graphics/xpm/patches/patch-ar
1.1addpkgsrc/graphics/xpm/patches/patch-as