Subject: CVS commit: pkgsrc/x11/libXpm
From: Thomas Klausner
Date: 2023-01-17 19:42:39
Message id: 20230117184239.A7611FA90@cvs.NetBSD.org

Log Message:
libXpm: update to 3.5.15.

This release contains fixes for the issues reported in today's security
advisory: https://lists.x.org/archives/xorg-announce/2023-January/003312.html

It also adds a new configure option --disable-open-zfile that makes it easy
for people building libXpm to completely disable the code to fork compression
and uncompression programs if they do not have a need for it in their use case.
The README.md file has been updated to document both of the configure options
to control the optional compression handling features.

Alan Coopersmith (12):
      man pages: Fix typos and other minor editing
      man pages: Replace "See Also" entries with more useful ones
      man pages: Apply standard man page style/formatting
      configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE
      test: Add unit tests using glib framework
      cxpm: getc/ungetc wrappers should not adjust position when c == EOF
      test: add test case for CVE-2022-46285 (unclosed comments)
      Fix CVE-2022-46285: Infinite loop on unclosed comments
      test: add test cases for CVE-2022-44617 (zero-width w/enormous height)
      Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
      Fix CVE-2022-4883: compression commands depend on $PATH
      libXpm 3.5.15

Matthieu Herrb (1):
      Prevent a double free in the error code path

Peter Hutterer (1):
      Use gzip -d instead of gunzip

Files:
RevisionActionfile
1.27modifypkgsrc/x11/libXpm/Makefile
1.13modifypkgsrc/x11/libXpm/distinfo
1.5modifypkgsrc/x11/libXpm/patches/patch-aa