CVE-2016-10164: Out-of-bounds write in XPM extension parsing
libXpm 3.5.12 changes:
https://lists.freedesktop.org/archives/xorg/2016-December/058537.html
---
main/libxpm/APKBUILD | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/main/libxpm/APKBUILD b/main/libxpm/APKBUILD
index 0c5fa5d..6e05424 100644
--- a/main/libxpm/APKBUILD
+++ b/main/libxpm/APKBUILD
@@ -1,7 +1,8 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libxpm
-pkgver=3.5.11
-pkgrel=1
+pkgver=3.5.12
+pkgrel=0
pkgdesc="X11 pixmap library"
url="http://xorg.freedesktop.org/"
arch="all"
@@ -11,6 +12,10 @@ depends=
makedepends="libxt-dev libxext-dev libx11-dev util-linux-dev"
source="http://xorg.freedesktop.org/releases/individual/lib/libXpm-$pkgver.tar.bz2"
+# secfixes:
+# 3.5.12-r0:
+# - CVE-2016-10164
+
depends_dev="libx11-dev"
build() {
cd "$srcdir"/libXpm-$pkgver
@@ -29,6 +34,6 @@ package() {
make DESTDIR="$pkgdir" install || return 1
install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
}
-md5sums="769ee12a43611cdebd38094eaf83f3f0 libXpm-3.5.11.tar.bz2"
-sha256sums="c5bdafa51d1ae30086fac01ab83be8d47fe117b238d3437f8e965434090e041c libXpm-3.5.11.tar.bz2"
-sha512sums="c089056108d4598f6c4603d6440d9ef6216e87c5cf1e30d143b0e7abc9c5d6f40050c747a57a27d751bc80786ded0390d97cbe221be628241c881d21a3ce6024 libXpm-3.5.11.tar.bz2"
+md5sums="20f4627672edb2bd06a749f11aa97302 libXpm-3.5.12.tar.bz2"
+sha256sums="fd6a6de3da48de8d1bb738ab6be4ad67f7cb0986c39bd3f7d51dd24f7854bdec libXpm-3.5.12.tar.bz2"
+sha512sums="a5707d5f758d577414101b0723af334fc8ac223e5b9f869994765735e1cbd8dafed48ea2851ebc479fecaf84381bfd5fbef842ec971a487f7fa9e77d54d3a17e libXpm-3.5.12.tar.bz2"
--
2.8.3
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---