Mail archive
alpine-aports

[alpine-aports] [PATCH v3.3] main/libxpm: security upgrade to 3.5.12 - fixes #6753

From: Sergei Lukin <sergej.lukin_at_gmail.com>
Date: Fri, 27 Jan 2017 08:01:25 +0000

CVE-2016-10164: Out-of-bounds write in XPM extension parsing

libXpm 3.5.12 changes:
https://lists.freedesktop.org/archives/xorg/2016-December/058537.html
---
 main/libxpm/APKBUILD | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/main/libxpm/APKBUILD b/main/libxpm/APKBUILD
index 0c5fa5d..6e05424 100644
--- a/main/libxpm/APKBUILD
+++ b/main/libxpm/APKBUILD
_at_@ -1,7 +1,8 @@
+# Contributor: Sergei Lukin <sergej.lukin_at_gmail.com>
 # Maintainer: Natanael Copa <ncopa_at_alpinelinux.org>
 pkgname=libxpm
-pkgver=3.5.11
-pkgrel=1
+pkgver=3.5.12
+pkgrel=0
 pkgdesc="X11 pixmap library"
 url="http://xorg.freedesktop.org/"
 arch="all"
_at_@ -11,6 +12,10 @@ depends=
 makedepends="libxt-dev libxext-dev libx11-dev util-linux-dev"
 source="http://xorg.freedesktop.org/releases/individual/lib/libXpm-$pkgver.tar.bz2"
 
+# secfixes:
+#   3.5.12-r0:
+#   - CVE-2016-10164
+
 depends_dev="libx11-dev"
 build() {
 	cd "$srcdir"/libXpm-$pkgver
_at_@ -29,6 +34,6 @@ package() {
 	make DESTDIR="$pkgdir" install || return 1
 	install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
 }
-md5sums="769ee12a43611cdebd38094eaf83f3f0  libXpm-3.5.11.tar.bz2"
-sha256sums="c5bdafa51d1ae30086fac01ab83be8d47fe117b238d3437f8e965434090e041c  libXpm-3.5.11.tar.bz2"
-sha512sums="c089056108d4598f6c4603d6440d9ef6216e87c5cf1e30d143b0e7abc9c5d6f40050c747a57a27d751bc80786ded0390d97cbe221be628241c881d21a3ce6024  libXpm-3.5.11.tar.bz2"
+md5sums="20f4627672edb2bd06a749f11aa97302  libXpm-3.5.12.tar.bz2"
+sha256sums="fd6a6de3da48de8d1bb738ab6be4ad67f7cb0986c39bd3f7d51dd24f7854bdec  libXpm-3.5.12.tar.bz2"
+sha512sums="a5707d5f758d577414101b0723af334fc8ac223e5b9f869994765735e1cbd8dafed48ea2851ebc479fecaf84381bfd5fbef842ec971a487f7fa9e77d54d3a17e  libXpm-3.5.12.tar.bz2"
-- 
2.6.6
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Fri Jan 27 2017 - 08:01:25 GMT