[alpine-aports] [PATCH v3.3] main/libxpm: security upgrade to 3.5.12 - fixes #6753

Sergei Lukin
Details
Message ID
<1485504085-3942-1-git-send-email-sergej.lukin@gmail.com>
Sender timestamp
1485504085
DKIM signature
missing
Download raw message
Patch: +10 -5
CVE-2016-10164: Out-of-bounds write in XPM extension parsing

libXpm 3.5.12 changes:
https://lists.freedesktop.org/archives/xorg/2016-December/058537.html
---
 main/libxpm/APKBUILD | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/main/libxpm/APKBUILD b/main/libxpm/APKBUILD
index 0c5fa5d..6e05424 100644
--- a/main/libxpm/APKBUILD
+++ b/main/libxpm/APKBUILD
@@ -1,7 +1,8 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libxpm
-pkgver=3.5.11
-pkgrel=1
+pkgver=3.5.12
+pkgrel=0
 pkgdesc="X11 pixmap library"
 url="http://xorg.freedesktop.org/"
 arch="all"
@@ -11,6 +12,10 @@ depends=
 makedepends="libxt-dev libxext-dev libx11-dev util-linux-dev"
 source="http://xorg.freedesktop.org/releases/individual/lib/libXpm-$pkgver.tar.bz2"
 
+# secfixes:
+#   3.5.12-r0:
+#   - CVE-2016-10164
+
 depends_dev="libx11-dev"
 build() {
 	cd "$srcdir"/libXpm-$pkgver
@@ -29,6 +34,6 @@ package() {
 	make DESTDIR="$pkgdir" install || return 1
 	install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
 }
-md5sums="769ee12a43611cdebd38094eaf83f3f0  libXpm-3.5.11.tar.bz2"
-sha256sums="c5bdafa51d1ae30086fac01ab83be8d47fe117b238d3437f8e965434090e041c  libXpm-3.5.11.tar.bz2"
-sha512sums="c089056108d4598f6c4603d6440d9ef6216e87c5cf1e30d143b0e7abc9c5d6f40050c747a57a27d751bc80786ded0390d97cbe221be628241c881d21a3ce6024  libXpm-3.5.11.tar.bz2"
+md5sums="20f4627672edb2bd06a749f11aa97302  libXpm-3.5.12.tar.bz2"
+sha256sums="fd6a6de3da48de8d1bb738ab6be4ad67f7cb0986c39bd3f7d51dd24f7854bdec  libXpm-3.5.12.tar.bz2"
+sha512sums="a5707d5f758d577414101b0723af334fc8ac223e5b9f869994765735e1cbd8dafed48ea2851ebc479fecaf84381bfd5fbef842ec971a487f7fa9e77d54d3a17e  libXpm-3.5.12.tar.bz2"
-- 
2.6.6



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---