X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-lf0-f67.google.com (mail-lf0-f67.google.com [209.85.215.67]) by lists.alpinelinux.org (Postfix) with ESMTP id AE6DA5C3F71 for ; Fri, 27 Jan 2017 08:01:32 +0000 (GMT) Received: by mail-lf0-f67.google.com with SMTP id q89so25403787lfi.1 for ; Fri, 27 Jan 2017 00:01:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=uhAHxoTER8OBNUZTtr8VMd7weKY70b6Y6VaWhTHbsoU=; b=EEm5fyYSuRoHZOdKy0wbtxAsFKLUv2wbLUwwfk4EnfugL4j0vtUsTF0WlgB61edDug xdmLhZOEXOodJHyAZpCNrM/eJzkYTziy7NYCFbAI1cJts58uv6QCjXoZmDUcB90rf2r9 Trn8RPVlHhrmB5hdqe55HSiaId7ih/F07zwObBOQ0LeNauxn+iLFwX33apJL52uwAt6J tYw4d3Fno8UU3BqmYiZhl+OpBEptkfiJSAE58ya+WYw3O72MxMzQ/nwwoB7aMM48lmXF hF7Xipwa2suz01+XzkY3J03OtiBscpT27PdsOweWqYDg/jC/Ee7KEeN16lQo2DFz3+g0 d8sw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=uhAHxoTER8OBNUZTtr8VMd7weKY70b6Y6VaWhTHbsoU=; b=pNvlGSfEEMRLHv70s3koJnPC7KKuxcd9HtxqM8xAzqO/A7DFusyMcUaxUL/r3hTI5K wZbF2oY5WQVoouHbwYV1YGG/DkbwuFEJ0LsWRpWZmwLjRMIVKPIPGc6UWS9SFmOjbYp7 I6VPSmPrnOSPuS4299xoEAESQdF7J3YQCgGdmx6HmaIJq/eKJLek1wHz4FHxaXOX68uD 2mvVi2UXqEstSC6pXYE+60YA8pF/6Ijk3CK9atIDqxTrUfGJA5c55SZD22LGc1nqIJH1 15Z8BOw+B/iyWUqXiqjDjPO644Xn2y9zML7TxcNy0vSVdA05qs52A42aZ8hraeWZSUWn sTsQ== X-Gm-Message-State: AIkVDXJINYIvnHwnKcQB5B/6kw/DujrLQJxyqaLYKUJLTnFZD8nKXQqILbqO8brV/5GVvw== X-Received: by 10.25.76.196 with SMTP id z187mr2189209lfa.60.1485504091874; Fri, 27 Jan 2017 00:01:31 -0800 (PST) Received: from v3-3.util.wtbts.net ([83.145.235.199]) by smtp.gmail.com with ESMTPSA id s20sm1090834lfg.29.2017.01.27.00.01.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 27 Jan 2017 00:01:31 -0800 (PST) From: Sergei Lukin To: alpine-aports@lists.alpinelinux.org Cc: Sergei Lukin Subject: [alpine-aports] [PATCH v3.3] main/libxpm: security upgrade to 3.5.12 - fixes #6753 Date: Fri, 27 Jan 2017 08:01:25 +0000 Message-Id: <1485504085-3942-1-git-send-email-sergej.lukin@gmail.com> X-Mailer: git-send-email 2.6.6 X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: CVE-2016-10164: Out-of-bounds write in XPM extension parsing libXpm 3.5.12 changes: https://lists.freedesktop.org/archives/xorg/2016-December/058537.html --- main/libxpm/APKBUILD | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/main/libxpm/APKBUILD b/main/libxpm/APKBUILD index 0c5fa5d..6e05424 100644 --- a/main/libxpm/APKBUILD +++ b/main/libxpm/APKBUILD @@ -1,7 +1,8 @@ +# Contributor: Sergei Lukin # Maintainer: Natanael Copa pkgname=libxpm -pkgver=3.5.11 -pkgrel=1 +pkgver=3.5.12 +pkgrel=0 pkgdesc="X11 pixmap library" url="http://xorg.freedesktop.org/" arch="all" @@ -11,6 +12,10 @@ depends= makedepends="libxt-dev libxext-dev libx11-dev util-linux-dev" source="http://xorg.freedesktop.org/releases/individual/lib/libXpm-$pkgver.tar.bz2" +# secfixes: +# 3.5.12-r0: +# - CVE-2016-10164 + depends_dev="libx11-dev" build() { cd "$srcdir"/libXpm-$pkgver @@ -29,6 +34,6 @@ package() { make DESTDIR="$pkgdir" install || return 1 install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING } -md5sums="769ee12a43611cdebd38094eaf83f3f0 libXpm-3.5.11.tar.bz2" -sha256sums="c5bdafa51d1ae30086fac01ab83be8d47fe117b238d3437f8e965434090e041c libXpm-3.5.11.tar.bz2" -sha512sums="c089056108d4598f6c4603d6440d9ef6216e87c5cf1e30d143b0e7abc9c5d6f40050c747a57a27d751bc80786ded0390d97cbe221be628241c881d21a3ce6024 libXpm-3.5.11.tar.bz2" +md5sums="20f4627672edb2bd06a749f11aa97302 libXpm-3.5.12.tar.bz2" +sha256sums="fd6a6de3da48de8d1bb738ab6be4ad67f7cb0986c39bd3f7d51dd24f7854bdec libXpm-3.5.12.tar.bz2" +sha512sums="a5707d5f758d577414101b0723af334fc8ac223e5b9f869994765735e1cbd8dafed48ea2851ebc479fecaf84381bfd5fbef842ec971a487f7fa9e77d54d3a17e libXpm-3.5.12.tar.bz2" -- 2.6.6 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---