X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-lf0-f65.google.com (mail-lf0-f65.google.com [209.85.215.65]) by lists.alpinelinux.org (Postfix) with ESMTP id B5E0A5C0F4D for ; Fri, 27 Jan 2017 08:05:18 +0000 (GMT) Received: by mail-lf0-f65.google.com with SMTP id v186so25429473lfa.2 for ; Fri, 27 Jan 2017 00:05:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=qZMg6106eLpCeLOhF/44Kq8JNvnhPp4lurmP9LoadsQ=; b=tJBr1BeqSmHeHAYcqOWrujAa9E6qqq/LI3QRsOiWxDQ6Gnk6sSCc/JcsghrZSRlIcV h0iNZ+t0qqF0Ml/g/W279BdKjcdL23WboI1WlkE93w4GicVwRFgHcsBAYa0tNDnzjY+t /gMUiTf25IedjIXG2BjJJDjuPtlU6Uv93f09lPIG5T68b9xqWZYOQznreAxhv+2i9OnW Uaksiyf+DaCsYFiApkIWcFJZZEvLFJFLdHf7j1CYcpTQmhWkA47CRXB0ELfdVNjjrwlD 5evFc6LHolLYR1oEvC6lbwKGixOcxFmOlaHi3sNa7/HKhbt6elD+BAqfwOR1b19P8fjy bbFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=qZMg6106eLpCeLOhF/44Kq8JNvnhPp4lurmP9LoadsQ=; b=li7KXQI4lptPhymARBMSIu+6DK8vB2xXcAt8KKxH2bDex88xFHYsCeUPZex/C91obP r0JwXOyLwLohvo2iwsXFKGyrQoI1Zd9bcVxmBANePVV7BQ2D4FvQHOodp/zZa2gkIwiZ qGLnPn0yFy43fj8eRsMsn9viYqxOCsDj6x/6ZGTQD32ldCHEtQFPPxI8yjp98fHOyA+0 4Ck5MV/uT9eCPwwO9LGRDGIo8hcEHyrgrp32FF9pV5dXltEIUHkSdxSHQ4Pp67kJ7leD sY/2UsPqDbJD+HB6ivCo2Jv71Sy+zQybXftE5ySLUR0HJrzEYFDFJRLVJYzkQwJjR9X5 CAYA== X-Gm-Message-State: AIkVDXIraLdknuFCIqhvAPEiE1oWQCnt3XRrSMtS7IaFmR+WAEODjhQYznuE2EGp+2G+OA== X-Received: by 10.25.228.157 with SMTP id x29mr1978582lfi.125.1485504317873; Fri, 27 Jan 2017 00:05:17 -0800 (PST) Received: from v3-2.util.wtbts.net ([83.145.235.199]) by smtp.gmail.com with ESMTPSA id t9sm1086641lja.48.2017.01.27.00.05.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 27 Jan 2017 00:05:17 -0800 (PST) From: Sergei Lukin To: alpine-aports@lists.alpinelinux.org Cc: Sergei Lukin Subject: [alpine-aports] [PATCH v3.2] main/libxpm: security upgrade to 3.5.12 - fixes #6754 Date: Fri, 27 Jan 2017 08:05:11 +0000 Message-Id: <1485504311-3986-1-git-send-email-sergej.lukin@gmail.com> X-Mailer: git-send-email 2.4.11 X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: CVE-2016-10164: Out-of-bounds write in XPM extension parsing libXpm 3.5.12 changes: https://lists.freedesktop.org/archives/xorg/2016-December/058537.html --- main/libxpm/APKBUILD | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/main/libxpm/APKBUILD b/main/libxpm/APKBUILD index db88c67..0920e64 100644 --- a/main/libxpm/APKBUILD +++ b/main/libxpm/APKBUILD @@ -1,7 +1,8 @@ +# Contributor: Sergei Lukin # Maintainer: Natanael Copa pkgname=libxpm -pkgver=3.5.11 -pkgrel=1 +pkgver=3.5.12 +pkgrel=0 pkgdesc="X11 pixmap library" url="http://xorg.freedesktop.org/" arch="all" @@ -11,6 +12,10 @@ depends= makedepends="libxt-dev libxext-dev libx11-dev util-linux-dev" source="http://xorg.freedesktop.org/releases/individual/lib/libXpm-$pkgver.tar.bz2" +# secfixes: +# 3.5.12-r0: +# - CVE-2016-10164 + depends_dev="libx11-dev" build() { cd "$srcdir"/libXpm-$pkgver @@ -30,6 +35,6 @@ package() { rm "$pkgdir"/usr/lib/*.la || return 1 install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING } -md5sums="769ee12a43611cdebd38094eaf83f3f0 libXpm-3.5.11.tar.bz2" -sha256sums="c5bdafa51d1ae30086fac01ab83be8d47fe117b238d3437f8e965434090e041c libXpm-3.5.11.tar.bz2" -sha512sums="c089056108d4598f6c4603d6440d9ef6216e87c5cf1e30d143b0e7abc9c5d6f40050c747a57a27d751bc80786ded0390d97cbe221be628241c881d21a3ce6024 libXpm-3.5.11.tar.bz2" +md5sums="20f4627672edb2bd06a749f11aa97302 libXpm-3.5.12.tar.bz2" +sha256sums="fd6a6de3da48de8d1bb738ab6be4ad67f7cb0986c39bd3f7d51dd24f7854bdec libXpm-3.5.12.tar.bz2" +sha512sums="a5707d5f758d577414101b0723af334fc8ac223e5b9f869994765735e1cbd8dafed48ea2851ebc479fecaf84381bfd5fbef842ec971a487f7fa9e77d54d3a17e libXpm-3.5.12.tar.bz2" -- 2.4.11 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---