Subject: CVS commit: pkgsrc/graphics/xpm
To: None <>
From: Johnny C. Lam <>
List: pkgsrc-changes
Date: 06/14/2005 18:10:37
Module Name:	pkgsrc
Committed By:	jlam
Date:		Tue Jun 14 18:10:37 UTC 2005

Modified Files:
	pkgsrc/graphics/xpm: Makefile distinfo
	pkgsrc/graphics/xpm/patches: patch-ac patch-ad patch-ae patch-af
	    patch-ag patch-ah patch-ai patch-aj patch-ak
Added Files:
	pkgsrc/graphics/xpm/patches: patch-al patch-am patch-an patch-ao
	    patch-ap patch-aq patch-ar patch-as

Log Message:
Apply fixes derived from the HEAD branch of X.Org (6.8.99) to address
problems noted in CAN-2004-0914:

    Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as
    used in XFree86 and other packages, include (1) multiple integer
    overflows, (2) out-of-bounds memory accesses, (3) directory
    traversal, (4) shell metacharacter, (5) endless loops, and (6)
    memory leaks, which could allow remote attackers to obtain
    sensitive information, cause a denial of service (application
    crash), or execute arbitary code via a certain XPM image file.

Bump PKGREVISION to 4.  Since this is a security-related fix, also
bump the BUILDLINK_RECOMMENDED version for this package.

To generate a diff of this commit:
cvs rdiff -r1.42 -r1.43 pkgsrc/graphics/xpm/Makefile
cvs rdiff -r1.17 -r1.18 pkgsrc/graphics/xpm/
cvs rdiff -r1.12 -r1.13 pkgsrc/graphics/xpm/distinfo
cvs rdiff -r1.2 -r1.3 pkgsrc/graphics/xpm/patches/patch-ac \
cvs rdiff -r1.5 -r1.6 pkgsrc/graphics/xpm/patches/patch-ad
cvs rdiff -r1.1 -r1.2 pkgsrc/graphics/xpm/patches/patch-ae \
    pkgsrc/graphics/xpm/patches/patch-af pkgsrc/graphics/xpm/patches/patch-ag \
    pkgsrc/graphics/xpm/patches/patch-ah pkgsrc/graphics/xpm/patches/patch-ai \
cvs rdiff -r0 -r1.1 pkgsrc/graphics/xpm/patches/patch-al \
    pkgsrc/graphics/xpm/patches/patch-am pkgsrc/graphics/xpm/patches/patch-an \
    pkgsrc/graphics/xpm/patches/patch-ao pkgsrc/graphics/xpm/patches/patch-ap \
    pkgsrc/graphics/xpm/patches/patch-aq pkgsrc/graphics/xpm/patches/patch-ar \

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.