CVS commit: pkgsrc/x11/libXpm

["Thomas Klausner" <wiz%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   wiz
Date:           Tue Oct  3 20:28:15 UTC 2023

Modified Files:
        pkgsrc/x11/libXpm: Makefile distinfo

Log Message:
libXpm: update to 3.5.17.

This release contains fixes for the issues reported in today's security
advisory: https://lists.x.org/archives/xorg-announce/2023-October/003424.html

Alan Coopersmith (10):
      Set close-on-exec when opening files
      test: use g_pattern_spec_match_string if available
      Explicitly mark non-static symbols as export or hidden
      Fix CVE-2023-43788: Out of bounds read in XpmCreateXpmImageFromBuffer
      test: Add test case for CVE-2023-43789 (corrupt colormap info)
      Fix CVE-2023-43789: Out of bounds read on XPM with corrupted colormap
      test: Add test case for CVE-2023-43786 (stack exhaustion in PutImage)
      Avoid CVE-2023-43786: stack exhaustion in XPutImage()
      test: Add test case for CVE-2023-43787 (integer overflow in XCreateImage)
      libXpm 3.5.17

Yair Mizrahi (1):
      Avoid CVE-2023-43787 (integer overflow in XCreateImage)


To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 pkgsrc/x11/libXpm/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/x11/libXpm/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/x11/libXpm/Makefile
diff -u pkgsrc/x11/libXpm/Makefile:1.31 pkgsrc/x11/libXpm/Makefile:1.32
--- pkgsrc/x11/libXpm/Makefile:1.31     Mon Apr 17 21:09:49 2023
+++ pkgsrc/x11/libXpm/Makefile  Tue Oct  3 20:28:15 2023
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.31 2023/04/17 21:09:49 wiz Exp $
+# $NetBSD: Makefile,v 1.32 2023/10/03 20:28:15 wiz Exp $
 
-DISTNAME=              libXpm-3.5.16
+DISTNAME=              libXpm-3.5.17
 CATEGORIES=            x11 graphics
 MASTER_SITES=          ${MASTER_SITE_XORG:=lib/}
 EXTRACT_SUFX=          .tar.xz

Index: pkgsrc/x11/libXpm/distinfo
diff -u pkgsrc/x11/libXpm/distinfo:1.14 pkgsrc/x11/libXpm/distinfo:1.15
--- pkgsrc/x11/libXpm/distinfo:1.14     Mon Apr 17 21:09:49 2023
+++ pkgsrc/x11/libXpm/distinfo  Tue Oct  3 20:28:15 2023
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.14 2023/04/17 21:09:49 wiz Exp $
+$NetBSD: distinfo,v 1.15 2023/10/03 20:28:15 wiz Exp $
 
-BLAKE2s (libXpm-3.5.16.tar.xz) = 557ac1f86292738c632171c21cacb2bfb2b31f2f6bd9517438101cab10c673d9
-SHA512 (libXpm-3.5.16.tar.xz) = ee564311f8c1c9c08ed1035d55c287ecf7c20c6fee09ad448acfab59f38fd1ef381d4a24b4af2b581f3033730eebc7c690918e52ba706de689d1ef11085edac2
-Size (libXpm-3.5.16.tar.xz) = 469020 bytes
+BLAKE2s (libXpm-3.5.17.tar.xz) = 14caba27e1fa0990cd26017971b57b7c3ab9433314d0b9a565e0f576b803b874
+SHA512 (libXpm-3.5.17.tar.xz) = 52f9d2664a47a26c1a6ad65d18867de870b66947b0b0d99cca3512756a0aaa6ce2a245c0b49f20b70c3ce48bf04c47c333e8119a147465c277bca727f6ab017e
+Size (libXpm-3.5.17.tar.xz) = 468964 bytes
 SHA1 (patch-aa) = 4cfa0ddc7f802916363901226f3c60e7f686b616
 SHA1 (patch-ab) = faaefb61693805272bd4cccc1301c6e3edd14919
 SHA1 (patch-ac) = 9226dce77b0a7d9c792d9465727423581db7f01e