Package Release Info

libXpm-3.5.12-150000.3.7.2

Update Info: Base Release
Available in Package Hub : 15 SP5 Subpackages

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

libXpm-debugsource

libXpm4-32bit

libXpm4-32bit-debuginfo

Change Logs

* Tue Jan 17 2023 sndirsch@suse.com

- U_regression2-bug1207029_1207030_1207031.patch
  * second regression fix: Use gzip -d instead of gunzip

* Fri Jan 13 2023 sndirsch@suse.com

- U_regression-bug1207029_1207030_1207031.patch
  * regression fix for above patches

* Wed Jan 11 2023 sndirsch@suse.com

- U_0000-Update-README-for-gitlab-migration.patch
  * needed by U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch
- U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch
  * needed by U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
- U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch
  * libXpm: Infinite loop on unclosed comments (CVE-2022-46285,
    bsc#1207029)
- U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch
  * libXpm: Runaway loop on width of 0 and enormous height
    (CVE-2022-44617, bsc#1207030)
- U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
  * libXpm: compression commands depend on $PATH (CVE-2022-4883,
    bsc#1207031)

Version: 3.5.12-150000.3.10.1

* Wed Sep 27 2023 sndirsch@suse.com

- U_0000-test-Add-unit-tests-using-glib-framework.patch
  U_0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch
  U_0002-test-Add-test-case-for-CVE-2023-43789-corrupt-colorm.patch
  U_0003-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch
  * fixes CVE-2023-43788 libXpm: out of bounds read in
    XpmCreateXpmImageFromBuffer() (boo#1215686)
  * fixes CVE-2023-43789 libXpm: out of bounds read on XPM with
    corrupted colormap (boo#1215687)
- U_0004-test-Add-test-case-for-CVE-2023-43786-stack-exhausti.patch
  U_0005-Avoid-CVE-2023-43786-stack-exhaustion-in-XPutImage.patch
  U_0006-test-Add-test-case-for-CVE-2023-43787-integer-overfl.patch
  U_0007-Avoid-CVE-2023-43787-integer-overflow-in-XCreateImag.patch
  * avoids to trigger CVE-2023-43786,CVE-2023-43787 (boo#1215684,
    boo#1215685); see changelog in libX11 update ...

* Sat May 02 2009 eich@suse.de

- revert static library and .la file removal
  for SUSE versions <= 11.1.

* Tue Apr 21 2009 crrodriguez@suse.de

- remove static libraries and "la" files
- run ldconfig in postun

* Thu Sep 11 2008 sndirsch@suse.de

- bumped release number to 7.4

* Thu Apr 10 2008 ro@suse.de

- added baselibs.conf file to build xxbit packages
  for multilib support

* Sat Sep 29 2007 sndirsch@suse.de

- bumped version to 7.3

* Fri Aug 24 2007 sndirsch@suse.de

- libXpm 3.5.7
  * Sun bug 4486226: Xpm is not internationalized
  * Use AM_CFLAGS & AM_CPPFLAGS to replace per-program and obsolete macros
  * Include comment/copyright/license for AC_DEFINE_DIR in acinclude.m4
  * Replace index/rindex with C89 standard strchr/strrchr
  * Use srcdir in paths passed to xgettext when making .po files
  * Replace strcpy with strncpy to match previous code block
  * X.Org Bug #11863: Build libXpm on MS Windows (with MinGW)