[ANNOUNCE] libXpm 3.5.15

Alan Coopersmith alan.coopersmith at oracle.com
Tue Jan 17 16:45:05 UTC 2023

libXpm - X Pixmap (XPM) image file format library

This release contains fixes for the issues reported in today's security
advisory: https://lists.x.org/archives/xorg-announce/2023-January/003312.html

It also adds a new configure option --disable-open-zfile that makes it easy
for people building libXpm to completely disable the code to fork compression
and uncompression programs if they do not have a need for it in their use case.
The README.md file has been updated to document both of the configure options
to control the optional compression handling features.

Alan Coopersmith (12):
      man pages: Fix typos and other minor editing
      man pages: Replace "See Also" entries with more useful ones
      man pages: Apply standard man page style/formatting
      configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE
      test: Add unit tests using glib framework
      cxpm: getc/ungetc wrappers should not adjust position when c == EOF
      test: add test case for CVE-2022-46285 (unclosed comments)
      Fix CVE-2022-46285: Infinite loop on unclosed comments
      test: add test cases for CVE-2022-44617 (zero-width w/enormous height)
      Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
      Fix CVE-2022-4883: compression commands depend on $PATH
      libXpm 3.5.15

Matthieu Herrb (1):
      Prevent a double free in the error code path

Peter Hutterer (1):
      Use gzip -d instead of gunzip

git tag: libXpm-3.5.15

SHA256: 2a9bd419e31270593e59e744136ee2375ae817322447928d2abb6225560776f9  libXpm-3.5.15.tar.gz
SHA512: 85f28a3bd63a9c919cc4cbdb327ec5aa64a87c5ccb10af448b8baf37c26f3b59aaf12af2389267e3e6f563456193a3f478690da743e84fe51573022345f34a93  libXpm-3.5.15.tar.gz
PGP:  https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.15.tar.gz.sig

SHA256: 60bb906c5c317a6db863e39b69c4a83fdbd2ae2154fcf47640f8fefc9fdfd1c1  libXpm-3.5.15.tar.xz
SHA512: 955d716fcea2c9d868ab941c56f017b39bfa0f47fd2904e9b04c6a9be17f23f8b8c906da9c90a89a789f1f399d419641705ff5b6f9921820e34d4807c7a1992f  libXpm-3.5.15.tar.xz
PGP:  https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.15.tar.xz.sig

        -Alan Coopersmith-                 alan.coopersmith at oracle.com
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.x.org/archives/xorg-announce/attachments/20230117/f276cb58/attachment.sig>

More information about the xorg-announce mailing list