libXpm - X Pixmap (XPM) image file format library ------------------------------------------------- This release contains fixes for the issues reported in today's security advisory: https://lists.x.org/archives/xorg-announce/2023-January/003312.html It also adds a new configure option --disable-open-zfile that makes it easy for people building libXpm to completely disable the code to fork compression and uncompression programs if they do not have a need for it in their use case. The README.md file has been updated to document both of the configure options to control the optional compression handling features. Alan Coopersmith (12): man pages: Fix typos and other minor editing man pages: Replace "See Also" entries with more useful ones man pages: Apply standard man page style/formatting configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE test: Add unit tests using glib framework cxpm: getc/ungetc wrappers should not adjust position when c == EOF test: add test case for CVE-2022-46285 (unclosed comments) Fix CVE-2022-46285: Infinite loop on unclosed comments test: add test cases for CVE-2022-44617 (zero-width w/enormous height) Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height Fix CVE-2022-4883: compression commands depend on $PATH libXpm 3.5.15 Matthieu Herrb (1): Prevent a double free in the error code path Peter Hutterer (1): Use gzip -d instead of gunzip git tag: libXpm-3.5.15 https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.15.tar.gz SHA256: 2a9bd419e31270593e59e744136ee2375ae817322447928d2abb6225560776f9 libXpm-3.5.15.tar.gz SHA512: 85f28a3bd63a9c919cc4cbdb327ec5aa64a87c5ccb10af448b8baf37c26f3b59aaf12af2389267e3e6f563456193a3f478690da743e84fe51573022345f34a93 libXpm-3.5.15.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.15.tar.gz.sig https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.15.tar.xz SHA256: 60bb906c5c317a6db863e39b69c4a83fdbd2ae2154fcf47640f8fefc9fdfd1c1 libXpm-3.5.15.tar.xz SHA512: 955d716fcea2c9d868ab941c56f017b39bfa0f47fd2904e9b04c6a9be17f23f8b8c906da9c90a89a789f1f399d419641705ff5b6f9921820e34d4807c7a1992f libXpm-3.5.15.tar.xz PGP: https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.15.tar.xz.sig -- -Alan Coopersmith- alan.coopersmith at oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: <https://lists.x.org/archives/xorg-announce/attachments/20230117/f276cb58/attachment.sig>