libxpm (1:3.5.12-1+deb10u2) buster-security; urgency=medium * Add check to avoid triggering CVE-2023-43786 in libX11. * Add check to avoid triggering CVE-2023-43787 in libX11. * CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer * CVE-2023-43789: out of bounds read on XPM with corrupted colormap -- Emilio Pozuelo Monfort Thu, 05 Oct 2023 11:18:55 +0200 libxpm (1:3.5.12-1+deb10u1) buster-security; urgency=medium * Non-maintainer upload by the LTS Security Team. * Switch to dpkg-source 3.0 (quilt) format * Fix CVE-2022-4883: When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable. * Fix CVE-2022-44617: When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. * Fix CVE-2022-46285: when parsing a file with a comment not closed an end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library. -- Bastien Roucaries Mon, 19 Jun 2023 20:27:53 +0000 libxpm (1:3.5.12-1) unstable; urgency=medium [ Andreas Boll ] * New upstream release. * Let uscan verify tarball signatures. * Improve package description (Closes: #646992). Thanks, Justin B Rye! * Switch URLs to https. * Remove obsolete xsfbs. * Add placeholder comment into series file. * Bump debhelper compat to 10. - Drop build-deps on dh-autoreconf, automake and libtool. * Stop passing --disable-silent-rules to configure, debhelper does that for a while. * Drop no longer needed dpkg-dev versioned build-dependency. [ Emilio Pozuelo Monfort ] * Switch to -dbgsym packages. -- Emilio Pozuelo Monfort Thu, 22 Dec 2016 17:17:47 +0100 libxpm (1:3.5.11-1) unstable; urgency=medium * New upstream release. * Rewrite debian/rules using dh, bump compat to 9, drop xsfbs. * Remove Cyril from Uploaders. * Bump x11proto-core-dev build-dep per configure.ac. * Disable silent build rules. * Override gzip-file-is-not-multi-arch-same-safe for xpm.PS.gz. -- Julien Cristau Sun, 13 Jul 2014 12:24:10 +0200 libxpm (1:3.5.10-1) unstable; urgency=low * Clean up libtool m4 files. * Revert to shipping the doc as PS instead of PDF, so libxpm-dev can be Multi-Arch: same. Thanks to Jakub Wilk. * New upstream release. * Bump debhelper build-dep to 8.1.3 for ${misc:Pre-Depends}. -- Julien Cristau Sat, 21 Apr 2012 11:21:07 +0200 libxpm (1:3.5.9-4) unstable; urgency=low * Exclude xpmutils from the debug package so it really is multi-arch safe (closes: #646960). Thanks, Jakub Wilk! * Don't require fakeroot for debian/rules clean. * Replace the change from 1:3.5.9-3 with the equivalent fix committed upstream. -- Julien Cristau Mon, 31 Oct 2011 16:41:44 +0100 libxpm (1:3.5.9-3) unstable; urgency=low * Apply patch from Ubuntu to fix build failure when using ld --no-add- needed. Closes: #604494. -- Steve Langasek Fri, 21 Oct 2011 20:21:48 -0700 libxpm (1:3.5.9-2) unstable; urgency=low [ Cyril Brulebois ] * Build xpm.pdf from xpm.PS.gz, and use debian/libxpm-dev.docs to install it. That's the only available documentation we've got, so let's ship it (Closes: #466081). * Add ghostscript build-dep, for ps2pdf. * Fix typo in long descriptions: specificied → specified. [ Julien Cristau ] * Remove David from Uploaders. * Drop Pre-Depends on x11-common, only needed for upgrades from the monolith. * Drop Replaces on xbase-clients 6.8.x. [ Steve Langasek ] * Build for multiarch. -- Steve Langasek Fri, 21 Oct 2011 15:24:28 -0700 libxpm (1:3.5.9-1) unstable; urgency=low [ Julien Cristau ] * Remove myself from Uploaders. * Rename the build directory to not include DEB_BUILD_GNU_TYPE for no good reason. Thanks, Colin Watson! [ Cyril Brulebois ] * New upstrem release. * Bump xutils-dev build-dep for new macros. * Update debian/copyright from upstream COPYING. * Drop debian/libxpm-dev.docs, xpm.PS is gone. * Switch from --list-missing to --fail-missing for additional safety. * Exclude libXpm.la from dh_install accordingly. * Add myself to Uploaders. -- Cyril Brulebois Fri, 19 Nov 2010 10:59:03 +0100 libxpm (1:3.5.8-1) unstable; urgency=low [ Timo Aaltonen ] * New upstream release. * Bump the build-dep on xutils-dev (>= 1:7.5~1). [ Julien Cristau ] * Bump Standards-Version to 3.8.3. -- Julien Cristau Wed, 25 Nov 2009 19:31:08 +0100 libxpm (1:3.5.7-2) unstable; urgency=low [ Julien Cristau ] * Drop -1 debian revisions from build-deps. * Bump Standards-Version to 3.7.3. * Drop the XS- prefix from Vcs-* control fields. * libxpm4{,-dbg} don't need to depend on x11-common. * Add xpm.PS.gz to the -dev package (closes: #525551). * Don't handle nostrip in DEB_BUILD_OPTIONS explicitly, dh_strip does the right thing. * Use filter instead of findstring to parse DEB_BUILD_OPTIONS in debian/rules. * Add README.source, bump Standards-Version to 3.8.1. * Run autoreconf at build time. * Allow parallel builds. * Move -dbg package to new debug section. * Don't pass -l and -L options to dh_shlibdeps, it seems to be useless nowadays. [ Brice Goglin ] * Add a link to www.X.org and a reference to the upstream module in the long description. -- Julien Cristau Wed, 10 Jun 2009 14:59:30 +0200 libxpm (1:3.5.7-1) unstable; urgency=low * New upstream release. * Add the upstream URL to debian/copyright. * Use binary:Version instead of the deprecated Source-Version. * Add myself to uploaders, and remove Branden with his permission. -- Julien Cristau Sat, 25 Aug 2007 10:50:50 +0200 libxpm (1:3.5.6-3) unstable; urgency=low * Put binary packages in the correct sections. * Run dh_shlibdeps with -L libxpm4 -l debian/libxpm4/usr/lib so xpmutils gets a dependency on libxpm4. Fixes bug noticed by checklib. -- Julien Cristau Mon, 21 May 2007 17:35:32 +0200 libxpm (1:3.5.6-2) unstable; urgency=low * Upload to unstable. * Add XS-Vcs-Browser. * Remove Fabio from Uploaders, with his permission. -- Julien Cristau Wed, 11 Apr 2007 16:31:32 +0200 libxpm (1:3.5.6-1) experimental; urgency=low * New upstream release. * Add XS-Vcs-Git header to debian/control. * Drop obsolete CVS information from the long descriptions. * Install the upstream changelog. -- Julien Cristau Fri, 16 Feb 2007 16:24:44 +0100 libxpm (1:3.5.5-2) unstable; urgency=low [ Andres Salomon ] * Test for obj-$(DEB_BUILD_GNU_TYPE) before creating it during build; idempotency fix. [ Drew Parsons ] * dbg package has priority extra. -- David Nusinow Wed, 30 Aug 2006 17:12:38 -0400 libxpm (1:3.5.5-1) experimental; urgency=low * New upstream release * Run dh_install with --list-missing * Bump debhelper compat to 5 * Remove extra x11-common dep in the -dev package * Version x11-common pre-dep in the -dev package to use 1:7.0.0 to match the rest of Debian and shut lintian up * Add the sxpm and cxpm manpages to xpm-utils -- David Nusinow Mon, 3 Jul 2006 19:23:49 -0400 libxpm (1:3.5.4.2-3) unstable; urgency=low * Reorder makeshlib command in rules file so that ldconfig is run properly. Thanks Drew Parsons and Steve Langasek. -- David Nusinow Tue, 18 Apr 2006 21:50:00 -0400 libxpm (1:3.5.4.2-2) unstable; urgency=low * Upload to unstable -- David Nusinow Thu, 23 Mar 2006 22:45:13 -0500 libxpm (1:3.5.4.2-1) experimental; urgency=low * First upload to Debian -- David Nusinow Thu, 29 Dec 2005 20:54:06 -0500 libxpm (1:3.5.2-5) breezy; urgency=low * Add a Build-Depends on libxext-dev. For my next stunning move, I'll actually pay attention to what I'm doing. -- Daniel Stone Sat, 23 Jul 2005 01:33:31 +1000 libxpm (1:3.5.2-4) breezy; urgency=low * Bump Build-Depends on libx11-dev, libxt-dev, libxext-dev and x11proto-core-dev to avoid _XOPEN_SOURCE. -- Daniel Stone Sat, 23 Jul 2005 00:24:13 +1000 libxpm (1:3.5.2-3) breezy; urgency=low * Fix cat-walks-across-keyboard attack in debian/control. -- Daniel Stone Wed, 20 Jul 2005 21:18:57 +1000 libxpm (1:3.5.2-2) breezy; urgency=low * blah blah xpmutils Replaces: xbase-clients (<< 6.8.2-38) blah blah -- Daniel Stone Wed, 20 Jul 2005 18:45:27 +1000 libxpm (1:3.5.2-1) breezy; urgency=low * First libxpm release. -- Daniel Stone Mon, 16 May 2005 22:10:17 +1000