libxpm (1:3.5.12-1.1+deb11u1) bullseye-security; urgency=high * CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer() * CVE-2023-43789: out of bounds read on XPM with corrupted colormap * Avoid CVE-2023-43786: stack exhaustion in XPutImage() * Avoid CVE-2023-43787 (integer overflow in XCreateImage) -- Julien Cristau Tue, 03 Oct 2023 11:59:05 +0200 libxpm (1:3.5.12-1.1~deb11u1) bullseye; urgency=medium * Non-maintainer upload. * Rebuild for bullseye -- Salvatore Bonaccorso Wed, 25 Jan 2023 21:19:41 +0100 libxpm (1:3.5.12-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix CVE-2022-46285: Infinite loop on unclosed comments * Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height * configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE * Fix CVE-2022-4883: compression commands depend on $PATH * Prevent a double free in the error code path * Use gzip -d instead of gunzip * debian/rules: configure: Set explicitly runtime paths for {,un}compress and gzip. -- Salvatore Bonaccorso Mon, 16 Jan 2023 21:01:44 +0100 libxpm (1:3.5.12-1) unstable; urgency=medium [ Andreas Boll ] * New upstream release. * Let uscan verify tarball signatures. * Improve package description (Closes: #646992). Thanks, Justin B Rye! * Switch URLs to https. * Remove obsolete xsfbs. * Add placeholder comment into series file. * Bump debhelper compat to 10. - Drop build-deps on dh-autoreconf, automake and libtool. * Stop passing --disable-silent-rules to configure, debhelper does that for a while. * Drop no longer needed dpkg-dev versioned build-dependency. [ Emilio Pozuelo Monfort ] * Switch to -dbgsym packages. -- Emilio Pozuelo Monfort Thu, 22 Dec 2016 17:17:47 +0100 libxpm (1:3.5.11-1) unstable; urgency=medium * New upstream release. * Rewrite debian/rules using dh, bump compat to 9, drop xsfbs. * Remove Cyril from Uploaders. * Bump x11proto-core-dev build-dep per configure.ac. * Disable silent build rules. * Override gzip-file-is-not-multi-arch-same-safe for xpm.PS.gz. -- Julien Cristau Sun, 13 Jul 2014 12:24:10 +0200 libxpm (1:3.5.10-1) unstable; urgency=low * Clean up libtool m4 files. * Revert to shipping the doc as PS instead of PDF, so libxpm-dev can be Multi-Arch: same. Thanks to Jakub Wilk. * New upstream release. * Bump debhelper build-dep to 8.1.3 for ${misc:Pre-Depends}. -- Julien Cristau Sat, 21 Apr 2012 11:21:07 +0200 libxpm (1:3.5.9-4) unstable; urgency=low * Exclude xpmutils from the debug package so it really is multi-arch safe (closes: #646960). Thanks, Jakub Wilk! * Don't require fakeroot for debian/rules clean. * Replace the change from 1:3.5.9-3 with the equivalent fix committed upstream. -- Julien Cristau Mon, 31 Oct 2011 16:41:44 +0100 libxpm (1:3.5.9-3) unstable; urgency=low * Apply patch from Ubuntu to fix build failure when using ld --no-add- needed. Closes: #604494. -- Steve Langasek Fri, 21 Oct 2011 20:21:48 -0700 libxpm (1:3.5.9-2) unstable; urgency=low [ Cyril Brulebois ] * Build xpm.pdf from xpm.PS.gz, and use debian/libxpm-dev.docs to install it. That's the only available documentation we've got, so let's ship it (Closes: #466081). * Add ghostscript build-dep, for ps2pdf. * Fix typo in long descriptions: specificied → specified. [ Julien Cristau ] * Remove David from Uploaders. * Drop Pre-Depends on x11-common, only needed for upgrades from the monolith. * Drop Replaces on xbase-clients 6.8.x. [ Steve Langasek ] * Build for multiarch. -- Steve Langasek Fri, 21 Oct 2011 15:24:28 -0700 libxpm (1:3.5.9-1) unstable; urgency=low [ Julien Cristau ] * Remove myself from Uploaders. * Rename the build directory to not include DEB_BUILD_GNU_TYPE for no good reason. Thanks, Colin Watson! [ Cyril Brulebois ] * New upstrem release. * Bump xutils-dev build-dep for new macros. * Update debian/copyright from upstream COPYING. * Drop debian/libxpm-dev.docs, xpm.PS is gone. * Switch from --list-missing to --fail-missing for additional safety. * Exclude libXpm.la from dh_install accordingly. * Add myself to Uploaders. -- Cyril Brulebois Fri, 19 Nov 2010 10:59:03 +0100 libxpm (1:3.5.8-1) unstable; urgency=low [ Timo Aaltonen ] * New upstream release. * Bump the build-dep on xutils-dev (>= 1:7.5~1). [ Julien Cristau ] * Bump Standards-Version to 3.8.3. -- Julien Cristau Wed, 25 Nov 2009 19:31:08 +0100 libxpm (1:3.5.7-2) unstable; urgency=low [ Julien Cristau ] * Drop -1 debian revisions from build-deps. * Bump Standards-Version to 3.7.3. * Drop the XS- prefix from Vcs-* control fields. * libxpm4{,-dbg} don't need to depend on x11-common. * Add xpm.PS.gz to the -dev package (closes: #525551). * Don't handle nostrip in DEB_BUILD_OPTIONS explicitly, dh_strip does the right thing. * Use filter instead of findstring to parse DEB_BUILD_OPTIONS in debian/rules. * Add README.source, bump Standards-Version to 3.8.1. * Run autoreconf at build time. * Allow parallel builds. * Move -dbg package to new debug section. * Don't pass -l and -L options to dh_shlibdeps, it seems to be useless nowadays. [ Brice Goglin ] * Add a link to www.X.org and a reference to the upstream module in the long description. -- Julien Cristau Wed, 10 Jun 2009 14:59:30 +0200 libxpm (1:3.5.7-1) unstable; urgency=low * New upstream release. * Add the upstream URL to debian/copyright. * Use binary:Version instead of the deprecated Source-Version. * Add myself to uploaders, and remove Branden with his permission. -- Julien Cristau Sat, 25 Aug 2007 10:50:50 +0200 libxpm (1:3.5.6-3) unstable; urgency=low * Put binary packages in the correct sections. * Run dh_shlibdeps with -L libxpm4 -l debian/libxpm4/usr/lib so xpmutils gets a dependency on libxpm4. Fixes bug noticed by checklib. -- Julien Cristau Mon, 21 May 2007 17:35:32 +0200 libxpm (1:3.5.6-2) unstable; urgency=low * Upload to unstable. * Add XS-Vcs-Browser. * Remove Fabio from Uploaders, with his permission. -- Julien Cristau Wed, 11 Apr 2007 16:31:32 +0200 libxpm (1:3.5.6-1) experimental; urgency=low * New upstream release. * Add XS-Vcs-Git header to debian/control. * Drop obsolete CVS information from the long descriptions. * Install the upstream changelog. -- Julien Cristau Fri, 16 Feb 2007 16:24:44 +0100 libxpm (1:3.5.5-2) unstable; urgency=low [ Andres Salomon ] * Test for obj-$(DEB_BUILD_GNU_TYPE) before creating it during build; idempotency fix. [ Drew Parsons ] * dbg package has priority extra. -- David Nusinow Wed, 30 Aug 2006 17:12:38 -0400 libxpm (1:3.5.5-1) experimental; urgency=low * New upstream release * Run dh_install with --list-missing * Bump debhelper compat to 5 * Remove extra x11-common dep in the -dev package * Version x11-common pre-dep in the -dev package to use 1:7.0.0 to match the rest of Debian and shut lintian up * Add the sxpm and cxpm manpages to xpm-utils -- David Nusinow Mon, 3 Jul 2006 19:23:49 -0400 libxpm (1:3.5.4.2-3) unstable; urgency=low * Reorder makeshlib command in rules file so that ldconfig is run properly. Thanks Drew Parsons and Steve Langasek. -- David Nusinow Tue, 18 Apr 2006 21:50:00 -0400 libxpm (1:3.5.4.2-2) unstable; urgency=low * Upload to unstable -- David Nusinow Thu, 23 Mar 2006 22:45:13 -0500 libxpm (1:3.5.4.2-1) experimental; urgency=low * First upload to Debian -- David Nusinow Thu, 29 Dec 2005 20:54:06 -0500 libxpm (1:3.5.2-5) breezy; urgency=low * Add a Build-Depends on libxext-dev. For my next stunning move, I'll actually pay attention to what I'm doing. -- Daniel Stone Sat, 23 Jul 2005 01:33:31 +1000 libxpm (1:3.5.2-4) breezy; urgency=low * Bump Build-Depends on libx11-dev, libxt-dev, libxext-dev and x11proto-core-dev to avoid _XOPEN_SOURCE. -- Daniel Stone Sat, 23 Jul 2005 00:24:13 +1000 libxpm (1:3.5.2-3) breezy; urgency=low * Fix cat-walks-across-keyboard attack in debian/control. -- Daniel Stone Wed, 20 Jul 2005 21:18:57 +1000 libxpm (1:3.5.2-2) breezy; urgency=low * blah blah xpmutils Replaces: xbase-clients (<< 6.8.2-38) blah blah -- Daniel Stone Wed, 20 Jul 2005 18:45:27 +1000 libxpm (1:3.5.2-1) breezy; urgency=low * First libxpm release. -- Daniel Stone Mon, 16 May 2005 22:10:17 +1000