From a3682d479d8306b89ed7fb46ef5d38a7f9011035 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 03 2016 06:06:03 +0000 Subject: import gimp-2.8.16-3.el7 --- diff --git a/.gimp.metadata b/.gimp.metadata index b608fee..bd6591c 100644 --- a/.gimp.metadata +++ b/.gimp.metadata @@ -1 +1 @@ -6d3c98fcc86f42b0a825a5c62d5d3a5e1c83f48b SOURCES/gimp-2.8.10.tar.bz2 +ca5d9ce7d8eae92cd5f1780153649bc6a544961a SOURCES/gimp-2.8.16.tar.bz2 diff --git a/.gitignore b/.gitignore index 559bec2..4d922ef 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/gimp-2.8.10.tar.bz2 +SOURCES/gimp-2.8.16.tar.bz2 diff --git a/SOURCES/gimp-2.8.10-CVE-2013-1913,1978.patch b/SOURCES/gimp-2.8.10-CVE-2013-1913,1978.patch deleted file mode 100644 index 17e2ad6..0000000 --- a/SOURCES/gimp-2.8.10-CVE-2013-1913,1978.patch +++ /dev/null @@ -1,177 +0,0 @@ -From 5e32c045e91ed9b0609154f7be2c3366dde1a282 Mon Sep 17 00:00:00 2001 -From: Nils Philippsen -Date: Fri, 29 Nov 2013 10:40:08 +0100 -Subject: [PATCH] patch: CVE-2013-1913,1978 - -Squashed commit of the following: - -commit 1f1e33f606e50f9efa338c92d036d837182dbfd5 -Author: Nils Philippsen -Date: Tue Nov 26 10:49:42 2013 +0100 - - file-xwd: sanity check # of colors and map entries (CVE-2013-1978) - - The number of colors in an image shouldn't be higher than the number of - colormap entries. Additionally, consolidate post error cleanup in - load_image(). - - (cherry picked from commit f597355beffd9e483e11407d4c3b56f32db3634d) - -commit 005e17a83907d89b37a432b3edf458a7c82f78bf -Author: Nils Philippsen -Date: Thu Nov 14 14:29:01 2013 +0100 - - file-xwd: sanity check colormap size (CVE-2013-1913) - - (cherry picked from commit 3997c7188a71dc8fc4c6a7513061180cbbd3590e) ---- - plug-ins/common/file-xwd.c | 62 +++++++++++++++++++++++++++------------------- - 1 file changed, 37 insertions(+), 25 deletions(-) - -diff --git a/plug-ins/common/file-xwd.c b/plug-ins/common/file-xwd.c -index 3240f7e..ba07afd 100644 ---- a/plug-ins/common/file-xwd.c -+++ b/plug-ins/common/file-xwd.c -@@ -424,9 +424,9 @@ static gint32 - load_image (const gchar *filename, - GError **error) - { -- FILE *ifp; -+ FILE *ifp = NULL; - gint depth, bpp; -- gint32 image_ID; -+ gint32 image_ID = -1; - L_XWDFILEHEADER xwdhdr; - L_XWDCOLOR *xwdcolmap = NULL; - -@@ -436,7 +436,7 @@ load_image (const gchar *filename, - g_set_error (error, G_FILE_ERROR, g_file_error_from_errno (errno), - _("Could not open '%s' for reading: %s"), - gimp_filename_to_utf8 (filename), g_strerror (errno)); -- return -1; -+ goto out; - } - - read_xwd_header (ifp, &xwdhdr); -@@ -445,8 +445,7 @@ load_image (const gchar *filename, - g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, - _("Could not read XWD header from '%s'"), - gimp_filename_to_utf8 (filename)); -- fclose (ifp); -- return -1; -+ goto out; - } - - #ifdef XWD_COL_WAIT_DEBUG -@@ -461,8 +460,25 @@ load_image (const gchar *filename, - /* Position to start of XWDColor structures */ - fseek (ifp, (long)xwdhdr.l_header_size, SEEK_SET); - -+ /* Guard against insanely huge color maps -- gimp_image_set_colormap() only -+ * accepts colormaps with 0..256 colors anyway. */ -+ if (xwdhdr.l_colormap_entries > 256) -+ { -+ g_message (_("'%s':\nIllegal number of colormap entries: %ld"), -+ gimp_filename_to_utf8 (filename), -+ (long)xwdhdr.l_colormap_entries); -+ goto out; -+ } -+ - if (xwdhdr.l_colormap_entries > 0) - { -+ if (xwdhdr.l_colormap_entries < xwdhdr.l_ncolors) -+ { -+ g_message (_("'%s':\nNumber of colormap entries < number of colors"), -+ gimp_filename_to_utf8 (filename)); -+ goto out; -+ } -+ - xwdcolmap = g_new (L_XWDCOLOR, xwdhdr.l_colormap_entries); - - read_xwd_cols (ifp, &xwdhdr, xwdcolmap); -@@ -482,9 +498,7 @@ load_image (const gchar *filename, - if (xwdhdr.l_file_version != 7) - { - g_message (_("Can't read color entries")); -- g_free (xwdcolmap); -- fclose (ifp); -- return (-1); -+ goto out; - } - } - -@@ -492,9 +506,7 @@ load_image (const gchar *filename, - { - g_message (_("'%s':\nNo image width specified"), - gimp_filename_to_utf8 (filename)); -- g_free (xwdcolmap); -- fclose (ifp); -- return (-1); -+ goto out; - } - - if (xwdhdr.l_pixmap_width > GIMP_MAX_IMAGE_SIZE -@@ -502,27 +514,21 @@ load_image (const gchar *filename, - { - g_message (_("'%s':\nImage width is larger than GIMP can handle"), - gimp_filename_to_utf8 (filename)); -- g_free (xwdcolmap); -- fclose (ifp); -- return (-1); -+ goto out; - } - - if (xwdhdr.l_pixmap_height <= 0) - { - g_message (_("'%s':\nNo image height specified"), - gimp_filename_to_utf8 (filename)); -- g_free (xwdcolmap); -- fclose (ifp); -- return (-1); -+ goto out; - } - - if (xwdhdr.l_pixmap_height > GIMP_MAX_IMAGE_SIZE) - { - g_message (_("'%s':\nImage height is larger than GIMP can handle"), - gimp_filename_to_utf8 (filename)); -- g_free (xwdcolmap); -- fclose (ifp); -- return (-1); -+ goto out; - } - - gimp_progress_init_printf (_("Opening '%s'"), -@@ -571,11 +577,6 @@ load_image (const gchar *filename, - } - gimp_progress_update (1.0); - -- fclose (ifp); -- -- if (xwdcolmap) -- g_free (xwdcolmap); -- - if (image_ID == -1 && ! (error && *error)) - g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, - _("XWD-file %s has format %d, depth %d and bits per pixel %d. " -@@ -583,6 +584,17 @@ load_image (const gchar *filename, - gimp_filename_to_utf8 (filename), - (gint) xwdhdr.l_pixmap_format, depth, bpp); - -+out: -+ if (ifp) -+ { -+ fclose (ifp); -+ } -+ -+ if (xwdcolmap) -+ { -+ g_free (xwdcolmap); -+ } -+ - return image_ID; - } - --- -1.8.4.2 - diff --git a/SOURCES/gimp-2.8.16-CVE-2016-4994.patch b/SOURCES/gimp-2.8.16-CVE-2016-4994.patch new file mode 100644 index 0000000..aa731ce --- /dev/null +++ b/SOURCES/gimp-2.8.16-CVE-2016-4994.patch @@ -0,0 +1,99 @@ +From 94e49c2beda08a9898775845d93bb3b1412305e8 Mon Sep 17 00:00:00 2001 +From: Nils Philippsen +Date: Thu, 30 Jun 2016 11:49:48 +0200 +Subject: [PATCH] patch: CVE-2016-4994 + +Squashed commit of the following: + +commit 9b9acd64de207608ffa47d01ce60a5bdf973148e +Author: Shmuel H +Date: Mon Jun 20 17:14:41 2016 +0300 + + Bug 767873 - (CVE-2016-4994) Multiple Use-After-Free when parsing... + + ...XCF channel and layer properties + + The properties PROP_ACTIVE_LAYER, PROP_FLOATING_SELECTION, + PROP_ACTIVE_CHANNEL saves the current object pointer the @info + structure. Others like PROP_SELECTION (for channel) and + PROP_GROUP_ITEM (for layer) will delete the current object and create + a new object, leaving the pointers in @info invalid (dangling). + + Therefore, if a property from the first type will come before the + second, the result will be an UaF in the last lines of xcf_load_image + (when it actually using the pointers from @info). + + I wasn't able to exploit this bug because that + g_object_instance->c_class gets cleared by the last g_object_unref and + GIMP_IS_{LAYER,CHANNEL} detects that and return FALSE. + + (cherry picked from commit 6d804bf9ae77bc86a0a97f9b944a129844df9395) + (cherry picked from commit e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f) +--- + app/xcf/xcf-load.c | 29 +++++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) + +diff --git a/app/xcf/xcf-load.c b/app/xcf/xcf-load.c +index b180377..67cc6d4 100644 +--- a/app/xcf/xcf-load.c ++++ b/app/xcf/xcf-load.c +@@ -904,6 +904,18 @@ xcf_load_layer_props (XcfInfo *info, + case PROP_GROUP_ITEM: + { + GimpLayer *group; ++ gboolean is_active_layer; ++ ++ /* We're going to delete *layer, Don't leave its pointers ++ * in @info. After that, we'll restore them back with the ++ * new pointer. See bug #767873. ++ */ ++ is_active_layer = (*layer == info->active_layer); ++ if (is_active_layer) ++ info->active_layer = NULL; ++ ++ if (*layer == info->floating_sel) ++ info->floating_sel = NULL; + + group = gimp_group_layer_new (image); + +@@ -916,6 +928,13 @@ xcf_load_layer_props (XcfInfo *info, + g_object_ref_sink (*layer); + g_object_unref (*layer); + *layer = group; ++ ++ if (is_active_layer) ++ info->active_layer = *layer; ++ ++ /* Don't restore info->floating_sel because group layers ++ * can't be floating selections ++ */ + } + break; + +@@ -986,6 +1005,12 @@ xcf_load_channel_props (XcfInfo *info, + { + GimpChannel *mask; + ++ /* We're going to delete *channel, Don't leave its pointer ++ * in @info. See bug #767873. ++ */ ++ if (*channel == info->active_channel) ++ info->active_channel = NULL; ++ + mask = + gimp_selection_new (image, + gimp_item_get_width (GIMP_ITEM (*channel)), +@@ -1000,6 +1025,10 @@ xcf_load_channel_props (XcfInfo *info, + *channel = mask; + (*channel)->boundary_known = FALSE; + (*channel)->bounds_known = FALSE; ++ ++ /* Don't restore info->active_channel because the ++ * selection can't be the active channel ++ */ + } + break; + +-- +2.5.5 + diff --git a/SPECS/gimp.spec b/SPECS/gimp.spec index 8fd502c..84e8250 100644 --- a/SPECS/gimp.spec +++ b/SPECS/gimp.spec @@ -81,23 +81,23 @@ Summary: GNU Image Manipulation Program Name: gimp Epoch: 2 -Version: 2.8.10 +Version: 2.8.16 Release: %{?prerelprefix}3%{dotprerel}%{dotgitrev}%{?dist} -# Compute some version related macros -# Ugly hack, you need to get your quoting backslashes/percent signs straight -%global major %(ver=%version; echo ${ver%%%%.*}) -%global minor %(ver=%version; ver=${ver#%major.}; echo ${ver%%%%.*}) -%global micro %(ver=%version; ver=${ver#%major.%minor.}; echo ${ver%%%%.*}) -%global binver %major.%minor +# Compute some version related macros. +# Ugly, need to get quoting percent signs straight. +%global major %(ver=%{version}; echo ${ver%%%%.*}) +%global minor %(ver=%{version}; ver=${ver#%major.}; echo ${ver%%%%.*}) +%global micro %(ver=%{version}; ver=${ver#%major.%minor.}; echo ${ver%%%%.*}) +%global binver %{major}.%{minor} %global interface_age 0 -%global gettext_version 20 -%global lib_api_version 2.0 +%global gettext_version %{major}0 +%global lib_api_version %{major}.0 %if ! %unstable %global lib_minor %(echo $[%minor * 100]) %global lib_micro %micro %else # unstable -%global lib_minor %(echo $[%minor * 100 + %micro]) +%global lib_minor %(echo $[%minor * 100 + %{micro}]) %global lib_micro 0 %endif # unstable @@ -113,7 +113,6 @@ URL: http://www.gimp.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%__id_u -n) Obsoletes: gimp-perl < 2:2.0 Obsoletes: gimp < 2:2.6.0-3 -BuildRequires: chrpath >= 0.13-5 %if %{with aalib} BuildRequires: aalib-devel %endif @@ -138,6 +137,7 @@ BuildRequires: jasper-devel %if %{with lcms} BuildRequires: lcms2-devel >= 2.2 %endif +BuildRequires: libappstream-glib BuildRequires: libexif-devel >= 0.6.15 BuildRequires: libgnomeui-devel >= 2.10.0 %if %{with gudev} @@ -169,10 +169,11 @@ BuildRequires: zlib-devel BuildRequires: libX11-devel BuildRequires: libXmu-devel BuildRequires: libXpm-devel -BuildRequires: sed + +BuildRequires: chrpath >= 0.13-5 BuildRequires: intltool BuildRequires: gettext -BuildRequires: findutils +BuildRequires: pkgconfig Requires: babl%{?_isa} >= 0.1.10 Requires: gegl%{?_isa} >= 0.2.0 @@ -196,7 +197,7 @@ Requires: gimp-libs%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release} Obsoletes: gimp-help-browser <= %{?epoch:%{epoch}:}%{version}-%{release} %endif -Source0: ftp://ftp.gimp.org/pub/gimp/v%{binver}/gimp-%{version}%{dashprerel}.tar.bz2 +Source0: http://download.gimp.org/pub/gimp/v%{binver}/gimp-%{version}%{dashprerel}.tar.bz2 %if %{defined gitrev} Patch0: gimp-%{version}%{dashprerel}-git%{gitrev}.patch.bz2 @@ -206,8 +207,12 @@ Patch0: gimp-%{version}%{dashprerel}-git%{gitrev}.patch.bz2 # Fedora specific. Patch1: gimp-2.8.2-cm-system-monitor-profile-by-default.patch -# CVE-2013-1913, CVE-2013-1978 -Patch2: gimp-2.8.10-CVE-2013-1913,1978.patch +# CVE-2016-4994: Fix multiple use-after-free when parsing XCF channel and layer +# properties +# Upstream commit: +# gimp-2-8: e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f +# master: 6d804bf9ae77bc86a0a97f9b944a129844df9395 +Patch2: gimp-2.8.16-CVE-2016-4994.patch # use external help browser directly if help browser plug-in is not built Patch100: gimp-2.8.6-external-help-browser.patch @@ -239,6 +244,7 @@ Requires: gimp-devel-tools = %{?epoch:%{epoch}:}%{version}-%{release} Requires: gtk2-devel Requires: glib2-devel Requires: pkgconfig +Requires: rpm >= 4.11.0 %description devel The gimp-devel package contains the static libraries and header files @@ -260,7 +266,6 @@ Image Manipulation Program (GIMP) plug-ins and extensions. Summary: GIMP help browser plug-in Group: Applications/Multimedia License: GPLv3+ -Obsoletes: gimp < 2:2.6.0-3 Requires: gimp%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release} %description help-browser @@ -298,7 +303,7 @@ EOF %endif %patch1 -p1 -b .cm-system-monitor-profile-by-default -%patch2 -p1 -b .CVE-2013-1913,1978 +%patch2 -p1 -b .CVE-2016-4994 %if ! %{with helpbrowser} %patch100 -p1 -b .external-help-browser @@ -312,8 +317,8 @@ EOF %global _hardened_build 1 %else # fake things -export CFLAGS='-fPIC %optflags' -export CXXFLAGS='-fPIC %optflags' +export CFLAGS='-fPIC %{optflags}' +export CXXFLAGS='-fPIC %{optflags}' export LDFLAGS='-pie' %endif %endif @@ -375,23 +380,70 @@ export LDFLAGS='-pie' make %{?_smp_mflags} +# Generate RPM macros from pkg-config data: +# %%_gimp_datadir -- toplevel directory for brushes, gradients, scripts, ... +# %%_gimp_libdir -- toplevel directory for modules, plug-ins, ... +# %%_gimp_sysconfdir -- system-wide runtime configuration +# %%_gimp_localedir -- toplevel directory for translation files +# %%_gimp_scriptdir -- script-fu scripts directory +# %%_gimp_plugindir -- plug-in directory +gimp_pc_extract_normalize() { + PKG_CONFIG_PATH="$PWD" \ + pkg-config --variable="$1" gimp-%{lib_api_version} | \ + sed \ + -e 's|^%_mandir|%%{_mandir}|' \ + -e 's|^%_infodir|%%{_infodir}|' \ + -e 's|^%_includedir|%%{_includedir}|' \ + -e 's|^%_libdir|%%{_libdir}|' \ + -e 's|^%_localstatedir|%%{_localstatedir}|' \ + -e 's|^%_sharedstatedir|%%{_sharedstatedir}|' \ + -e 's|^%_sysconfdir|%%{_sysconfdir}|' \ + -e 's|^%_datadir|%%{_datadir}|' \ + -e 's|^%_libexecdir|%%{_libexecdir}|' \ + -e 's|^%_sbindir|%%{_sbindir}|' \ + -e 's|^%_bindir|%%{_bindir}|' \ + -e 's|^%_exec_prefix|%%{_exec_prefix}|' \ + -e 's|^%_prefix|%%{_prefix}|' +} + +_gimp_datadir="$(gimp_pc_extract_normalize gimpdatadir)" +_gimp_libdir="$(gimp_pc_extract_normalize gimplibdir)" +_gimp_sysconfdir="$(gimp_pc_extract_normalize gimpsysconfdir)" +_gimp_localedir="$(gimp_pc_extract_normalize gimplocaledir)" +_gimp_scriptdir="${_gimp_datadir}/scripts" +_gimp_plugindir="${_gimp_libdir}/plug-ins" + +cat << EOF > macros.gimp +# RPM macros for GIMP + +%%_gimp_datadir ${_gimp_datadir} +%%_gimp_libdir ${_gimp_libdir} +%%_gimp_sysconfdir ${_gimp_sysconfdir} +%%_gimp_localedir ${_gimp_localedir} +%%_gimp_scriptdir ${_gimp_scriptdir} +%%_gimp_plugindir ${_gimp_plugindir} +EOF + %install rm -rf %{buildroot} - -# makeinstall macro won't work here - libexec is overriden make DESTDIR=%{buildroot} install +install -D -m0644 macros.gimp %{buildroot}%{_rpmconfigdir}/macros.d/macros.gimp -# "make install" doesn't install appdata file as of version 2.8.8 -install -D -m 0644 desktop/gimp.appdata.xml \ - %{buildroot}%{_datadir}/appdata/gimp.appdata.xml +# Update the screenshot shown in the software center +# +# NOTE: It would be *awesome* if this file was pushed upstream. +# +# See http://people.freedesktop.org/~hughsient/appdata/#screenshots for more details. +# +appstream-util replace-screenshots %{buildroot}%{_datadir}/appdata/gimp.appdata.xml \ + https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/gimp/a.png \ + https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/gimp/b.png # remove rpaths find %buildroot -type f -print0 | xargs -0 -L 20 chrpath --delete --keepgoing 2>/dev/null || : -%ifos linux # remove .la files find %buildroot -name \*.la -exec %__rm -f {} \; -%endif # # Plugins and modules change often (grab the executeable ones) @@ -444,7 +496,7 @@ ln -snf gimprc-%{binver}.5 %{buildroot}/%{_mandir}/man5/gimprc.5 # Hardcode python interpreter in shipped python plug-ins. This actually has no # effect because gimp maps hashbangs with and without the /usr/bin/env detour # to the system python interpreter, but this will avoid false alarms. -grep -E -rl '^#!\s*%{_bindir}/env\s+python' --include=\*.py "%buildroot" | +grep -E -rl '^#!\s*%{_bindir}/env\s+python' --include=\*.py "%{buildroot}" | while read file; do sed -r '1s,^#!\s*%{_bindir}/env\s+python,#!%{__python},' -i "$file" done @@ -452,7 +504,7 @@ grep -E -rl '^#!\s*%{_bindir}/env\s+python' --include=\*.py "%buildroot" | %check # skip tests known to be problematic in a specific version -%if "%version" == "%{?skip_checks_version}" +%if "%{version}" == "%{?skip_checks_version}" pushd app/tests for problematic in %{?skip_checks}; do rm -f "$problematic" @@ -594,6 +646,7 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %{_datadir}/aclocal/*.m4 %{_includedir}/gimp-%{lib_api_version} %{_libdir}/pkgconfig/* +%{_rpmconfigdir}/macros.d/macros.gimp %files devel-tools %defattr (-, root, root, 0755) @@ -612,17 +665,63 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %endif %changelog -* Fri Jan 24 2014 Daniel Mach - 2:2.8.10-3 -- Mass rebuild 2014-01-24 +* Thu Jun 30 2016 Nils Philippsen - 2:2.8.16-3 +- fix multiple use-after-free bugs when parsing XCF channel and layer + properties (#1348617) + +* Thu Apr 07 2016 Nils Philippsen - 2:2.8.16-2 +- add back obsoletes necessary for RHEL + +* Sun Nov 22 2015 Nils Philippsen - 2:2.8.16-1 +- version 2.8.16 + +* Fri Jul 17 2015 Nils Philippsen - 2:2.8.14-3 +- export-dialog-destroyed-crash patch: avoid subsequent warnings + +* Thu Jul 16 2015 Nils Philippsen - 2:2.8.14-2 +- fix linking problem +- use %%buildroot macro consistently again + +* Tue Jul 14 2015 Nils Philippsen - 2:2.8.14-2 +- avoid destroying dialog and occasional crashes while exporting (#1215905) + +* Wed Jun 17 2015 Fedora Release Engineering - 2:2.8.14-1.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Mar 30 2015 Richard Hughes - 2:2.8.14-1.1 +- Use better AppData screenshots + +* Tue Aug 26 2014 Nils Philippsen - 2:2.8.14-1 +- version 2.8.14 + +* Sat Aug 16 2014 Fedora Release Engineering - 2:2.8.10-6.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Mon Jun 23 2014 Nils Philippsen +- update source URL + +* Sat Jun 07 2014 Fedora Release Engineering - 2:2.8.10-6.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed May 28 2014 Nils Philippsen - 2:2.8.10-6 +- remove ancient obsoletes (#1002109) + +* Thu Feb 13 2014 Nils Philippsen - 2:2.8.10-5 +- cope with freetype >= 2.5.1 include madness + +* Wed Feb 12 2014 Nils Philippsen - 2:2.8.10-5 +- remove BRs contained in the minimal build environment +- group BRs into libraries and tools +- remove various old cruft +- ship RPM macros for packaging plug-ins e.a. (#1063144) -* Fri Dec 27 2013 Daniel Mach - 2:2.8.10-2 -- Mass rebuild 2013-12-27 +* Wed Dec 04 2013 Nils Philippsen - 2:2.8.10-4 +- avoid buffer overflows in file-xwd plug-in (CVE-2013-1913, CVE-2013-1978) * Fri Nov 29 2013 Nils Philippsen - 2:2.8.10-1 - version 2.8.10 -* Tue Nov 26 2013 Nils Philippsen - 2:2.8.8-4 -- fix overflow in XWD loader (CVE-2013-1913, CVE-2013-1978) +* Tue Nov 26 2013 Nils Philippsen - 2:2.8.10-1 - use grep -E instead of egrep * Fri Nov 08 2013 Nils Philippsen - 2:2.8.8-3