------------------------------------------------------------------- Sun Mar 3 03:15:13 UTC 2024 - Stefan Dirsch - Update to version 1.2.2 * gitlab CI: stop requiring Signed-off-by in commits * configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL * If O_CLOEXEC is defined, add "e" to fopen modes * Add comment about keeping libxcb-cursor copy of code in sync * XcursorXcFileLoad: plug memory leak in error paths * Remove superfluous and unguarded config.h include ------------------------------------------------------------------- Sun Apr 3 17:08:50 UTC 2022 - Stefan Dirsch - Update to version 1.2.1 * This release provides bug fixes, code cleanups, and some significant documentation improvements. ------------------------------------------------------------------- Mon Mar 11 13:56:20 UTC 2019 - Stefan Dirsch - Update to version 1.2.0 * This release adds ~/.local/share/icons to the front of the default cursor path in the library in support of the XDG user data dir. This default can still be overridden at at run time using the XCURSOR_PATH environment variable. ------------------------------------------------------------------- Thu Dec 7 17:26:32 UTC 2017 - tobias.johannes.klausmann@mni.thm.de - Update to version 1.1.15: * configure: Drop AM_MAINTAINER_MODE * autogen.sh: Honor NOCONFIGURE=1 * Use strdup() instead of malloc(strlen())+strcpy() * Fix some clang integer sign/size mismatch warnings * autogen.sh: use quoted string variables * autogen: add default patch prefix * autogen.sh: use exec instead of waiting for configure to finish * Fix heap overflows when parsing malicious files. (CVE-2017-16612) * Insufficient memory for terminating null of string in _XcursorThemeInherits - Drop U_Avoid-heap-overflows-due-to-integer-overflow-signedn.patch ------------------------------------------------------------------- Tue Nov 28 19:08:11 UTC 2017 - sndirsch@suse.com - U_Avoid-heap-overflows-due-to-integer-overflow-signedn.patch * It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments. [CVE-2017-16612] (bsc#1065386) ------------------------------------------------------------------- Mon Apr 28 00:57:07 UTC 2014 - sndirsch@suse.com - added missing pkgconfig(xextproto) ------------------------------------------------------------------- Sat Jun 1 19:37:40 UTC 2013 - tobias.johannes.klausmann@mni.thm.de - Update to version 1.1.14: This release delivers the fix for security vulnerability CVE-2013-2003 and makes the Makefile.am more compatible with future automake releases. ------------------------------------------------------------------- Sun Feb 17 17:21:53 UTC 2013 - jengelh@inai.de - Use more robust make install call - Avoid calling fdupes outside of /usr ------------------------------------------------------------------- Thu Apr 12 06:24:09 UTC 2012 - vuntz@opensuse.org - Update to version 1.1.13: + Make the version number reported in Xcursor.h match the one reported in xcursor.pc + Fix issues found by Parfait bug checking tool + Build system improvements - Changes from version 1.1.12: + Fix leaks + Fix compiler warnings and issues found by clang + Build system improvements ------------------------------------------------------------------- Sat Feb 11 21:44:44 UTC 2012 - jengelh@medozas.de - Provide package descriptions and update homepage URL ------------------------------------------------------------------- Tue Feb 7 22:17:49 UTC 2012 - jengelh@medozas.de - Split xorg-x11-libs into separate packages