main/gmp: patch CVE-2021-43618

author: Andrew Harris <aharris1@godaddy.com> 2022-01-27 15:37:40 +1100
committer: Natanael Copa <ncopa@alpinelinux.org> 2022-03-08 10:18:00 +0100
commit: 0991be33dbdf42dafb1dd87566a573f3cf6bcf67 (patch)
tree: 2c7a724b01c1582b4832fb4e8c76faca4daf288c
parent: de04413a553496369936435d0a140d48350274ac (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/main/gmp/APKBUILD b/main/gmp/APKBUILD
index c5e80d754db..691d934d618 100644
--- a/main/gmp/APKBUILD
+++ b/main/gmp/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=gmp
 pkgver=6.2.1
-pkgrel=0
+pkgrel=1
 pkgdesc="free library for arbitrary precision arithmetic"
 url="https://gmplib.org/"
 arch="all"
@@ -9,9 +9,14 @@ license="LGPL-3.0-or-later OR GPL-2.0-or-later"
 makedepends="m4 texinfo libtool"
 subpackages="$pkgname-doc $pkgname-dev libgmpxx"
 source="https://gmplib.org/download/gmp/gmp-$pkgver.tar.xz
+	CVE-2021-43618.patch::https://gmplib.org/repo/gmp-6.2/raw-rev/561a9c25298e
 	"
 replaces="gmp5"
 
+# secfixes:
+#   6.2.1-r1:
+#     - CVE-2021-43618
+
 prepare() {
 	default_prepare
 	# force update to libtool with fixed cross-build support
@@ -51,4 +56,5 @@ doc() {
 	replaces="gmp5-doc"
 }
 
-sha512sums="c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84  gmp-6.2.1.tar.xz"
+sha512sums="c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84  gmp-6.2.1.tar.xz
+3956190d9c266feb62f8965c3cd32d0a9260f76ffb0d3e32211974bb53ddd5c6eaa657f7e00ba8fa7c914c0e1375155d25de6a81cdb9b03d6a5bbc16ac121447  CVE-2021-43618.patch"
author	Andrew Harris <aharris1@godaddy.com>	2022-01-27 15:37:40 +1100
committer	Natanael Copa <ncopa@alpinelinux.org>	2022-03-08 10:18:00 +0100
commit	0991be33dbdf42dafb1dd87566a573f3cf6bcf67 (patch)
tree	2c7a724b01c1582b4832fb4e8c76faca4daf288c
parent	de04413a553496369936435d0a140d48350274ac (diff)