aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorpsykose <alice@ayaya.dev>2022-11-05 02:16:19 +0000
committerpsykose <alice@ayaya.dev>2022-11-05 03:16:47 +0100
commit1e8f1342eb563f3b9e7c950e5f5c9e6ebcce62bb (patch)
treeb0bb87e5ad11eafbea4673e9ed01847910678548
parentf08796919fe1e35036a7b6dc84f6d388b040ec72 (diff)
main/pixman: fix CVE-2022-44638
-rw-r--r--main/pixman/APKBUILD15
1 files changed, 12 insertions, 3 deletions
diff --git a/main/pixman/APKBUILD b/main/pixman/APKBUILD
index 74507f860bd..52917cad840 100644
--- a/main/pixman/APKBUILD
+++ b/main/pixman/APKBUILD
@@ -1,16 +1,22 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=pixman
pkgver=0.40.0
-pkgrel=2
+pkgrel=3
pkgdesc="Low-level pixel manipulation library"
url="https://gitlab.freedesktop.org/pixman"
arch="all"
license="MIT"
makedepends="meson libpng-dev linux-headers"
subpackages="$pkgname-static $pkgname-dev $pkgname-dbg"
-source="https://gitlab.freedesktop.org/pixman/pixman/-/archive/pixman-$pkgver/pixman-pixman-$pkgver.tar.gz"
+source="https://gitlab.freedesktop.org/pixman/pixman/-/archive/pixman-$pkgver/pixman-pixman-$pkgver.tar.gz
+ $pkgname-CVE-2022-44638.patch::https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395.patch
+ "
builddir="$srcdir/pixman-pixman-$pkgver"
+# secfixes:
+# 0.40.0-r3:
+# - CVE-2022-44638
+#
case "$CARCH" in
# broken test (likely due to endianness assumptions)
s390x) options="!check" ;;
@@ -32,4 +38,7 @@ package() {
DESTDIR="$pkgdir" meson install --no-rebuild -C output
}
-sha512sums="18774e22add5c5442edede5467fa07234c2b9e57a79d88110f25424e4253c6ab0c2921e951c5686cefebf4724ff19ad053d0c28f4d2f8d642bbcf6fc71764ef6 pixman-pixman-0.40.0.tar.gz"
+sha512sums="
+18774e22add5c5442edede5467fa07234c2b9e57a79d88110f25424e4253c6ab0c2921e951c5686cefebf4724ff19ad053d0c28f4d2f8d642bbcf6fc71764ef6 pixman-pixman-0.40.0.tar.gz
+141ad0a4b77d3ea28faab3b73dcb71ca48c3d9431b128a072c7bf934a5096c73a01209847639bf8b08a2b21243bf79147dc32774586b09641c2d8750ed7eeea2 pixman-CVE-2022-44638.patch
+"