aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Jirutka <jakub@jirutka.cz>2022-05-26 02:57:08 +0200
committerJakub Jirutka <jakub@jirutka.cz>2022-05-26 03:04:02 +0200
commit25a14db371c0318417271961898c152bc0b2687a (patch)
treeb685c4638d5cd804ad479a526e6884347e49fdb2
parente510da3bf8f6708474cde548b2e5a131ab59d92c (diff)
downloadaports-25a14db371c0318417271961898c152bc0b2687a.tar.gz
aports-25a14db371c0318417271961898c152bc0b2687a.tar.bz2
aports-25a14db371c0318417271961898c152bc0b2687a.tar.xz
main/libde265: backport CVE patches from upstream
Note: Fix for CVE-2021-36409 does not apply. https://github.com/strukturag/libde265/issues/300
-rw-r--r--main/libde265/APKBUILD19
1 files changed, 18 insertions, 1 deletions
diff --git a/main/libde265/APKBUILD b/main/libde265/APKBUILD
index 6d1bdc955f..707d2f925e 100644
--- a/main/libde265/APKBUILD
+++ b/main/libde265/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=libde265
pkgver=1.0.8
-pkgrel=1
+pkgrel=2
pkgdesc="Open h.265 video codec implementation"
url="https://github.com/strukturag/libde265"
arch="all"
@@ -11,9 +11,21 @@ makedepends="autoconf automake libtool"
options="!check" # no tests provided
subpackages="$pkgname-dev $pkgname-examples"
source="https://github.com/strukturag/libde265/releases/download/v$pkgver/libde265-$pkgver.tar.gz
+ $pkgname-CVE-2022-1253.patch::https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8.patch
+ $pkgname-CVE-2021-36408.patch::https://github.com/strukturag/libde265/commit/f538254e4658ef5ea4e233c2185dcbfd165e8911.patch
+ $pkgname-CVE-2021-36410.patch::https://github.com/strukturag/libde265/commit/697aa4f7c774abd6374596e6707a6f4f54265355.patch
+ $pkgname-CVE-2021-35452.patch::https://github.com/strukturag/libde265/commit/e83f3798dd904aa579425c53020c67e03735138d.patch
+ $pkgname-CVE-2021-36411.patch::https://github.com/strukturag/libde265/commit/45904e5667c5bf59c67fcdc586dfba110832894c.patch
export-only-decoder-api.patch
disable_tools.patch
"
+# secfixes:
+# 1.0.8-r2:
+# - CVE-2021-35452
+# - CVE-2021-36408
+# - CVE-2021-36410
+# - CVE-2021-36411
+# - CVE-2022-1253
prepare() {
default_prepare
@@ -50,6 +62,11 @@ examples() {
sha512sums="
bcb33493cbc337d29047c6765189aaba523b20c138aa4fd5c264b3c6aea64cd174cbe14ca2d88c76319e0a8bd5d2e6269f300f056876d2962217eea7934172da libde265-1.0.8.tar.gz
+6ffdc33cd2910032b8de37388f2c724a4cfd23a1c6553d110b63be0ab07cfc7e4383cda53946b65c36fc1ed88604079c88fb93a186231c673c6ca778a744d56e libde265-CVE-2022-1253.patch
+b98274b37d5e9f0ac94bab79e9e2c56bd977f0905b7a246bd5e5c000e32046f7a80a43270aa77ca94bb81fda302582d2373e16cc9cce873eadd85336d44f9f20 libde265-CVE-2021-36408.patch
+bdc381b489f55a82c70795e0a32167383057baee3443089d5dfbb454500f2adc9f1c285ba7354026313f30fc84fd9de062cc1338c8d9beb452276201fa1858c1 libde265-CVE-2021-36410.patch
+41c1821169e6267c4b77ddcb3bf90d3f5018327abd32e4aa63786b919de647167c6994bfa65a46c7c1504222fc9e97011684807aea29c6182bf6f7069dd1bd59 libde265-CVE-2021-35452.patch
+5173a0cba2d1c8155cfa82596b344e426bcd815e5675499223d05b93f9afa7025192b10a709ab6f142ff9afe2991aa46597a09c538950e46e53e5d821173196a libde265-CVE-2021-36411.patch
f7bd3799f4e4440e7efb98671eca425a5926dd526f8b1147cee2e49b1995853f67b63287c12739ef8ea680713af903517820f83f7f88eac6459f37bae01b4d50 export-only-decoder-api.patch
1f12bf8c7f52932ab8a205996b4439afb75baf9bd6aab13126791f281784f5c7f1b3e20f9c20cfb0ab889b8643da5737a51d5571b54a3a8733ff5da835564eca disable_tools.patch
"