aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2019-10-31 09:49:16 -0300
committerKevin Daudt <kdaudt@alpinelinux.org>2019-10-31 16:42:47 +0000
commit2fd4d3cdac0b6fe47662ae7063ecc0dbb5f1189e (patch)
treeb2028e54df6cb8b1f331125fc8c3a34fba5447a6
parent36f4bd78050ec6ce2ad65444031df6c1f3db5cc9 (diff)
downloadaports-2fd4d3cdac0b6fe47662ae7063ecc0dbb5f1189e.tar.bz2
aports-2fd4d3cdac0b6fe47662ae7063ecc0dbb5f1189e.tar.xz
main/libarchive: fix CVE-2019-18408
ref #10926 Closes !959
-rw-r--r--main/libarchive/APKBUILD11
1 files changed, 8 insertions, 3 deletions
diff --git a/main/libarchive/APKBUILD b/main/libarchive/APKBUILD
index 9b44f9c515..aa98ae4e43 100644
--- a/main/libarchive/APKBUILD
+++ b/main/libarchive/APKBUILD
@@ -2,17 +2,21 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libarchive
pkgver=3.3.3
-pkgrel=0
+pkgrel=1
pkgdesc="library that can create and read several streaming archive formats"
url="https://libarchive.org/"
arch="all"
license="BSD-2-Clause BSD-3-Clause Apache-2.0"
makedepends="acl-dev bzip2-dev expat-dev lz4-dev openssl-dev xz-dev zlib-dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-tools"
-source="https://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz"
+source="https://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz
+ CVE-2019-18408.patch::https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60.patch
+ "
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 3.3.3-r1:
+# - CVE-2019-18408
# 3.3.2-r1:
# - CVE-2017-14166
@@ -38,4 +42,5 @@ tools() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-sha512sums="9d12b47d6976efa9f98e62c25d8b85fd745d4e9ca7b7e6d36bfe095dfe5c4db017d4e785d110f3758f5938dad6f1a1b009267fd7e82cb7212e93e1aea237bab7 libarchive-3.3.3.tar.gz"
+sha512sums="9d12b47d6976efa9f98e62c25d8b85fd745d4e9ca7b7e6d36bfe095dfe5c4db017d4e785d110f3758f5938dad6f1a1b009267fd7e82cb7212e93e1aea237bab7 libarchive-3.3.3.tar.gz
+4807e01dffb83ff4ef430c66339157e9f7a61db4fc5cec2812c3ee5ad130b4fc2d3c1cbeea87930c76cd8ec3e66272e20622a48edf0c66215b626c4e0db99cab CVE-2019-18408.patch"