aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2019-12-30 13:51:17 +0100
committerLeo <thinkabit.ukim@gmail.com>2019-12-30 13:58:42 +0100
commit661c78a105528241d881fb5ede26fd8b7cbc87f3 (patch)
treec53de38fd7ce6fe2e5ac3ca5aab803a3ef2bff24
parentd0cf104cce12123f61ed8801c96e861995aafee9 (diff)
downloadaports-661c78a105528241d881fb5ede26fd8b7cbc87f3.tar.gz
aports-661c78a105528241d881fb5ede26fd8b7cbc87f3.tar.bz2
aports-661c78a105528241d881fb5ede26fd8b7cbc87f3.tar.xz
community/dia: fix CVE-2019-19451.patch
see #11093
-rw-r--r--community/dia/APKBUILD15
-rw-r--r--community/dia/CVE-2019-19451.patch12
2 files changed, 21 insertions, 6 deletions
diff --git a/community/dia/APKBUILD b/community/dia/APKBUILD
index 2b0fff5b2e..ec427b36a2 100644
--- a/community/dia/APKBUILD
+++ b/community/dia/APKBUILD
@@ -1,21 +1,24 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=dia
pkgver=0.97.3
-pkgrel=0
+pkgrel=1
pkgdesc="a GTK+ based diagram creation program"
url="http://live.gnome.org/Dia"
arch="all"
-license="GPL-2.0"
+license="GPL-2.0-or-later"
makedepends="gtk+2.0-dev libxml2-dev"
subpackages="$pkgname-doc $pkgname-lang"
source="https://download.gnome.org/sources/dia/${pkgver%.*}/dia-$pkgver.tar.xz
isinf.patch
dia-unregister-import.patch
+ CVE-2019-19451.patch
"
-builddir="$srcdir"/dia-$pkgver
+# secfixes:
+# 0.97.3-r1:
+# - CVE-2019-19451.patch
+
build() {
- cd "$builddir"
./configure --prefix=/usr \
--sysconfdir=/etc \
--mandir=/usr/share/man \
@@ -25,10 +28,10 @@ build() {
}
package() {
- cd "$builddir"
make DESTDIR="$pkgdir" install
}
sha512sums="34298980be930b87cb4a636344e4cb2a7e43eedc00b0969a5e446cee9b74b616fdc8c798efcb9a5832b98741f2e20632a44037b2bcb436f59591d531ef441efa dia-0.97.3.tar.xz
cfa8fd8fecc7f0e3da185b512c169b156363a73c151547725f964e1cf7b1a305e44c493d0490c680c5f25859acee74fe4ef942ae9ee634b370bd9b9952186c5a isinf.patch
-24267507ff08ac589ec1015e55637586a9fd97802893a77849d1e7bce67135fbd3d55611e2c80be1d5f87b92406c95cd5fe484175037297ebe1dbc8eb509a7d4 dia-unregister-import.patch"
+24267507ff08ac589ec1015e55637586a9fd97802893a77849d1e7bce67135fbd3d55611e2c80be1d5f87b92406c95cd5fe484175037297ebe1dbc8eb509a7d4 dia-unregister-import.patch
+c78b78bd4ce7bfab9babfc887fb98571849246d1ca78e6c69a4413c7881d30358e1287bd9b0d9ba50cbcc540cf5f0e28333b31f467dbe5579ad5c97148b3b512 CVE-2019-19451.patch"
diff --git a/community/dia/CVE-2019-19451.patch b/community/dia/CVE-2019-19451.patch
new file mode 100644
index 0000000000..fdc8386fba
--- /dev/null
+++ b/community/dia/CVE-2019-19451.patch
@@ -0,0 +1,12 @@
+diff --git a/app/app_procs.c b/app/app_procs.c
+index d0f2d3d..423fe2f 100644
+--- a/app/app_procs.c
++++ b/app/app_procs.c
+@@ -801,6 +801,7 @@ app_init (int argc, char **argv)
+
+ if (!filename) {
+ g_print (_("Filename conversion failed: %s\n"), filenames[i]);
++ ++i;
+ continue;
+ }
+