aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAriadne Conill <ariadne@ariadne.space>2024-03-29 11:07:13 -0700
committerAriadne Conill <ariadne@ariadne.space>2024-03-29 11:10:02 -0700
commit982d2c6bcbbb579e85bb27c40be84072ca0b1fd9 (patch)
treecedc0f54193ade3cab880b799dda46e44f9aab44
parent8d898e3a9a0aadc4c616d1eebf3251fe1a028a02 (diff)
main/xz: switch to github tags instead of official tarballs (CVE-2024-3094)
Also regenerate autoconf scripts ourselves, since the git repository does not contain them.
-rw-r--r--main/xz/APKBUILD14
1 files changed, 11 insertions, 3 deletions
diff --git a/main/xz/APKBUILD b/main/xz/APKBUILD
index afebd1d45f8..35e236d7437 100644
--- a/main/xz/APKBUILD
+++ b/main/xz/APKBUILD
@@ -2,18 +2,26 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=xz
pkgver=5.6.1
-pkgrel=1
+pkgrel=2
pkgdesc="Library and CLI tools for XZ and LZMA compressed files"
url="https://xz.tukaani.org/xz-utils/"
arch="all"
license="GPL-2.0-or-later AND 0BSD AND Public-Domain AND LGPL-2.1-or-later"
+makedepends="autoconf automake libtool po4a gettext-dev"
depends_dev="$pkgname=$pkgver-r$pkgrel"
subpackages="$pkgname-static $pkgname-dev $pkgname-doc $pkgname-libs"
-source="https://github.com/tukaani-project/xz/releases/download/v$pkgver/xz-$pkgver.tar.xz"
+source="https://github.com/tukaani-project/xz/archive/refs/tags/v$pkgver/xz-$pkgver.tar.gz"
# secfixes:
# 5.2.5-r1:
# - CVE-2022-1271
+# 5.6.1-r2:
+# - CVE-2024-3094
+
+prepare() {
+ default_prepare
+ autoreconf -fi
+}
build() {
# compression utility
@@ -49,5 +57,5 @@ package() {
}
sha512sums="
-a8b6d2e58eb61609a64b182e868c47aaf722d34f87bad3a9598c94ad96fb3357477959a95bb215c1dac59b8c84453cf00dc23669d13358f4aeb5123526f741f2 xz-5.6.1.tar.xz
+6391794eee783302a3f276299fc92df3e81a05dee0eab61cbb8505858da6d535ae2ac5d067f6825d6963b1e4c3d9616039f495f11f99ecec692ccd79ec17ba8d xz-5.6.1.tar.gz
"