diff options
author | Leo <thinkabit.ukim@gmail.com> | 2020-06-22 08:10:57 -0300 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2020-06-22 08:14:52 -0300 |
commit | a85da862ac46070bb8ddbff5fb4d4a89953d7551 (patch) | |
tree | 33ff5de915aad06bc4034aee09efc6145c95b59b | |
parent | 5e60bc7b315d1c806baa72e3ca1bd46b273ab664 (diff) |
main/libjpeg-turbo: fix CVE-2020-13790
See #11676
-rw-r--r-- | main/libjpeg-turbo/APKBUILD | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/main/libjpeg-turbo/APKBUILD b/main/libjpeg-turbo/APKBUILD index b30d822996b..61efb29ef9b 100644 --- a/main/libjpeg-turbo/APKBUILD +++ b/main/libjpeg-turbo/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libjpeg-turbo pkgver=2.0.4 -pkgrel=0 +pkgrel=1 pkgdesc="Accelerated baseline JPEG compression and decompression library" url="https://libjpeg-turbo.org/" arch="all" @@ -11,9 +11,13 @@ depends="" makedepends="cmake nasm" replaces="libjpeg" subpackages="$pkgname-doc $pkgname-dev $pkgname-utils" -source="https://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz" +source="https://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz + CVE-2020-13790.patch::https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a.patch + " # secfixes: +# 2.0.4-r1: +# - CVE-2020-13790 # 2.0.4-r0: # - CVE-2019-2201 # 2.0.2-r0: @@ -71,4 +75,5 @@ dev() { replaces="jpeg-dev" } -sha512sums="708c2e7418d9ed5abca313e2ff5a08f8176d79cad2127573cda6036583c201973db4cfb0eafc0fc8f57ecc7b000d2b4af95980de54de5a0aed45969e993a5bf9 libjpeg-turbo-2.0.4.tar.gz" +sha512sums="708c2e7418d9ed5abca313e2ff5a08f8176d79cad2127573cda6036583c201973db4cfb0eafc0fc8f57ecc7b000d2b4af95980de54de5a0aed45969e993a5bf9 libjpeg-turbo-2.0.4.tar.gz +d1d1eb7e6af3bc3cf32199dae220be43f8403788dc0b88fc1f5cdd5d179ac90dc7ede1d7cdc6bdf28a865237d3c2c62bc7e2ac333967d96725f3385dbef89238 CVE-2020-13790.patch" |