aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2020-06-22 08:10:57 -0300
committerLeo <thinkabit.ukim@gmail.com>2020-06-22 08:14:52 -0300
commita85da862ac46070bb8ddbff5fb4d4a89953d7551 (patch)
tree33ff5de915aad06bc4034aee09efc6145c95b59b
parent5e60bc7b315d1c806baa72e3ca1bd46b273ab664 (diff)
downloadaports-a85da862ac46070bb8ddbff5fb4d4a89953d7551.tar.gz
aports-a85da862ac46070bb8ddbff5fb4d4a89953d7551.tar.bz2
aports-a85da862ac46070bb8ddbff5fb4d4a89953d7551.tar.xz
main/libjpeg-turbo: fix CVE-2020-13790
See #11676
-rw-r--r--main/libjpeg-turbo/APKBUILD11
1 files changed, 8 insertions, 3 deletions
diff --git a/main/libjpeg-turbo/APKBUILD b/main/libjpeg-turbo/APKBUILD
index b30d822996..61efb29ef9 100644
--- a/main/libjpeg-turbo/APKBUILD
+++ b/main/libjpeg-turbo/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libjpeg-turbo
pkgver=2.0.4
-pkgrel=0
+pkgrel=1
pkgdesc="Accelerated baseline JPEG compression and decompression library"
url="https://libjpeg-turbo.org/"
arch="all"
@@ -11,9 +11,13 @@ depends=""
makedepends="cmake nasm"
replaces="libjpeg"
subpackages="$pkgname-doc $pkgname-dev $pkgname-utils"
-source="https://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz"
+source="https://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz
+ CVE-2020-13790.patch::https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a.patch
+ "
# secfixes:
+# 2.0.4-r1:
+# - CVE-2020-13790
# 2.0.4-r0:
# - CVE-2019-2201
# 2.0.2-r0:
@@ -71,4 +75,5 @@ dev() {
replaces="jpeg-dev"
}
-sha512sums="708c2e7418d9ed5abca313e2ff5a08f8176d79cad2127573cda6036583c201973db4cfb0eafc0fc8f57ecc7b000d2b4af95980de54de5a0aed45969e993a5bf9 libjpeg-turbo-2.0.4.tar.gz"
+sha512sums="708c2e7418d9ed5abca313e2ff5a08f8176d79cad2127573cda6036583c201973db4cfb0eafc0fc8f57ecc7b000d2b4af95980de54de5a0aed45969e993a5bf9 libjpeg-turbo-2.0.4.tar.gz
+d1d1eb7e6af3bc3cf32199dae220be43f8403788dc0b88fc1f5cdd5d179ac90dc7ede1d7cdc6bdf28a865237d3c2c62bc7e2ac333967d96725f3385dbef89238 CVE-2020-13790.patch"