aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAriadne Conill <ariadne@dereferenced.org>2021-04-28 06:18:14 -0600
committerAriadne Conill <ariadne@dereferenced.org>2021-04-28 06:18:14 -0600
commitacf4cb0fe6c93529afdccd8d844d571e1490bcab (patch)
treeb1140ddecd35aa6e283ab4642670d43ee2d6d755
parent06fceb982c3bb827f1920b7e8b44666e71405524 (diff)
downloadaports-acf4cb0fe6c93529afdccd8d844d571e1490bcab.tar.gz
aports-acf4cb0fe6c93529afdccd8d844d571e1490bcab.tar.bz2
aports-acf4cb0fe6c93529afdccd8d844d571e1490bcab.tar.xz
community/ytnef: add mitigations for CVE-2021-3403 and CVE-2021-3404
-rw-r--r--community/ytnef/APKBUILD13
1 files changed, 11 insertions, 2 deletions
diff --git a/community/ytnef/APKBUILD b/community/ytnef/APKBUILD
index d003c4f04d..692da45155 100644
--- a/community/ytnef/APKBUILD
+++ b/community/ytnef/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ytnef
pkgver=1.9.3
-pkgrel=0
+pkgrel=1
pkgdesc="TNEF Stream Reader - for winmail.dat files"
url="https://github.com/Yeraze/ytnef"
arch="all"
@@ -12,9 +12,16 @@ install=""
subpackages="$pkgname-dev $pkgname-libs"
source="$pkgname-$pkgver.tar.gz::https://github.com/Yeraze/ytnef/archive/v$pkgver.tar.gz
ytnef-pkgconfig.patch
+ CVE-2021-3403.patch::https://patch-diff.githubusercontent.com/raw/Yeraze/ytnef/pull/87.patch
+ CVE-2021-3404.patch::https://patch-diff.githubusercontent.com/raw/Yeraze/ytnef/pull/88.patch
"
builddir="$srcdir"/ytnef-$pkgver
+# secfixes
+# 1.9.3-r1:
+# - CVE-2021-3403
+# - CVE-2021-3404
+
prepare() {
default_prepare
autoreconf -vif
@@ -41,4 +48,6 @@ package() {
}
sha512sums="be0a46e79561a5ff34f812b892a781809606cc7e38c6bfed15bae7773f952b4b55aed0fa784922e72839121672c540496db1bac602630c5a83141f8517a4a543 ytnef-1.9.3.tar.gz
-bf829bd56fff81f30ad32da4714677224b537cf38fb084afe73fd2d5723f73741e0423149832d9f61c0e368781040fd29e66f22c1c6c099d6d300f0649d6ba47 ytnef-pkgconfig.patch"
+bf829bd56fff81f30ad32da4714677224b537cf38fb084afe73fd2d5723f73741e0423149832d9f61c0e368781040fd29e66f22c1c6c099d6d300f0649d6ba47 ytnef-pkgconfig.patch
+b0365975fa02b6cb33a3c29b467a1ff9f004b8ef08b7badbbe5e5c0b3aea17c5982d30685d4b5e2a5acb0ad9ca870582857a17926257718f25ece3bd1fe1e2f1 CVE-2021-3403.patch
+15c6731e7a508d1c69871847dcf5e0556e17a89f452cf5db2097b6b5cbe0c6a99b5c1721806eeeddfc2e91fac80e63165b836dd6956b11c45591a3cb281ba60a CVE-2021-3404.patch"