aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2020-03-11 09:51:50 -0300
committerLeo <thinkabit.ukim@gmail.com>2020-03-11 11:30:25 -0300
commite5273f8295397832bf69ffe39f1004a73f5e0436 (patch)
tree1d5be8cc4c35e1f2cec9e1bedd9a09c9f347d45b
parent164563e65437c39f51dcb551e3e88c69aecc7ca1 (diff)
downloadaports-e5273f8295397832bf69ffe39f1004a73f5e0436.tar.gz
aports-e5273f8295397832bf69ffe39f1004a73f5e0436.tar.bz2
aports-e5273f8295397832bf69ffe39f1004a73f5e0436.tar.xz
main/libarchive: fix CVE-2020-19221 and CVE-2020-9308
-rw-r--r--main/libarchive/APKBUILD8
1 files changed, 6 insertions, 2 deletions
diff --git a/main/libarchive/APKBUILD b/main/libarchive/APKBUILD
index 6087277977..14b0ad1dd5 100644
--- a/main/libarchive/APKBUILD
+++ b/main/libarchive/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libarchive
pkgver=3.3.3
-pkgrel=1
+pkgrel=2
pkgdesc="library that can create and read several streaming archive formats"
url="http://libarchive.org/"
arch="all"
@@ -11,10 +11,13 @@ makedepends="zlib-dev bzip2-dev xz-dev lz4-dev acl-dev openssl-dev expat-dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-tools"
source="http://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz
CVE-2019-18408.patch::https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60.patch
+ CVE-2020-19221.patch::https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 3.3.3-r2:
+# - CVE-2020-19221
# 3.3.3-r1:
# - CVE-2019-18408
# 3.3.3-r0:
@@ -47,4 +50,5 @@ tools() {
}
sha512sums="9d12b47d6976efa9f98e62c25d8b85fd745d4e9ca7b7e6d36bfe095dfe5c4db017d4e785d110f3758f5938dad6f1a1b009267fd7e82cb7212e93e1aea237bab7 libarchive-3.3.3.tar.gz
-4807e01dffb83ff4ef430c66339157e9f7a61db4fc5cec2812c3ee5ad130b4fc2d3c1cbeea87930c76cd8ec3e66272e20622a48edf0c66215b626c4e0db99cab CVE-2019-18408.patch"
+4807e01dffb83ff4ef430c66339157e9f7a61db4fc5cec2812c3ee5ad130b4fc2d3c1cbeea87930c76cd8ec3e66272e20622a48edf0c66215b626c4e0db99cab CVE-2019-18408.patch
+5ffd3838b3ddbbae5613bf2a75583dd513942b804cd8fed11d24d38adc9c81d7fa739b94cc2d9d0621a93909f4b7b4ec2632cdd8e3e66c1ffd89440e5e3168de CVE-2020-19221.patch"