summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMax Rees <maxcrees@me.com>2020-06-10 14:54:20 -0500
committerMax Rees <maxcrees@me.com>2020-06-12 16:57:49 -0500
commite06ce962717e9524f5bb68880bca3ecfe3c47647 (patch)
tree98ff51688f705ffbb0d4d5331291180887ff9993
parentacd0f32c20a3f312ae45c4431200a3734a2269b8 (diff)
downloadpackages-e06ce962717e9524f5bb68880bca3ecfe3c47647.tar.gz
packages-e06ce962717e9524f5bb68880bca3ecfe3c47647.tar.bz2
packages-e06ce962717e9524f5bb68880bca3ecfe3c47647.tar.xz
packages-e06ce962717e9524f5bb68880bca3ecfe3c47647.zip
user/nghttp2: [CVE] bump to 1.41.0 (#299), disable no-op check()
-rw-r--r--user/nghttp2/APKBUILD9
1 files changed, 7 insertions, 2 deletions
diff --git a/user/nghttp2/APKBUILD b/user/nghttp2/APKBUILD
index 41dd0bc58..063bc9b0f 100644
--- a/user/nghttp2/APKBUILD
+++ b/user/nghttp2/APKBUILD
@@ -1,17 +1,22 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer:
pkgname=nghttp2
-pkgver=1.40.0
+pkgver=1.41.0
pkgrel=0
pkgdesc="Experimental HTTP/2 client, server and proxy"
url="https://nghttp2.org/"
arch="all"
+options="!check" # Requires cunit, which we don't currently ship
license="MIT"
depends=""
makedepends="c-ares-dev libev-dev libxml2-dev openssl-dev zlib-dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
source="https://github.com/tatsuhiro-t/$pkgname/releases/download/v$pkgver/nghttp2-$pkgver.tar.xz"
+# secfixes:
+# 1.41.0-r0:
+# - CVE-2020-11080
+
build() {
./configure \
--build=$CBUILD \
@@ -37,4 +42,4 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="3f9b989c4bd9571b11bb9d59fe2dfd5596ba3962babfc836587d5047e780400a6cf46e43c602caa25ca83c03b84a1629953140d45223099b193df54a719745ce nghttp2-1.40.0.tar.xz"
+sha512sums="c92e8022ccc876fa311f21bc5bf5af75feff8232efb56a4b2ab198031e974d15b67c16c046188cc76552f75a1b2e7115925d6ce1e42d6f94ae482fe69727466d nghttp2-1.41.0.tar.xz"