Merge branch 'cves.2019.08.29' into 'master'

Misc. security updates

See merge request adelie/packages!336

1 files changed, 7 insertions, 3 deletions

diff --git a/system/expat/APKBUILD b/system/expat/APKBUILD
index 088d9d9b1..4a6f547e3 100644
--- a/system/expat/APKBUILD
+++ b/system/expat/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=expat
 pkgver=2.2.7
-pkgrel=0
+pkgrel=1
 pkgdesc="An XML Parser library written in C"
 url="https://libexpat.github.io/"
 arch="all"
@@ -10,13 +10,16 @@ depends=""
 checkdepends="bash"
 makedepends=""
 subpackages="$pkgname-dev $pkgname-doc"
-source="https://downloads.sourceforge.net/project/expat/expat/$pkgver/expat-$pkgver.tar.bz2"
+source="https://downloads.sourceforge.net/project/expat/expat/$pkgver/expat-$pkgver.tar.bz2
+	CVE-2019-15903.patch"
 
 # secfixes:
 #   2.2.1-r0:
 #     - CVE-2016-9063
 #   2.2.0-r1:
 #     - CVE-2017-9233
+#   2.2.7-r1:
+#     - CVE-2019-15903
 
 build() {
 	./configure \
@@ -35,4 +38,5 @@ package() {
 	make DESTDIR="$pkgdir/" install
 }
 
-sha512sums="a078692317b44f14a9acdca4ddc04adac6a48d22ab321bba3e9e32c92131752aa397915d7121c4a95dc1b603d6a6128f7dce3741093d4322944787e0b49b4c00  expat-2.2.7.tar.bz2"
+sha512sums="a078692317b44f14a9acdca4ddc04adac6a48d22ab321bba3e9e32c92131752aa397915d7121c4a95dc1b603d6a6128f7dce3741093d4322944787e0b49b4c00  expat-2.2.7.tar.bz2
+02d1719307dffdab98e90f242a77aa61cab79ae63ea28d6fa1219b4191d7247e5c319d3adf9781c9086e392c05fd6b6558051b0792ade5cb6c64e7583c67a70d  CVE-2019-15903.patch"