user/libcroco: pull in, sec bump, update, fix [CVE-2017-7960]

1 files changed, 42 insertions, 0 deletions

diff --git a/user/libcroco/APKBUILD b/user/libcroco/APKBUILD
new file mode 100644
index 000000000..5365445f7
--- /dev/null
+++ b/user/libcroco/APKBUILD
@@ -0,0 +1,42 @@
+# Maintainer: 
+pkgname=libcroco
+pkgver=0.6.12
+pkgrel=2
+pkgdesc="GNOME CSS 2 parsing and manipulation toolkit"
+url="https://gitlab.gnome.org/GNOME/libcroco"
+arch="all"
+options="!check"  # Can only test already-installed library
+license="LGPL-2.1-only"
+subpackages="$pkgname-dev"
+depends=
+makedepends="glib-dev libxml2-dev"
+checkdepends="cmd:which"
+source="https://download.gnome.org/sources/$pkgname/0.6/$pkgname-$pkgver.tar.xz
+	CVE-2017-7960.patch"
+
+# secfixes:
+#   0.6.12-r2:
+#     - CVE-2017-7960
+
+build() {
+	cd "$builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--disable-static
+	make
+}
+
+check() {
+	cd "$builddir"
+	make test
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+}
+
+sha512sums="af9a171d5ccded255b57f170576e67155f12fa0f61ab3e379e907975f77afc37e82e22772c6019b2897cffc15b2425faf3ccfda92b1a45b23eda2519debabeb6  libcroco-0.6.12.tar.xz
+da26b95808d7f06c15afed306fac2a80012413bf96ad2cd249c7420a6f41a02d76abeb80b94705f24414f1986084aa4d864fd82038274f664fa91b31fbcabd30  CVE-2017-7960.patch"