user/libexif: patch for CVE-2017-7544 and CVE-2018-20030 (#143)

1 files changed, 13 insertions, 7 deletions

diff --git a/user/libexif/APKBUILD b/user/libexif/APKBUILD
index cfe2dd75f..71c9f7d06 100644
--- a/user/libexif/APKBUILD
+++ b/user/libexif/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: 
 pkgname=libexif
 pkgver=0.6.21
-pkgrel=2
+pkgrel=3
 pkgdesc="Library to parse EXIF metadata"
 url="https://sourceforge.net/projects/libexif"
 arch="all"
@@ -9,16 +9,21 @@ license="LGPL-2.0+"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
 depends=""
 makedepends=""
-source="https://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.bz2"
+source="https://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.bz2
+	CVE-2017-7544.patch
+	CVE-2018-20030.patch"
+
+# secfixes:
+#   0.6.21-r3:
+#     - CVE-2017-7544
+#     - CVE-2018-20030
 
 prepare() {
-	cd "$builddir"
 	update_config_sub
 	default_prepare
 }
 
 build() {
-	cd "$builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
@@ -27,12 +32,13 @@ build() {
 }
 
 check() {
-	cd "$builddir"
 	make check
 }
 
 package() {
-	cd "$builddir"
 	make DESTDIR="$pkgdir" install
 }
-sha512sums="4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35  libexif-0.6.21.tar.bz2"
+
+sha512sums="4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35  libexif-0.6.21.tar.bz2
+d529c6c5bd26dc21c0946702574184e1f61c2bfd4fb95b41e314f486a0dd55571963ff2cad566d2fb0804de3c0799bcd956c15a3dc10a520ce207728edad4e2d  CVE-2017-7544.patch
+0d6123bd275ace338ad9cebb31a2e714de0141b91860f07394b281686a5393566c3f4159679d4ba689ae7ea69ae2e412b158c3deb451c40c210b5817f6888bbc  CVE-2018-20030.patch"