Merge branch 'cves' into 'master'

CVE catch up, part one See merge request adelie/packages!307
author: A. Wilcox <awilcox@wilcox-tech.com> 2019-08-04 22:53:11 +0000
committer: A. Wilcox <awilcox@wilcox-tech.com> 2019-08-04 22:53:11 +0000
commit: 2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9 (patch)
tree: c99a2ff0b1366a5f6bb2d61b13916acb3012cea6 /user/libexif/APKBUILD
parent: 8410df6cbcf43832292026f4487ca2642be5cf15 (diff)
parent: 3c0917832c46ca76601c4e2e7388c4570bfbcb86 (diff)
download: packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.gz
packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.bz2
packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.xz
packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.zip
1 files changed, 13 insertions, 7 deletions
diff --git a/user/libexif/APKBUILD b/user/libexif/APKBUILD
index cfe2dd75f..71c9f7d06 100644
--- a/user/libexif/APKBUILD
+++ b/user/libexif/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: 
 pkgname=libexif
 pkgver=0.6.21
-pkgrel=2
+pkgrel=3
 pkgdesc="Library to parse EXIF metadata"
 url="https://sourceforge.net/projects/libexif"
 arch="all"
@@ -9,16 +9,21 @@ license="LGPL-2.0+"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
 depends=""
 makedepends=""
-source="https://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.bz2"
+source="https://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.bz2
+	CVE-2017-7544.patch
+	CVE-2018-20030.patch"
+
+# secfixes:
+#   0.6.21-r3:
+#     - CVE-2017-7544
+#     - CVE-2018-20030
 
 prepare() {
-	cd "$builddir"
 	update_config_sub
 	default_prepare
 }
 
 build() {
-	cd "$builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
@@ -27,12 +32,13 @@ build() {
 }
 
 check() {
-	cd "$builddir"
 	make check
 }
 
 package() {
-	cd "$builddir"
 	make DESTDIR="$pkgdir" install
 }
-sha512sums="4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35  libexif-0.6.21.tar.bz2"
+
+sha512sums="4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35  libexif-0.6.21.tar.bz2
+d529c6c5bd26dc21c0946702574184e1f61c2bfd4fb95b41e314f486a0dd55571963ff2cad566d2fb0804de3c0799bcd956c15a3dc10a520ce207728edad4e2d  CVE-2017-7544.patch
+0d6123bd275ace338ad9cebb31a2e714de0141b91860f07394b281686a5393566c3f4159679d4ba689ae7ea69ae2e412b158c3deb451c40c210b5817f6888bbc  CVE-2018-20030.patch"
author	A. Wilcox <awilcox@wilcox-tech.com>	2019-08-04 22:53:11 +0000
committer	A. Wilcox <awilcox@wilcox-tech.com>	2019-08-04 22:53:11 +0000
commit	2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9 (patch)
tree	c99a2ff0b1366a5f6bb2d61b13916acb3012cea6 /user/libexif/APKBUILD
parent	8410df6cbcf43832292026f4487ca2642be5cf15 (diff)
parent	3c0917832c46ca76601c4e2e7388c4570bfbcb86 (diff)
download	packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.gz packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.bz2 packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.xz packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.zip