user/libjpeg-turbo: [CVE] patch CVE-2020-13790 (#298)

1 files changed, 8 insertions, 3 deletions

diff --git a/user/libjpeg-turbo/APKBUILD b/user/libjpeg-turbo/APKBUILD
index ad4a4076a..00b4ec314 100644
--- a/user/libjpeg-turbo/APKBUILD
+++ b/user/libjpeg-turbo/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=libjpeg-turbo
 pkgver=2.0.4
-pkgrel=0
+pkgrel=1
 pkgdesc="Accelerated JPEG compression and decompression library"
 url="https://libjpeg-turbo.org/"
 arch="all"
@@ -10,7 +10,9 @@ license="IJG AND BSD-3-Clause AND Zlib"
 depends=""
 makedepends="cmake"
 subpackages="$pkgname-doc $pkgname-dev $pkgname-utils"
-source="https://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz"
+source="https://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz
+	CVE-2020-13790.patch
+	"
 
 case "$CTARGET_ARCH" in
 pmmx | x86 | x86_64)	makedepends="$makedepends nasm" ;;
@@ -19,6 +21,8 @@ esac
 # secfixes:
 #   2.0.3-r0:
 #     - CVE-2019-2201
+#   2.0.4-r1:
+#     - CVE-2020-13790
 
 build() {
 	if [ "$CBUILD" != "$CHOST" ]; then
@@ -51,4 +55,5 @@ utils() {
 	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
 }
 
-sha512sums="708c2e7418d9ed5abca313e2ff5a08f8176d79cad2127573cda6036583c201973db4cfb0eafc0fc8f57ecc7b000d2b4af95980de54de5a0aed45969e993a5bf9  libjpeg-turbo-2.0.4.tar.gz"
+sha512sums="708c2e7418d9ed5abca313e2ff5a08f8176d79cad2127573cda6036583c201973db4cfb0eafc0fc8f57ecc7b000d2b4af95980de54de5a0aed45969e993a5bf9  libjpeg-turbo-2.0.4.tar.gz
+83752558d0cf60508a9ccd55505b91f4faa22277537916629a045b2aaa0cb3649e2f90b0df26d389687dc4aba78bdf76e64fc5e5eb324a65026ec86cd95dbe6a  CVE-2020-13790.patch"