Merge branch 'cves' into 'master'

CVE catch up, part one See merge request adelie/packages!307
author: A. Wilcox <awilcox@wilcox-tech.com> 2019-08-04 22:53:11 +0000
committer: A. Wilcox <awilcox@wilcox-tech.com> 2019-08-04 22:53:11 +0000
commit: 2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9 (patch)
tree: c99a2ff0b1366a5f6bb2d61b13916acb3012cea6 /user/oniguruma/APKBUILD
parent: 8410df6cbcf43832292026f4487ca2642be5cf15 (diff)
parent: 3c0917832c46ca76601c4e2e7388c4570bfbcb86 (diff)
download: packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.gz
packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.bz2
packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.xz
packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.zip
1 files changed, 12 insertions, 3 deletions
diff --git a/user/oniguruma/APKBUILD b/user/oniguruma/APKBUILD
index 7df3e3af5..b62084508 100644
--- a/user/oniguruma/APKBUILD
+++ b/user/oniguruma/APKBUILD
@@ -3,15 +3,22 @@
 # Maintainer: Samuel Holland <samuel@sholland.org>
 pkgname=oniguruma
 pkgver=6.9.2
-pkgrel=0
+pkgrel=1
 pkgdesc="A regular expression library"
 url="https://github.com/kkos/oniguruma"
 arch="all"
 license="BSD-2-Clause"
 subpackages="$pkgname-dev"
-source="https://github.com/kkos/$pkgname/releases/download/v$pkgver/onig-$pkgver.tar.gz"
+source="https://github.com/kkos/$pkgname/releases/download/v$pkgver/onig-$pkgver.tar.gz
+	CVE-2019-13224.patch
+	CVE-2019-13225.patch"
 builddir="$srcdir/onig-$pkgver"
 
+# secfixes:
+#   6.9.2-r1:
+#     - CVE-2019-13224
+#     - CVE-2019-13225
+
 build() {
 	./configure \
 		--build=$CBUILD \
@@ -32,4 +39,6 @@ package() {
 	make DESTDIR="$pkgdir" install
 }
 
-sha512sums="c10134e42a3c0b0eeae2027ffb7a3e1bcc9228dee286f6b6e997f8a73d717217fa74de0e19c40975d2e78044c8c4f029eb622f90c8eb4fdc4667eb4804e97001  onig-6.9.2.tar.gz"
+sha512sums="c10134e42a3c0b0eeae2027ffb7a3e1bcc9228dee286f6b6e997f8a73d717217fa74de0e19c40975d2e78044c8c4f029eb622f90c8eb4fdc4667eb4804e97001  onig-6.9.2.tar.gz
+7f1b42e1ceb6e9addf87bbd456848afd9db3b721352157e3a7362354c3a4cabd58fac202d199d9f9c2f08f0c5c98e3de8583367e7716028278dae96c3d6bb43a  CVE-2019-13224.patch
+4c1df67369055f945c49d579c3f2ae5ffc41bb1c8a2510555908f07691c669b290accd9152f017e02a2a21f8a365c9ffd8fab42a3d11409150551f0c0c919dc7  CVE-2019-13225.patch"
author	A. Wilcox <awilcox@wilcox-tech.com>	2019-08-04 22:53:11 +0000
committer	A. Wilcox <awilcox@wilcox-tech.com>	2019-08-04 22:53:11 +0000
commit	2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9 (patch)
tree	c99a2ff0b1366a5f6bb2d61b13916acb3012cea6 /user/oniguruma/APKBUILD
parent	8410df6cbcf43832292026f4487ca2642be5cf15 (diff)
parent	3c0917832c46ca76601c4e2e7388c4570bfbcb86 (diff)
download	packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.gz packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.bz2 packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.xz packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.zip