user/taglib: patch for CVE-2017-12678 and CVE-2018-11439 (#150)

1 files changed, 12 insertions, 3 deletions

diff --git a/user/taglib/APKBUILD b/user/taglib/APKBUILD
index 60586f78e..0b7731116 100644
--- a/user/taglib/APKBUILD
+++ b/user/taglib/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=taglib
 pkgver=1.11.1
-pkgrel=2
+pkgrel=3
 pkgdesc="Library for manipulating audio file metadata"
 url="https://taglib.org/"
 arch="all"
@@ -10,7 +10,14 @@ license="LGPL-2.1-only AND MPL-1.1"
 depends=""
 makedepends="cmake zlib-dev"
 subpackages="$pkgname-dev"
-source="http://taglib.org/releases/taglib-$pkgver.tar.gz"
+source="http://taglib.org/releases/taglib-$pkgver.tar.gz
+	CVE-2017-12678.patch
+	CVE-2018-11439.patch"
+
+# secfixes:
+#   1.11.1-r3:
+#     - CVE-2017-12678
+#     - CVE-2018-11439
 
 build() {
 	cd "$builddir"
@@ -27,4 +34,6 @@ package() {
 	make DESTDIR="$pkgdir" install
 }
 
-sha512sums="7846775c4954ea948fe4383e514ba7c11f55d038ee06b6ea5a0a1c1069044b348026e76b27aa4ba1c71539aa8143e1401fab39184cc6e915ba0ae2c06133cb98  taglib-1.11.1.tar.gz"
+sha512sums="7846775c4954ea948fe4383e514ba7c11f55d038ee06b6ea5a0a1c1069044b348026e76b27aa4ba1c71539aa8143e1401fab39184cc6e915ba0ae2c06133cb98  taglib-1.11.1.tar.gz
+e50810e8d790c490b7d6752c4bf65da812b7534b9920c505d83b8bd0d67fe9991b4db488b6a63e69b206bbcb3cf80754018b17294b5832dd05bfad9a0fbc56c6  CVE-2017-12678.patch
+9a118f9410404996bf3879325f77fcfb638f6cc71b4e258d9786bd741c2c45f26385a6049788ef6ebc56c7c987bd7ef6267a461f4478f5d52d236b035287cdf2  CVE-2018-11439.patch"