From 0a29ea8a1e1a794d19ba9f23ccc2836379419e18 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Thu, 1 Aug 2019 03:15:42 -0500 Subject: system/binutils: patch multiple CVEs (#116) --- system/binutils/APKBUILD | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) (limited to 'system/binutils/APKBUILD') diff --git a/system/binutils/APKBUILD b/system/binutils/APKBUILD index 47b3609a2..c7924b43e 100644 --- a/system/binutils/APKBUILD +++ b/system/binutils/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Adelie Platform Group pkgname=binutils pkgver=2.32 -pkgrel=1 +pkgrel=2 pkgdesc="Tools necessary to build programs" url="https://www.gnu.org/software/binutils/" depends="" @@ -23,6 +23,13 @@ source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz remove-pr19719-test.patch remove-pr19553c-test.patch srec.patch + CVE-2019-9070-and-9071.patch + CVE-2019-9073.patch + CVE-2019-9074.patch + CVE-2019-9075.patch + CVE-2019-9077.patch + CVE-2019-12972.patch + CVE-2019-14250.patch " if [ "$CHOST" != "$CTARGET" ]; then @@ -33,12 +40,23 @@ if [ "$CHOST" != "$CTARGET" ]; then builddir="$srcdir"/binutils-$pkgver fi -# secfixes: +# secfixes: binutils # 2.28-r1: # - CVE-2017-7614 # 2.31.1-r2: # - CVE-2018-19931 # - CVE-2018-19932 +# 2.32-r0: +# - CVE-2018-1000876 +# 2.32-r2: +# - CVE-2019-9070 +# - CVE-2019-9071 +# - CVE-2019-9073 +# - CVE-2019-9074 +# - CVE-2019-9075 +# - CVE-2019-9077 +# - CVE-2019-12972 +# - CVE-2019-14250 build() { local _sysroot=/ @@ -124,4 +142,11 @@ d378fdf1964f8f2bd0b1e62827ac5884bdf943aa435ec89c29fc84bb045d406b733fffaff8fdd8bd 32ab4215669c728648179c124632467573a3d4675e79f0f0d221c22eb2ec1ca5488b79910bd09142f90a1e0d0b81d99ca4846297f4f9561f158db63745facb66 remove-pr2404-tests.patch a193d1fa7f42d91915960460a15e4d24e0df529d81e23014bcf45d283fae76bb7b300fdcb0d0a9d521cdb9137322efa1dc357112596d6ae7a7fd05988ac359b9 remove-pr19719-test.patch 39ef9c76dd5db6b15f11ffa8061f7ca844fb79c3fb9879c3b1466eef332a28b833597c87003ab9f260b1b85023fae264659088aee27cad7e5aa77b2d58b9a3f6 remove-pr19553c-test.patch -f720b3356b88e366c52941da056e543e4b42bc77f012e5b0290f79e15b0a31d855989ad01920680507a9df0544e5b8e26d0cf8d6f22fbdeb874af31cff4c16d3 srec.patch" +f720b3356b88e366c52941da056e543e4b42bc77f012e5b0290f79e15b0a31d855989ad01920680507a9df0544e5b8e26d0cf8d6f22fbdeb874af31cff4c16d3 srec.patch +f52d21f194c2d7dbdc56e93636d3228034ee1718b457e5a5ce289bba2454155846d1ff6ea8530d11a901a85c9af945360bc17cda9e7370c36362aa6c762154c7 CVE-2019-9070-and-9071.patch +032fed723b610fe06e210e2ebee8d24962ecad1dc69d98d38e95f768c9ed64cb991158758ef71e684d6d762a30e9a852287836be2bb8a2aba27fe31d2792c0a0 CVE-2019-9073.patch +16b4cc094a6846399e47271da6fe8d8bd8b70246e12e872fcafb85f11809b5699eddba723fbac664c062c02f9b5658ea9770e14c522e151cdea1d39e69c851dd CVE-2019-9074.patch +a46b9211608e2f35219b95363a5ba90506742dcb9e4bd4a43915af6c0b3e74bd8339a8318dc2923c0952ef579112412cb1cf619a5f090066769a852587b27d03 CVE-2019-9075.patch +c0f50f1a843480f29b3895c8814df9801b9f90260edbaff1831aa5738fedd07a9e6b7a79f5b6f9be34df4954dbf02feb5232ebbecc596277fc2fe63673ed347c CVE-2019-9077.patch +9109a6ff9c55f310f86a1561fe6b404534928d402672490059bbe358f77c0c2a7f73c8b67f0a4450f00ba1776452858b63fa60cf2ec0744104a6b077e8fa3e42 CVE-2019-12972.patch +c277202272d9883741c2530a94c6d50d55dd9d0a9efaa43a1f8c9fc7529bd45e635255c0d90035dfc5920d5387010a4259612a4d711260a95d7b3d9fa6500e4f CVE-2019-14250.patch" -- cgit v1.2.3-70-g09d2