From 9d975a16f6054ccfa09bcd932da9f18eff7d37d1 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Tue, 24 Sep 2019 17:04:51 -0500 Subject: user/djvulibre: patch multiple CVEs (#185) --- user/djvulibre/APKBUILD | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) (limited to 'user/djvulibre/APKBUILD') diff --git a/user/djvulibre/APKBUILD b/user/djvulibre/APKBUILD index a90485e6a..2b4a3ed0e 100644 --- a/user/djvulibre/APKBUILD +++ b/user/djvulibre/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox pkgname=djvulibre pkgver=3.5.27 -pkgrel=0 +pkgrel=1 pkgdesc="Format for distributing documents and images" url="http://djvu.sourceforge.net/" arch="all" @@ -11,10 +11,20 @@ depends="" depends_dev="" makedepends="$depends_dev imagemagick libjpeg-turbo-dev tiff-dev" subpackages="$pkgname-dev $pkgname-doc" -source="https://downloads.sourceforge.net/djvu/djvulibre-$pkgver.tar.gz" +source="https://downloads.sourceforge.net/djvu/djvulibre-$pkgver.tar.gz + CVE-2019-15142.patch + CVE-2019-15143.patch + CVE-2019-15144.patch + CVE-2019-15145.patch" + +# secfixes: +# 3.5.27-r1: +# - CVE-2019-15142 +# - CVE-2019-15143 +# - CVE-2019-15144 +# - CVE-2019-15145 build() { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -26,13 +36,16 @@ build() { } check() { - cd "$builddir" + # This doesn't actually do anything yet make check } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } -sha512sums="62abcaa2fe7edab536477929ba38b882453dab1a06e119a3f838b38d5c61f5d8c252e4769e6534582b826e49bcfb490513179580fab9c3afa84aa92053ccebee djvulibre-3.5.27.tar.gz" +sha512sums="62abcaa2fe7edab536477929ba38b882453dab1a06e119a3f838b38d5c61f5d8c252e4769e6534582b826e49bcfb490513179580fab9c3afa84aa92053ccebee djvulibre-3.5.27.tar.gz +d9e4301fb98a35b8c2f1854eb4be53611f98b3fc9fdd357dd5502b5b189bdf61957a48b220f3ab7465bbf1df8606ce04513e10df74643a9e289c349f94721561 CVE-2019-15142.patch +3527e1c84f7c7d36f902cb3d7e9ddb6866acbdd4b47675ce3ffd164accf2e2931a4c6bbaae2ea775b4710d88ae34dd4dcd39a5846fce13bef2c82a99d608b8c1 CVE-2019-15143.patch +f8f1abf328a97d69514b2626e4c6449c0c7b7e2b5518d56bba6a61a944aaf4b7fffd1371c26396353728f6a1399c6d87492af5c17e6b623dae7751b81eac11f9 CVE-2019-15144.patch +790ef1e05874635c762600c990ecbd3e29e2eb01c59e25a0f8b2a15dbadbd3673d9dbb651d9dcb53fd3e5f4cb6bded47c3eefaaef8b4ccac39bd28f8bbec2068 CVE-2019-15145.patch" -- cgit v1.2.3-60-g2f50