From c343566407755f9eb65e10b6a4dfe165a28330b6 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Tue, 3 Mar 2020 13:44:15 +0000 Subject: user/libgd: patch CVE-2018-14553 (#240) --- user/libgd/APKBUILD | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) (limited to 'user/libgd/APKBUILD') diff --git a/user/libgd/APKBUILD b/user/libgd/APKBUILD index 27de81126..2a537dfca 100644 --- a/user/libgd/APKBUILD +++ b/user/libgd/APKBUILD @@ -2,20 +2,22 @@ # Maintainer: pkgname=libgd pkgver=2.2.5 -pkgrel=1 +pkgrel=2 pkgdesc="Library for dynamic image creation" url="http://libgd.github.io/" arch="all" options="!check" # Upstream bug 201 regression. license="MIT" depends="" -makedepends="bash fontconfig-dev freetype-dev libjpeg-turbo-dev libpng-dev - libwebp-dev zlib-dev" +makedepends="autoconf automake bash fontconfig-dev freetype-dev + libjpeg-turbo-dev libpng-dev libtool libwebp-dev tiff-dev zlib-dev + " subpackages="$pkgname-dev" replaces="gd" source="https://github.com/$pkgname/$pkgname/releases/download/gd-$pkgver/$pkgname-$pkgver.tar.xz CVE-2016-7568.patch CVE-2018-5711.patch + CVE-2018-14553.patch CVE-2018-1000222.patch CVE-2019-6977.patch CVE-2019-6978.patch @@ -27,6 +29,13 @@ source="https://github.com/$pkgname/$pkgname/releases/download/gd-$pkgver/$pkgna # - CVE-2018-1000222 # - CVE-2019-6977 # - CVE-2019-6978 +# 2.2.5-r2: +# - CVE-2018-14553 + +prepare() { + default_prepare + autoreconf -vif +} build() { ./configure \ @@ -58,6 +67,7 @@ dev() { sha512sums="e4598e17a277a75e02255402182cab139cb3f2cffcd68ec05cc10bbeaf6bc7aa39162c3445cd4a7efc1a26b72b9152bbedb187351e3ed099ea51767319997a6b libgd-2.2.5.tar.xz 8310d11a2398e8617c9defc4500b9ce3897ac1026002ffa36000f1d1f8df19336005e8c1f6587533f1d787a4a54d7a3a28ad25bddbc966a018aedf4d8704a716 CVE-2016-7568.patch d6577566814cbe2d93b141a4216b32acdeb2989dc1712eb137565081b913151bbb4c69911c96b2bb7c90695078a85152d368aad183de494d1283fde25021751b CVE-2018-5711.patch +353491fab6c6e0916dca910c9d14f0e0efab6d9d88c48f6f3f2f69e60312489039b25d26980e7c5c2c04ed9e56003b99eae77bd412fbbed1d8eb47d561f7af74 CVE-2018-14553.patch d12462f1b159d50b9032435e9767a5d76e1797a88be950ed33dda7aa17005b7cb60560d04b9520e46d8111e1669d42ce28cb2c508f9c8825d545ac0335d2a10b CVE-2018-1000222.patch df84e469515f684d79ebad163e137401627310a984ac1ae6a4d31b739b3dc6d9144f101e9bfc3211af1d7cdbaa827721d21a9fe528e69b9b60a943ec8a7ab74b CVE-2019-6977.patch 3bf31941365a878bef899afa14a89e4ad0fbfb3280d34b2118c8484698e15eff600751ae3ce146a4f006e6c21730cb18899bae3538f6cc2651025274b40cf1ca CVE-2019-6978.patch" -- cgit v1.2.3-70-g09d2