From 03ef76f450eda2661dff1b65f8dcd4b19b8bbfab Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Mon, 2 Sep 2019 19:16:27 -0500
Subject: user/vlc: [CVE] bump to 3.0.8 (#182)

---
 user/vlc/APKBUILD | 31 ++++++++++++++++++++-----------
 1 file changed, 20 insertions(+), 11 deletions(-)

(limited to 'user/vlc')

diff --git a/user/vlc/APKBUILD b/user/vlc/APKBUILD
index 2dc82dde6..3da8680d2 100644
--- a/user/vlc/APKBUILD
+++ b/user/vlc/APKBUILD
@@ -2,8 +2,8 @@
 # Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=vlc
-pkgver=3.0.7.1
-pkgrel=2
+pkgver=3.0.8
+pkgrel=0
 pkgdesc="Multi-platform MPEG, VCD/DVD, and DivX player"
 triggers="vlc-libs.trigger=/usr/lib/vlc/plugins"
 pkgusers="vlc"
@@ -11,7 +11,7 @@ pkggroups="vlc"
 url="https://www.videolan.org/vlc/"
 arch="all"
 license="GPL-2.0+"
-options="!checkroot textrel"
+options="textrel"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-qt $pkgname-pulse
 	$pkgname-daemon::noarch $pkgname-libs $pkgname-lang"
 depends="ttf-dejavu xdg-utils"
@@ -43,12 +43,25 @@ source="https://get.videolan.org/vlc/$pkgver/vlc-$pkgver.tar.xz
 	omxil-rpi-codecs.patch
 	tar-compat.patch
 	test-s390x.patch
-	vlc-libs.trigger
 	"
 
 # secfixes: vlc_media_player
 #   3.0.4-r2:
 #     - CVE-2018-19857
+#   3.0.8-r0:
+#     - CVE-2019-13602
+#     - CVE-2019-13615
+#     - CVE-2019-13962
+#     - CVE-2019-14437
+#     - CVE-2019-14438
+#     - CVE-2019-14498
+#     - CVE-2019-14533
+#     - CVE-2019-14534
+#     - CVE-2019-14535
+#     - CVE-2019-14776
+#     - CVE-2019-14777
+#     - CVE-2019-14778
+#     - CVE-2019-14970
 
 prepare() {
 	default_prepare
@@ -57,7 +70,6 @@ prepare() {
 
 build() {
 	local _arch_opts=
-	cd "$builddir"
 	export CFLAGS="$CFLAGS -D_GNU_SOURCE"
 
 	case "$CARCH" in
@@ -127,7 +139,6 @@ build() {
 }
 
 package() {
-	cd "$builddir"
 	make DESTDIR="$pkgdir" install
 	# delete cache as it's autocreated by trigger
 	rm -rf "$pkgdir"/usr/lib/vlc/plugins/plugins.dat
@@ -137,7 +148,6 @@ package() {
 }
 
 check() {
-	cd "$builddir"
 	make check
 }
 
@@ -150,7 +160,7 @@ _mv() {
 pulse() {
 	pkgdesc="PulseAudio support for VLC"
 	depends=""
-	install_if="vlc pulseaudio"
+	install_if="vlc=$pkgver-r$pkgrel pulseaudio"
 	mkdir -p "$subpkgdir"/usr/lib/vlc
 	mv "$pkgdir"/usr/lib/vlc/libvlc_pulse* "$subpkgdir"/usr/lib/vlc/
 }
@@ -192,7 +202,7 @@ libs() {
 	default_libs
 }
 
-sha512sums="6b99ae0564630a7a7ca9187c3bb954c601e384522ce93460b73f2dbf31787ce5828daca9f31c781b97db77872d76b6a3e871ff3401d70f1b5829fee7c4e847fd  vlc-3.0.7.1.tar.xz
+sha512sums="5ade0b350e98fd6fa90035bffabda96f0addb3844a7c0a242b4db1cab6a746e1adb1d713ddcb48ae51a7d1736090f096f5d3b0637a9f958ccf4fcf27e838cf70  vlc-3.0.8.tar.xz
 22d80df599b8b65a5439cefbb7140af8e9530f326d54945da3769af65f37518b99ec2cc8647aafd2763324a0698280915afe043cc87e5720c4694881ed35bffa  check-headless.patch
 e214b407235cb3afb8bec93f20c9b42957b57e6fd3960679d3d4235e77762e03e64d03c01f00ef63d589e7c85aaad02ce6abbeeccd66b1867bc92451a5b5e9b0  disable-sub-autodetect-fuzzy-1-test.patch
 e063c727d952465bbea33f669db49190427521dc8e2291e9a5cbb0f5e8e879bd3ba76855e44bd4630948e30c4329d27bd928f95de20fe1050d5e839778a4d012  endian-fix.patch
@@ -200,5 +210,4 @@ e063c727d952465bbea33f669db49190427521dc8e2291e9a5cbb0f5e8e879bd3ba76855e44bd463
 35f83e38a6a0dd1e3c37e3dc6d63b1406d2f9454ed246854c1408d6f35ad74b743c5b0dbc19442bab65aad4268707ffa85bfda9e72b2d711c1d3412d955bf150  lua.patch
 e13e398b7bfd977f6e099bcb6cf8dc5cd5bad6dea3eff715881826246dc4329468846084aff2576de2b7fd28d3f06e7c327a6e4511a28d22e5cd198a81146c89  omxil-rpi-codecs.patch
 a117ca4d7fd66a5f959fdeaddfdce2f8442fe9f2c13995bb7f4792a7745c00813813aa962f76e957e3b0735344a5dc000e0644ce09f23458802a2932231655c3  tar-compat.patch
-c0107655249687655846a9547ca1a5670b9207443180600e7a149c69ffb96d7226787c19b018d4033db9b284c1a5faa8d7d42188ed40c3b8bb051256febf11c5  test-s390x.patch
-34d899b8b88de2058a8d64ce316389bd3437c0bbcd64a925eec4975adf2bc306a3a8d2e322bad5e3a18b5a28cbb5bf6705d8849dee655daf7e5a4bb007fe07e0  vlc-libs.trigger"
+c0107655249687655846a9547ca1a5670b9207443180600e7a149c69ffb96d7226787c19b018d4033db9b284c1a5faa8d7d42188ed40c3b8bb051256febf11c5  test-s390x.patch"
-- 
cgit v1.2.3-70-g09d2


From f5e2b019160afc329b746f9c6a890934e480611e Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Mon, 23 Sep 2019 06:11:32 -0500
Subject: user/vlc: fix initd / confd install

---
 user/vlc/APKBUILD | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'user/vlc')

diff --git a/user/vlc/APKBUILD b/user/vlc/APKBUILD
index 3da8680d2..e2a1dbf2a 100644
--- a/user/vlc/APKBUILD
+++ b/user/vlc/APKBUILD
@@ -189,8 +189,8 @@ daemon() {
 
 	mkdir -p "$subpkgdir"
 	cd "$pkgdir"
-	install -D -m755 ../../vlc.initd $subpkgdir/etc/init.d/vlc
-	install -D -m664 ../../vlc.confd $subpkgdir/etc/conf.d/vlc
+	install -D -m755 "$srcdir"/vlc.initd "$subpkgdir"/etc/init.d/vlc
+	install -D -m664 "$srcdir"/vlc.confd "$subpkgdir"/etc/conf.d/vlc
 	install -d -o vlc -g vlc "$subpkgdir"/var/log/vlc
 }
 
-- 
cgit v1.2.3-70-g09d2


From b0e0d5808b32e66e12d096a66854b7bc65d418f9 Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Mon, 23 Sep 2019 06:29:38 -0500
Subject: user/vlc: no, really, I mean it this time :TM:

---
 user/vlc/APKBUILD | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'user/vlc')

diff --git a/user/vlc/APKBUILD b/user/vlc/APKBUILD
index e2a1dbf2a..6c9a23c97 100644
--- a/user/vlc/APKBUILD
+++ b/user/vlc/APKBUILD
@@ -43,6 +43,9 @@ source="https://get.videolan.org/vlc/$pkgver/vlc-$pkgver.tar.xz
 	omxil-rpi-codecs.patch
 	tar-compat.patch
 	test-s390x.patch
+
+	$pkgname.initd
+	$pkgname.confd
 	"
 
 # secfixes: vlc_media_player
@@ -210,4 +213,6 @@ e063c727d952465bbea33f669db49190427521dc8e2291e9a5cbb0f5e8e879bd3ba76855e44bd463
 35f83e38a6a0dd1e3c37e3dc6d63b1406d2f9454ed246854c1408d6f35ad74b743c5b0dbc19442bab65aad4268707ffa85bfda9e72b2d711c1d3412d955bf150  lua.patch
 e13e398b7bfd977f6e099bcb6cf8dc5cd5bad6dea3eff715881826246dc4329468846084aff2576de2b7fd28d3f06e7c327a6e4511a28d22e5cd198a81146c89  omxil-rpi-codecs.patch
 a117ca4d7fd66a5f959fdeaddfdce2f8442fe9f2c13995bb7f4792a7745c00813813aa962f76e957e3b0735344a5dc000e0644ce09f23458802a2932231655c3  tar-compat.patch
-c0107655249687655846a9547ca1a5670b9207443180600e7a149c69ffb96d7226787c19b018d4033db9b284c1a5faa8d7d42188ed40c3b8bb051256febf11c5  test-s390x.patch"
+c0107655249687655846a9547ca1a5670b9207443180600e7a149c69ffb96d7226787c19b018d4033db9b284c1a5faa8d7d42188ed40c3b8bb051256febf11c5  test-s390x.patch
+55e245190b443dde9c7215ea5210612fcca164900a9a4b025ccf0d1e3fc5206d00b52355b256974421e37c609875627f1db19f0f5a084511aec0daf677ecc9d6  vlc.initd
+d89190dca1b8b2c3faca5863dc6c7e6eb24e05178e6f75ed752fd3c6a73cb8a42d2625b6e56453296b7096ea868be642ecd42745dac20e7f13fc67dd3c3c7c49  vlc.confd"
-- 
cgit v1.2.3-70-g09d2