main/libsndfile: security upgrade to 1.0.28 - fixes #7153

CVE-2017-7585: Stack-based buffer overflow in flac_buffer_copy()
CVE-2017-7741: invalid memory WRITE
CVE-2017-7742: invalid memory READ

1 files changed, 9 insertions, 4 deletions

diff --git a/main/libsndfile/APKBUILD b/main/libsndfile/APKBUILD
index 70bfad835d..8ec809e297 100644
--- a/main/libsndfile/APKBUILD
+++ b/main/libsndfile/APKBUILD
@@ -1,6 +1,7 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libsndfile
-pkgver=1.0.26
+pkgver=1.0.28
 pkgrel=0
 pkgdesc="A C library for reading and writing files containing sampled sound"
 url="http://www.mega-nerd.com/libsndfile"
@@ -12,6 +13,12 @@ depends_dev="flac-dev libvorbis-dev libogg-dev"
 makedepends="linux-headers alsa-lib-dev $depends_dev"
 source="http://www.mega-nerd.com/$pkgname/files/$pkgname-$pkgver.tar.gz"
 
+# secfixes:
+#   1.0.28-r0:
+#     - CVE-2017-7585
+#     - CVE-2017-7741
+#     - CVE-2017-7742
+
 _builddir="$srcdir/$pkgname-$pkgver"
 
 prepare() {
@@ -36,6 +43,4 @@ package() {
 	make DESTDIR="$pkgdir" install || return 1
 	rm "$pkgdir"/usr/lib/*.la || return 1
 }
-md5sums="ec810a0c60c08772a8a5552704b63393  libsndfile-1.0.26.tar.gz"
-sha256sums="cd6520ec763d1a45573885ecb1f8e4e42505ac12180268482a44b28484a25092  libsndfile-1.0.26.tar.gz"
-sha512sums="49a131482f9735e2f171ab7b59770cafc6b92e177f88bed9d2e6189390abc5aa473081dce3e4ec3c0e32b6f3d8c19901136b3df15b9222c11b578f522e88257e  libsndfile-1.0.26.tar.gz"
+sha512sums="890731a6b8173f714155ce05eaf6d991b31632c8ab207fbae860968861a107552df26fcf85602df2e7f65502c7256c1b41735e1122485a3a07ddb580aa83b57f  libsndfile-1.0.28.tar.gz"