main/imagemagick: security upgrade to 7.0.8.38

CVE-2019-9956, CVE-2019-10649, CVE-2019-10650

It seems that the previous releases are available only through GH

Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>

1 files changed, 11 insertions, 4 deletions

diff --git a/main/imagemagick/APKBUILD b/main/imagemagick/APKBUILD
index edacf5033e..d695493227 100644
--- a/main/imagemagick/APKBUILD
+++ b/main/imagemagick/APKBUILD
@@ -2,9 +2,10 @@
 # Contributor: Carlo Landmeter <clandmeter@gmail.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=imagemagick
-pkgver=7.0.7.39
-_abiver=7
+pkgver=7.0.8.38
+pkgrel=0
 _pkgver=${pkgver%.*}-${pkgver##*.}
+_abiver=7
 pkgrel=0
 pkgdesc="Collection of tools and libraries for many image formats"
 url="http://www.imagemagick.org"
@@ -16,9 +17,15 @@ makedepends="zlib-dev libpng-dev libjpeg-turbo-dev freetype-dev fontconfig-dev
 	libwebp-dev libxml2-dev librsvg-dev libx11-dev libxext-dev"
 checkdepends="freetype fontconfig ghostscript ghostscript-fonts lcms2 graphviz"
 subpackages="$pkgname-doc $pkgname-dev $pkgname-c++:_cxx $pkgname-libs"
-source="http://www.imagemagick.org/download/releases/ImageMagick-$_pkgver.tar.xz"
+source="https://github.com/ImageMagick/ImageMagick/archive/${_pkgver}.tar.gz"
 builddir="$srcdir/ImageMagick-${_pkgver}"
 
+# secfixes:
+#   7.0.8.38-r0:
+#     - CVE-2019-9956
+#     - CVE-2019-10649
+#     - CVE-2019-10650
+
 build() {
 	cd "$builddir"
 	# fix doc dir, Gentoo bug 91911
@@ -75,4 +82,4 @@ _cxx() {
 	mv "$pkgdir"/usr/lib/libMagick++*.so.* "$subpkgdir"/usr/lib/
 }
 
-sha512sums="1f1682342639b3056c5c45b2d70e54614f3d477e4ad2006fc00dbca81747d7d71416359316365468cd2e3139e4988b5239cad0757b9ca0920129f4fda080d988  ImageMagick-7.0.7-39.tar.xz"
+sha512sums="db1451d52622151e59ef20f2682c1e9446cd0198a75c5715a4b9faff5b428ddf696172d2b6db52818fc2773e3ba3a6ff6d40199da52202c0b6eb41111512fc73  7.0.8-38.tar.gz"