main/fribidi: fix CVE-2019-18397

ref #10943

1 files changed, 10 insertions, 3 deletions

diff --git a/main/fribidi/APKBUILD b/main/fribidi/APKBUILD
index 242e53f759..012e3260e5 100644
--- a/main/fribidi/APKBUILD
+++ b/main/fribidi/APKBUILD
@@ -1,13 +1,19 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=fribidi
 pkgver=1.0.7
-pkgrel=0
+pkgrel=1
 pkgdesc="Free Implementation of the Unicode Bidirectional Algorithm"
 url="https://github.com/fribidi/fribidi"
 arch="all"
 license="LGPL-2.0-or-later"
 subpackages="$pkgname-doc $pkgname-static $pkgname-dev"
-source="https://github.com/fribidi/fribidi/releases/download/v$pkgver/fribidi-$pkgver.tar.bz2"
+source="https://github.com/fribidi/fribidi/releases/download/v$pkgver/fribidi-$pkgver.tar.bz2
+	CVE-2019-18397.patch::https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568.patch
+	"
+
+# secfixes:
+#   1.0.7-r1:
+#     - CVE-2019-18397
 
 build() {
 	cd "$builddir"
@@ -31,4 +37,5 @@ package() {
 	make DESTDIR="$pkgdir" install
 }
 
-sha512sums="c7a1834eb5e79e337b31c62b75e9ab61f761cc5d6eef5c9ac9610f69ed044ce9d2d2efac150cad167eea3e1d573b27765e5d01abc4b4f9e43c7903d5980ba8c0  fribidi-1.0.7.tar.bz2"
+sha512sums="c7a1834eb5e79e337b31c62b75e9ab61f761cc5d6eef5c9ac9610f69ed044ce9d2d2efac150cad167eea3e1d573b27765e5d01abc4b4f9e43c7903d5980ba8c0  fribidi-1.0.7.tar.bz2
+3d8efc59781c36203d618d3348b54fbfaff79306964e43c93d2cbe97d2e122c06a44aea519e3ea6ad78e46ecc37cf64975b8b89de0cb21048b89d0ce20e4ab46  CVE-2019-18397.patch"