main/gd: backport security fix for CVE-2018-1000222

fixes #9498

1 files changed, 8 insertions, 2 deletions

diff --git a/main/gd/APKBUILD b/main/gd/APKBUILD
index 2fffb9fc7c..0d03b6369f 100644
--- a/main/gd/APKBUILD
+++ b/main/gd/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Carlo Landmeter <clandmeter@gmail.com>
 pkgname=gd
 pkgver=2.2.5
-pkgrel=0
+pkgrel=1
 _pkgreal=lib$pkgname
 pkgdesc="Library for the dynamic creation of images by programmers"
 url="http://libgd.github.io/"
@@ -13,10 +13,15 @@ makedepends="bash libpng-dev libjpeg-turbo-dev libwebp-dev freetype-dev zlib-dev
 subpackages="$pkgname-dev $_pkgreal:libs"
 source="https://github.com/$_pkgreal/$_pkgreal/releases/download/$pkgname-$pkgver/$_pkgreal-$pkgver.tar.xz
 	CVE-2016-7568.patch
+	CVE-2018-1000222.patch
 	"
 builddir="$srcdir/$_pkgreal-$pkgver"
 options="!check"
 
+# secfixes:
+#   2.2.5-r1:
+#   - CVE-2018-1000222
+
 build() {
 	cd "$builddir"
 	./configure \
@@ -48,4 +53,5 @@ dev() {
 }
 
 sha512sums="e4598e17a277a75e02255402182cab139cb3f2cffcd68ec05cc10bbeaf6bc7aa39162c3445cd4a7efc1a26b72b9152bbedb187351e3ed099ea51767319997a6b  libgd-2.2.5.tar.xz
-8310d11a2398e8617c9defc4500b9ce3897ac1026002ffa36000f1d1f8df19336005e8c1f6587533f1d787a4a54d7a3a28ad25bddbc966a018aedf4d8704a716  CVE-2016-7568.patch"
+8310d11a2398e8617c9defc4500b9ce3897ac1026002ffa36000f1d1f8df19336005e8c1f6587533f1d787a4a54d7a3a28ad25bddbc966a018aedf4d8704a716  CVE-2016-7568.patch
+d12462f1b159d50b9032435e9767a5d76e1797a88be950ed33dda7aa17005b7cb60560d04b9520e46d8111e1669d42ce28cb2c508f9c8825d545ac0335d2a10b  CVE-2018-1000222.patch"