main/libarchive: security fix for CVE-2017-14166. Fixes #7803

1 files changed, 9 insertions, 3 deletions

diff --git a/main/libarchive/APKBUILD b/main/libarchive/APKBUILD
index 5e17cde19d..85a4fa742d 100644
--- a/main/libarchive/APKBUILD
+++ b/main/libarchive/APKBUILD
@@ -2,16 +2,21 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libarchive
 pkgver=3.3.2
-pkgrel=0
+pkgrel=1
 pkgdesc="library that can create and read several streaming archive formats"
 url="http://libarchive.org/"
 arch="all"
 license="BSD"
 makedepends="zlib-dev bzip2-dev xz-dev lz4-dev acl-dev libressl-dev expat-dev"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-tools"
-source="http://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz"
+source="http://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz
+	CVE-2017-14166.patch"
 builddir="$srcdir/$pkgname-$pkgver"
 
+# secfixes:
+#   3.3.2-r1:
+#     - CVE-2017-14166
+
 build () {
 	cd "$builddir"
 	./configure \
@@ -34,4 +39,5 @@ tools() {
 	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
 }
 
-sha512sums="1e538cd7d492f54b11c16c56f12c1632ba14302a3737ec0db786272aec0c8020f1e27616a7654d57e26737e5ed9bfc9a62f1fdda61a95c39eb726aa7c2f673e4  libarchive-3.3.2.tar.gz"
+sha512sums="1e538cd7d492f54b11c16c56f12c1632ba14302a3737ec0db786272aec0c8020f1e27616a7654d57e26737e5ed9bfc9a62f1fdda61a95c39eb726aa7c2f673e4  libarchive-3.3.2.tar.gz
+7cc9dbafd970c07fb4421b7a72a075cc0a000db77df4432222539c58625c93c45f01a144838b551980bc0c6dc5b4c3ab852eb1433006c3174581ba0897010dbe  CVE-2017-14166.patch"