main/lz4: fix CVE-2019-17543

see #10919

1 files changed, 10 insertions, 3 deletions

diff --git a/main/lz4/APKBUILD b/main/lz4/APKBUILD
index ab7adf94f4..05badb0224 100644
--- a/main/lz4/APKBUILD
+++ b/main/lz4/APKBUILD
@@ -2,16 +2,22 @@
 # Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
 pkgname=lz4
 pkgver=1.9.1
-pkgrel=0
+pkgrel=1
 pkgdesc="LZ4 is lossless compression algorithm with fast decoder @ multiple GB/s per core."
 url="https://github.com/lz4/lz4"
 arch="all"
 license="BSD-2-Clause GPL-2.0-only"
 checkdepends="diffutils"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-libs $pkgname-tests:tests"
-source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz"
+source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz
+	CVE-2019-17543.patch
+	"
 builddir="$srcdir"/$pkgname-$pkgver
 
+# secfixes:
+#   1.9.1-r1:
+#     - CVE-2019-17543
+
 build() {
 	cd "$builddir"
 	make PREFIX="/usr"
@@ -34,4 +40,5 @@ package() {
 	make PREFIX="/usr" DESTDIR="$pkgdir" install
 }
 
-sha512sums="536cdeb6dd73b4769cf9501ad312b004ab01699758534b47ca2eddbc815fd374a3caba40cde36f73a7a70e134065836b733e2b0c023c31740b877ef9317ccf3e  lz4-1.9.1.tar.gz"
+sha512sums="536cdeb6dd73b4769cf9501ad312b004ab01699758534b47ca2eddbc815fd374a3caba40cde36f73a7a70e134065836b733e2b0c023c31740b877ef9317ccf3e  lz4-1.9.1.tar.gz
+814a5319b220783e1f2c435797aada7a9aafee30b18ae850e293b0001068200b53620f668f8ef9c2822b2694020809c54a36671e26bae4fcebe11c903a4ba09f  CVE-2019-17543.patch"