From 3398d0ddc84d9ea72d7d1148f3b2d6f68fcc3fb9 Mon Sep 17 00:00:00 2001
From: Francesco Colista <fcolista@alpinelinux.org>
Date: Mon, 28 Aug 2017 10:45:28 +0000
Subject: main/expat: fix for CVE-2012-6702, CVE-2016-5300 by upgrade to 2.2.0

fixes #6892
---
 main/expat/APKBUILD | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/main/expat/APKBUILD b/main/expat/APKBUILD
index 4f0eb784aa..d7452f7ebb 100644
--- a/main/expat/APKBUILD
+++ b/main/expat/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Carlo Landmeter <clandmeter@gmail.com>
 pkgname=expat
-pkgver=2.1.1
-pkgrel=1
+pkgver=2.2.0
+pkgrel=0
 pkgdesc="An XML Parser library written in C"
 url="http://www.libexpat.org/"
 arch="all"
@@ -10,11 +10,14 @@ depends=
 makedepends=
 subpackages="$pkgname-dev $pkgname-doc"
 source="http://downloads.sourceforge.net/project/expat/expat/$pkgver/expat-$pkgver.tar.bz2
-	CVE-2016-0718-v2-2-1.patch
 	"
-
 _builddir="$srcdir/$pkgname-$pkgver"
 
+# secfixes:
+#   2.2.0-r0:
+#     - CVE-2012-6702
+#     - CVE-2016-5300
+
 prepare() {
 	cd "$_builddir"
 	#update_config_sub || return 1
@@ -42,9 +45,6 @@ package() {
 	rm "$pkgdir"/usr/lib/*.la || return 1
 }
 
-md5sums="7380a64a8e3a9d66a9887b01d0d7ea81  expat-2.1.1.tar.bz2
-ca42c978799203939938efcf825a203d  CVE-2016-0718-v2-2-1.patch"
-sha256sums="aff584e5a2f759dcfc6d48671e9529f6afe1e30b0cd6a4cec200cbe3f793de67  expat-2.1.1.tar.bz2
-eeec77ab835b1f688dd70a98e7972b7ecc9e02f1b14a5131b940dd6fda1a657c  CVE-2016-0718-v2-2-1.patch"
-sha512sums="088e2ef3434f2affd4fc79fe46f0e9826b9b4c3931ddc780cd18892f1cd1e11365169c6807f45916a56bb6abcc627dcd17a23f970be0bf464f048f5be2713628  expat-2.1.1.tar.bz2
-84a4d589d31a8fd979df0b906dd8d8dc7d917e057821ecc2ad0b28ceabe7113e916242bd0b1958790c1a41bfccd54a7f5649e0e1410eb534222dea48bc63a84b  CVE-2016-0718-v2-2-1.patch"
+md5sums="2f47841c829facb346eb6e3fab5212e2  expat-2.2.0.tar.bz2"
+sha256sums="d9e50ff2d19b3538bd2127902a89987474e1a4db8e43a66a4d1a712ab9a504ff  expat-2.2.0.tar.bz2"
+sha512sums="2be1a6eea87b439374bfacb1fbb8e814fd8a085d5dfd3ca3be69d1af29b5dc93d36cbdec5f6843ca6d5910843c7ffbc498adc2a561b9dcece488edf3c6f8c7c8  expat-2.2.0.tar.bz2"
-- 
cgit v1.2.3