From 78bd544deacca7cd2e0b4e796c00ce9597d5b3ba Mon Sep 17 00:00:00 2001
From: Leo <thinkabit.ukim@gmail.com>
Date: Wed, 20 Nov 2019 13:07:02 +0100
Subject: community/libcaca: fix a few CVEs

ref #10966
---
 community/libcaca/APKBUILD | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

(limited to 'community/libcaca')

diff --git a/community/libcaca/APKBUILD b/community/libcaca/APKBUILD
index c0104d28a4..6dc473db5a 100644
--- a/community/libcaca/APKBUILD
+++ b/community/libcaca/APKBUILD
@@ -3,7 +3,7 @@
 pkgname=libcaca
 pkgver=0.99_beta19
 _ver=${pkgver/_/.}
-pkgrel=2
+pkgrel=3
 pkgdesc="graphics library that outputs text instead of pixels"
 url="http://caca.zoy.org/wiki/libcaca"
 arch="all"
@@ -11,7 +11,20 @@ license="WTFPL"
 depends_dev="imlib2-dev"
 makedepends="$depends_dev"
 subpackages="$pkgname-dev $pkgname-doc"
-source="http://caca.zoy.org/files/$pkgname/$pkgname-$_ver.tar.gz"
+source="http://caca.zoy.org/files/$pkgname/$pkgname-$_ver.tar.gz
+	2018-20544.patch::https://github.com/cacalabs/libcaca/commit/84bd155087b93ab2d8d7cb5b1ac94ecd4cf4f93c.patch
+	2018-20545.patch::https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592.patch
+	2018-20546.patch::https://github.com/cacalabs/libcaca/commit/02a09ec9e5ed8981e7a810bfb6a0172dc24f0790.patch
+	"
+
+# secfixes:
+#   0.99_beta19-r3:
+#     - CVE-2018-20544
+#     - CVE-2018-20545
+#     - CVE-2018-20546
+#     - CVE-2018-20547
+#     - CVE-2018-20548
+#     - CVE-2018-20549
 
 builddir="$srcdir"/libcaca-${_ver}
 
@@ -27,4 +40,7 @@ package() {
 	install COPYING -Dm644 $pkgdir/usr/share/licenses/$pkgname/LICENSE
 }
 
-sha512sums="780fc7684d40207cc10df3f87d6d8f1d47ddfffa0e76e41a5ce671b82d5c7f090facb054c3d49ca7c4ea1a619625bb9085ce52f837f50792b4a2d776a4c68e15  libcaca-0.99.beta19.tar.gz"
+sha512sums="780fc7684d40207cc10df3f87d6d8f1d47ddfffa0e76e41a5ce671b82d5c7f090facb054c3d49ca7c4ea1a619625bb9085ce52f837f50792b4a2d776a4c68e15  libcaca-0.99.beta19.tar.gz
+09450e15075daf7d944b7af6e7ad4a3124aa600a1cd9a5a49f8aafb8198497ae84b66a8bf84c9633007220fc39fa923aa3d300990fe7b12bcf770f9bb39a52e0  2018-20544.patch
+3a85a6145f411502115885a8c8ec0ebb9f7cb098e7aaa128da4f896206d6f4beb0c8c223fb7aec0d53f776d1d51b3532858aa41c16550a0339055663f5718837  2018-20545.patch
+9fd85f8551daac7cae3ef1025407e020fbb5233979e6894fecf561a3b59530bda0e79f9983d0778d957ffc698af37b7cfb2591bb7e811761ed16bad2b3d06ef9  2018-20546.patch"
-- 
cgit v1.2.3