From 38638bab94d2426e261c1354303f5fec985618ef Mon Sep 17 00:00:00 2001 From: Francesco Colista Date: Mon, 11 Dec 2017 02:14:25 +0000 Subject: community/graphicsmagick: security upgrade to 1.3.27. - Fixes #8095 - Fixes #7943 (last CVE was not fixed since the patch did not apply) --- community/graphicsmagick/APKBUILD | 42 ++++++++++++--------------------------- 1 file changed, 13 insertions(+), 29 deletions(-) (limited to 'community') diff --git a/community/graphicsmagick/APKBUILD b/community/graphicsmagick/APKBUILD index 14788a2351..88c9c8f5e1 100644 --- a/community/graphicsmagick/APKBUILD +++ b/community/graphicsmagick/APKBUILD @@ -1,38 +1,34 @@ # Contributor: Carlo Landmeter # Maintainer: Francesco Colista pkgname=graphicsmagick -pkgver=1.3.26 -pkgrel=5 +pkgver=1.3.27 +pkgrel=0 pkgdesc="Image processing system" url="http://www.graphicsmagick.org/" arch="all" license="MIT" makedepends="jasper-dev libpng-dev tiff-dev libxml2-dev libwmf-dev freetype-dev libtool libltdl" subpackages="$pkgname-dev $pkgname-doc" -source="http://downloads.sourceforge.net/$pkgname/$pkgname/$pkgver/GraphicsMagick-$pkgver.tar.xz - CVE-2017-11642.patch - CVE-2017-11722.patch - CVE-2017-12935.patch - CVE-2017-12936.patch - CVE-2017-12937.patch - CVE-2017-13063-13064-13065.patch - CVE-2017-13648.patch - CVE-2017-13775.patch - CVE-2017-13776-13777.patch - CVE-2017-14103.patch - CVE-2017-14042.patch - CVE-2017-14165.patch" +source="http://downloads.sourceforge.net/$pkgname/$pkgname/$pkgver/GraphicsMagick-$pkgver.tar.xz" options="libtool !check" builddir="$srcdir"/GraphicsMagick-$pkgver # security fixes: +# 1.3.27-r0: +# - CVE-2017-11102 +# - CVE-2017-14314 +# - CVE-2017-14504 +# - CVE-2017-14733 +# - CVE-2017-14994 +# - CVE-2017-14997 +# - CVE-2017-15930 +# - CVE-2017-14649 # 1.3.26-r5: # - CVE-2017-13065 # - CVE-2017-13648 # - CVE-2017-14042 # - CVE-2017-14103 # - CVE-2017-14165 - # 1.3.26-r3: # - CVE-2017-13775 # - CVE-2017-13776 @@ -73,16 +69,4 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="b33ca0f1c858428693aee27a9089acff9e63d1110f85fa036894cfefe6274e7b2422758ea39852f94fdb4823c9c3f3c44b0d8906627503301f5928096f739f22 GraphicsMagick-1.3.26.tar.xz -1706f87cfa248bf08f2e7038ec2d3adf4ad0b9775a8787a48bb168d9bd04578e3ac01dcd384d4d961903dd738f748601619c0999b2a4b4b775e1b72489220336 CVE-2017-11642.patch -f9167ad79f54fc3881d81b9b5cb5b84f38e847103c6945af4fda516d6696ff8e95ec48cbae84161f3dbedca48cf1f3a2afbb0831b54c32363d263c0c1ad5d595 CVE-2017-11722.patch -2cb2ee3f88a835dff63c903bd215abb09c1812fedecbbb19c228fd2680c5762c6a20e6be1497c0fc3ed7a9b16eac6e7fe7f0fc9da4f6ef3e90fe75a049085ca7 CVE-2017-12935.patch -b78b61d7b29c2316ecefe69c473b1aa1e93185e0da245f7cf2d351566ff737bce8e560e9b471334549e4ab76bc8752717f403e7afa9d393bdd64e191f8abbb9c CVE-2017-12936.patch -508ceee0aa73744e9b36c6e60b071d4dc4a5254b4d5265c4ee2bde317713b831db8958667fac44aa1e89b3cc8094027cade368f10f7f5f3d1a2980c2a70d516d CVE-2017-12937.patch -262434bab04541c276728111c9ec5d92abbb68e980813a50712d03505f3d3c4681b4daf02fd22e4ba11ed0daf5b553e4a47291c43f4c146554f1809292b73441 CVE-2017-13063-13064-13065.patch -01cebf614e38f4a80dea508ac03f9a6bba9113fba0bcf66cd6808257ba18957e54e21d728c6c6f201513682696939cde5a29791e42d8eae4bbbca2a787543ecd CVE-2017-13648.patch -b15d1c71a4f7e15cbc6a6a83590c99dfaf20d25f08e07a1ea8ff08f9e0f92d55da3a0afc86a259f88cae01ec0fa21c9b555a9085aae24f4bf3d36c48b29d56e5 CVE-2017-13775.patch -f23c5e7d8e5c9e670ceb27b7e027910f181107033ec86538ce9778a2d37c29964008d5d8774bf59d4b45126b36630d73dc460636bfc55ab72ca64eefaae1768e CVE-2017-13776-13777.patch -7abbd2edcd3dc029b359ad19e0f9eb406805ee4d5d4847f36f3709e0ed43164c20105b3fae7ef22a8dc2c89804f708ba41e7f800cfe5d2bf47dfbb19683978ef CVE-2017-14103.patch -d19741e0e6ae181ab74f0a5a9b8fc72b69eb4107bb34573a34d6e701622dffe73e3d723dd512ba24aae9ca321897a91e0715c74617aa74500deac867c6bbe852 CVE-2017-14042.patch -91df1ec37345fe054f190dc1a0fef759380502b9a211bd61a1c48f7efcebbbf31a6abc8e64c7e3180af559800defdde03e4cfa14c6bf42afb8e5a1088ad44cb9 CVE-2017-14165.patch" +sha512sums="27c2fccebe1ae079040986979405f9840ad39f773e2e0399712695146ec1b0f92a53533e6052df124f5db38aacc95bbd4b2e8692e81c92dade4e169ddfcc9b8c GraphicsMagick-1.3.27.tar.xz" -- cgit v1.2.3