From 8fcb0a179888b5ce69a7ba1939f77397a7453782 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Tue, 5 May 2015 08:14:35 +0000 Subject: main/libarchive: fix directory traversal in bsdcpio (CVE-2015-2304) ref #4104 --- main/libarchive/APKBUILD | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'main/libarchive/APKBUILD') diff --git a/main/libarchive/APKBUILD b/main/libarchive/APKBUILD index 20ee616df5..512371663c 100644 --- a/main/libarchive/APKBUILD +++ b/main/libarchive/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa pkgname=libarchive pkgver=3.1.2 -pkgrel=1 +pkgrel=2 pkgdesc="library that can create and read several streaming archive formats" url="http://libarchive.googlecode.com/" arch="all" @@ -11,7 +11,9 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-tools" makedepends="zlib-dev bzip2-dev xz-dev acl-dev openssl-dev expat-dev" depends_dev="$makedepends" source="http://www.libarchive.org/downloads/libarchive-$pkgver.tar.gz - CVE-2013-0211.patch" + CVE-2013-0211.patch + CVE-2015-2304.patch + " _builddir="$srcdir"/$pkgname-$pkgver prepare() { @@ -47,8 +49,11 @@ tools() { } md5sums="efad5a503f66329bb9d2f4308b5de98a libarchive-3.1.2.tar.gz -fc5f5158d414e3a7e9f085d8d1470014 CVE-2013-0211.patch" +fc5f5158d414e3a7e9f085d8d1470014 CVE-2013-0211.patch +b27c60d9288780261410366994103278 CVE-2015-2304.patch" sha256sums="eb87eacd8fe49e8d90c8fdc189813023ccc319c5e752b01fb6ad0cc7b2c53d5e libarchive-3.1.2.tar.gz -75f30c3867d3924461bb764ea2ca3c1b1e43240aeb5b0dd93a103fd7a7ca7fe9 CVE-2013-0211.patch" +75f30c3867d3924461bb764ea2ca3c1b1e43240aeb5b0dd93a103fd7a7ca7fe9 CVE-2013-0211.patch +5a862586b4684d819add1df9d747bc47f9a4f2fecd069175bf00f6927c9633bf CVE-2015-2304.patch" sha512sums="1f3c2a675031f93c7d42ae2ed06742b0b1e2236ff57d9117791d62fb8ae77d6cafffbcb5d45b5bd98daa908bd18c576cf82e01a9b1eba699705e23eff3688114 libarchive-3.1.2.tar.gz -c10470ab67dd94944489f72e4d6f39d98163f5d7a92bcd550aa323e9a1b96148588bd04ac7d8c6ff232dc388559fb3e67552bb5c83ac7626ad714517f5022fce CVE-2013-0211.patch" +c10470ab67dd94944489f72e4d6f39d98163f5d7a92bcd550aa323e9a1b96148588bd04ac7d8c6ff232dc388559fb3e67552bb5c83ac7626ad714517f5022fce CVE-2013-0211.patch +ae3161b36605c81622d4d4c44f33c31e596506dc60ffb43a91b0f7b831d15d48abdd64725cd770bca6795230f1505d301a74db63903c91507195ccdea0737b63 CVE-2015-2304.patch" -- cgit v1.2.3