From ba6aa5f82728e1979741c480f72c2f355662ad6d Mon Sep 17 00:00:00 2001 From: Leo Date: Wed, 11 Mar 2020 09:51:50 -0300 Subject: main/libarchive: fix CVE-2020-19221 and CVE-2020-9308 --- main/libarchive/APKBUILD | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'main') diff --git a/main/libarchive/APKBUILD b/main/libarchive/APKBUILD index aa98ae4e43..2afb869588 100644 --- a/main/libarchive/APKBUILD +++ b/main/libarchive/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa pkgname=libarchive pkgver=3.3.3 -pkgrel=1 +pkgrel=2 pkgdesc="library that can create and read several streaming archive formats" url="https://libarchive.org/" arch="all" @@ -11,10 +11,13 @@ makedepends="acl-dev bzip2-dev expat-dev lz4-dev openssl-dev xz-dev zlib-dev" subpackages="$pkgname-dev $pkgname-doc $pkgname-tools" source="https://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz CVE-2019-18408.patch::https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60.patch + CVE-2020-19221.patch::https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41.patch " builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 3.3.3-r2: +# - CVE-2020-19221 # 3.3.3-r1: # - CVE-2019-18408 # 3.3.2-r1: @@ -43,4 +46,5 @@ tools() { } sha512sums="9d12b47d6976efa9f98e62c25d8b85fd745d4e9ca7b7e6d36bfe095dfe5c4db017d4e785d110f3758f5938dad6f1a1b009267fd7e82cb7212e93e1aea237bab7 libarchive-3.3.3.tar.gz -4807e01dffb83ff4ef430c66339157e9f7a61db4fc5cec2812c3ee5ad130b4fc2d3c1cbeea87930c76cd8ec3e66272e20622a48edf0c66215b626c4e0db99cab CVE-2019-18408.patch" +4807e01dffb83ff4ef430c66339157e9f7a61db4fc5cec2812c3ee5ad130b4fc2d3c1cbeea87930c76cd8ec3e66272e20622a48edf0c66215b626c4e0db99cab CVE-2019-18408.patch +5ffd3838b3ddbbae5613bf2a75583dd513942b804cd8fed11d24d38adc9c81d7fa739b94cc2d9d0621a93909f4b7b4ec2632cdd8e3e66c1ffd89440e5e3168de CVE-2020-19221.patch" -- cgit v1.2.3