~alpine/aports

[alpine-aports] [PATCH edge] main/libsndfile: security upgrade to 1.0.28 - fixes #7149

Details
Message ID
<20170414123221.9182-1-sergej.lukin@gmail.com>
Sender timestamp
1492173141
DKIM signature
missing
Download raw message
Patch: +9 -4
CVE-2017-7585: Stack-based buffer overflow in flac_buffer_copy()
CVE-2017-7741: invalid memory WRITE
CVE-2017-7742: invalid memory READ
---
 main/libsndfile/APKBUILD | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/main/libsndfile/APKBUILD b/main/libsndfile/APKBUILD
index b1a9bfdde7..81f9c4d6e4 100644
--- a/main/libsndfile/APKBUILD
+++ b/main/libsndfile/APKBUILD
@@ -1,6 +1,7 @@
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libsndfile
pkgver=1.0.27
pkgver=1.0.28
pkgrel=0
pkgdesc="A C library for reading and writing files containing sampled sound"
url="http://www.mega-nerd.com/libsndfile"
@@ -12,6 +13,12 @@ depends_dev="flac-dev libvorbis-dev libogg-dev"
makedepends="linux-headers alsa-lib-dev $depends_dev"
source="http://www.mega-nerd.com/$pkgname/files/$pkgname-$pkgver.tar.gz"

# secfixes:
#   1.0.28-r0:
#   - CVE-2017-7585
#   - CVE-2017-7741
#   - CVE-2017-7742

_builddir="$srcdir/$pkgname-$pkgver"

prepare() {
@@ -36,6 +43,4 @@ package() {
	cd "$_builddir"
	make DESTDIR="$pkgdir" install || return 1
}
md5sums="fd1d97c6077f03b5d984d7956ffedb7a  libsndfile-1.0.27.tar.gz"
sha256sums="a391952f27f4a92ceb2b4c06493ac107896ed6c76be9a613a4731f076d30fac0  libsndfile-1.0.27.tar.gz"
sha512sums="8272e3219d64be01034d3f7f7565bf20075c04533469a963ad055f00767e9c2987463fb982894ddc1023d5d6c2338f55f8c3e6d2e36635484dde577a0d2ac770  libsndfile-1.0.27.tar.gz"
sha512sums="890731a6b8173f714155ce05eaf6d991b31632c8ab207fbae860968861a107552df26fcf85602df2e7f65502c7256c1b41735e1122485a3a07ddb580aa83b57f  libsndfile-1.0.28.tar.gz"
-- 
2.12.2



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)