1

[alpine-aports] [PATCH] main/ffmpeg: security upgrade to 3.3.4

Daniel Sabogal
Details
Message ID
<20170921025714.32348-1-dsabogalcc@gmail.com>
Sender timestamp
1505962633
DKIM signature
missing
Download raw message
Patch: +18 -3
CVE-2017-14054
CVE-2017-14055
CVE-2017-14056
CVE-2017-14057
CVE-2017-14058
CVE-2017-14059
CVE-2017-14169
CVE-2017-14170
CVE-2017-14171
CVE-2017-14222
CVE-2017-14223
CVE-2017-14225
---
 main/ffmpeg/APKBUILD | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/main/ffmpeg/APKBUILD b/main/ffmpeg/APKBUILD
index 3947080f98..d0a9358d9e 100644
--- a/main/ffmpeg/APKBUILD
+++ b/main/ffmpeg/APKBUILD
@@ -3,7 +3,7 @@
 # Contributor: Jakub Skrzypnik <j.skrzypnik@openmailbox.org>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=ffmpeg
-pkgver=3.3.3
+pkgver=3.3.4
 pkgrel=0
 pkgdesc="Complete and free Internet live audio and video broadcasting solution for Linux/Unix"
 url="http://ffmpeg.org/"
@@ -14,11 +14,26 @@ makedepends="gnutls-dev lame-dev libvorbis-dev xvidcore-dev zlib-dev libvdpau-de
 	imlib2-dev x264-dev libtheora-dev coreutils bzip2-dev perl-dev libvpx-dev
 	libvpx-dev sdl2-dev libxfixes-dev libva-dev alsa-lib-dev rtmpdump-dev
 	v4l-utils-dev yasm opus-dev x265-dev"
-source="http://ffmpeg.org/releases/ffmpeg-$pkgver.tar.bz2
+source="http://ffmpeg.org/releases/ffmpeg-$pkgver.tar.xz
 	0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch
 	"
 builddir="$srcdir/$pkgname-$pkgver"
 
+# secfixes:
+#   3.3.4-r0:
+#     - CVE-2017-14054
+#     - CVE-2017-14055
+#     - CVE-2017-14056
+#     - CVE-2017-14057
+#     - CVE-2017-14058
+#     - CVE-2017-14059
+#     - CVE-2017-14169
+#     - CVE-2017-14170
+#     - CVE-2017-14171
+#     - CVE-2017-14222
+#     - CVE-2017-14223
+#     - CVE-2017-14225
+
 build() {
 	local _dbg="--disable-debug"
 	local _asm=""
@@ -74,5 +89,5 @@ libs() {
 	mv "$pkgdir"/usr/lib "$subpkgdir"/usr
 }
 
-sha512sums="1cc63bf73356f4e618c0d3572a216bdf5689f10deff56b4262f6d740b0bee5a4b3eac234f45fca3d4d2da77903a507b4fba725b76d2d2070f31b6dae9e7a2dab  ffmpeg-3.3.3.tar.bz2
+sha512sums="ddeab4ab3d149a1b560c8ad2242f8ea5fb37a57a06a5af1adf6d5afde9975aa4b2d72f7c5106f20d2194b546164f55f93f6b3d1bb784501b842b0eae89a6a691  ffmpeg-3.3.4.tar.xz
 32652e18d4eb231a2e32ad1cacffdf33264aac9d459e0e2e6dd91484fced4e1ca5a62886057b1f0b4b1589c014bbe793d17c78adbaffec195f9a75733b5b18cb  0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch"
-- 
2.14.1



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

[alpine-aports] [PATCH] main/libxml2: security upgrade to 2.9.5

Daniel Sabogal
Details
Message ID
<20170921025714.32348-2-dsabogalcc@gmail.com>
In-Reply-To
<20170921025714.32348-1-dsabogalcc@gmail.com> (view parent)
Sender timestamp
1505962634
DKIM signature
missing
Download raw message
Patch: +3 -9
---
 main/libxml2/APKBUILD | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD
index 8d3d0531f1..0614ea8c9b 100644
--- a/main/libxml2/APKBUILD
+++ b/main/libxml2/APKBUILD
@@ -1,8 +1,8 @@
 # Contributor: Carlo Landmeter <clandmeter@gmail.com>
 # Maintainer: Carlo Landmeter <clandmeter@gmail.com>
 pkgname=libxml2
-pkgver=2.9.4
-pkgrel=4
+pkgver=2.9.5
+pkgrel=0
 pkgdesc="XML parsing library, version 2"
 url="http://www.xmlsoft.org/"
 arch="all"
@@ -14,9 +14,6 @@ makedepends="$depends_dev python2-dev"
 subpackages="$pkgname-doc $pkgname-dev py-$pkgname:py $pkgname-utils"
 options="!strip"
 source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
-	CVE-2016-5131.patch
-	CVE-2016-9318.patch
-	CVE-2017-5969.patch
 	"
 builddir="$srcdir/$pkgname-$pkgver"
 
@@ -71,7 +68,4 @@ utils() {
 	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
 }
 
-sha512sums="f5174ab1a3a0ec0037a47f47aa47def36674e02bfb42b57f609563f84c6247c585dbbb133c056953a5adb968d328f18cbc102eb0d00d48eb7c95478389e5daf9  libxml2-2.9.4.tar.gz
-c92cda9851fdf8af6cb21aa80f39b474cddef8c749298f5b51f76f871160ac9749fdaac3fa406cc0c75a666f7627983fce0e90fb2919f3a8c778e1148583be33  CVE-2016-5131.patch
-508550f2f3489954abceee5404722dc7a8dcf6590219561a1ab36c2c14b1d1bfc2bad0403577db4e20c2c4e8c9114beb6bd80b165bb8e02c6cc52e6c5fb6e1ee  CVE-2016-9318.patch
-c1ce2284bdd874bd6eb1b2bef0e2c8d561861f82b5f03c4b7155e3ed11e2c56743d2f624530f0c7672d65329a13199e534f51ec19f06d4b6941b861dda50ef67  CVE-2017-5969.patch"
+sha512sums="197dbd1722e5f90eea43837323352f48d215e198aa6b95685645ef7511e2beba8aadc0dd67e099c945120c5dbe7f8c9da5f376b22f447059e9ffa941c1bfd175  libxml2-2.9.5.tar.gz"
-- 
2.14.1



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---