Commit a85da862 authored by Leo's avatar Leo
Browse files

main/libjpeg-turbo: fix CVE-2020-13790

See #11676
parent 5e60bc7b
Pipeline #23596 failed with stages
in 303 minutes and 15 seconds
......@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libjpeg-turbo
pkgver=2.0.4
pkgrel=0
pkgrel=1
pkgdesc="Accelerated baseline JPEG compression and decompression library"
url="https://libjpeg-turbo.org/"
arch="all"
......@@ -11,9 +11,13 @@ depends=""
makedepends="cmake nasm"
replaces="libjpeg"
subpackages="$pkgname-doc $pkgname-dev $pkgname-utils"
source="https://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz"
source="https://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz
CVE-2020-13790.patch::https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a.patch
"
# secfixes:
# 2.0.4-r1:
# - CVE-2020-13790
# 2.0.4-r0:
# - CVE-2019-2201
# 2.0.2-r0:
......@@ -71,4 +75,5 @@ dev() {
replaces="jpeg-dev"
}
sha512sums="708c2e7418d9ed5abca313e2ff5a08f8176d79cad2127573cda6036583c201973db4cfb0eafc0fc8f57ecc7b000d2b4af95980de54de5a0aed45969e993a5bf9 libjpeg-turbo-2.0.4.tar.gz"
sha512sums="708c2e7418d9ed5abca313e2ff5a08f8176d79cad2127573cda6036583c201973db4cfb0eafc0fc8f57ecc7b000d2b4af95980de54de5a0aed45969e993a5bf9 libjpeg-turbo-2.0.4.tar.gz
d1d1eb7e6af3bc3cf32199dae220be43f8403788dc0b88fc1f5cdd5d179ac90dc7ede1d7cdc6bdf28a865237d3c2c62bc7e2ac333967d96725f3385dbef89238 CVE-2020-13790.patch"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment