main/pixman: fix CVE-2022-44638

main/pixman/APKBUILD

 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=pixman
 pkgver=0.40.0
-pkgrel=2
+pkgrel=3
 pkgdesc="Low-level pixel manipulation library"
 url="https://gitlab.freedesktop.org/pixman"
 arch="all"
 license="MIT"
 makedepends="meson libpng-dev linux-headers"
 subpackages="$pkgname-static $pkgname-dev $pkgname-dbg"
-source="https://gitlab.freedesktop.org/pixman/pixman/-/archive/pixman-$pkgver/pixman-pixman-$pkgver.tar.gz"
+source="https://gitlab.freedesktop.org/pixman/pixman/-/archive/pixman-$pkgver/pixman-pixman-$pkgver.tar.gz
+	$pkgname-CVE-2022-44638.patch::https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395.patch
+	"
 builddir="$srcdir/pixman-pixman-$pkgver"
 
+# secfixes:
+#   0.40.0-r3:
+#     - CVE-2022-44638
+#
 case "$CARCH" in
 	# broken test (likely due to endianness assumptions)
 	s390x) options="!check" ;;
@@ -32,4 +38,7 @@ package() {
 	DESTDIR="$pkgdir" meson install --no-rebuild -C output
 }
 
-sha512sums="18774e22add5c5442edede5467fa07234c2b9e57a79d88110f25424e4253c6ab0c2921e951c5686cefebf4724ff19ad053d0c28f4d2f8d642bbcf6fc71764ef6  pixman-pixman-0.40.0.tar.gz"
+sha512sums="
+18774e22add5c5442edede5467fa07234c2b9e57a79d88110f25424e4253c6ab0c2921e951c5686cefebf4724ff19ad053d0c28f4d2f8d642bbcf6fc71764ef6  pixman-pixman-0.40.0.tar.gz
+141ad0a4b77d3ea28faab3b73dcb71ca48c3d9431b128a072c7bf934a5096c73a01209847639bf8b08a2b21243bf79147dc32774586b09641c2d8750ed7eeea2  pixman-CVE-2022-44638.patch
+"