Skip to content
Snippets Groups Projects
Commit ae653326 authored by Ariadne Conill's avatar Ariadne Conill
Browse files

community/discover: add mitigation for CVE-2021-28117

parent 9fd95294
No related branches found
No related tags found
No related merge requests found
......@@ -2,7 +2,7 @@
# Maintainer: Bart Ribbers <bribbers@disroot.org>
pkgname=discover
pkgver=5.20.5
pkgrel=0
pkgrel=1
# armhf blocked by qt5-qtdeclarative
# s390x blocked by flatpak
arch="all !armhf !s390x !mips64"
......@@ -12,9 +12,14 @@ license="LGPL-2.0-or-later AND (GPL-2.0-only OR GPL-3.0-only) AND GFDL-1.2-only"
depends="kirigami2"
makedepends="extra-cmake-modules qt5-qtbase-dev qt5-qtdeclarative-dev kcoreaddons-dev kconfig-dev kcrash-dev kdbusaddons-dev ki18n-dev karchive-dev kxmlgui-dev kitemmodels-dev kio-dev kdeclarative-dev attica-dev knewstuff-dev plasma-framework-dev appstream-dev flatpak-dev"
checkdepends="xvfb-run"
source="https://download.kde.org/stable/plasma/$pkgver/discover-$pkgver.tar.xz"
source="https://download.kde.org/stable/plasma/$pkgver/discover-$pkgver.tar.xz
CVE-2021-28117.patch::https://invent.kde.org/plasma/discover/commit/fcd3b30552bf03a384b1a16f9bb8db029c111356.patch"
subpackages="$pkgname-lang $pkgname-backend-flatpak:backend_flatpak"
# secfixes:
# 5.20.5-r1:
# - CVE-2021-28117
case "$CARCH" in
x86|x86_64)
makedepends="$makedepends fwupd-dev"
......@@ -81,4 +86,5 @@ backend_fwupd() {
"$subpkgdir"/usr/lib/qt5/plugins/discover/
}
sha512sums="e33f1027a09c8c7733c0b9da81ee82f0c90237c736435ad93cfdb127d79e0ddee0d4d8214774032c81a4078613d278688f0fddbf287aa03a5192cfcdb1eeffa7 discover-5.20.5.tar.xz"
sha512sums="e33f1027a09c8c7733c0b9da81ee82f0c90237c736435ad93cfdb127d79e0ddee0d4d8214774032c81a4078613d278688f0fddbf287aa03a5192cfcdb1eeffa7 discover-5.20.5.tar.xz
187e7082bea4897de80886b172185aac581ef72b90ea465952f9d9f574febaca8b9dd26c8c26dcee646dbc1004764df2d94d99bc2b864eedc8431887df51b295 CVE-2021-28117.patch"
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment