diff --git a/main/libexif/APKBUILD b/main/libexif/APKBUILD index 467acb3b995bd85f98da48f626b3fb91b62ed5d1..22a32de8c3bfd52eedfc7515d4bd63fa5fb3bb1e 100644 --- a/main/libexif/APKBUILD +++ b/main/libexif/APKBUILD @@ -1,30 +1,47 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libexif -pkgver=0.6.21 -pkgrel=3 +pkgver=0.6.22 +pkgrel=0 pkgdesc="A library to parse an EXIF file and read the data from those tags" url="https://sourceforge.net/projects/libexif" arch="all" -license="LGPL-2.0+" +license="LGPL-2.0-or-later" subpackages="$pkgname-dev $pkgname-doc" -depends= -makedepends= -source="https://downloads.sf.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2 - CVE-2017-7544.patch - " +source="https://github.com/libexif/libexif/releases/download/libexif-${pkgver//./_}-release/libexif-$pkgver.tar.xz" # secfixes: +# 0.6.22-r0: +# - CVE-2018-20030 +# - CVE-2020-13114 +# - CVE-2020-13113 +# - CVE-2020-13112 +# - CVE-2020-0093 +# - CVE-2019-9278 +# - CVE-2020-12767 +# - CVE-2016-6328 # 0.6.21-r3: # - CVE-2017-7544 +# 0.6.21-r0: +# - CVE-2012-2812 +# - CVE-2012-2813 +# - CVE-2012-2814 +# - CVE-2012-2836 +# - CVE-2012-2837 +# - CVE-2012-2840 +# - CVE-2012-2841 +# - CVE-2012-2845 +# 0.6.19-r0: +# - CVE-2009-3895 prepare() { - cd "$builddir" - update_config_sub default_prepare + + # The tarballs upstream provides uses /usr/bin/sh instead of /bin/sh + # most likely as a result of a poor usrmerge + grep -l '^#!/usr/bin/sh' -r . | xargs sed -i 's|^#!/usr/bin/sh|#!/bin/sh|g' } build() { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -33,13 +50,10 @@ build() { } check() { - cd "$builddir" make check } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } -sha512sums="4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35 libexif-0.6.21.tar.bz2 -5475c9e0f4a05448a571077d24d545cfaa0a7b15978345e92440107770077158b994fc0c785a81bb95ad6b409929c4c516c6e002cd65c9d35eb0e91161750e48 CVE-2017-7544.patch" +sha512sums="0a9e7bf0258ed98a794b667d45e8fc65299101a2a2d2e39c358715b20b003beff258782f0736cd5b53978428a2f878a989f303bee249a978850a065f33c534af libexif-0.6.22.tar.xz" diff --git a/main/libexif/CVE-2017-7544.patch b/main/libexif/CVE-2017-7544.patch deleted file mode 100644 index b8825e1385cf7ee7e72a683adf8321982d781b8d..0000000000000000000000000000000000000000 --- a/main/libexif/CVE-2017-7544.patch +++ /dev/null @@ -1,20 +0,0 @@ -Index: libexif/exif-data.c -=================================================================== -RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v -retrieving revision 1.131 -diff -u -r1.131 exif-data.c ---- a/libexif/exif-data.c 12 Jul 2012 17:28:26 -0000 1.131 -+++ b/libexif/exif-data.c 25 Jul 2017 21:34:06 -0000 -@@ -255,6 +255,12 @@ - exif_mnote_data_set_offset (data->priv->md, *ds - 6); - exif_mnote_data_save (data->priv->md, &e->data, &e->size); - e->components = e->size; -+ if (exif_format_get_size (e->format) != 1) { -+ /* e->format is taken from input code, -+ * but we need to make sure it is a 1 byte -+ * entity due to the multiplication below. */ -+ e->format = EXIF_FORMAT_UNDEFINED; -+ } - } - } -