[arch-commits] Commit in sox/trunk (PKGBUILD)
Antonio Rojas
arojas at archlinux.org
Wed Feb 21 23:13:53 UTC 2018
Date: Wednesday, February 21, 2018 @ 23:13:52
Author: arojas
Revision: 317369
Fix multiple security issues (FS#57485)
Modified:
sox/trunk/PKGBUILD
----------+
PKGBUILD | 26 +++++++++++++++++++++++---
1 file changed, 23 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2018-02-21 22:38:26 UTC (rev 317368)
+++ PKGBUILD 2018-02-21 23:13:52 UTC (rev 317369)
@@ -3,7 +3,7 @@
pkgname=sox
pkgver=14.4.2
-pkgrel=2
+pkgrel=3
pkgdesc="The Swiss Army knife of sound processing tools"
arch=('x86_64')
url="http://sox.sourceforge.net/"
@@ -18,14 +18,34 @@
'libpulse: for pulse plugin'
'opusfile: for opus plugin'
'twolame: for mp3 plugin')
-source=(http://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.bz2 sox-dynamic.patch)
+source=(http://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.bz2 sox-dynamic.patch
+ CVE-2017-15371.patch::https://github.com/mansr/sox/commit/818bdd0.patch
+ CVE-2017-11358.patch::https://github.com/mansr/sox/commit/6cb44a4.patch
+ CVE-2017-15370.patch::https://github.com/mansr/sox/commit/ef3d8be.patch
+ CVE-2017-11332.patch::https://github.com/mansr/sox/commit/7405bca.patch
+ CVE-2017-11359.patch::https://github.com/mansr/sox/commit/8b590b3.patch
+ CVE-2017-15372.patch::https://github.com/mansr/sox/commit/001c337.patch
+ CVE-2017-15642.patch::https://github.com/mansr/sox/commit/0be259e.patch)
+
sha1sums=('dc9668256b9d81ef25d672f14f12ec026b0b4087'
- '9c71fa36596ed127b1bb367cfbab3b52cd2ecb6d')
+ '9c71fa36596ed127b1bb367cfbab3b52cd2ecb6d'
+ 'e10b3903906eee6e1ac413c985de8deba1089c6c'
+ '67c701cf7b3b78b167e5c62a2deade5b92c73bf6'
+ '8cf9cda08e3da1d3cf75fa64d17859b9b2a05b73'
+ 'dc832d954ea1dcddfdf80719bbcb7b4f187a9901'
+ '293e4b7942a82c686695d968a2e0b0400ba4f534'
+ 'd580cfbac8e6562e9150dbd10b36fd66f4011a48'
+ '23b0012c3e214eade8e6fedeb610548f90527ee4')
prepare() {
cd ${pkgname}-${pkgver}
sed -i 's|man1/sox.1 soxeffect.7|man1/sox.1.gz soxeffect.7.gz|' Makefile.in
patch -p1 -i "${srcdir}/sox-dynamic.patch"
+ for _cve in 15371 11358 15370 11332 11359 15372 15642; do
+ patch -p1 -i ../CVE-2017-$_cve.patch
+ done
+ sed -e '/hcom/d' -i src/tests.sh # test fails with CVE-2017-11358.patch
+
aclocal
automake
}
More information about the arch-commits
mailing list