[arch-commits] Commit in musl/trunk (PKGBUILD)

Eli Schwartz eschwartz at archlinux.org
Fri Nov 20 20:28:39 UTC 2020


    Date: Friday, November 20, 2020 @ 20:28:39
  Author: eschwartz
Revision: 758086

upgpkg: musl 1.2.1-2: fix for FS#68685 - CVE-2020-28928

Modified:
  musl/trunk/PKGBUILD

----------+
 PKGBUILD |   15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-11-20 20:17:32 UTC (rev 758085)
+++ PKGBUILD	2020-11-20 20:28:39 UTC (rev 758086)
@@ -4,7 +4,7 @@
 
 pkgname=musl
 pkgver=1.2.1
-pkgrel=1
+pkgrel=2
 pkgdesc='Lightweight implementation of C standard library'
 arch=('x86_64')
 url='https://www.musl-libc.org/'
@@ -11,10 +11,19 @@
 license=('MIT')
 options=('staticlibs' '!buildflags')
 validpgpkeys=('836489290BB6B70F99FFDA0556BCDB593020450F')
-source=(https://www.musl-libc.org/releases/musl-$pkgver.tar.gz{,.asc})
+source=(https://www.musl-libc.org/releases/musl-$pkgver.tar.gz{,.asc}
+        "CVE-2020-28928.patch::https://git.musl-libc.org/cgit/musl/patch/?id=3ab2a4e02682df1382955071919d8aa3c3ec40d4")
 sha256sums=('68af6e18539f646f9c41a3a2bb25be4a5cfa5a8f65f0bb647fd2bbfdf877e84b'
-            'SKIP')
+            'SKIP'
+            '179b6e83f5277bbbad78a8fd19e47099da4d233cc11a4439485e640ddc756b2d')
 
+prepare() {
+  cd $pkgname-$pkgver
+
+  # FS#68685 - [musl][security] 1.2.1-1: CVE-2020-28928: wcsnrtombs destination buffer overflow
+  patch -p1 -i ../CVE-2020-28928.patch
+}
+
 build() {
   cd $pkgname-$pkgver
   ./configure --prefix=/usr/lib/musl \


More information about the arch-commits mailing list