[arch-commits] Commit in mediathekview/trunk (2 files)
David Runge
dvzrv at gemini.archlinux.org
Thu Dec 16 21:12:51 UTC 2021
Date: Thursday, December 16, 2021 @ 21:12:51
Author: dvzrv
Revision: 1075352
upgpkg: mediathekview 13.8.1-2: Rebuild to fix CVE-2021-45046.
Add patch to upgrade log4j to 2.16.0 to mitigate CVE-2021-45046.
Added:
mediathekview/trunk/mediathekview-13.8.1-CVE-2021-45046.patch
Modified:
mediathekview/trunk/PKGBUILD
-------------------------------------------+
PKGBUILD | 22 ++++++++++++++++------
mediathekview-13.8.1-CVE-2021-45046.patch | 12 ++++++++++++
2 files changed, 28 insertions(+), 6 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2021-12-16 21:12:50 UTC (rev 1075351)
+++ PKGBUILD 2021-12-16 21:12:51 UTC (rev 1075352)
@@ -3,7 +3,7 @@
_name=MediathekView
pkgname=mediathekview
pkgver=13.8.1
-pkgrel=1
+pkgrel=2
pkgdesc="Access the Mediathek of many German TV stations"
arch=(any)
url="https://github.com/mediathekview/mediathekview"
@@ -18,16 +18,26 @@
'mplayer: for recording streams'
'vlc: for stream playback'
)
-source=("${pkgname}-${pkgver}.tar.gz::https://github.com/${pkgname}/${pkgname}/archive/refs/tags/${pkgver}.tar.gz"
- "de.${pkgname}.${_name}.desktop"
- "${pkgname}.sh")
+source=(
+ "${pkgname}-${pkgver}.tar.gz::https://github.com/${pkgname}/${pkgname}/archive/refs/tags/${pkgver}.tar.gz"
+ "de.${pkgname}.${_name}.desktop"
+ "${pkgname}.sh"
+ "${pkgname}-13.8.1-CVE-2021-45046.patch"
+)
sha512sums=('91acae0a5add48fab5d6fff54519eaac1321ad15f052ecb9c9221811eb4b793cf61a52f46d0f7f3377c89a2efaf81949c29363729a33225fff0cbecfbbdf1c3e'
'24a94a078180aca7c50ed7763ef4806c116c27f901f644ef570ee413ffc3ac795b5ebd24d696a9b2ec426e7c9b6eaf8a8b22addb5ac7c9fe9700f7c04305f64b'
- '24313f9873aef8680eb466d756c0f537c4d2320e51296f354422bcf70f8f42ffff481c7db0cf58024b2953efb1f7442728e3e977c1ad03aaf3b9c47a535cc6a0')
+ '24313f9873aef8680eb466d756c0f537c4d2320e51296f354422bcf70f8f42ffff481c7db0cf58024b2953efb1f7442728e3e977c1ad03aaf3b9c47a535cc6a0'
+ '0048f32dfc1ef8cc1dc25900a8d233fe9af0aa09fd3593dea4885f95ff9d388533c0656d1b0e4aa46fbecf11225dc60741f25f2b054793402d1f332a4f8c7479')
b2sums=('536a7f1d71b2893d5605b2b6a4c4cad2f63e4381b9245e8b4cc892de09f7f7848f408247f6777cade68814d57adbc2f73527698bd70259c574c5e214bf8d59dc'
'6dbcdea2918009621fc132b4ff1056ef79f06e27c3299b69ccd7e3cb2b093e3a2a5f76acd6b1ab62689edd867ac1650f61bf829f2a1c575835d31e117d9b9ae5'
- 'cbf668c6ccfb42b575d40de256ec03bb7863ea7db0bb02586f6727728fb5f1f004169849bfa9082a40b93042dc9c8f330c743e5983847c0a20f5d613748bae60')
+ 'cbf668c6ccfb42b575d40de256ec03bb7863ea7db0bb02586f6727728fb5f1f004169849bfa9082a40b93042dc9c8f330c743e5983847c0a20f5d613748bae60'
+ '495476b6377dedf057ebd0172d8f17d402b5c431d2da07505ed6b79d7559215da6c4746922eb59dc611f3dff81aecd9babfd112fdf19080df28c7335ab55f7bb')
+prepare() {
+ cd "${_name}-${pkgver}"
+ patch -Np1 -i ../"${pkgname}-13.8.1-CVE-2021-45046.patch"
+}
+
build() {
cd "${_name}-${pkgver}"
./mvnw clean install -Plinux,install4j-linux
Added: mediathekview-13.8.1-CVE-2021-45046.patch
===================================================================
--- mediathekview-13.8.1-CVE-2021-45046.patch (rev 0)
+++ mediathekview-13.8.1-CVE-2021-45046.patch 2021-12-16 21:12:51 UTC (rev 1075352)
@@ -0,0 +1,12 @@
+diff -ruN a/pom.xml b/pom.xml
+--- a/pom.xml 2021-12-13 12:56:06.000000000 +0100
++++ b/pom.xml 2021-12-16 21:38:32.759390705 +0100
+@@ -96,7 +96,7 @@
+ <javax.transaction-api.version>1.3</javax.transaction-api.version>
+ <jna.version>5.10.0</jna.version>
+ <junit.jupiter.version>5.8.0</junit.jupiter.version>
+- <log4j2.version>2.15.0</log4j2.version>
++ <log4j2.version>2.16.0</log4j2.version>
+ <maven-assembly-plugin.version>3.3.0</maven-assembly-plugin.version>
+ <maven-clean-plugin.version>3.1.0</maven-clean-plugin.version>
+ <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
More information about the arch-commits
mailing list