Date: Wednesday, October 12, 2022 @ 23:03:27
Author: anthraxx
Revision: 457805
upgpkg: zlib 1:1.2.12-3: security release CVE-2022-37434
Modified:
zlib/trunk/PKGBUILD
----------+
PKGBUILD | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2022-10-12 22:52:59 UTC (rev 457804)
+++ PKGBUILD 2022-10-12 23:03:27 UTC (rev 457805)
@@ -4,7 +4,7 @@
pkgname=(zlib minizip)
epoch=1
pkgver=1.2.12
-pkgrel=2
+pkgrel=3
arch=('x86_64')
license=('custom')
url="https://www.zlib.net/";
@@ -11,10 +11,14 @@
depends=('glibc')
options=('staticlibs') # needed by binutils testsuite
source=("https://zlib.net/zlib-${pkgver}.tar.gz"{,.asc}
-
$pkgname-handle-incorrect-crc-inputs.patch::https://github.com/madler/zlib/commit/ec3df00224d4.patch)
+
$pkgname-handle-incorrect-crc-inputs.patch::https://github.com/madler/zlib/commit/ec3df00224d4.patch
+
$pkgname-CVE-2022-37434.patch::https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1.patch
+
$pkgname-CVE-2022-37434-fix.patch::https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d.patch)
sha256sums=('91844808532e5ce316b3c010929493c0244f3d37593afd6de04f71821d5136d9'
'SKIP'
- '00e023c3ccb7b895ebb3421970b1b77f8a527b40190f35050b79fd0e817a7b0c')
+ '00e023c3ccb7b895ebb3421970b1b77f8a527b40190f35050b79fd0e817a7b0c'
+ '0bf4794975bd3be95f3f1d92cdf781a26c937d5c879b72939ae9cffbf6c430c7'
+ 'db41b76fd40bdc77b26e9a202177cee807da5e7cf751e72298d62742c349057d')
validpgpkeys=('5ED46A6721D365587791E2AA783FCD8E58BCAFBA')
prepare() {
@@ -23,6 +27,10 @@
# https://github.com/madler/zlib/issues/613
patch -Np1 -i ../$pkgname-handle-incorrect-crc-inputs.patch
+
+ # CVE-2022-37434
+ patch -Np1 -i ../$pkgname-CVE-2022-37434.patch
+ patch -Np1 -i ../$pkgname-CVE-2022-37434-fix.patch
}
build() {
