main/gmp: patch CVE-2021-43618

2026-05-05 20:36:40 +02:00 · 2022-01-27 15:37:40 +11:00 · 2022-01-27 15:37:40 +11:00 · 0991be33db
commit 0991be33db
parent de04413a55
1 changed files with 8 additions and 2 deletions
--- a/main/gmp/APKBUILD
+++ b/main/gmp/APKBUILD
@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=gmp
 pkgver=6.2.1
-pkgrel=0
+pkgrel=1
 pkgdesc="free library for arbitrary precision arithmetic"
 url="https://gmplib.org/"
 arch="all"
@ -9,9 +9,14 @@ license="LGPL-3.0-or-later OR GPL-2.0-or-later"
 makedepends="m4 texinfo libtool"
 subpackages="$pkgname-doc $pkgname-dev libgmpxx"
 source="https://gmplib.org/download/gmp/gmp-$pkgver.tar.xz
+	CVE-2021-43618.patch::https://gmplib.org/repo/gmp-6.2/raw-rev/561a9c25298e
 	"
 replaces="gmp5"

+# secfixes:
+#   6.2.1-r1:
+#     - CVE-2021-43618
+
 prepare() {
 	default_prepare
 	# force update to libtool with fixed cross-build support
@ -51,4 +56,5 @@ doc() {
 	replaces="gmp5-doc"
 }

-sha512sums="c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84  gmp-6.2.1.tar.xz"
+sha512sums="c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84  gmp-6.2.1.tar.xz
+3956190d9c266feb62f8965c3cd32d0a9260f76ffb0d3e32211974bb53ddd5c6eaa657f7e00ba8fa7c914c0e1375155d25de6a81cdb9b03d6a5bbc16ac121447  CVE-2021-43618.patch"