upgpkg: zlib 1:1.2.12-3: security release CVE-2022-37434

git-svn-id: file:///srv/repos/svn-packages/svn@457805 eb2447ed-0c53-47e4-bac8-5bc4a241df78
archlinux · Oct 12, 2022 · 842507f · 842507f
1 parent 793258d
commit 842507f
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/trunk/PKGBUILD b/trunk/PKGBUILD
@@ -4,17 +4,21 @@ pkgbase=zlib
 pkgname=(zlib minizip)
 epoch=1
 pkgver=1.2.12
-pkgrel=2
+pkgrel=3
 arch=('x86_64')
 license=('custom')
 url="https://www.zlib.net/"
 depends=('glibc')
 options=('staticlibs')  # needed by binutils testsuite
 source=("https://zlib.net/zlib-${pkgver}.tar.gz"{,.asc}
-        $pkgname-handle-incorrect-crc-inputs.patch::https://github.com/madler/zlib/commit/ec3df00224d4.patch)
+        $pkgname-handle-incorrect-crc-inputs.patch::https://github.com/madler/zlib/commit/ec3df00224d4.patch
+        $pkgname-CVE-2022-37434.patch::https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1.patch
+        $pkgname-CVE-2022-37434-fix.patch::https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d.patch)
 sha256sums=('91844808532e5ce316b3c010929493c0244f3d37593afd6de04f71821d5136d9'
             'SKIP'
-            '00e023c3ccb7b895ebb3421970b1b77f8a527b40190f35050b79fd0e817a7b0c')
+            '00e023c3ccb7b895ebb3421970b1b77f8a527b40190f35050b79fd0e817a7b0c'
+            '0bf4794975bd3be95f3f1d92cdf781a26c937d5c879b72939ae9cffbf6c430c7'
+            'db41b76fd40bdc77b26e9a202177cee807da5e7cf751e72298d62742c349057d')
 validpgpkeys=('5ED46A6721D365587791E2AA783FCD8E58BCAFBA')
 
 prepare() {
@@ -23,6 +27,10 @@ prepare() {
 
 	# https://github.com/madler/zlib/issues/613
 	patch -Np1 -i ../$pkgname-handle-incorrect-crc-inputs.patch
+
+	# CVE-2022-37434
+	patch -Np1 -i ../$pkgname-CVE-2022-37434.patch
+	patch -Np1 -i ../$pkgname-CVE-2022-37434-fix.patch
 }
 
 build() {