forked from wolfi-dev/os
/
patch.yaml
87 lines (75 loc) · 1.73 KB
/
patch.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
package:
name: patch
version: 2.7.6
epoch: 3
description: "GNU patch"
target-architecture:
- all
copyright:
- paths:
- "*"
attestation: TODO
license: GPL-3.0-or-later
dependencies:
runtime:
secfixes:
2.7.6-r3:
- CVE-2019-20633
- CVE-2018-1000156
- CVE-2019-13638
- CVE-2018-20969
- CVE-2019-13636
- CVE-2018-6951
- CVE-2018-6952
environment:
contents:
repositories:
- https://packages.wolfi.dev/bootstrap/stage3
keyring:
- https://packages.wolfi.dev/bootstrap/stage3/wolfi-signing.rsa.pub
packages:
- wolfi-baselayout
- busybox
- ca-certificates-bundle
- build-base
- autoconf
- automake
- libtool
pipeline:
- uses: fetch
with:
uri: https://ftp.gnu.org/gnu/patch/patch-${{package.version}}.tar.gz
expected-sha256: 8cf86e00ad3aaa6d26aca30640e86b0e3e1f395ed99f189b06d4c9f74bc58a4e
- uses: patch
with:
patches: CVE-2018-6951.patch
- uses: patch
with:
patches: CVE-2018-6952.patch
- uses: patch
with:
patches: 0001-Allow-input-files-to-be-missing-for-ed-style-patches.patch
- uses: patch
with:
patches: 0002-Fix-arbitrary-command-execution-in-ed-style-patches-.patch
- uses: patch
with:
patches: CVE-2019-13636.patch
- uses: patch
with:
patches: CVE-2019-13638.patch
- uses: patch
with:
patches: CVE-2019-20633.patch
- runs: |
autoreconf -vfi
- name: Configure
runs: |
./configure \
--host=$(uname -m)-pc-linux-gnu \
--target=$(uname -m)-pc-linux-gnu \
--prefix=/usr \
--datadir=/usr/share
- uses: autoconf/make
- uses: autoconf/make-install
- uses: strip