Date: Thursday, December 16, 2021 @ 21:12:51 Author: dvzrv Revision: 1075352
upgpkg: mediathekview 13.8.1-2: Rebuild to fix CVE-2021-45046. Add patch to upgrade log4j to 2.16.0 to mitigate CVE-2021-45046. Added: mediathekview/trunk/mediathekview-13.8.1-CVE-2021-45046.patch Modified: mediathekview/trunk/PKGBUILD -------------------------------------------+ PKGBUILD | 22 ++++++++++++++++------ mediathekview-13.8.1-CVE-2021-45046.patch | 12 ++++++++++++ 2 files changed, 28 insertions(+), 6 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2021-12-16 21:12:50 UTC (rev 1075351) +++ PKGBUILD 2021-12-16 21:12:51 UTC (rev 1075352) @@ -3,7 +3,7 @@ _name=MediathekView pkgname=mediathekview pkgver=13.8.1 -pkgrel=1 +pkgrel=2 pkgdesc="Access the Mediathek of many German TV stations" arch=(any) url="https://github.com/mediathekview/mediathekview"; @@ -18,16 +18,26 @@ 'mplayer: for recording streams' 'vlc: for stream playback' ) -source=("${pkgname}-${pkgver}.tar.gz::https://github.com/${pkgname}/${pkgname}/archive/refs/tags/${pkgver}.tar.gz"; - "de.${pkgname}.${_name}.desktop" - "${pkgname}.sh") +source=( + "${pkgname}-${pkgver}.tar.gz::https://github.com/${pkgname}/${pkgname}/archive/refs/tags/${pkgver}.tar.gz"; + "de.${pkgname}.${_name}.desktop" + "${pkgname}.sh" + "${pkgname}-13.8.1-CVE-2021-45046.patch" +) sha512sums=('91acae0a5add48fab5d6fff54519eaac1321ad15f052ecb9c9221811eb4b793cf61a52f46d0f7f3377c89a2efaf81949c29363729a33225fff0cbecfbbdf1c3e' '24a94a078180aca7c50ed7763ef4806c116c27f901f644ef570ee413ffc3ac795b5ebd24d696a9b2ec426e7c9b6eaf8a8b22addb5ac7c9fe9700f7c04305f64b' - '24313f9873aef8680eb466d756c0f537c4d2320e51296f354422bcf70f8f42ffff481c7db0cf58024b2953efb1f7442728e3e977c1ad03aaf3b9c47a535cc6a0') + '24313f9873aef8680eb466d756c0f537c4d2320e51296f354422bcf70f8f42ffff481c7db0cf58024b2953efb1f7442728e3e977c1ad03aaf3b9c47a535cc6a0' + '0048f32dfc1ef8cc1dc25900a8d233fe9af0aa09fd3593dea4885f95ff9d388533c0656d1b0e4aa46fbecf11225dc60741f25f2b054793402d1f332a4f8c7479') b2sums=('536a7f1d71b2893d5605b2b6a4c4cad2f63e4381b9245e8b4cc892de09f7f7848f408247f6777cade68814d57adbc2f73527698bd70259c574c5e214bf8d59dc' '6dbcdea2918009621fc132b4ff1056ef79f06e27c3299b69ccd7e3cb2b093e3a2a5f76acd6b1ab62689edd867ac1650f61bf829f2a1c575835d31e117d9b9ae5' - 'cbf668c6ccfb42b575d40de256ec03bb7863ea7db0bb02586f6727728fb5f1f004169849bfa9082a40b93042dc9c8f330c743e5983847c0a20f5d613748bae60') + 'cbf668c6ccfb42b575d40de256ec03bb7863ea7db0bb02586f6727728fb5f1f004169849bfa9082a40b93042dc9c8f330c743e5983847c0a20f5d613748bae60' + '495476b6377dedf057ebd0172d8f17d402b5c431d2da07505ed6b79d7559215da6c4746922eb59dc611f3dff81aecd9babfd112fdf19080df28c7335ab55f7bb') +prepare() { + cd "${_name}-${pkgver}" + patch -Np1 -i ../"${pkgname}-13.8.1-CVE-2021-45046.patch" +} + build() { cd "${_name}-${pkgver}" ./mvnw clean install -Plinux,install4j-linux Added: mediathekview-13.8.1-CVE-2021-45046.patch =================================================================== --- mediathekview-13.8.1-CVE-2021-45046.patch (rev 0) +++ mediathekview-13.8.1-CVE-2021-45046.patch 2021-12-16 21:12:51 UTC (rev 1075352) @@ -0,0 +1,12 @@ +diff -ruN a/pom.xml b/pom.xml +--- a/pom.xml 2021-12-13 12:56:06.000000000 +0100 ++++ b/pom.xml 2021-12-16 21:38:32.759390705 +0100 +@@ -96,7 +96,7 @@ + <javax.transaction-api.version>1.3</javax.transaction-api.version> + <jna.version>5.10.0</jna.version> + <junit.jupiter.version>5.8.0</junit.jupiter.version> +- <log4j2.version>2.15.0</log4j2.version> ++ <log4j2.version>2.16.0</log4j2.version> + <maven-assembly-plugin.version>3.3.0</maven-assembly-plugin.version> + <maven-clean-plugin.version>3.1.0</maven-clean-plugin.version> + <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
