main/openjpeg: security fix for CVE-2017-17480

also remove unused patches

fixes #9679

1 files changed, 10 insertions, 2 deletions

diff --git a/main/openjpeg/APKBUILD b/main/openjpeg/APKBUILD
index 9dc49ec03b..a62b2f8524 100644
--- a/main/openjpeg/APKBUILD
+++ b/main/openjpeg/APKBUILD
@@ -10,7 +10,10 @@ options="!check"  # No test suite.
 license="BSD-2-Clause-NetBSD"
 makedepends="libpng-dev tiff-dev lcms2-dev doxygen cmake"
 subpackages="$pkgname-dev $pkgname-tools"
-source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v$pkgver.tar.gz"
+source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v$pkgver.tar.gz
+	CVE-2017-17480.patch
+	CVE-2018-18088.patch
+	"
 builddir="${srcdir}/$pkgname-$pkgver"
 
 build() {
@@ -24,6 +27,9 @@ build() {
 }
 
 # secfixes:
+#   2.3.0-r1:
+#     - CVE-2017-17480
+#     - CVE-2018-18088
 #   2.3.0-r0:
 #     - CVE-2017-14039
 #   2.2.0-r2:
@@ -49,4 +55,6 @@ tools() {
 	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
 }
 
-sha512sums="0a9d427be4a820b1d759fca4b50e293721b45fe4885aa61ca1ae09e099f75ed93520448090c780d62f51076d575cc03618cd6d5181bdb6b34e4fc07b4cfdd568  openjpeg-2.3.0.tar.gz"
+sha512sums="0a9d427be4a820b1d759fca4b50e293721b45fe4885aa61ca1ae09e099f75ed93520448090c780d62f51076d575cc03618cd6d5181bdb6b34e4fc07b4cfdd568  openjpeg-2.3.0.tar.gz
+15f4292ab6e19ecad1d47772ea28154bc7bbf9b9ba68467c5750e0c823efe3657e5973c08b81456f649fb789b6772ddaf5122f23a530ae0f6a9e5adb61c51c74  CVE-2017-17480.patch
+24b646f2b24cfbe9babe8b5c622069178998f35d0b82f5034ff12f8df5f3ffd35f4f8bcc195dfec1072d8f8847d200c3d28f689ec16f29ab9ce895dbabd044bb  CVE-2018-18088.patch"