main/openjpeg: security fixes (CVE-2016-9580, CVE-2016-9581). Fixes #6564

author: Francesco Colista <fcolista@alpinelinux.org> 2016-12-21 15:44:10 +0000
committer: Francesco Colista <fcolista@alpinelinux.org> 2016-12-21 15:44:10 +0000
commit: 91f0ed50281f76fcbbc7760fd7617e01b9a50c47 (patch)
tree: abc3d2cb26df78a868ff7f882a111a0220835924 /main/openjpeg/APKBUILD
parent: 1652fa54e02fa1bde13cb2965e69c57a9963b128 (diff)
download: aports-91f0ed50281f76fcbbc7760fd7617e01b9a50c47.tar.bz2
aports-91f0ed50281f76fcbbc7760fd7617e01b9a50c47.tar.xz
1 files changed, 14 insertions, 5 deletions
diff --git a/main/openjpeg/APKBUILD b/main/openjpeg/APKBUILD
index 790da36065..f9c374e7bf 100644
--- a/main/openjpeg/APKBUILD
+++ b/main/openjpeg/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Francesco Colista <fcolista@alpinelinux.org>
 pkgname=openjpeg
 pkgver=2.1.2
-pkgrel=0
+pkgrel=1
 pkgdesc="Open-source implementation of JPEG2000 image codec"
 url="http://www.openjpeg.org/"
 arch="all"
@@ -12,7 +12,8 @@ depends_dev=""
 makedepends="$depends_dev libpng-dev tiff-dev lcms-dev doxygen cmake"
 install=""
 subpackages="$pkgname-dev $pkgname-tools"
-source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v$pkgver.tar.gz"
+source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v$pkgver.tar.gz
+CVE-2016-9580-9581.patch"
 builddir="${srcdir}/$pkgname-$pkgver"
 
 build() {
@@ -26,6 +27,11 @@ build() {
 	make || return 1
 }
 
+# secfixes:
+#   2.1.2-r1:
+#     - CVE-2016-9580
+#     - CVE-2016-9581
+
 package() {
 	cd "$builddir"
 	make DESTDIR="$pkgdir" install || return 1
@@ -37,6 +43,9 @@ tools() {
 	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
 }
 
-md5sums="40a7bfdcc66280b3c1402a0eb1a27624  openjpeg-2.1.2.tar.gz"
-sha256sums="4ce77b6ef538ef090d9bde1d5eeff8b3069ab56c4906f083475517c2c023dfa7  openjpeg-2.1.2.tar.gz"
-sha512sums="411067e33c8e4da9921d0281e932a4ac2af592cf822bfad828daea9e2b9c414859455bcec6d912ce76460ea462fa4cbd94a401333bda5716ec017d18b8e5942c  openjpeg-2.1.2.tar.gz"
+md5sums="40a7bfdcc66280b3c1402a0eb1a27624  openjpeg-2.1.2.tar.gz
+a5971d486b670e76d5e473ff15e65405  CVE-2016-9580-9581.patch"
+sha256sums="4ce77b6ef538ef090d9bde1d5eeff8b3069ab56c4906f083475517c2c023dfa7  openjpeg-2.1.2.tar.gz
+e352e9480925a31804d965c673545eeaa32d0a47605abaaa09b515ca956058ba  CVE-2016-9580-9581.patch"
+sha512sums="411067e33c8e4da9921d0281e932a4ac2af592cf822bfad828daea9e2b9c414859455bcec6d912ce76460ea462fa4cbd94a401333bda5716ec017d18b8e5942c  openjpeg-2.1.2.tar.gz
+bffe1126c18296fdc1e7f98437e2b468b8b16c4903d504dc9abf24a9b8e02f18e86200038c5a59c061c40d41b42f6b378776ed0040559bb362a3a592928941d7  CVE-2016-9580-9581.patch"
author	Francesco Colista <fcolista@alpinelinux.org>	2016-12-21 15:44:10 +0000
committer	Francesco Colista <fcolista@alpinelinux.org>	2016-12-21 15:44:10 +0000
commit	91f0ed50281f76fcbbc7760fd7617e01b9a50c47 (patch)
tree	abc3d2cb26df78a868ff7f882a111a0220835924 /main/openjpeg/APKBUILD
parent	1652fa54e02fa1bde13cb2965e69c57a9963b128 (diff)
download	aports-91f0ed50281f76fcbbc7760fd7617e01b9a50c47.tar.bz2 aports-91f0ed50281f76fcbbc7760fd7617e01b9a50c47.tar.xz