main/jasper: security fixes (CVE-2011-4516, CVE-2011-4517)

fixes #877

1 files changed, 17 insertions, 4 deletions

diff --git a/main/jasper/APKBUILD b/main/jasper/APKBUILD
index ff083e756..915c9d608 100644
--- a/main/jasper/APKBUILD
+++ b/main/jasper/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=jasper
 pkgver=1.900.1
-pkgrel=6
+pkgrel=7
 pkgdesc="A software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard"
 url="http://www.ece.uvic.ca/~mdadams/jasper/"
 arch="all"
@@ -10,12 +10,21 @@ depends=  #"libjpeg>=8 freeglut libxi libxmu mesa"
 makedepends="jpeg-dev>=8"
 subpackages="$pkgname-dev $pkgname-doc libjasper"
 source="http://www.ece.uvic.ca/~mdadams/$pkgname/software/$pkgname-$pkgver.zip
-	jpc_dec.c.patch"
+	jpc_dec.c.patch
+	libjasper-stepsizes-overflow.patch
+	jasper-1.900.1-CVE-2008-3520.patch
+	jasper-1.900.1-CVE-2008-3522.patch
+	jasper-1.900.1-bnc725758.patch
+	"
 
 _builddir="$srcdir"/$pkgname-$pkgver
 prepare() {
 	cd "$_builddir"
-	patch -Np1 < "$srcdir"/jpc_dec.c.patch || return 1
+	for i in $source; do
+		case $i in
+		*.patch) msg $i; patch -Np1 -i "$srcdir"/$i || return 1;;
+		esac
+	done
 	chmod +x configure
 }
 
@@ -43,4 +52,8 @@ libjasper() {
 }
 
 md5sums="a342b2b4495b3e1394e161eb5d85d754  jasper-1.900.1.zip
-36de7128eea6f701c1e2e13ce5bd8d37  jpc_dec.c.patch"
+36de7128eea6f701c1e2e13ce5bd8d37  jpc_dec.c.patch
+24785d8eb3eea19eec7e77d59f3e6a25  libjasper-stepsizes-overflow.patch
+911bb13529483c093d12c15eed4e9243  jasper-1.900.1-CVE-2008-3520.patch
+ed441f30c4231f319d9ff77d86db2ef9  jasper-1.900.1-CVE-2008-3522.patch
+eaf73536f989e629a8c06533e4e6fad5  jasper-1.900.1-bnc725758.patch"