From aa3cad9000d51a3aae7dd04933776c7efd7f3b87 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Thu, 10 Dec 2020 14:36:36 +0100 Subject: sync with Fedora Backport patches for CVE-2020-27824 and CVE-2020-27823 --- openjpeg2-static.spec | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'openjpeg2-static.spec') diff --git a/openjpeg2-static.spec b/openjpeg2-static.spec index ea1c2a0..2ee7543 100644 --- a/openjpeg2-static.spec +++ b/openjpeg2-static.spec @@ -11,7 +11,7 @@ Name: openjpeg2-static Version: 2.3.1 -Release: 6%{?dist} +Release: 9%{?dist} Summary: C-Library for JPEG 2000 # windirent.h is MIT, the rest is BSD @@ -31,6 +31,15 @@ Patch1: openjpeg2_CVE-2020-6851.patch # Backport patch for CVE 2020-8112 # https://github.com/uclouvain/openjpeg/pull/1232/commits/05f9b91e60debda0e83977e5e63b2e66486f7074 Patch2: openjpeg2_CVE-2020-8112.patch +# Backport patch for CVE-2020-27814 +# https://github.com/uclouvain/openjpeg/commit/eaa098b59b346cb88e4d10d505061f669d7134fc +Patch3: openjpeg2_CVE-2020-27814.patch +# Backport patch for CVE-2020-27824 +# https://github.com/uclouvain/openjpeg/pull/1292/commits/6daf5f3e1ec6eff03b7982889874a3de6617db8d +Patch4: openjpeg2_CVE-2020-27824.patch +# Backport patch for CVE-2020-27823 +# https://github.com/uclouvain/openjpeg/commit/b2072402b7e14d22bba6fb8cde2a1e9996e9a919 +Patch5: openjpeg2_CVE-2020-27823.patch BuildRequires: cmake @@ -215,6 +224,9 @@ OpenJPEG2 JP3D module command line tools %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 # Remove all third party libraries just to be sure find thirdparty/ -mindepth 1 -maxdepth 1 -type d -exec rm -rf {} \; @@ -346,6 +358,10 @@ make test -C %{_target_platform} %changelog +* Thu Feb 13 2020 Remi Collet - 2.3.1-9 +- sync with Fedora +- Backport patches for CVE-2020-27824 and CVE-2020-27823 + * Thu Feb 13 2020 Remi Collet - 2.3.1-6 - sync with Fedora - Backport patch for CVE 2020-8112 -- cgit