aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAriadne Conill <ariadne@dereferenced.org>2021-04-27 09:41:29 -0600
committerAriadne Conill <ariadne@dereferenced.org>2021-04-27 09:44:04 -0600
commit3b7f9b28c6218d3b9071ee14adbd1680c76c6c56 (patch)
tree7d394c0d438b985126a9b354cb3653f38edc8f9c
parent3747a2156239381575ecd7f7bdf9ad06b4214aeb (diff)
downloadaports-3b7f9b28c6218d3b9071ee14adbd1680c76c6c56.tar.gz
aports-3b7f9b28c6218d3b9071ee14adbd1680c76c6c56.tar.bz2
aports-3b7f9b28c6218d3b9071ee14adbd1680c76c6c56.tar.xz
main/openjpeg: add mitigation for CVE-2021-29338
-rw-r--r--main/openjpeg/APKBUILD8
1 files changed, 6 insertions, 2 deletions
diff --git a/main/openjpeg/APKBUILD b/main/openjpeg/APKBUILD
index e2e949329c..a7dd0f3fda 100644
--- a/main/openjpeg/APKBUILD
+++ b/main/openjpeg/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
pkgname=openjpeg
pkgver=2.4.0
-pkgrel=0
+pkgrel=1
pkgdesc="Open-source implementation of JPEG2000 image codec"
url="https://www.openjpeg.org/"
arch="all"
@@ -11,6 +11,7 @@ makedepends="libpng-dev tiff-dev lcms2-dev doxygen cmake"
subpackages="$pkgname-dev $pkgname-tools"
source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v$pkgver.tar.gz
fix-cmakelists.patch
+ CVE-2021-29338.patch::https://github.com/uclouvain/openjpeg/commit/b4700bc09d55ac17ff6bef9b0a867f6de527be17.patch
"
build() {
@@ -22,6 +23,8 @@ build() {
}
# secfixes:
+# 2.4.0-r1:
+# - CVE-2021-29338
# 2.4.0-r0:
# - CVE-2020-27844
# 2.3.1-r5:
@@ -67,4 +70,5 @@ tools() {
}
sha512sums="55daab47d33823af94e32e5d345b52c251a5410f0c8e0a13b693f17899eedc8b2bb107489ddcba9ab78ef17dfd7cd80d3c5ec80c1e429189cb041124b67e07a8 openjpeg-2.4.0.tar.gz
-b50cd382d08647db18f202769aae7df87613a18143a30e360e8f00aba1ec1b7fd0a153685dbea3950bc5623b06c314326777c4fb7aff56adfc6b17bc74c933e5 fix-cmakelists.patch"
+b50cd382d08647db18f202769aae7df87613a18143a30e360e8f00aba1ec1b7fd0a153685dbea3950bc5623b06c314326777c4fb7aff56adfc6b17bc74c933e5 fix-cmakelists.patch
+94ca747f6655a9b927d50cceb82529c36e0d4ef3f883b76b7f1aacc0784dce5df3cc7ba21ff888077873e0c3029f0ac505f0c741cbe225edb3880790527f5d81 CVE-2021-29338.patch"