sync with Fedora

Backport patches for CVE-2020-27824 and CVE-2020-27823

1 files changed, 17 insertions, 1 deletions

diff --git a/openjpeg2-static.spec b/openjpeg2-static.spec
index ea1c2a0..2ee7543 100644
--- a/openjpeg2-static.spec
+++ b/openjpeg2-static.spec
@@ -11,7 +11,7 @@
 
 Name:           openjpeg2-static
 Version:        2.3.1
-Release:        6%{?dist}
+Release:        9%{?dist}
 Summary:        C-Library for JPEG 2000
 
 # windirent.h is MIT, the rest is BSD
@@ -31,6 +31,15 @@ Patch1:         openjpeg2_CVE-2020-6851.patch
 # Backport patch for CVE 2020-8112
 # https://github.com/uclouvain/openjpeg/pull/1232/commits/05f9b91e60debda0e83977e5e63b2e66486f7074
 Patch2:         openjpeg2_CVE-2020-8112.patch
+# Backport patch for CVE-2020-27814
+# https://github.com/uclouvain/openjpeg/commit/eaa098b59b346cb88e4d10d505061f669d7134fc
+Patch3:         openjpeg2_CVE-2020-27814.patch
+# Backport patch for CVE-2020-27824
+# https://github.com/uclouvain/openjpeg/pull/1292/commits/6daf5f3e1ec6eff03b7982889874a3de6617db8d
+Patch4:         openjpeg2_CVE-2020-27824.patch
+# Backport patch for CVE-2020-27823
+# https://github.com/uclouvain/openjpeg/commit/b2072402b7e14d22bba6fb8cde2a1e9996e9a919
+Patch5:         openjpeg2_CVE-2020-27823.patch
 
 
 BuildRequires:  cmake
@@ -215,6 +224,9 @@ OpenJPEG2 JP3D module command line tools
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
 
 # Remove all third party libraries just to be sure
 find thirdparty/ -mindepth 1 -maxdepth 1 -type d -exec rm -rf {} \;
@@ -346,6 +358,10 @@ make test -C %{_target_platform}
 
 
 %changelog
+* Thu Feb 13 2020 Remi Collet <remi@remirepo.net> - 2.3.1-9
+- sync with Fedora
+- Backport patches for CVE-2020-27824 and CVE-2020-27823
+
 * Thu Feb 13 2020 Remi Collet <remi@remirepo.net> - 2.3.1-6
 - sync with Fedora
 - Backport patch for CVE 2020-8112