From f6c67fc2c1f3444940b9aeba8ce299e5dbe37ce4 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Tue, 29 Mar 2022 14:11:15 +0200
Subject: sync with Fedora

Backport fix for CVE-2022-1122
---
 openjpeg2-static.spec | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'openjpeg2-static.spec')

diff --git a/openjpeg2-static.spec b/openjpeg2-static.spec
index f0339cc..0eac83c 100644
--- a/openjpeg2-static.spec
+++ b/openjpeg2-static.spec
@@ -11,7 +11,7 @@
 
 Name:           openjpeg2-static
 Version:        2.4.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        C-Library for JPEG 2000
 
 # windirent.h is MIT, the rest is BSD
@@ -32,6 +32,9 @@ Patch1:         CVE-2021-29338.patch
 # Backport proposed patch for heap buffer overflow (#1957616)
 # See https://github.com/uclouvain/openjpeg/issues/1347
 Patch2:         heap-buffer-overflow.patch
+# Backport patch for CVE-2022-1122
+# See https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d
+Patch3:         CVE-2022-1122.patch
 
 
 BuildRequires:  cmake
@@ -216,6 +219,7 @@ OpenJPEG2 JP3D module command line tools
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 # Remove all third party libraries just to be sure
 find thirdparty/ -mindepth 1 -maxdepth 1 -type d -exec rm -rf {} \;
@@ -347,6 +351,10 @@ make test -C %{_target_platform}
 
 
 %changelog
+* Tue Mar 29 2022 Remi Collet <remi@remirepo.net> - 2.4.0-2
+- sync with Fedora
+- Backport fix for CVE-2022-1122
+
 * Mon May 31 2021 Remi Collet <remi@remirepo.net> - 2.4.0-1
 - sync with Fedora
 - Update to 2.4.0
-- 
cgit