--- PKGBUILD 2016-03-08 20:43:04.839347001 +0100 +++ PKGBUILD 2016-03-08 20:43:58.565963656 +0100 @@ -3,7 +3,7 @@ pkgname=jasper pkgver=1.900.1 -pkgrel=14 +pkgrel=15 pkgdesc="A software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard" arch=('i686' 'x86_64') url="http://www.ece.uvic.ca/~mdadams/jasper/" @@ -16,11 +16,14 @@ jpc_dec.c.patch jasper-1.900.1-CVE-2008-3522.patch jasper-1.900.1-CVE-2014-8137.patch jasper-avoid-assert-abort.diff jasper-1.900.1-CVE-2014-8138.patch jasper-1.900.1-CVE-2014-9029.patch - jasper-1.900.1-CVE-2011-4516-and-CVE-2011-4517.patch + jasper-1.900.1-CVE-2011-4516-and-CVE-2011-4517.patch jasper-1.900.1-fix-filename-buffer-overflow.patch - jasper-1.900.1-CVE-2014-8157.patch - jasper-1.900.1-CVE-2014-8158.patch - jasper-1.900.1-CVE-2015-5203.patch) + jasper-1.900.1-CVE-2014-8157.patch + jasper-1.900.1-CVE-2014-8158.patch + jasper-1.900.1-CVE-2015-5203.patch + jasper-1.900.1-CVE-2016-1577.patch + jasper-1.900.1-CVE-2016-2089.patch + jasper-1.900.1-CVE-2016-2116.patch) sha1sums=('9c5735f773922e580bf98c7c7dfda9bbed4c5191' 'f298566fef08c8a589d072582112cd51c72c3983' '2483dba925670bf29f531d85d73c4e5ada513b01' @@ -34,7 +37,10 @@ '577dfce40da75818c4d32eb1c4532b1370950bee' 'aaf96946073d2ece35f3695e8cc7956b5cad9a1d' 'e69b339de43d1dc2fbb98368cee3d20f76d35941' - 'b28a15079e6c5dd4cde8d63c21763c8abb9d187c') + 'b28a15079e6c5dd4cde8d63c21763c8abb9d187c' + '70dafcbcf76e32d8601e2ed11712d018d38d7f56' + '06f89116508b1498e97a41ae07e15a4f049e671d' + '101de5e73ebd690c08a7c1d7639fb35ede41faa3') prepare() { cd ${pkgname}-${pkgver} @@ -51,6 +57,9 @@ patch -p1 -i "${srcdir}/jasper-1.900.1-CVE-2014-8157.patch" patch -p1 -i "${srcdir}/jasper-1.900.1-CVE-2014-8158.patch" patch -p1 -i "${srcdir}/jasper-1.900.1-CVE-2015-5203.patch" + patch -p1 -i "${srcdir}/jasper-1.900.1-CVE-2016-1577.patch" + patch -p1 -i "${srcdir}/jasper-1.900.1-CVE-2016-2089.patch" + patch -p1 -i "${srcdir}/jasper-1.900.1-CVE-2016-2116.patch" } build() {