Updated: {jasper/libjasper1/libjasper-devel}-1.900.22-1: JPEG-2000 codec library

Dr. Volker Zell lists@volkerzell.de
Wed Jan 18 12:12:00 GMT 2017

On 12.01.2017 21:26, Yaakov Selkowitz wrote:
> On 2017-01-03 08:32, Dr. Volker Zell wrote:
>> New versions of 'jasper/libjasper1/libjasper-devel' have been uploaded
>> to a server near you.
>>  o Build for cygwin 2.6.1 with gcc-5.4.0
>>  o Update to latest version before ABI bump
> Not really; the fix therein for CVE-2015-5203 broke ABI on 64-bit
> systems by changing the size of an existing member of a public struct
> (int to size_t), just that they neglected to bump the ABI version until
> afterwards:
> https://github.com/mdadams/jasper/issues/84
> For compatibility with packages currently linked with libjasper1, this
> needs to be reverted in part.  Here is what Fedora is currently shipping
> on stable branches:
> http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/tree/?h=f25

Is this the complete current patchset relative to jasper-1.900.1, you 
want me to apply ? How to proceed with the current buggy package. Could 
you just remove it ?


More information about the Cygwin-apps mailing list