Updated: {jasper/libjasper1/libjasper-devel}-1.900.22-1: JPEG-2000 codec library
Dr. Volker Zell
lists@volkerzell.de
Wed Jan 18 12:12:00 GMT 2017
On 12.01.2017 21:26, Yaakov Selkowitz wrote:
> On 2017-01-03 08:32, Dr. Volker Zell wrote:
>> New versions of 'jasper/libjasper1/libjasper-devel' have been uploaded
>> to a server near you.
>>
>> o Build for cygwin 2.6.1 with gcc-5.4.0
>> o Update to latest version before ABI bump
>
> Not really; the fix therein for CVE-2015-5203 broke ABI on 64-bit
> systems by changing the size of an existing member of a public struct
> (int to size_t), just that they neglected to bump the ABI version until
> afterwards:
>
> https://github.com/mdadams/jasper/issues/84
>
> For compatibility with packages currently linked with libjasper1, this
> needs to be reverted in part. Here is what Fedora is currently shipping
> on stable branches:
>
> http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/tree/?h=f25
Is this the complete current patchset relative to jasper-1.900.1, you
want me to apply ? How to proceed with the current buggy package. Could
you just remove it ?
Thanks
Volker
More information about the Cygwin-apps
mailing list