From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 83673 invoked by alias); 5 May 2017 20:37:39 -0000 Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm Precedence: bulk Sender: cygwin-apps-owner@cygwin.com List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Mail-Followup-To: cygwin-apps@cygwin.com Received: (qmail 83663 invoked by uid 89); 5 May 2017 20:37:38 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.0 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY,SPF_HELO_PASS autolearn=no version=3.3.2 spammy=late X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 05 May 2017 20:37:37 +0000 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 276233DD47 for ; Fri, 5 May 2017 20:37:39 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 276233DD47 Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=cygwin.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=none smtp.mailfrom=yselkowitz@cygwin.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 276233DD47 Received: from [10.10.120.242] (ovpn-120-242.rdu2.redhat.com [10.10.120.242]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D63BC62932 for ; Fri, 5 May 2017 20:37:38 +0000 (UTC) Subject: Re: Updated: {jasper/libjasper1/libjasper-devel}-1.900.22-1: JPEG-2000 codec library To: cygwin-apps@cygwin.com References: <739e33f2-580d-2cf9-5999-9df30ff9e321@cygwin.com> <27f18d39-fbed-e491-bb96-f15ca2eb5781@cygwin.com> <3ceff525-9c83-f23a-e55e-156e5c301600@cygwin.com> From: Yaakov Selkowitz Message-ID: <7916dc59-7541-fe66-cf04-e41f806fbc97@cygwin.com> Date: Fri, 05 May 2017 20:37:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <3ceff525-9c83-f23a-e55e-156e5c301600@cygwin.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2017-05/txt/msg00045.txt.bz2 On 2017-03-24 14:02, Yaakov Selkowitz wrote: > On 2017-02-22 13:53, Yaakov Selkowitz wrote: >> No, the details are in the .spec file. In short, you want 1.900.13 plus >> the jasper-1.900.1-CVE-2008-3520.patch and >> jasper-1.900.13-CVE-2016-9583.patch patches. > > There are now additionally jasper-1.900.13-CVE-2016-9262.patch and > jasper-1.900.13-CVE-2016-8654.patch. > >> Once that's uploaded, then let's proceed with an upgrade to 2.0.10, >> which already has all the fixes along with the ABI version change. > > That's 2.0.12 now. Unfortunately, some of my packages ended up being built against the later libjasper1, so it's too late to revert this cleanly. Therefore, I have left it alone, uploaded 2.0.12, and rebuilt all my dependent packages. Marco, that leaves your gdal and GraphicsMagick as the only packages still using libjasper1. -- Yaakov