From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 123174 invoked by alias); 18 Jan 2017 12:12:00 -0000 Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm Precedence: bulk Sender: cygwin-apps-owner@cygwin.com List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Mail-Followup-To: cygwin-apps@cygwin.com Received: (qmail 123162 invoked by uid 89); 18 Jan 2017 12:11:58 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.5 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,T_HK_NAME_DR autolearn=no version=3.3.2 spammy=H*RU:sk:mrelaye, H*r:sk:mrelaye, Hx-spam-relays-external:sk:mrelaye, shipping X-HELO: mout.kundenserver.de Received: from mout.kundenserver.de (HELO mout.kundenserver.de) (217.72.192.74) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 18 Jan 2017 12:11:48 +0000 Received: from [192.168.2.11] ([91.40.173.27]) by mrelayeu.kundenserver.de (mreue102 [212.227.15.183]) with ESMTPSA (Nemesis) id 0Ldms7-1ctZ4M0Zs3-00j12I for ; Wed, 18 Jan 2017 13:11:45 +0100 Subject: Re: Updated: {jasper/libjasper1/libjasper-devel}-1.900.22-1: JPEG-2000 codec library To: cygwin-apps@cygwin.com References: <739e33f2-580d-2cf9-5999-9df30ff9e321@cygwin.com> From: "Dr. Volker Zell" Message-ID: Date: Wed, 18 Jan 2017 12:12:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 MIME-Version: 1.0 In-Reply-To: <739e33f2-580d-2cf9-5999-9df30ff9e321@cygwin.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-UI-Out-Filterresults: notjunk:1;V01:K0:6LTE7Xxs0xU=:uHJZv+zqPrjZHAmFcrGCd/ /hgk+R0NE60cVdAfCQbo2K/6EYTtgBNeJmkJq9Kn4v+ePdKQx5iK0uMEtirO/DcJR5yCv0xb3 KdsawTt27LLL5lujgJjGV/tKRShu0EtYDT1WdD/a6X16aiDL1OFKS7S/zOT6PLhZ5mr5PKjW7 QldoXtJWQP7gK3cgC2dQ8xoc1jDwgmVjB1w+E+oCYkQds6/iNl44BngMFL7YgQlyA+1LlKGnM m2YT2eajFD3aKzkwgmrwqiGa8lwCeA1xeHlaucKR//3/iXH52nIhWnx6J8/tvRWn8ukTP+BTf ZGuFm7jUXIo0MpnvPDxOrpIfVBtDYqeA1qFNEy2/7GHGUOuKnvNBcINouHNl0r94grbj3jz63 QaGuN02SX6ZwOsuEUew2YXEgtmpkFtUSz5133mmaRQDSl8SpGLTQTJMlMPI8nUy410uzIh27x /TAHW8kz9Rvy3FaoAG5hZXJkrYSrNqWsWVonhaV2tI0PT52EqHP+CEL6GUDwHsLxqtMxzyS6y 5m9rNmketbP6d3iuDYfS66T34COos3qHEuObD62q9FHxH7zogDT9dSnTSagRbWpZqfuNcR9QW DP2EA/YduX97hIPYnnvOniShuWbgJxSa522w7UpAd/CojG6uAkuSjs1ck2BsWysrXqjfg/9Fn IDgHN/hini5XBCLHx3gSeNSsUkoNuW+QxrE2oq4zORFaG86zNRK1F30QBnEH5UrHpNrnfodBi 469DM6admsme+Meq X-IsSubscribed: yes X-SW-Source: 2017-01/txt/msg00021.txt.bz2 On 12.01.2017 21:26, Yaakov Selkowitz wrote: > On 2017-01-03 08:32, Dr. Volker Zell wrote: >> New versions of 'jasper/libjasper1/libjasper-devel' have been uploaded >> to a server near you. >> >> o Build for cygwin 2.6.1 with gcc-5.4.0 >> o Update to latest version before ABI bump > > Not really; the fix therein for CVE-2015-5203 broke ABI on 64-bit > systems by changing the size of an existing member of a public struct > (int to size_t), just that they neglected to bump the ABI version until > afterwards: > > https://github.com/mdadams/jasper/issues/84 > > For compatibility with packages currently linked with libjasper1, this > needs to be reverted in part. Here is what Fedora is currently shipping > on stable branches: > > http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/tree/?h=f25 Is this the complete current patchset relative to jasper-1.900.1, you want me to apply ? How to proceed with the current buggy package. Could you just remove it ? Thanks Volker