This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: Updated: {jasper/libjasper1/libjasper-devel}-1.900.22-1: JPEG-2000 codec library
- From: Yaakov Selkowitz <yselkowitz at cygwin dot com>
- To: cygwin-apps at cygwin dot com
- Date: Thu, 12 Jan 2017 14:26:12 -0600
- Subject: Re: Updated: {jasper/libjasper1/libjasper-devel}-1.900.22-1: JPEG-2000 codec library
- Authentication-results: sourceware.org; auth=none
- References: <announce.vriv4m1gi57u.fsf@volkerzell.de>
On 2017-01-03 08:32, Dr. Volker Zell wrote:
New versions of 'jasper/libjasper1/libjasper-devel' have been uploaded to a server near you.
o Build for cygwin 2.6.1 with gcc-5.4.0
o Update to latest version before ABI bump
Not really; the fix therein for CVE-2015-5203 broke ABI on 64-bit
systems by changing the size of an existing member of a public struct
(int to size_t), just that they neglected to bump the ABI version until
afterwards:
https://github.com/mdadams/jasper/issues/84
For compatibility with packages currently linked with libjasper1, this
needs to be reverted in part. Here is what Fedora is currently shipping
on stable branches:
http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/tree/?h=f25
Then, we could update to 1.900.29, or even 2.0.10 -- which should
provide libjasper4 -- against which all jasper-dependent packages would
then have to be rebuilt.
--
Yaakov