Re: 01/03: gnu: jasper: Update to 1.900.5.

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 01/03: gnu: jasper: Update to 1.900.5.

From:	Ludovic Courtès
Subject:	Re: 01/03: gnu: jasper: Update to 1.900.5.
Date:	Tue, 18 Oct 2016 14:45:55 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

Leo Famulari <address@hidden> skribis:

> On Mon, Oct 17, 2016 at 09:08:53PM +0000, Efraim Flashner wrote:
>> efraim pushed a commit to branch master
>> in repository guix.
>> 
>> commit b333d00c3566a8a6b058a35426da96200ebf2c6d
>> Author: Efraim Flashner <address@hidden>
>> Date:   Mon Oct 17 23:47:14 2016 +0300
>> 
>>     gnu: jasper: Update to 1.900.5.
>>     
>>     * gnu/packages/image.scm (jasper): Update to 1.900.5.
>>     [source]: Remove patches.
>>     [native-inputs]: Remove unzip.
>>     * gnu/packages/patches/jasper-CVE-2007-2721.patch,
>>     gnu/packages/patches/jasper-CVE-2008-3520.patch,
>>     gnu/packages/patches/jasper-CVE-2008-3522.patch,
>>     gnu/packages/patches/jasper-CVE-2011-4516-and-CVE-2011-4517.patch,
>>     gnu/packages/patches/jasper-CVE-2014-8137.patch,
>>     gnu/packages/patches/jasper-CVE-2014-8138.patch,
>>     gnu/packages/patches/jasper-CVE-2014-8157.patch,
>>     gnu/packages/patches/jasper-CVE-2014-8158.patch,
>>     gnu/packages/patches/jasper-CVE-2014-9029.patch,
>>     gnu/packages/patches/jasper-CVE-2016-1577.patch,
>>     gnu/packages/patches/jasper-CVE-2016-1867.patch,
>>     gnu/packages/patches/jasper-CVE-2016-2089.patch,
>>     gnu/packages/patches/jasper-CVE-2016-2116.patch: Delete files.
>>     * gnu/local.mk (dist_patch_DATA): Remove them.
>
> Awesome, I thought that Jasper was totally abandoned!
>
> I looked at the Jasper commit log [0], and I (not very carefully)
> matched our bug fix patches to their upstream commits:
>
> CVE-2007-2721 4031ca321d8cb5798c316ab39c7a5dc88a61fdd7
> CVE-2008-3520 3c55b399c36ef46befcb21e4ebc4799367f89684 at least partially
> CVE-2008-3522 d678ccd27b8a062e3bfd4c80d8ce2676a8166a27
> CVE-2011-4516-and-CVE-2011-4517 0d22460816ea58e74a124158fa6cc48efb709a47
> CVE-2014-8137 4bb93a6c49da7c1b6ad2acb60b18954a6547c637
> CVE-2014-8138 c54113d6fa49f8f26d1572e972b806276c5b05d5
> CVE-2014-8157 3fd4067496d8ef70f11841d7492ddeb1f1d56915
> CVE-2014-8158 0d64bde2b3ba7e1450710d540136a8ce4199ef30
> CVE-2014-9029 5dbe57e4808bea4b83a97e2f4aaf8c91ab6fdecb
> CVE-2016-1577 74ea22a7a4fe186e0a0124df25e19739b77c4a29
> CVE-2016-1867 980da43d8d388a67cac505e734423b2a5aa4cede
> CVE-2016-2089 c87ad330a8b8d6e5eb0065675601fdfae08ebaab
>
> Thanks a lot for this Efraim!

Woow, great work.  Thanks to the two of you!

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: 01/03: gnu: jasper: Update to 1.900.5., Leo Famulari, 2016/10/17
- Re: 01/03: gnu: jasper: Update to 1.900.5., Ludovic Courtès <=

Prev by Date: Re: Developing libraries for the GNU system with Guix
Next by Date: Re: [RFC] Reliable compiler specification setting (at least include/lib dirs) through the process environment
Previous by thread: Re: 01/03: gnu: jasper: Update to 1.900.5.
Next by thread: [PATCH 1/1] gnu: dbus-1.10.12: Fix Guix build failure.
Index(es):
- Date
- Thread