guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: openjpeg-2 security updates vs stale openjpeg-1

From: Ludovic Courtès
Subject: Re: openjpeg-2 security updates vs stale openjpeg-1
Date: Tue, 12 Sep 2017 10:04:04 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) 
Hi Mark,

Mark H Weaver <address@hidden> skribis:

> I've just rebuilt my x86_64 GuixSD system to use 'openjpeg' from git
> (since I see many more fixes there that look security-relevant), and to
> use this fresh openjpeg in both 'poppler' and 'tracker'.  Unfortunately,
> the 'poppler' change required a massive rebuild, but with these updates
> my system seems to work just fine.
>
> I've attached my preliminary patches.
>
>        Mark
>
> From abd9df8c4623cc44ef77be69977e2635c0fdd3bf Mon Sep 17 00:00:00 2001
> From: Mark H Weaver <address@hidden>
> Date: Mon, 4 Sep 2017 23:48:55 -0400
> Subject: [PATCH 1/3] gnu: openjpeg: Update to 2.2.0-1.3a382d312.
>
> * gnu/packages/image.scm (openjpeg): Switch to using a git checkout, and
> update to 2.2.0-1.3a382d312.  Remove patches.
> * gnu/packages/patches/openjpeg-CVE-2017-12982.patch,
> gnu/packages/patches/openjpeg-CVE-2017-14040.patch,
> gnu/packages/patches/openjpeg-CVE-2017-14041.patch,
> gnu/packages/patches/openjpeg-CVE-2017-14151.patch,
> gnu/packages/patches/openjpeg-CVE-2017-14152.patch: Delete files.
> * gnu/local.mk (dist_patch_DATA): Remove them.

Should we graft this openjpeg variant?  address@hidden has 1,810
dependents.

Thanks for the heads-up, and apologies for the delay!

Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]