* Re: 01/03: gnu: jasper: Update to 1.900.5.
[not found] ` <20161017210853.E923522014E@vcs.savannah.gnu.org>
@ 2016-10-18 0:08 ` Leo Famulari
2016-10-18 12:45 ` Ludovic Courtès
0 siblings, 1 reply; 2+ messages in thread
From: Leo Famulari @ 2016-10-18 0:08 UTC (permalink / raw)
To: guix-devel
On Mon, Oct 17, 2016 at 09:08:53PM +0000, Efraim Flashner wrote:
> efraim pushed a commit to branch master
> in repository guix.
>
> commit b333d00c3566a8a6b058a35426da96200ebf2c6d
> Author: Efraim Flashner <efraim@flashner.co.il>
> Date: Mon Oct 17 23:47:14 2016 +0300
>
> gnu: jasper: Update to 1.900.5.
>
> * gnu/packages/image.scm (jasper): Update to 1.900.5.
> [source]: Remove patches.
> [native-inputs]: Remove unzip.
> * gnu/packages/patches/jasper-CVE-2007-2721.patch,
> gnu/packages/patches/jasper-CVE-2008-3520.patch,
> gnu/packages/patches/jasper-CVE-2008-3522.patch,
> gnu/packages/patches/jasper-CVE-2011-4516-and-CVE-2011-4517.patch,
> gnu/packages/patches/jasper-CVE-2014-8137.patch,
> gnu/packages/patches/jasper-CVE-2014-8138.patch,
> gnu/packages/patches/jasper-CVE-2014-8157.patch,
> gnu/packages/patches/jasper-CVE-2014-8158.patch,
> gnu/packages/patches/jasper-CVE-2014-9029.patch,
> gnu/packages/patches/jasper-CVE-2016-1577.patch,
> gnu/packages/patches/jasper-CVE-2016-1867.patch,
> gnu/packages/patches/jasper-CVE-2016-2089.patch,
> gnu/packages/patches/jasper-CVE-2016-2116.patch: Delete files.
> * gnu/local.mk (dist_patch_DATA): Remove them.
Awesome, I thought that Jasper was totally abandoned!
I looked at the Jasper commit log [0], and I (not very carefully)
matched our bug fix patches to their upstream commits:
CVE-2007-2721 4031ca321d8cb5798c316ab39c7a5dc88a61fdd7
CVE-2008-3520 3c55b399c36ef46befcb21e4ebc4799367f89684 at least partially
CVE-2008-3522 d678ccd27b8a062e3bfd4c80d8ce2676a8166a27
CVE-2011-4516-and-CVE-2011-4517 0d22460816ea58e74a124158fa6cc48efb709a47
CVE-2014-8137 4bb93a6c49da7c1b6ad2acb60b18954a6547c637
CVE-2014-8138 c54113d6fa49f8f26d1572e972b806276c5b05d5
CVE-2014-8157 3fd4067496d8ef70f11841d7492ddeb1f1d56915
CVE-2014-8158 0d64bde2b3ba7e1450710d540136a8ce4199ef30
CVE-2014-9029 5dbe57e4808bea4b83a97e2f4aaf8c91ab6fdecb
CVE-2016-1577 74ea22a7a4fe186e0a0124df25e19739b77c4a29
CVE-2016-1867 980da43d8d388a67cac505e734423b2a5aa4cede
CVE-2016-2089 c87ad330a8b8d6e5eb0065675601fdfae08ebaab
Thanks a lot for this Efraim!
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: 01/03: gnu: jasper: Update to 1.900.5.
2016-10-18 0:08 ` 01/03: gnu: jasper: Update to 1.900.5 Leo Famulari
@ 2016-10-18 12:45 ` Ludovic Courtès
0 siblings, 0 replies; 2+ messages in thread
From: Ludovic Courtès @ 2016-10-18 12:45 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
Leo Famulari <leo@famulari.name> skribis:
> On Mon, Oct 17, 2016 at 09:08:53PM +0000, Efraim Flashner wrote:
>> efraim pushed a commit to branch master
>> in repository guix.
>>
>> commit b333d00c3566a8a6b058a35426da96200ebf2c6d
>> Author: Efraim Flashner <efraim@flashner.co.il>
>> Date: Mon Oct 17 23:47:14 2016 +0300
>>
>> gnu: jasper: Update to 1.900.5.
>>
>> * gnu/packages/image.scm (jasper): Update to 1.900.5.
>> [source]: Remove patches.
>> [native-inputs]: Remove unzip.
>> * gnu/packages/patches/jasper-CVE-2007-2721.patch,
>> gnu/packages/patches/jasper-CVE-2008-3520.patch,
>> gnu/packages/patches/jasper-CVE-2008-3522.patch,
>> gnu/packages/patches/jasper-CVE-2011-4516-and-CVE-2011-4517.patch,
>> gnu/packages/patches/jasper-CVE-2014-8137.patch,
>> gnu/packages/patches/jasper-CVE-2014-8138.patch,
>> gnu/packages/patches/jasper-CVE-2014-8157.patch,
>> gnu/packages/patches/jasper-CVE-2014-8158.patch,
>> gnu/packages/patches/jasper-CVE-2014-9029.patch,
>> gnu/packages/patches/jasper-CVE-2016-1577.patch,
>> gnu/packages/patches/jasper-CVE-2016-1867.patch,
>> gnu/packages/patches/jasper-CVE-2016-2089.patch,
>> gnu/packages/patches/jasper-CVE-2016-2116.patch: Delete files.
>> * gnu/local.mk (dist_patch_DATA): Remove them.
>
> Awesome, I thought that Jasper was totally abandoned!
>
> I looked at the Jasper commit log [0], and I (not very carefully)
> matched our bug fix patches to their upstream commits:
>
> CVE-2007-2721 4031ca321d8cb5798c316ab39c7a5dc88a61fdd7
> CVE-2008-3520 3c55b399c36ef46befcb21e4ebc4799367f89684 at least partially
> CVE-2008-3522 d678ccd27b8a062e3bfd4c80d8ce2676a8166a27
> CVE-2011-4516-and-CVE-2011-4517 0d22460816ea58e74a124158fa6cc48efb709a47
> CVE-2014-8137 4bb93a6c49da7c1b6ad2acb60b18954a6547c637
> CVE-2014-8138 c54113d6fa49f8f26d1572e972b806276c5b05d5
> CVE-2014-8157 3fd4067496d8ef70f11841d7492ddeb1f1d56915
> CVE-2014-8158 0d64bde2b3ba7e1450710d540136a8ce4199ef30
> CVE-2014-9029 5dbe57e4808bea4b83a97e2f4aaf8c91ab6fdecb
> CVE-2016-1577 74ea22a7a4fe186e0a0124df25e19739b77c4a29
> CVE-2016-1867 980da43d8d388a67cac505e734423b2a5aa4cede
> CVE-2016-2089 c87ad330a8b8d6e5eb0065675601fdfae08ebaab
>
> Thanks a lot for this Efraim!
Woow, great work. Thanks to the two of you!
Ludo’.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-10-18 12:46 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20161017210853.15256.93654@vcs.savannah.gnu.org>
[not found] ` <20161017210853.E923522014E@vcs.savannah.gnu.org>
2016-10-18 0:08 ` 01/03: gnu: jasper: Update to 1.900.5 Leo Famulari
2016-10-18 12:45 ` Ludovic Courtès
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.