From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: 01/03: gnu: jasper: Update to 1.900.5. Date: Mon, 17 Oct 2016 20:08:39 -0400 Message-ID: <20161018000839.GA5469@jasmine> References: <20161017210853.15256.93654@vcs.savannah.gnu.org> <20161017210853.E923522014E@vcs.savannah.gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:34328) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bwHxX-0004Gs-55 for guix-devel@gnu.org; Mon, 17 Oct 2016 20:08:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bwHxS-0003s1-7k for guix-devel@gnu.org; Mon, 17 Oct 2016 20:08:47 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:59473) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1bwHxS-0003r3-1R for guix-devel@gnu.org; Mon, 17 Oct 2016 20:08:42 -0400 Received: from localhost (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148]) by mail.messagingengine.com (Postfix) with ESMTPA id 22908F29D1 for ; Mon, 17 Oct 2016 20:08:41 -0400 (EDT) Content-Disposition: inline In-Reply-To: <20161017210853.E923522014E@vcs.savannah.gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org On Mon, Oct 17, 2016 at 09:08:53PM +0000, Efraim Flashner wrote: > efraim pushed a commit to branch master > in repository guix. > > commit b333d00c3566a8a6b058a35426da96200ebf2c6d > Author: Efraim Flashner > Date: Mon Oct 17 23:47:14 2016 +0300 > > gnu: jasper: Update to 1.900.5. > > * gnu/packages/image.scm (jasper): Update to 1.900.5. > [source]: Remove patches. > [native-inputs]: Remove unzip. > * gnu/packages/patches/jasper-CVE-2007-2721.patch, > gnu/packages/patches/jasper-CVE-2008-3520.patch, > gnu/packages/patches/jasper-CVE-2008-3522.patch, > gnu/packages/patches/jasper-CVE-2011-4516-and-CVE-2011-4517.patch, > gnu/packages/patches/jasper-CVE-2014-8137.patch, > gnu/packages/patches/jasper-CVE-2014-8138.patch, > gnu/packages/patches/jasper-CVE-2014-8157.patch, > gnu/packages/patches/jasper-CVE-2014-8158.patch, > gnu/packages/patches/jasper-CVE-2014-9029.patch, > gnu/packages/patches/jasper-CVE-2016-1577.patch, > gnu/packages/patches/jasper-CVE-2016-1867.patch, > gnu/packages/patches/jasper-CVE-2016-2089.patch, > gnu/packages/patches/jasper-CVE-2016-2116.patch: Delete files. > * gnu/local.mk (dist_patch_DATA): Remove them. Awesome, I thought that Jasper was totally abandoned! I looked at the Jasper commit log [0], and I (not very carefully) matched our bug fix patches to their upstream commits: CVE-2007-2721 4031ca321d8cb5798c316ab39c7a5dc88a61fdd7 CVE-2008-3520 3c55b399c36ef46befcb21e4ebc4799367f89684 at least partially CVE-2008-3522 d678ccd27b8a062e3bfd4c80d8ce2676a8166a27 CVE-2011-4516-and-CVE-2011-4517 0d22460816ea58e74a124158fa6cc48efb709a47 CVE-2014-8137 4bb93a6c49da7c1b6ad2acb60b18954a6547c637 CVE-2014-8138 c54113d6fa49f8f26d1572e972b806276c5b05d5 CVE-2014-8157 3fd4067496d8ef70f11841d7492ddeb1f1d56915 CVE-2014-8158 0d64bde2b3ba7e1450710d540136a8ce4199ef30 CVE-2014-9029 5dbe57e4808bea4b83a97e2f4aaf8c91ab6fdecb CVE-2016-1577 74ea22a7a4fe186e0a0124df25e19739b77c4a29 CVE-2016-1867 980da43d8d388a67cac505e734423b2a5aa4cede CVE-2016-2089 c87ad330a8b8d6e5eb0065675601fdfae08ebaab Thanks a lot for this Efraim!