FS#65570 - [qt5-imageformats] drop support for jasper
Attached to Project:
Arch Linux
Opened by Gunnar Bretthauer (Taijian) - Thursday, 20 February 2020, 12:47 GMT
Last edited by freswa (frederik) - Thursday, 20 February 2020, 12:53 GMT
Opened by Gunnar Bretthauer (Taijian) - Thursday, 20 February 2020, 12:47 GMT
Last edited by freswa (frederik) - Thursday, 20 February 2020, 12:53 GMT
|
Details
Description:
Arch currently builds qt5-imageformats with jasper support enabled. Unfortunately, jasper is currently unmaintened upstream and it is unlikely that this will change [1]. There are numerous open CVEs that are unlikely to be fixed. Lots of other distros have already dropped jasper altogether (Debian, Ubuntu, NixOS, Alpine, OpenSUSE) and I think Arch should do so as well [1],[2]. As it is trivially easy to drop jasper from qt5-imageformats - just remove it from the depends() array and .configure will take care of it - I suggest that it be removed from qt5-imageformats in order to reduce attack surface. Additional info: * package version(s) * config and/or log files etc. * link to upstream bug report, if any [1] https://github.com/mdadams/jasper/issues/208 [2] https://bugzilla.suse.com/show_bug.cgi?id=1130404 Steps to reproduce: |
This task depends upon
Closed by freswa (frederik)
Thursday, 20 February 2020, 12:53 GMT
Reason for closing: Duplicate
Additional comments about closing: FS#64655
Thursday, 20 February 2020, 12:53 GMT
Reason for closing: Duplicate
Additional comments about closing: