Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#65614 - [gimp] replace unused dependendy jasper with openjpeg

Attached to Project: Arch Linux
Opened by Gunnar Bretthauer (Taijian) - Monday, 24 February 2020, 13:14 GMT
Last edited by freswa (frederik) - Sunday, 26 April 2020, 16:21 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Christian Hesse (eworm)
Levente Polyak (anthraxx)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No



jasper is insecure and unmaintained and currently under consideration for removal from the Arch repos [1]. Additionally, gimp has not been depending on it since before 2018-08-13 as it got replaced by openjpeg [2]. Therefore please replace the jasper dependency with openjpeg.


This task depends upon

Closed by  freswa (frederik)
Sunday, 26 April 2020, 16:21 GMT
Reason for closing:  Fixed
Additional comments about closing:  2.10.18-6
Comment by Gunnar Bretthauer (Taijian) - Monday, 24 February 2020, 21:23 GMT
  • Field changed: Percent Complete (100% → 0%)
While I understand the reasoning behind keeping all the jasper related security stuff in one place, this is a actual bug in the PKGBUILD. It pulls in jasper which hasn't been a dependency of gimp since 2018-03-04 with commit OpenJPEG should instead be pulled in. Clearly, gimp maintainers are not seeing the other issue, because the released an update to gimp yesterday that still contains this bug. Therefore I think this should be addressed seperately for better visibility.
Comment by Rikard Falkeborn (Herk) - Sunday, 26 April 2020, 11:03 GMT
As of 2.10.18-6, gimp depends on openjpeg2 instead of jasper.