FS#65614 - [gimp] replace unused dependendy jasper with openjpeg
Attached to Project:
Arch Linux
Opened by Gunnar Bretthauer (Taijian) - Monday, 24 February 2020, 13:14 GMT
Last edited by freswa (frederik) - Sunday, 26 April 2020, 16:21 GMT
Opened by Gunnar Bretthauer (Taijian) - Monday, 24 February 2020, 13:14 GMT
Last edited by freswa (frederik) - Sunday, 26 April 2020, 16:21 GMT
|
Details
Description:
jasper is insecure and unmaintained and currently under consideration for removal from the Arch repos [1]. Additionally, gimp has not been depending on it since before 2018-08-13 as it got replaced by openjpeg [2]. Therefore please replace the jasper dependency with openjpeg. [1] https://bugs.archlinux.org/task/64655 [2] https://gitlab.gnome.org/GNOME/gimp/commit/fb57133d55f88e88fafadec8b09a0a3084585b88 |
This task depends upon
Closed by freswa (frederik)
Sunday, 26 April 2020, 16:21 GMT
Reason for closing: Fixed
Additional comments about closing: 2.10.18-6
Sunday, 26 April 2020, 16:21 GMT
Reason for closing: Fixed
Additional comments about closing: 2.10.18-6
Comment by
Gunnar Bretthauer (Taijian) -
Monday, 24 February 2020, 21:23 GMT
- Field changed: Percent Complete (100% → 0%)
While I understand the reasoning behind keeping all the jasper
related security stuff in one place, this is a actual bug in the
PKGBUILD. It pulls in jasper which hasn't been a dependency of
gimp since 2018-03-04 with commit
https://gitlab.gnome.org/GNOME/gimp/-/commit/58a0a651602d5b55d8c7d3408fb315f4e47d9b8f. OpenJPEG should instead be pulled in. Clearly, gimp maintainers
are not seeing the other issue, because the released an update to
gimp yesterday that still contains this bug. Therefore I think
this should be addressed seperately for better visibility.
Comment by
Rikard Falkeborn (Herk) - Sunday,
26 April 2020, 11:03 GMT
As of 2.10.18-6, gimp depends on openjpeg2 instead of jasper.