Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Mon, Sep 19, 2016 at 10:22:40AM +0100, Richard Hughes wrote: > I still thing the preferred option is "just use openjpeg" but this at > least gets things moving in the right direction. Thanks Richard — that's excellent. -- Matthew Miller Fedora Project Leader

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On 09/18/2016 04:01 AM, Kevin Kofler wrote: Michael Catanzaro wrote: On Wed, 2016-09-14 at 20:50 +0100, Richard Hughes wrote: -jas_stream_t *jas_stream_memopen(char *buf, int bufsize); +jas_stream_t *jas_stream_memopen(char *buf, size_t bufsize); I should add: it probably needs to use

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On 14 September 2016 at 20:50, Richard Hughes wrote: > Although, perhaps given upstream has not had a release since 2006 and > we've acquired 14 out-of-tree security patches (and countless others > for various fixes) perhaps we should drop dep this from applications >

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Sun, Sep 18, 2016 at 01:52:05PM +0100, Jonathan Wakely wrote: > On 18/09/16 13:48 +0100, Jonathan Wakely wrote: > > On 17/09/16 08:46 -0600, Kevin Fenzi wrote: > > > On Sat, 17 Sep 2016 15:30:34 +0100 > > > Jonathan Wakely wrote: > > > > > > > On 16/09/16 12:55

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On 18/09/16 13:48 +0100, Jonathan Wakely wrote: On 17/09/16 08:46 -0600, Kevin Fenzi wrote: On Sat, 17 Sep 2016 15:30:34 +0100 Jonathan Wakely wrote: On 16/09/16 12:55 -0600, Kevin Fenzi wrote: On Fri, 16 Sep 2016 10:54:57 -0500 Michael Catanzaro

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On 17/09/16 08:46 -0600, Kevin Fenzi wrote: On Sat, 17 Sep 2016 15:30:34 +0100 Jonathan Wakely wrote: On 16/09/16 12:55 -0600, Kevin Fenzi wrote: >On Fri, 16 Sep 2016 10:54:57 -0500 >Michael Catanzaro wrote: > >> On Fri, 2016-09-16 at 10:33

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

Michael Catanzaro wrote: > On Wed, 2016-09-14 at 20:50 +0100, Richard Hughes wrote: >> -jas_stream_t *jas_stream_memopen(char *buf, int bufsize); >> +jas_stream_t *jas_stream_memopen(char *buf, size_t bufsize); > > I should add: it probably needs to use ssize_t (signed size_t) here. > But this

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Sat, 17 Sep 2016 15:30:34 +0100 Jonathan Wakely wrote: > On 16/09/16 12:55 -0600, Kevin Fenzi wrote: > >On Fri, 16 Sep 2016 10:54:57 -0500 > >Michael Catanzaro wrote: > > > >> On Fri, 2016-09-16 at 10:33 +0100, Jonathan Wakely wrote: > >>

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On 16/09/16 12:55 -0600, Kevin Fenzi wrote: On Fri, 16 Sep 2016 10:54:57 -0500 Michael Catanzaro wrote: On Fri, 2016-09-16 at 10:33 +0100, Jonathan Wakely wrote: > Given how hard it is to enable those notifications correctly, we > should just enable them by default for

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Fri, 16 Sep 2016 10:54:57 -0500 Michael Catanzaro wrote: > On Fri, 2016-09-16 at 10:33 +0100, Jonathan Wakely wrote: > > Given how hard it is to enable those notifications correctly, we > > should just enable them by default for everyone. Or at least for > > anyone

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Fri, 2016-09-16 at 10:33 +0100, Jonathan Wakely wrote: > Given how hard it is to enable those notifications correctly, we > should just enable them by default for everyone. Or at least for > anyone maintaining a critpath package (which are the only ones being > abichecked today anyway). FWIW

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On 15/09/16 14:53 +0200, Dodji Seketeli wrote: Right, as I said in another message, the Taskotron's task-abicheck task actually caught it at Koji build time, asking the maintainer to review the change at:

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

Adam Williamson a écrit: >> Though, we also need to sort out how maintainers can do to say "I >> reviewed the ABI change, and it's OK" -- a kind of waiving mechanism for >> cases where the ABI change is harmless. > > If we only make it so failed automated tests

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On 09/15/2016 12:00 PM, Matthew Miller wrote: I like that. What about having failed tests also provide negative karma? As long as it doesn't automatically unpush either. Can it be classified the same as anonymous karma? The downtime from having to re-push an un-pushed update is irritating.

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Thu, Sep 15, 2016 at 09:32:37AM -0700, Adam Williamson wrote: > > Though, we also need to sort out how maintainers can do to say "I > > reviewed the ABI change, and it's OK" -- a kind of waiving mechanism for > > cases where the ABI change is harmless. > If we only make it so failed automated

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Thu, 2016-09-15 at 15:10 +0200, Dodji Seketeli wrote: > Josh Boyer a écrit: > > > [...] > > > > > At the moment, the ABI changes that are reported do not trigger the > > > blocking of the build, so we need collaboration from critpath package > > > maintainers.

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

Dodji Seketeli a écrit: > I'll file a Bodhi ticket asap. There you go: https://github.com/fedora-infra/bodhi/issues/932 https://github.com/fedora-infra/bodhi/issues/933 Cheers, -- Dodji -- devel mailing list devel@lists.fedoraproject.org

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

Josh Boyer a écrit: > No. However, bodhi maintenance is changing to a new owner and now > would be a good time to start filing tickets/issues for function adds > like this. Right. I have thus filed two issues for this:

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

Matthew Miller a écrit: > On Thu, Sep 15, 2016 at 05:03:40PM +0530, Sinny Kumari wrote: >> >> one more case for enabling libabigail tests in bodhi ... >> > I agree. This would have been caught by libabigail/abicheck as far as I >> > know. > ... >> > Does anyone know

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Thu, Sep 15, 2016 at 05:03:40PM +0530, Sinny Kumari wrote: > >> one more case for enabling libabigail tests in bodhi ... > > I agree. This would have been caught by libabigail/abicheck as far as I > > know. ... > > Does anyone know what the blockers are for enabling it in production? > Right

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Thu, Sep 15, 2016 at 9:10 AM, Dodji Seketeli wrote: > Josh Boyer a écrit: > > [...] > >>> At the moment, the ABI changes that are reported do not trigger the >>> blocking of the build, so we need collaboration from critpath package >>>

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

Josh Boyer a écrit: [...] >> At the moment, the ABI changes that are reported do not trigger the >> blocking of the build, so we need collaboration from critpath package >> maintainers. Whenever Taskotron says "please review this ABI change", >> the review is needed.

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

Josh Boyer a écrit: > I agree. This would have been caught by libabigail/abicheck as far as > I know. Right, as I said in another message, the Taskotron's task-abicheck task actually caught it at Koji build time, asking the maintainer to review the change at:

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Thu, Sep 15, 2016 at 8:38 AM, Dodji Seketeli wrote: > Hello, > > Dan Horák a écrit: > >> one more case for enabling libabigail tests in bodhi ... > > Well, task-abicheck that is automatically run on all koji builds > actually *caught* this issue. I can see

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On 15 September 2016 at 12:08, Matthew Miller wrote: > Huh. Does Steam use JPEG2000 for its screenshot or icons or > something? Some of the ICNS icons have embedded JPEG-2000 images. Richard. -- devel mailing list devel@lists.fedoraproject.org

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

Hello, Dan Horák a écrit: > one more case for enabling libabigail tests in bodhi ... Well, task-abicheck that is automatically run on all koji builds actually *caught* this issue. I can see that in the taskotron logs from 2016-08-12 at:

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Thu, Sep 15, 2016 at 4:20 PM, Josh Boyer wrote: > On Thu, Sep 15, 2016 at 3:42 AM, Dan Horák wrote: >> On Wed, 14 Sep 2016 20:50:49 +0100 >> Richard Hughes wrote: >> >>> Can we get somebody to revert >>>

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Thu, Sep 15, 2016 at 1:12 PM, Dan Horák wrote: > On Wed, 14 Sep 2016 20:50:49 +0100 > Richard Hughes wrote: > >> Can we get somebody to revert >> https://bodhi.fedoraproject.org/updates/FEDORA-2016-7776983633 please. >> The update was built to fix

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Wed, Sep 14, 2016 at 06:32:16PM -0500, Michael Catanzaro wrote: > > Also...I have the 'affected' jasper-libs on my F24 machine (a > > laptop), > > and I just ran gnome-software on it, and it ran perfectly fine? It > > runs, I can look at app pages (the screenshots render fine)... > Richard said

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Thu, Sep 15, 2016 at 3:42 AM, Dan Horák wrote: > On Wed, 14 Sep 2016 20:50:49 +0100 > Richard Hughes wrote: > >> Can we get somebody to revert >> https://bodhi.fedoraproject.org/updates/FEDORA-2016-7776983633 please. >> The update was built to fix

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On 15 September 2016 at 00:32, Michael Catanzaro wrote: > Richard said on IRC it only crashes if you also have steam installed. Agree; when you have steam installed the gnome-software steam plugin is auto-enabled which tries to download icons for steam apps when idle. It

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Wed, 14 Sep 2016 20:50:49 +0100 Richard Hughes wrote: > Can we get somebody to revert > https://bodhi.fedoraproject.org/updates/FEDORA-2016-7776983633 please. > The update was built to fix CVE-2015-5203 which fixes a double free > when opening corrupt JPEG-2000 files but

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Wed, Sep 14, 2016 at 02:53:54PM -0700, Thomas Daede wrote: > On 09/14/2016 12:50 PM, Richard Hughes wrote: > > Although, perhaps given upstream has not had a release since 2006 and > > we've acquired 14 out-of-tree security patches (and countless others > > for various fixes) perhaps we should

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Wed, Sep 14, 2016 at 4:11 PM, Michael Catanzaro wrote: > On Wed, 2016-09-14 at 20:50 +0100, Richard Hughes wrote: > > Three people gave the update positive > > karma and I can't believe all three did so without actually opening a > > JPEG-2000 image in any GTK-using or

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Wed, 2016-09-14 at 15:11 -0700, Adam Williamson wrote: > Also...I have the 'affected' jasper-libs on my F24 machine (a > laptop), > and I just ran gnome-software on it, and it ran perfectly fine? It > runs, I can look at app pages (the screenshots render fine)... Richard said on IRC it only

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

I've rebuilt all the jasper packages with the offending patch removed because it breaks a lot of stuff. I'll see if the owner shows up, and files the errata, otherwise I'll get to it in next couple of days, unless someone wants it done more urgently. Dave. - Original Message - >

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Wed, Sep 14, 2016 at 03:11:35PM -0700, Adam Williamson wrote: > > If I recall correctly, we need libjasper for opencv for openqa, so I'm > > not sure we can drop this? > yeah, please don't just drop it. if anyone wants to work with me/openQA > upstream/both to port it to something else, great,

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Wed, 2016-09-14 at 15:53 -0400, Neal Gompa wrote: > On Wed, Sep 14, 2016 at 3:50 PM, Richard Hughes wrote: > Although, perhaps given upstream has not had a release since 2006 and > we've acquired 14 out-of-tree security patches (and countless others > for various fixes)

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On 09/14/2016 12:50 PM, Richard Hughes wrote: > Although, perhaps given upstream has not had a release since 2006 and > we've acquired 14 out-of-tree security patches (and countless others > for various fixes) perhaps we should drop dep this from applications > completely? OpenJPEG has long

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

Matthew Miller (mat...@fedoraproject.org) said: > On Wed, Sep 14, 2016 at 08:50:49PM +0100, Richard Hughes wrote: > > before pushing the next update? Three people gave the update positive > > karma and I can't believe all three did so without actually opening a > > JPEG-2000 image in any

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Wed, 2016-09-14 at 16:36 -0400, Matthew Miller wrote: > I'm not saying this update should have been pushed — but I don't > think > it's _necessarily_ that the testers were hitting +1 without doing > anything. I agree. Time in testing is required to catch such issues. Honestly, one week in

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Wed, Sep 14, 2016 at 09:33:12PM +0100, Richard Hughes wrote: > > I can believe it. > Maybe requiring the tester to say *how* they tested it, rather than > just "LGTM" which means basically nothing. We do have this technology. :) However, if we put the burden of figuring out what all needs to

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Wed, Sep 14, 2016 at 08:50:49PM +0100, Richard Hughes wrote: > before pushing the next update? Three people gave the update positive > karma and I can't believe all three did so without actually opening a > JPEG-2000 image in any GTK-using or KDE-using app so there might be > something more

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On 14 September 2016 at 21:11, Michael Catanzaro wrote: >> I can't believe all three did so without actually opening a >> JPEG-2000 image in any GTK-using or KDE-using app. > > I can believe it. Maybe requiring the tester to say *how* they tested it, rather than just "LGTM"

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Wed, 2016-09-14 at 20:50 +0100, Richard Hughes wrote: > -jas_stream_t *jas_stream_memopen(char *buf, int bufsize); > +jas_stream_t *jas_stream_memopen(char *buf, size_t bufsize); I should add: it probably needs to use ssize_t (signed size_t) here. But this function is part of the API, so every

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Wed, 2016-09-14 at 20:50 +0100, Richard Hughes wrote: > Three people gave the update positive > karma and I can't believe all three did so without actually opening a > JPEG-2000 image in any GTK-using or KDE-using app so there might be > something more subtle going on. I can believe it. I

Re: Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

On Wed, Sep 14, 2016 at 3:50 PM, Richard Hughes wrote: > Although, perhaps given upstream has not had a release since 2006 and > we've acquired 14 out-of-tree security patches (and countless others > for various fixes) perhaps we should drop dep this from applications >

Please unpush FEDORA-2016-7776983633 on all releases or drop support for libjasper

Can we get somebody to revert https://bodhi.fedoraproject.org/updates/FEDORA-2016-7776983633 please. The update was built to fix CVE-2015-5203 which fixes a double free when opening corrupt JPEG-2000 files but in doing-so breaks quite a few apps in the desktop spin causing them to exit with an