Can we get somebody to revert https://bodhi.fedoraproject.org/updates/FEDORA-2016-7776983633 please. The update was built to fix CVE-2015-5203 which fixes a double free when opening corrupt JPEG-2000 files but in doing-so breaks quite a few apps in the desktop spin causing them to exit with an assert deep in libjasper. In the update the function jas_stream_memopen has been changed: -jas_stream_t *jas_stream_memopen(char *buf, int bufsize); +jas_stream_t *jas_stream_memopen(char *buf, size_t bufsize); Unless I'm misunderstood things dramatically, size_t is basically *unsigned* long integer, but this function offers a feature where if the bufsize is -1 the buffer is realloc'd as needed. gdk-pixbuf2 uses this feature for JPEG-2000 files. However, as size_t represents only positive numbers, a conversion takes place to some very high number and the allocation fails. This affects any GNOME application that uses GTK, so for me causes nautilus to crash when looking at my Downloads folder and GNOME Software when enabling the Steam plugin functionality. If you see "jas_stream.c:1044: mem_write: Assertion `ret == cnt' failed." then you're affected too. Can we get someone to actually test the build before pushing the next update? Three people gave the update positive karma and I can't believe all three did so without actually opening a JPEG-2000 image in any GTK-using or KDE-using app so there might be something more subtle going on. Although, perhaps given upstream has not had a release since 2006 and we've acquired 14 out-of-tree security patches (and countless others for various fixes) perhaps we should drop dep this from applications completely? libjasper.so.1()(64bit) is needed by (installed) LibRaw-0.17.2-1.fc24.x86_64 libjasper.so.1()(64bit) is needed by (installed) gdk-pixbuf2-modules-2.34.0-1.fc24.x86_64 libjasper.so.1()(64bit) is needed by (installed) dcraw-9.27.0-1.fc24.x86_64 libjasper.so.1()(64bit) is needed by (installed) gegl-0.2.0-29.fc24.x86_64 libjasper.so.1()(64bit) is needed by (installed) gimp-2:2.8.18-1.fc24.x86_64 libjasper.so.1()(64bit) is needed by (installed) jasper-devel-1.900.1-33.fc24.x86_64 libjasper.so.1()(64bit) is needed by (installed) kdelibs-6:4.14.22-1.fc24.x86_64 libjasper.so.1()(64bit) is needed by (installed) opencv-2.4.12.3-3.fc24.x86_64 libjasper.so.1()(64bit) is needed by (installed) DevIL-1.7.8-23.fc24.x86_64 Richard -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
