Richard W.M. Jones wrote:
Yes and no. The Sourceforge project is the official upstream, but development there is in a funny state. The current maintainer has essentially abandoned version 6 and is working on version 7, but isn't committing to CVS or published more than a beta, and nothing advertises any of this on Sourceforge or anywhere else. I made an attempt to reignite things and get a maintenance release of version 6 out, with various patches that most distros carry or want included, such as the crop patch, but haven't gotten very far. Please bring this up on the mailing list associated with the libjpeg sourceforge project and we'll see where we can go with it. I'm not sure if Guido has addressed your issue in version 7, but if it's got security ramifications, we need to get it out there. Adam Tkac also expressed interest in contributing some patches, so he's also someone we'll want to involve.We've found a bug in libjpeg (mingw32-libjpeg, a package for the Windows cross-compiler). It's actually a segfault, so is possibly a security issue: https://bugzilla.redhat.com/show_bug.cgi?id=497492 Anyhow, the patch needs to go upstream. Am I right in thinking that libjpeg doesn't have an active upstream? (latest version, the one which everyone uses, was released 11 years ago) Is there any project to resurrect libjpeg? Rich.
Jon -- in your fear, speak only peace in your fear, seek only love -d. bowie