Hi,
On Tue, May 16, 2017 at 11:40 AM, Adam Cecile <acecile@le-vert.net> wrote:
Package: wnpp
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org
Package name: libjasper
Just keep the old naming convention please: 'jasper'.
Version: 2.0.12
Upstream: Michael David Adams
License: JasPer License
Description: This package has been scheduled for removal after Stretch
release but is very important to me as it can be used to add JPEG 2000 to
OpenCV (many satellite images comes as JPEG 2000). The new upstream on
GitHub provides frequent updates as well as a decent CMake build system so I
see no reason to not get it back in the archive :)
At the very least you'll need to address the old CVEs in that case:
https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no&src=jasper
- CVE-2016-8693
- CVE-2016-8691
- CVE-2016-8692
- CVE-2016-8690
I personally fought against having duplicate JPEG 2000 libraries in
Debian (esp. since jasper seems dead upstream). I still believe you
should invest some time in replace jasper with OpenJPEG throughout
your OpenCV codebase, since OpenJPEG is used to manipulate satellite
image in professional environment.
2cts
-M