[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#862727: ITP: libjasper -- JasPer JPEG-2000 runtime library

Control: retitle -1 RFS: jasper/2.0.13+dfsg-1 -- JasPer JPEG-2000 runtime library

Hi,

I finished the updated package and reviewed all the CVEs patches that were included.
Everything is documented in the changelog and there's only one patch not merged yet but I pull-requested it on GitHub.

I guess it's sadly way too late to get it back for Stretch, but anyway, that would be great to have it in unstable.
Again, it enables JPEG2000 support on OpenCV and that's something Debian cannot miss.

Package available here: https://mentors.debian.net/package/jasper

Changelog:

  * Re-introduce package into archive using different upstream
    (Closes: #862727).
  * Review all patches:
    - 01-misc-fixes dropped (merged, obsolete),
    - 02-fix-filename-buffer-overflow updated (forwarded),
    - 03-CVE-2011-4516-and-CVE-2011-4517 dropped
      merged upstream as 0d22460816ea58e74a124158fa6cc48efb709a47
    - 04-CVE-2014-9029 dropped
      merged upstream as 5dbe57e4808bea4b83a97e2f4aaf8c91ab6fdecb
    - 05-CVE-2014-8137 dropped
      merged upstream as 4bb93a6c49da7c1b6ad2acb60b18954a6547c637
    - 06-CVE-2014-8138 dropped
      merged upstream as c54113d6fa49f8f26d1572e972b806276c5b05d5
    - 07-CVE-2014-8157 dropped
      merged upstream as 3fd4067496d8ef70f11841d7492ddeb1f1d56915
    - 08-CVE-2014-8158 dropped
      merged upstream as 0d64bde2b3ba7e1450710d540136a8ce4199ef30
    - 09-CVE-2016-1577 dropped
      (merged upstream as 74ea22a7a4fe186e0a0124df25e19739b77c4a29
    - 10-CVE-2016-2089 dropped
      merged upstream as c87ad330a8b8d6e5eb0065675601fdfae08ebaab
    - 11-CVE-2016-2116 dropped
      merged upstream as 142245b9bbb33274a7c620aa7a8f85bc00b2d68e
    - 12_CVE-2016-1867_CVE-2016-8654_CVE-2016-8691... dropped:
      merged upstream as:
        * 3c55b399c36ef46befcb21e4ebc4799367f89684
        * d8c2604cd438c41ec72aff52c16ebd8183068020
        * 1abc2e5a401a4bf1d5ca4df91358ce5df111f495
        * 69a1439a5381e42b06ec6a06ed2675eb793babee
        * 4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a
        * 980da43d8d388a67cac505e734423b2a5aa4cede
    - 14_CVE-2016-10249 dropped:
      merged upstream as:
        * f596a0766825b48cdc07b28d2051977a382cfb95
        * 988f8365f7d8ad8073b6786e433d34c553ecf568
    - 15_CVE-2016-10251.patch dropped
      merged upstream as 1f0dfe5a42911b6880a1445f13f6d615ddb55387)
  * New upstream release:
    - Upstream now use CMake (change b-deps, change rules),
    - Enable --parallel when building,
    - Remove static library, not built anymore,
    - Add doxygen b-dep to generate doc,
    - Install HTML documentation in libjasper-doc package,
    - Bump library package name to libjasper4,
    - Raise JAS_DEC_DEFAULT_MAX_SAMPLES value (max file size),
    - Rewrite copyright to machine-readable format,
    - Rewrite watch to be able to use mk-origtargz.

Lintian all clear...

Thanks in advance for your support,

Regards, Adam.
Reply to: