Bug#862727: RFP: libjasper -- JasPer JPEG-2000 runtime library
Hi,
On Tue, May 16, 2017 at 11:40 AM, Adam Cecile <acecile@le-vert.net> wrote:
> Package: wnpp
> Severity: wishlist
> X-Debbugs-CC: debian-devel@lists.debian.org
>
> Package name: libjasper
Just keep the old naming convention please: 'jasper'.
> Version: 2.0.12
> Upstream: Michael David Adams
> License: JasPer License
> Description: This package has been scheduled for removal after Stretch
> release but is very important to me as it can be used to add JPEG 2000 to
> OpenCV (many satellite images comes as JPEG 2000). The new upstream on
> GitHub provides frequent updates as well as a decent CMake build system so I
> see no reason to not get it back in the archive :)
At the very least you'll need to address the old CVEs in that case:
https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no&src=jasper
- CVE-2016-8693
- CVE-2016-8691
- CVE-2016-8692
- CVE-2016-8690
I personally fought against having duplicate JPEG 2000 libraries in
Debian (esp. since jasper seems dead upstream). I still believe you
should invest some time in replace jasper with OpenJPEG throughout
your OpenCV codebase, since OpenJPEG is used to manipulate satellite
image in professional environment.
2cts
-M
Reply to: