2.0.32 (2021-04-18)
===================
* Test release performed with GitHub Actions.
2.0.29 (2021-04-16)
===================
* Loosen some overly tight restrictions on JP2 codestreams, which caused
some valid codestreams to be rejected. (#289)
2.0.28
* Fix potential null pointer dereference in the JP2/JPC decoder.
* Fix ignoring of JAS_STREAM_FILEOBJ_NOCLOSE at stream close time.
* Fix integral type sizing problem in JP2 codec.
2.0.27
Check for an image containing no samples in the PGX decoder.
Check for dimensions of zero in the JPC and JPEG decoders.
Fix an arguably incorrect type for an integer literal in the PGX decoder.
Check for an invalid component reference in the JP2 decoder.
Check on integer size in JP2 decoder.
2.0.24:
Add JAS_VERSION_MAJOR, JAS_VERSION_MINOR, JAS_VERSION_PATCH for easier access to the JasPer version.
Fixes stack overflow bug on Windows, where variable-length arrays are not available
2.0.20
* fixed several ISO/IEC 15444-4 conformance bugs
* fixed new variant of CVE-2016-9398
* disabled the MIF codec by default for security reasons (but it is still
included in the library);
in a future release, the MIF codec may also be excluded from the
library by default
* added documentation for the I/O streams library API
version-2.0.19
Unfortunately 2.0.17 was released on a branch. Later the branch was
removed and the 2.0.17 tag was placed on another commit and branch.
This resulted in various distros who pulled the tarball at different
times two have different jasper versions for 2.0.17.
https://repology.org/project/jasper/versions shows that some even have a
2.0.18.
To reduce all this confusion I will release 2.0.19 now.
With a clean changelog referencing what @MaxKellermann and @jubalh (me)
did on our fork at jasper-maint.
If we want to revert things later or improve the changelog this can be
easily done on master ontop of this.
But I feel we need this release to reduce the confusion and put the
project on a clear track again.
Changes:
- In the JPC codec, the requirement that the number of tile parts be at
least one has been removed (since the JPEG-2000 standard allows
a special value of zero to mean the number of tile parts is unspecified).
- add option to disable programs
- Include jasper/jas_debug.h when using jas_eprintf
Fixes building with -Werror=implicit-function-declaration.
- Applied patches to resolve some missing export problems.
See: https://github.com/mdadams/jasper/issues/122
- Moved inttypes.h and stdbool.h includes to jas_types.h and fixed
the build for Visual Studio 2012 and lower.
- Correct or add comments for jas_safe_* functions
Mostly fixing bad copy-n-paste issues, or functions added without any
comment.
- Added a check in the JP2 encoder to ensure that the image to be coded
has at least one component. Also, made some small changes to a
private build script.
- Fixed bugs due to uninitialized data in the JP2 decoder.
Also, added some comments marking I/O stream interfaces that probably
need to be changed (in the long term) to fix integer overflow
problems.
- Added some additional checking to prevent a potential integer overflow
due to conversion in the JPC decoder.
- Added numerous more-detailed error messages for the JPC and JP2
codecs.
- Added a partial verbose capability for the run_test_1 script.
- Moved a test case from the bad category to the good category, as the
test case had been miscategorized.
- Add some regression test cases.
- Fixed some potential double-free problems in the JPC codec.
Bumped the version number.
Added some additional checking to prevent a potential integer overflow
due to conversion in the JPC decoder.
Added numerous more-detailed error messages for the JPC and JP2
codecs.
Added a partial verbose capability for the run_test_1 script.
Moved a test case from the bad category to the good category, as the
test case had been miscategorized.
Added another regression test case.
Fixed some potential double-free problems in the JPC codec.
Fixed a problem in the JP2 encoder that caused a null pointer dereference when no ICC profile data is available (e.g., in the case of an unknown color space).
This integrates most of the patches we had applied in pkgsrc.
The changes are in ChangeLog, and are not well summarized anywhere
I can find, sorry...
OK from adam@
Problems found with existing digests:
Package fotoxx distfile fotoxx-14.03.1.tar.gz
ac2033f87de2c23941261f7c50160cddf872c110 [recorded]
118e98a8cc0414676b3c4d37b8df407c28a1407c [calculated]
Package ploticus-examples distfile ploticus-2.00/plnode200.tar.gz
34274a03d0c41fae5690633663e3d4114b9d7a6d [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Problems found locating distfiles:
Package AfterShotPro: missing distfile AfterShotPro-1.1.0.30/AfterShotPro_i386.deb
Package pgraf: missing distfile pgraf-20010131.tar.gz
Package qvplay: missing distfile qvplay-0.95.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
Add comments to the patches.
Add fix for oCERT-2014-012, pulled from RedHat.
Add fix from Debian bug 469786.
Add LICENSE setting, I think modified-bsd is fitting.
Bump PKGREVISION.
alternative from mk/jpeg.buildlink3.mk
This allows selection of an alternative jpeg library (namely the x86 MMX,
SSE, SSE2 accelerated libjpeg-turbo) via JPEG_DEFAULT=libjpeg-turbo, and
follows the current standard model for alternatives (fam, motif, fuse etc).
The mechanical edits were applied via the following script:
#!/bin/sh
for d in */*; do
[ -d "$d" ] || continue
for i in "$d/"Makefile* "$d/"*.mk; do
case "$i" in *.orig|*"*"*) continue;; esac
out="$d/x"
sed -e 's;graphics/jpeg/buildlink3\.mk;mk/jpeg.buildlink3.mk;g' \
-e 's;BUILDLINK_PREFIX\.jpeg;JPEGBASE;g' \
< "$i" > "$out"
if cmp -s "$i" "$out"; then
rm -f "$out"
else
echo "Edited $i"
mv -f "$i" "$i.orig" && mv "$out" "$i"
fi
done
done
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
