The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was
reviewed manually.
There are some .include lines that still are indented with zero spaces
although the surrounding .if is indented. This is existing practice.
OpenJPEG 2.3.0:
No API/ABI break compared to v2.2.0 but additional symbols for subset of components decoding (hence the MINOR version bump).
* Sub-tile decoding: when setting a window of interest through the API function opj_set_decode_area(), only codeblocks that intersect this window are now decoded (i.e. MCT, IDWT, and entropy decoding are only done on the window of interest). Moreover, memory allocation now depends on the size of the window of interest (instead of the full tile size).
* Ability to decode only a subset of components. This adds the following function opj_set_decoded_components(opj_codec_t p_codec, OPJ_UINT32 numcomps, const OPJ_UINT32 comps_indices, OPJ_BOOL apply_color_transforms) and equivalent opj_decompress -c compno[,compno]* option.
* Many bug fixes (including security fixes)
This new release includes a significant number of improvements and bug fixes. In particular:
* Multi-threading support at decoding side
* Several speed optimisations both at encoder and decoder, and both on Wavelet Transform and Entropy Coding parts. On our test set, a single-threaded execution is now around 20% faster (encoding or decoding).
* Huge memory consumption reduction at decoding side (~60% reduction on large images)
* Several important bug fixes, in particular the one that was preventing OpenJPEG to encode lossless in some specific situations, as well as those related to mode switches (BYPASS/LAZY, RESTART/TERMALL, etc).
* Several security fixes thanks to the inclusion of OpenJPEG in the Google OSS Fuzz project.
Beside that, several improvements have been brought to the project maintenance, like inclusion of benchmarking scripts to compare speed with latest available kakadu binaries.
And, last but not least, API and ABI are 100% compatible with previous version.
Closed issues:
null ptr dereference in convert.c:1331
Out-of-Bounds Read in function bmp24toimage of convertbmp.c
Disable automatic compilation of t1_generate_luts in CMakeLists.txt
CVE-2016-7163 Integer overflow in opj_pi_create_decode
Security Advisory for OpenJPEG
Add dashboard with static lib
hidden visibility for the static library / building with -DOPJ_STATIC against shared lib
Optimization when building library from source
unsigned int16 on Solaris 11.2/sparc
appveyor
Please make a new release
FFMpeg will not link to 2.1.1 release built as shared library
API change since v2: opj_event_mgr_t not available
openjpeg.h needs dependencies
"master" does not build on ubuntu
Package 'openjp2', required by 'libopenjpip', not found
Merged pull requests:
Fix PNM file reading
Fix some issues reported by Coverity Scan
Fix potential out-of-bounds read (coverity)
Remove TODO for overflow check
Add overflow checks for opj_aligned_malloc
Flags in T1 shall be unsigned
Fix some warnings
Fix issue 833.
Add overflow checks for opj_aligned_malloc
Add test for issue 820
Add test for issue 826
Fix coverity 113065 (CWE-484)
Add sanity check for tile coordinates
Add test for P-R-818
Update to libpng 1.6.25
fix incrementing of "l_tcp->m_nb_mcc_records" in opj_j2k_read_mcc
Add overflow check in opj_tcd_init_tile
Fix leak & invalid behavior of opj_jp2_read_ihdr
Add overflow check in opj_j2k_update_image_data
Change 'restrict' define to 'OPJ_RESTRICT'
Switch to clang 3.8
Fix an integer overflow issue
Update to lcms 2.8
Update to libpng 1.6.24
Reenable clang-3.9 build on travis
Bit fields type
Add compilation test for standalone inclusion of openjpeg.h
jpwl: Remove non-portable data type u_int16_t
Fix dependency for pkg-config
Add .gitignore
## v2.1.1
**Implemented enhancements:**
- opj_malloc replacement
- backport "-p" and "-force-rgb" options in 1.5
- Use travis-ci matrix build
- Add Coverity Scan analysis
- Unnecessary rate distortion calculations
- Add images from various security issues to test suite
- Coding speed for 9/7 on 32bits platforms (x86/ARM) can be improved with a quick fix
**Fixed bugs:**
- Out-of-Bounds Access in function opj_tgt_reset of tgt.c
- Heap Buffer Overflow in function color_cmyk_to_rgb of color.c
- division-by-zero (SIGFPE) error in opj_tcd_init_tile function (line 730 of tcd.c)
- Out-Of-Bounds Read in sycc422_to_rgb function
- Heap Corruption in opj_free function
- Out-Of-Bounds Read in opj_tcd_free_tile function
- Cannot handle box of undefined size
- Compilation fails without platform-supplied aligned malloc
- HP compiler warns about redeclaration of static function
- Implementation-defined behavior of malloc causes different behavior on Linux and AIX
- Build on AIX fails because "opj_includes.h" is included after system headers
- Compiling with SSE2 on Linux 32-bit causes crashes in OpenJPEG
- Build on AIX fails because of "restrict" pointers
- bug in new tif conversion code
- bin/jp2/convert.c line 1085 Resource leak
- bin/jp2/convert.c memory leak
- Resource leak in opj_j2k_create_cstr_index in case of failure
- Resource leak in opj_j2k_encode in case of failure
- Resource leak in opj_j2k_decode_one_tile in case of failure
- Resource Leak
- opj_compress fails to compress lossless on gcc/x86 (-m32)
- Use-after-free in opj_j2k_write_mco
- openjpeg-master-2015-07-30 failed to compile on LINUX
- PNG images are always read as RGB(A) images
- g4_colr.j2c not handled properly
- Bigendian: opj_compress + opj_decompress fails
- Suspicious code in j2k.c
- Decode times almost double(!!) on Visual Studio 2013, 2015
- opj_data/input/nonregression/issue226.j2k
- opj_setup_encoder always returns true
- Double free in j2k_read_ppm_v3 parsing ((presumably invalid) image.
- Invalid write in opj_j2k_update_image_data
- Undefined printf format specifier %ud used in code
- Potential double free on malloc failure in opj_j2k_copy_default_tcp_and_create_tcp()
- Do not link with -ffast-math
- Heap-buffer-overflow in opj_dwt_decode
- opj_dump fails on Windows 7, 64 bits
- SIGSEGV in opj_j2k_update_image_data via pdfium_test
- Heap-buffer-overflow in opj_j2k_tcp_destroy
- Invalid image causes write past end of heap buffer
- Assertion `l_res->x0 >= 0' fails when parsing invalid images
- Bug on opj_write_bytes_BE function
- Refactor j2k_read_ppm_v3 function
- compression: strange precinct dimensions
- (:- Console message in opj_decompress -:)
- opj_decompress fails to decompress any files
- bio->ct is unnecessarily set to zero in opj_bio_flush method
- Maximal unsigned short is 65535, not 65536
- OpenJpeg fails to encode components with different precision properly
- component precision upscaling isn't correct in opj_decompress
- Multiple precision components won't get encoded to jp2 if 1 component is unsigned 1 bit
- Incorrect code in ../bin/jp2/convert.c, function rawtoimage_common(...)
- [OpenJPEG-trunk] opj_stream_get_number_byte_left throws assert
- NR-DEC-kodak_2layers_lrcp.j2c-31-decode-md5 fails randomly when running tests in parallel
- compare_raw_files doesn't report an error on invalid arguments / missing input files
- Forward discrete wavelet transform: implement periodic symmetric extension at boundaries
- Bug in tiff reading method in convert.c
- Image in pdf don't display
- Multiple issues causing opj_decompress to segfault
- opj_compress: 40% of encode time is spent freeing data
- Multiple warnings when configuring OpenJPEG on MacOS with CMake 3.x (trunk)
- valgrind memleak found
- global-buffer-overflow src/lib/openjp2/t1.c:1146 opj_t1_getwmsedec
- Warning introduced on trunk r2923 & r2924
- heap-buffer-overflow in opj_t1_decode_cblks
- Heap-buffer-overflow in opj_tcd_init_decode_tile
- Heap-buffer-overflow in opj_j2k_tcp_destroy
- Heap-buffer-overflow in opj_jp2_apply_pclr
- issue412 revisited
- Image distorted (sides look cankered)
- openjpeg-2.x-trunk-r2918 is broken in color.c
- Heap-buffer-overflow in opj_tcd_init_decode_tile
- Heap-use-after-free in opj_t1_decode_cblks
- UNKNOWN in opj_read_bytes_LE
- Transparency problem
- Image with per channel alpha (cdef) does not decode properly
- OpenJPEG crashes with attached image
- Palette image with cdef fails to decompress
- Invalid member values from opj_read_header or opj_decode ?
- MD5 Checksum hangs under valgrind on MacOS X
- Heap-buffer-overflow in opj_tcd_get_decoded_tile_size
- C++ style comments in trunk/src/lib/openjp2/j2k.c
- Backport bugfixes from trunk to 2.1 branch
- Heap-buffer-overflow in parse_cmdline_encoder
- Heap-buffer-overflow in opj_v4dwt_interleave_h
- Heap-buffer-overflow in opj_dwt_decode
- Heap-use-after-free in opj_t1_decode_cblks
- Heap-buffer-overflow in opj_jp2_apply_cdef
- Heap-buffer-overflow in opj_t2_read_packet_header
- Heap-buffer-overflow in opj_t2_read_packet_header
- Heap-buffer-overflow in opj_dwt_decode_1
- Heap-double-free in j2k_read_ppm_v3
- Security hole in j2k.c
- Security: double-free in opj_tcd_code_block_dec_deallocate
- check for negative-size params in code
- Heap-buffer-overflow in opj_t2_read_packet_header
- Heap overflow in OpenJpeg 1.5.2
- openjpip.so.6 file too short
- Corrupted JP3D file
- variable assigned to itself
- Null pointer dereferencing
- bad use of case statement
- Release 2.1 as a Ubuntu package
- Bug in libopenjpwl.pc
- inconsistent tile numbering in decode output message
- error in code block calculations
- r2872 fails to compile due to "attempt to use poisoned malloc" error in j2k.c
- OSX build gives libopenjp2.6.dylib with not-absolute install name id
- opj_decompress gives error but successfully decompress in OPJ 2.1
- pngtoimage() and imagetopng() have wrong byte order for 16-Bit image
- PDF crash in chrome - part2 (due to attachment limit)
- PDF crash in chrome - part1
- PDF crash in chrome - part0
- Compilation fails on Windows with mingw32 gcc4.8
- security issue
- improve memory management
- how to compress a yuv420 raw data using opj_compress
- Some memory allocation are not checked
- Static library symbols shall be marked as hidden
- opj_compress rejects valid bmp files
- opj_compress crashes when number of resolutions is set to zero
- Compilation error under Visual Studio 2003
- opj_compress description example error [Low priority]
- opj_write_bytes_BE is wrong in trunk
- PART1ONLY option in release.sh doesn't work properly
- openjpeg crash error
- openjpeg decompress error
- openjpeg decompress issue
- limited tif support
- asoc value of 65536 is allowed
- opj_skip_from_file error
- Heavy quota usage in openjpeg
- Verify -help actually match letter
- g3_colr.j2c not handled
- reopen/fix issue 165
- kakadu conformance tests
- missing break after case statement in opj_dwt_decode_real
- Run Coverity on trunk
- NR-ENC-random-issue-0005.tif-12-encode
- Use new add_test signature to handle cross compilation
- Loss decoding quality in 2.0.0
- Decompress that worked in 1.5.1 fails in 2.0
- Expected endianness with raw input is not documented leading to SEGFAULT
- OpenJPEG writes to stderr
- Inconsistent logging of tile index
- patch for openjpeg-trunk-r2347 and BIG_ENDIAN
- CMAP: MTYP == 0 (direct use) not handled properly
- Black Pixel
- opj_compress runtime error after fresh Linux install due to apparent failure to execute ldconfig
- openjp2 debug works, release build does not
- openjpeg-branch15-r2299 and openjpeg-trunk-r2299 fail to decode a JP2 file
- openjpeg-trunk issue with Win7
- undefined reference to `opj_version'
- In tgt.c we used fprintf not the openjpeg message reporter
- Windows binaries not working under WinXP
- add ability to use intel ipp (performance primitive) within OpenJPEG
- Migration guide v2
- Cannot decompress JPEG2000Aware3.18.7.3Win32_kdutranscode6.3.1.j2k
- Cannot decompress JPEG2000Aware3.18.7.3Win32.j2k
- openjpeg@googlegroups.com has disappeard
- OpenJPEG 1.5.0 crashes on a ridiculously big file...
- opj_image vs free
- Windows .dll file invalid
- Problem with second layer of a 2 layer coded LRCP (with precincts)
- version 1.4 crashes when opening PDF file with JPEG2000 images
- Setup a win64 dashboard
- J2KP4files/codestreams_profile0/p0_13.j2k question jpeg2000
- Out of memory: Kill process 11204 (opj_server) score 917 or sacrifice child
- FILE* in opj API is unsafe
- third-party lib order
- openjpeg-1.5.0-Darwin-powerpc.dmg is huge !
- misleading info in JP2 box lead to wrong number of components
- Image_to_j2k says that j2k files is generated but no file is on the HDD
- Error in openjpegV1.4 on compiling image_to_j2k: crash on reading bmp file
- Update to abi-compliance-checker 1.96
- Decode error on the attached JPEG...works in KDU and with JASPER...please help!
- Mac binaries v1.4 is broken
- jp2_read_boxhdr() has size bug in version 1
- Support for Java JAI Imageio
- encoding test failing
- source archive on demand
- CMakeLists.txt and Makefile.am for JPIP are buggy
- pclr-cmap-cdef
- Error when compiling openjpeg_v1_4_sources_r697
- J2K codec issue on Windows Mobile
- image_to_j2k.exe crashes on large .bmp file
- fatal error C1900 building the project on windows
- same option but different size
- Missing openjpegConfigure.h
- Not an issue in openjpeg, but ...
- OpenJPEG-1.3.0 pclr, cmap and cdef
- realloc maybe too big (t2.c)
- libopenjpeg/opj_malloc.h breaks on FreeBSD/Darwin systems
- image_to_j2k not outputting to win32 console properly
- [OpenJPEG] OpenJPEG_v13: tiled image part 2
- JP2 Color Space modification by Matteo Italia
- Patch submission ( exotic video formats, and a few things )
- 16 bits lossy compression
- pnm file formats not accepting bitdepth greater than 8 bpp
- Heap corruption in j2k encoder
- JPWL crash in marker reallocation(+patch), segfault while decoding image with main header protection
- a couple of small errors in libopenjpeg detected by coverity
**Closed issues:**
- Shared library build broken on ubuntu
- opj_includes.h shouldn't define `__attribute__`
- Possible website problems due to Jekyll upgrade
- Stable Release?
- Meta Issue : try to fix some of these critical bugs before thinking about optimizing the library
- Tiled encoding broken for images with non power of 2 dimensions
- install_name (still) not set on OS X
- Add section in wiki describing where one can get test images
- Make EvenManager into singleton
- Remove old branches from repo
- MQ Coder encode: Conditional jump or move depends on uninitialised value(s)
- Can we add these files to our test suite ?
- -t and -d command line flags for decode are not documented on OpenJPEG website
- Decoding at the precinct level
- Support unscaled 10 bit data for 2K cinema @ 48 FPS, as per DCI standard
- Use parallel jobs in ctest
- [Security]Multiple Memory error
- lossy encoding a 16 bit TIF file : severe artifiacts in decompressed image
- opj_compress and opj_decompress : get_next_file method uses hard-coded unix path separator
- Uninitialized variable
- Use of enum variable for bit flags prevents compilation as C++ source
- Serious problem with quantization during lossy encoding
- Decompression does not work with sequential data source
- potential overflow in opj_tcd_tile_t
- Logical condition
- file9.jp2 does not dump correctly on 1.5
- opj_compress man page is missing documentation of -jpip option
- opj_compress fails to compress lossless on gcc/x86 (-m32) in 1.5 branch
- Example: opj_compress -i image.j2k -o image.pgm
- Mismatching delete
- Compilation fails on Win7
- NR-JP2-file5.jp2-compare2base fails with third party libcms
- CTest spits out an error at the end of the test run
- opj_uint_adds() is questionable
- Might consider renaming this method:
- opj_compress run twice gives different fiile sizes for same file
- Android Support
- Add SSE2/SSE41 implementations for mct.c
- Reduce encoder code block memory usage for non 64x64 code block sizes
- valgrind "Uninitialized Memory Read" & "Uninitialized Memory Conditional" found
- No way to debug opj_tcd_init_encode_tile or opj_tcd_init_decode_tile
- Add option to call dsymutil on built binaries
- Allow opj_compress and opj_decompress to read/write images over stdin/stdout
- reduce memory significantly for single tile RGB encoding
- Switch code repo to github and start using pull request workflow
- This is a BigTIFF file. This format not supported
- Add a test suite to check the convert functions
- Add build config to the dashboard to verify the autotools build
**Merged pull requests:**
- Correct abi-check.sh for PR
- Update tcd.c
- Update lcms2
- Use lowercase for cmake commands consistenly
- Ignore clang's summary warning
- Fix UBSan gcc warning for first arg to memset non null
- Update to libtiff-4.0.6
- Fix warnings
- Check SSIZ is valid in opj_j2k_read_siz
- Fix unsigned int overflow reported by UBSan
- Fix unsigned int overflow reported by UBSan
- Fix negative shift left reported by UBSan
- Fix negative shift left reported by UBSan
- Add clang 3.9 build to Travis matrix
- Fix implicit floating bool conversion
- Do not define __attribute__ in opj_includes.h
- Allow to read/write 3/5/7/9/11/13/15 bpp TIF files
- Fix heap-buffer-overflow in color_esycc_to_rgb
- update libpng to from 1.6.17 to 1.6.21
- Update cmake & jpylyzer for travis builds
- Fix Out-Of-Bounds Read in sycc42x_to_rgb function
- cppcheck fix for openjp2
- Fix uninitialized variable reported by cppcheck
- Remove dead code in opj_dump
- issue #695 MQ Encode: ensure that bp pointer never points to uninitialized memory
- Fix issue 135
- Fix implementation of opj_calloc
- [git/2.1 regression] Fix opj_write_tile() failure when numresolutions=1
- Fix fatal crash on 64 bit Linux
- [libtiff] Add missing include statement for ssize_t
- Fix duplicate article in comments
- Fix grammar in comment
- Remove whitespace and CR at line endings
- Fix typos
- Add missing source for the JPIP library and executables (issue #658)
- Fix undefined size jp2 box handling
- opj_decompress: Update error message
- Fix support of posix_memalloc for Linux
- Fix typo in comments
- Avoid pointer arithmetic with (void *) pointers
- Fix HP compiler warning about redeclaration of function (#640)
- Fix format strings and unneeded assignment
- Fix repository for JPEG2000 test data
- Update allocation functions
- Fix OpenJPEG GitHub issue #633.
- travis-ci: Include add ons in matrix
- Add Appveyor
- Use Travis-ci to run ABI check
- Fix warnings for C++
- Fixed problem that C++ compilation failed because of enum variable.
- Added missing casts for return values of opj_malloc()/opj_calloc().
- Add check for seek support before trying TPsot==TNsot workaround
- Fix some typos found by codespell
- Correct leak in color_cielab_to_rgb
- Add Travis-ci build matrix
- Correct lossless issue on linux x86
- Travis-ci update
- Correct CMake version requirements
- Add tests for CMYK/esYCC/CIELab
- Add support for CIELab, EYCC and CMYK
- Remove printf/fprintf to stdout/stderr throughout openjp2 lib
- better -ffast-math handling
- Add jpylyzer tests for JP2 compression
- Add COC/QCC in main header when needed
- Use __emul under msvc x86 for fast 64 = 32 * 32
- Update convert for PNG output
- Remove some warnings when building
- Switch to libpng-1.6.17
- Add some missing static keywords
- Switch to libcms2 mm2/Little-CMS@0e8234e090
- Prevent overflow when coding 16 bits images
- Switch to libcms2-2.6
- Update PNG support
- Various Minor fixes
- Update TIFF conversion to support more bit depth.
- Add checks for odd looking cmap & for cmap outside jp2h box
- Refactor opj_j2k_read_ppm & opj_j2k_read_ppt
- Add option to force component splitting in imagetopnm
- fix Suspicious code in j2k.c #517
- Update zlib to version 1.2.8
- Fix opj_write_bytes_BE (#518)
- Correctly decode files with incorrect tile-part header fields (TPsot==TNsot)
- Fixed typos
- Formatted the readme file
Problems found with existing digests:
Package fotoxx distfile fotoxx-14.03.1.tar.gz
ac2033f87de2c23941261f7c50160cddf872c110 [recorded]
118e98a8cc0414676b3c4d37b8df407c28a1407c [calculated]
Package ploticus-examples distfile ploticus-2.00/plnode200.tar.gz
34274a03d0c41fae5690633663e3d4114b9d7a6d [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Problems found locating distfiles:
Package AfterShotPro: missing distfile AfterShotPro-1.1.0.30/AfterShotPro_i386.deb
Package pgraf: missing distfile pgraf-20010131.tar.gz
Package qvplay: missing distfile qvplay-0.95.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
New Features:
* Digital Cinema profiles have been fixed and updated
* New option to disable MCT if needed
* extended RAW support: it is now possible to input raw images
with subsampled color components (422, 420, etc)
* New way to deal with profiles
API/ABI modifications: (see abi_compat_report in dev-utils/scripts)
* Removed deprecated functions
- opj_stream_create_default_file_stream(FILE*,...)
- opj_stream_create_file_stream(FILE*,...)
- opj_stream_set_user_data (opj_stream_t* p_stream, void * p_data)
* Added
- opj_stream_create_default_file_stream(char*,...)
- opj_stream_create_file_stream(char*,...)
- opj_stream_destroy(opj_stream_t*)
- opj_stream_set_user_data (opj_stream_t* p_stream, void * p_data,
... opj_stream_free_user_data_fn p_function)
- JPEG 2000 profiles and Part-2 extensions defined through '#define'
* Changed
- 'alpha' field added to 'opj_image_comp' structure
- 'OPJ_CLRSPC_EYCC' added to enum COLOR_SPACE
- 'OPJ_CLRSPC_CMYK' added to enum COLOR_SPACE
- 'OPJ_CODEC_JPP' and 'OPJ_CODEC_JPX' added to CODEC_FORMAT
(not yet used in use)
- 'max_cs_size' and 'rsiz' fields added to opj_cparameters_t
Misc:
* OpenJPEG is now officialy conformant with JPEG 2000 Part-1
and will soon become official reference software at the
JPEG committee.
* Huge amount of bug fixes. See CHANGES for details.
New Features:
* Digital Cinema profiles have been fixed and updated
* New option to disable MCT if needed
* extended RAW support: it is now possible to input raw images
with subsampled color components (422, 420, etc)
API/ABI modifications: (see abi_compat_report_2.0.1.html in dev-utils/scripts)
* No changes, API/ABI fully compatible with 2.0.0
Misc:
* OpenJPEG is now officialy conformant with JPEG 2000 Part-1
and will soon become official reference software at the
JPEG committee.
* Huge amount of bug fixes. See CHANGES for details.
New Features:
* streaming capabilities
* merge JP3D
API modifications:
* Use a 64bits capable API
Misc:
* removed autotools build system
* folders hierarchies reorganisation
* Huge amount of bug fixes. See CHANGES for details.
A heap-based buffer overflow was found in the way OpenJPEG, an
open-source JPEG 2000 codec written in C language, performed parsing of
JPEG2000 having certain number of tiles and tilesizes. A remote
attacker could provide a specially crafted JPEG 2000 file, which when
opened in an application linked against openjpeg would lead to that
application crash, or, potentially arbitrary code execution with the
privileges of the user running the application.
http://code.google.com/p/openjpeg/source/detail?r=1727
Bump PKGREVISION.
pkglint cleanups while here.
This fixes a vulnerability caused due to an error when parsing a CMAP
record which can be exploited to cause an out-of-bounds write via
specially crafted JPEG files. (SA48498)
The OpenJPEG library is an open-source JPEG 2000 codec written in C. It
has been developed in order to promote the use of JPEG 2000 and is
licensed under a BSD license.