* Wed Sep 21 2016 hpj@suse.com
- Add openjpeg-bsc999817-cve2016-7445-null-deref.patch
(bsc#999817, CVE-2016-7445).
* Mon Mar 02 2015 mpluskal@suse.com
- Use cmake macros for building
- Small spec file cleanups, use pkgconfig style dependencies
* Sat Aug 09 2014 asterios.dramis@gmail.com
- Update to version 1.5.2:
Security:
* Fixes: CVE-2013-4289 CVE-2013-4290
* Fixes: CVE-2013-1447 CVE-2013-6045 CVE-2013-6052 CVE-2013-6054
CVE-2013-6053 CVE-2013-6887
New Features:
* Compile Java with source/target specific java version
* Do not set SONAME for Java module, fix linking (missing math lib)
* Support some BMP/RGB8 files
* Fix compilation on ARM
Misc:
* Remove BSD-4 license from getopt copy, since upstream switched to BSD-3
* Support compilation against system installed getopt
* Fix Big Endian checking (autotools)
* Huge amount of bug fixes. See CHANGES for details.
- Removed the following patches (fixed upstream):
* openjpeg-1.5-r2029.patch
* openjpeg-1.5-r2032.patch
* openjpeg-1.5-r2033.patch
* openjpeg-1.5.1-cve-2013-6045-1.patch
* openjpeg-1.5.1-cve-2013-6045-2.patch
* CVE-2013-6052.patch
* CVE-2013-6053.patch
* CVE-2013-1447.patch
* CVE-2013-6887.patch
* Wed Feb 12 2014 asterios.dramis@gmail.com
- Added the following security patches (based also on Redhat/Fedora patches):
* openjpeg-1.5-r2029.patch
From upstream. Fix issue 155, jp2_read_boxhdr() can trigger random pointer
memory access
* openjpeg-1.5-r2032.patch
From upstream. Fix issue 169, division by zero in j2k_read_siz
* openjpeg-1.5-r2033.patch
From upstream. Fix issue 166, missing range check in j2k_read_coc et al
* CVE-2013-1447.patch
Fix multiple denial of service flaws, CVE-2013-1447, bnc#853834
* CVE-2013-6052.patch
Fix heap OOB reads, information leaks, CVE-2013-6052, bnc#853644
* CVE-2013-6053.patch
Fix heap OOB reads, information leaks, CVE-2013-6053, bnc#853644
* CVE-2013-6887.patch
Fix multiple denial of service flaws, CVE-2013-6887, bnc#853644
- Removed part of openjpeg-1.5.1-cve-2013-6045-1.patch that is already
upstream, included in openjpeg-1.5-r2033.patch (slightly modified).
* Fri Jan 10 2014 vpereira@novell.com
- Security:
* Patches openjpeg-1.5.1-cve-2013-6045-1.patch and
openjpeg-1.5.1-cve-2013-6045-2.patch fix heap overflow
described in CVE-2013-6045, bnc#853838.
* Tue Nov 20 2012 sleep_walker@suse.cz
- do fdupes only for SUSE distributions
* Mon Oct 15 2012 asterios.dramis@gmail.com
- Update to version 1.5.1:
Security:
* Fixes: CVE-2012-3535
* Fixes: CVE-2012-3358
New Features:
* Use a new API scheme and solve the SOVERSIONing in OpenJPEG
* Allow better integration with multi-arch system
* Compile & Install Java bindings (CMake)
* Install required addXMLinJP2 (JPIP)
Misc:
* Fix linker error by resolving all symbols (eg. missing -lm)
* Fix some man page typos
* Huge amount of bug fixes. See CHANGES for details.
- Removed the following patches (fixed upstream):
* heap_buffer_overflow_fix.patch
* heap_buffer_overflow_2_fix.patch
* heap_corruption_fix.patch
* openjpeg-1.5.0-cmake_Config.patch
* openjpeg-1.5.0-cmake_libdir.patch
* openjpeg-1.5.0-pkgconfig_includedir.patch
- Replaced openjpeg-1.5.0-cmake_header_symlink.patch with a fix inside the spec
file.
- Removed symlink from %{_includedir}/openjpeg-1.5 to %{_includedir}/openjpeg
(not needed).
- Added the following patches (taken from Fedora):
* openjpeg-1.5.1-cmake_libdir.patch
Fix libopenjpeg.pc symlink
* openjpeg-1.5.1-soname.patch
Revert soname bump compared to 1.5.0 release
* Mon Sep 17 2012 sleep_walker@suse.cz
- fix fedora build
* Tue Sep 11 2012 asterios.dramis@gmail.com
- Added a patch (heap_buffer_overflow_2_fix.patch) to fix heap-based buffer
overflow when processing JPEG2000 images - (CVE-2012-3535), (bnc#777445).
* Tue Jul 17 2012 idonmez@suse.com
- Add baselibs.conf
* Wed Jul 11 2012 asterios.dramis@gmail.com
- Added a patch (heap_buffer_overflow_fix.patch) to fix heap-based buffer
overflow when processing JPEG2000 images - (CVE-2012-3358), (bnc#770649).
* Thu Jun 28 2012 asterios.dramis@gmail.com
- Added a patch (heap_corruption_fix.patch) to fix heap corruption when
processing certain Gray16 TIFF images - (CVE-2009-5030), (bnc#757260).
* Mon Feb 27 2012 asterios.dramis@gmail.com
- Update to version 1.5.0:
New Features:
* openjpip:
+ complete client-server architecture for remote browsing of jpeg 2000
images.
+ see corresponding README for more details.
API modifications:
* 'bool' type has been replaced by 'opj_bool' type. 'stdbool.h' is no more
required.
Misc:
* improved cmake and autotools build methods.
* removed manual makefiles, VS project files and XCode project files.
* added a 'thirdparty' directory to contain all dependencies.
+ These libraries will be build only if there are not found on the system.
+ Note that libopenjpeg itself does not have any dependency.
* changed the directory hierarchy of the whole project. See README files for
details.
* tests : a complete test suite has been setup.
+ both JPEG 2000 conformance tests and non-regressions tests are
configured.
+ results are submitted to the OpenJPEG dashboard
(http://my.cdash.org/index.php?project=OPENJPEG)
+ images are located in 'http://openjpeg.googlecode.com/svn/data' folder.
+ configuration files and utilities are located in 'tests' folder.
* OPJViewer re-activated (need wxWidgets)
* Huge amount of bug fixes. See CHANGES for details.
- Removed the following patches (fixed upstream):
* fix_no_undefined.patch
* fix_soversion.patch
* install_pkgconfig_file.patch
- Replaced openjpeg-1.4-OpenJPEGConfig.patch with
openjpeg-1.5.0-cmake_Config.patch (taken from Fedora)
- Replaced openjpeg-1.4-cmake_symlink_fix.patch with
openjpeg-1.5.0-cmake_header_symlink.patch (taken from Fedora)
- Added 2 patches (taken from Fedora):
* openjpeg-1.5.0-cmake_libdir.patch -- Fix installation directories
* openjpeg-1.5.0-pkgconfig_includedir.patch -- Fix includedir in pkgconfig
file
- Spec file updates:
* Added doxygen in BuildRequires: to enable compilation of devel docs.
* Updated BuildRequires: to include also liblcms2-devel and zlib-devel.
* Fixed rpmlint warning "file-contains-date-and-time"
- No need to remove the JavaOpenJPEG/ directory from the package source anymore
(the Sun proprietary code was removed from the package).
* Tue Dec 06 2011 cfarrell@suse.com
- license update: BSD-2-Clause
SPDX format
* Fri Dec 02 2011 asterios.dramis@gmail.com
- Removed the JavaOpenJPEG/ directory from the package source (fix for
bnc#733009 - openjpg contains Sun proprietary code).
* Thu Oct 13 2011 asterios.dramis@gmail.com
- Initial release (version 1.4).
- Added 5 patches (taken from upstream and Fedora):
* openjpeg-1.4-OpenJPEGConfig.patch -- Fix OpenJPEGConfig.cmake
* openjpeg-1.4-cmake_symlink_fix.patch -- Fix cmake create_symlink usage for
header file
* fix_no_undefined.patch -- Fix libopenjpeg undefined references
* fix_soversion.patch -- Fix so version to 1 instead of 1.4
* install_pkgconfig_file.patch -- Fix cmake to install pkgconfig file(s)