Overview

File openjpeg.changes of Package openjpeg.23765

-------------------------------------------------------------------
Fri Apr  1 00:58:59 UTC 2022 - Hans Petter Jansson <hpj@suse.com>

- Add security fixes:
  openjpeg-CVE-2018-14423.patch (CVE-2018-14423, bsc#1102016),
  openjpeg-CVE-2018-16376.patch (CVE-2018-16376, bsc#1106881),
  openjpeg-CVE-2020-8112.patch (CVE-2020-8112, bsc#1162090),
  openjpeg-CVE-2020-15389.patch (CVE-2020-15389, bsc#1173578),
  openjpeg-CVE-2020-27823.patch (CVE-2020-27823, bsc#1180457),
  openjpeg-CVE-2021-29338.patch (CVE-2021-29338, bsc#1184774).

-------------------------------------------------------------------
Wed Sep 20 09:06:49 UTC 2017 - tchvatal@suse.com

- Convert to pkgconfig
- Remove fedora conditionals as nothing in opensuse
  actually builds against it
- Add patch to fix ffast-math issue bsc#1029609 bsc#1059440:
  * openjpeg-fast-math.patch

-------------------------------------------------------------------
Fri Feb  3 21:03:32 UTC 2017 - asterios.dramis@gmail.com

- Add openjpeg-bsc999817-cve2016-7445-null-deref.patch to fix null
  pointer dereference in convert.c (bsc#999817, CVE-2016-7445).

-------------------------------------------------------------------
Mon Mar  2 08:39:25 UTC 2015 - mpluskal@suse.com

- Use cmake macros for building
- Small spec file cleanups, use pkgconfig style dependencies

-------------------------------------------------------------------
Fri Aug  8 22:08:11 UTC 2014 - asterios.dramis@gmail.com

- Update to version 1.5.2:
  Security:
   * Fixes: CVE-2013-4289 CVE-2013-4290
   * Fixes: CVE-2013-1447 CVE-2013-6045 CVE-2013-6052 CVE-2013-6054
     CVE-2013-6053 CVE-2013-6887
  New Features:
   * Compile Java with source/target specific java version
   * Do not set SONAME for Java module, fix linking (missing math lib)
   * Support some BMP/RGB8 files
   * Fix compilation on ARM
  Misc:
   * Remove BSD-4 license from getopt copy, since upstream switched to BSD-3
   * Support compilation against system installed getopt
   * Fix Big Endian checking (autotools)
   * Huge amount of bug fixes. See CHANGES for details.
- Removed the following patches (fixed upstream):
  * openjpeg-1.5-r2029.patch
  * openjpeg-1.5-r2032.patch
  * openjpeg-1.5-r2033.patch
  * openjpeg-1.5.1-cve-2013-6045-1.patch
  * openjpeg-1.5.1-cve-2013-6045-2.patch
  * CVE-2013-6052.patch
  * CVE-2013-6053.patch
  * CVE-2013-1447.patch
  * CVE-2013-6887.patch

-------------------------------------------------------------------
Wed Feb 12 20:08:03 UTC 2014 - asterios.dramis@gmail.com

- Added the following security patches (based also on Redhat/Fedora patches):
  * openjpeg-1.5-r2029.patch
    From upstream. Fix issue 155, jp2_read_boxhdr() can trigger random pointer
    memory access
  * openjpeg-1.5-r2032.patch
    From upstream. Fix issue 169, division by zero in j2k_read_siz
  * openjpeg-1.5-r2033.patch
    From upstream. Fix issue 166, missing range check in j2k_read_coc et al
  * CVE-2013-1447.patch
    Fix multiple denial of service flaws, CVE-2013-1447, bnc#853834
  * CVE-2013-6052.patch
    Fix heap OOB reads, information leaks, CVE-2013-6052, bnc#853644
  * CVE-2013-6053.patch
    Fix heap OOB reads, information leaks, CVE-2013-6053, bnc#853644
  * CVE-2013-6887.patch
    Fix multiple denial of service flaws, CVE-2013-6887, bnc#853644
- Removed part of openjpeg-1.5.1-cve-2013-6045-1.patch that is already
  upstream, included in openjpeg-1.5-r2033.patch (slightly modified).

-------------------------------------------------------------------
Fri Jan 10 15:20:37 UTC 2014 - vpereira@novell.com

- Security:
   * Patches openjpeg-1.5.1-cve-2013-6045-1.patch and  
     openjpeg-1.5.1-cve-2013-6045-2.patch fix heap overflow
     described in  CVE-2013-6045, bnc#853838. 

-------------------------------------------------------------------
Mon Nov 19 23:05:16 UTC 2012 - sleep_walker@suse.cz

- do fdupes only for SUSE distributions

-------------------------------------------------------------------
Mon Oct 15 17:57:30 UTC 2012 - asterios.dramis@gmail.com

- Update to version 1.5.1:
  Security:
   * Fixes: CVE-2012-3535
   * Fixes: CVE-2012-3358
  New Features:
   * Use a new API scheme and solve the SOVERSIONing in OpenJPEG
   * Allow better integration with multi-arch system
   * Compile & Install Java bindings (CMake)
   * Install required addXMLinJP2 (JPIP)
  Misc:
   * Fix linker error by resolving all symbols (eg. missing -lm)
   * Fix some man page typos
   * Huge amount of bug fixes. See CHANGES for details.
- Removed the following patches (fixed upstream):
  * heap_buffer_overflow_fix.patch
  * heap_buffer_overflow_2_fix.patch
  * heap_corruption_fix.patch
  * openjpeg-1.5.0-cmake_Config.patch
  * openjpeg-1.5.0-cmake_libdir.patch
  * openjpeg-1.5.0-pkgconfig_includedir.patch
- Replaced openjpeg-1.5.0-cmake_header_symlink.patch with a fix inside the spec
  file.
- Removed symlink from %{_includedir}/openjpeg-1.5 to %{_includedir}/openjpeg
  (not needed).
- Added the following patches (taken from Fedora):
  * openjpeg-1.5.1-cmake_libdir.patch
    Fix libopenjpeg.pc symlink
  * openjpeg-1.5.1-soname.patch
    Revert soname bump compared to 1.5.0 release

-------------------------------------------------------------------
Mon Sep 17 15:06:55 UTC 2012 - sleep_walker@suse.cz

- fix fedora build

-------------------------------------------------------------------
Tue Sep 11 18:28:55 UTC 2012 - asterios.dramis@gmail.com

- Added a patch (heap_buffer_overflow_2_fix.patch) to fix heap-based buffer
  overflow when processing JPEG2000 images - (CVE-2012-3535), (bnc#777445).

-------------------------------------------------------------------
Tue Jul 17 08:44:15 UTC 2012 - idonmez@suse.com

- Add baselibs.conf 

-------------------------------------------------------------------
Wed Jul 11 18:08:54 UTC 2012 - asterios.dramis@gmail.com

- Added a patch (heap_buffer_overflow_fix.patch) to fix heap-based buffer
  overflow when processing JPEG2000 images - (CVE-2012-3358), (bnc#770649).

-------------------------------------------------------------------
Thu Jun 28 18:42:41 UTC 2012 - asterios.dramis@gmail.com

- Added a patch (heap_corruption_fix.patch) to fix heap corruption when
  processing certain Gray16 TIFF images - (CVE-2009-5030), (bnc#757260).

-------------------------------------------------------------------
Mon Feb 27 21:44:42 UTC 2012 - asterios.dramis@gmail.com

- Update to version 1.5.0:
  New Features:
  * openjpip:
    + complete client-server architecture for remote browsing of jpeg 2000
      images.
    + see corresponding README for more details.
  API modifications:
  * 'bool' type has been replaced by 'opj_bool' type. 'stdbool.h' is no more
    required.
  Misc:
  * improved cmake and autotools build methods.
  * removed manual makefiles, VS project files and XCode project files.
  * added a 'thirdparty' directory to contain all dependencies.
    + These libraries will be build only if there are not found on the system.
    + Note that libopenjpeg itself does not have any dependency.
  * changed the directory hierarchy of the whole project. See README files for
    details.
  * tests : a complete test suite has been setup.
    + both JPEG 2000 conformance tests and non-regressions tests are
      configured.
    + results are submitted to the OpenJPEG dashboard
      (http://my.cdash.org/index.php?project=OPENJPEG)
    + images are located in 'http://openjpeg.googlecode.com/svn/data' folder.
    + configuration files and utilities are located in 'tests' folder.
  * OPJViewer re-activated (need wxWidgets)
  * Huge amount of bug fixes. See CHANGES for details.
- Removed the following patches (fixed upstream):
  * fix_no_undefined.patch
  * fix_soversion.patch
  * install_pkgconfig_file.patch
- Replaced openjpeg-1.4-OpenJPEGConfig.patch with
  openjpeg-1.5.0-cmake_Config.patch (taken from Fedora)
- Replaced openjpeg-1.4-cmake_symlink_fix.patch with
  openjpeg-1.5.0-cmake_header_symlink.patch (taken from Fedora)
- Added 2 patches (taken from Fedora):
  * openjpeg-1.5.0-cmake_libdir.patch -- Fix installation directories
  * openjpeg-1.5.0-pkgconfig_includedir.patch -- Fix includedir in pkgconfig
    file
- Spec file updates:
  * Added doxygen in BuildRequires: to enable compilation of devel docs.
  * Updated BuildRequires: to include also liblcms2-devel and zlib-devel.
  * Fixed rpmlint warning "file-contains-date-and-time"
- No need to remove the JavaOpenJPEG/ directory from the package source anymore
  (the Sun proprietary code was removed from the package).

-------------------------------------------------------------------
Tue Dec  6 10:54:33 UTC 2011 - cfarrell@suse.com

- license update: BSD-2-Clause
  SPDX format

-------------------------------------------------------------------
Thu Dec  1 22:31:04 UTC 2011 - asterios.dramis@gmail.com

- Removed the JavaOpenJPEG/ directory from the package source (fix for
  bnc#733009 - openjpg contains Sun proprietary code).

-------------------------------------------------------------------
Thu Oct 13 20:06:10 UTC 2011 - asterios.dramis@gmail.com

- Initial release (version 1.4).
- Added 5 patches (taken from upstream and Fedora):
  * openjpeg-1.4-OpenJPEGConfig.patch -- Fix OpenJPEGConfig.cmake
  * openjpeg-1.4-cmake_symlink_fix.patch -- Fix cmake create_symlink usage for
    header file
  * fix_no_undefined.patch -- Fix libopenjpeg undefined references
  * fix_soversion.patch -- Fix so version to 1 instead of 1.4
  * install_pkgconfig_file.patch -- Fix cmake to install pkgconfig file(s)
openSUSE Build Service is sponsored by
Places