Changelog for
libjasper7-4.2.4-2.6.i586.rpm :
* Sat Apr 27 2024 Michael Vetter
- Update to 4.2.4:
* Added some missing checks to the jas_heic_decode function in the HEIC codec (#383).
* Sun Mar 31 2024 Michael Vetter - Update to 4.2.3:
* Added a missing check in the JPC codec (#381) bsc#1223155 (CVE-2024-31744)
* Tue Mar 12 2024 Michael Vetter - Update to 4.2.2:
* Fix minor build issue (#374).
* Tue Feb 20 2024 Michael Vetter - Update to 4.2.1:
* Fix a build problem for the DJGPP/MS-DOS environment (#372).
* Tue Feb 06 2024 Michael Vetter - Update to 4.2.0:
* Add the JAS_PACKAGING option to the CMake build in an attempt to allow easier control over rpath settings by packagers of JasPer.
* Remove a number of obsolete scripts.
* Make some cosmetic changes to the code for the JPC codec in order to improve readability (#371).
* Fix a portability bug related to threads/atomics.
* Replace some lingering uses of strtok in the JPC coder with jas_strtok, since the use of strtok is problematic in multithreading contexts.
* Thu Jan 11 2024 Michael Vetter - Update to 4.1.2:
* Fix invalid memory write bug (#367) bsc#1218802 (CVE-2023-51257).
* Fix missing range check in the JPC encoder (#368).
* Wed Nov 29 2023 Michael Vetter - Update to 4.1.1:
* Disallow in-source builds by default #364
* Fix a potential integer overflow problem in the jas_get_total_mem_size function (for the Windows platform) #363
* Sun Nov 05 2023 Michael Vetter - Update to 4.1.0:
* Add support for building several JasPer application programs for WebAssembly target with WASI support.
* Sun Nov 05 2023 Michael Vetter - Update to 4.0.1:
* Fix integer overflow bug in PNM decoder (#353).
* Fix a few minor build issues.
* Sun Nov 06 2022 Michael Vetter - Update to 4.0.0:
* Improve static linking (##336).
* Fix path relocation in mingw environment (#335).
* Improve logging and build scripts.
* Improve JPEG-2000 conformance test results.
* Enable PIC by default.
* Fix memory leaks in function cmdopts_parse (#332) (CVE-2022-2963).
* imgcmp: + Add quiet (-q) option. + Add debug-level option. + Fix memory leak. imginfo: + Add quiet (-q) option.
* Fix bug in parsing PGX header.
* Fix integer overflow bug (#345) (CVE-2022-40755).- Remove jasper-CVE-2022-2963.patch
* Fri Sep 16 2022 Michael Vetter - security update:
* CVE-2022-2963 [bsc#1202642] + jasper-CVE-2022-2963.patch
* Thu Jul 14 2022 Michael Vetter - Update to 3.0.6:
* Fix bug in manual deployment script.
* Thu Jun 23 2022 Michael Vetter - Update to 3.0.5:
* Fix a minor build issue (#328).
* Fri Jun 03 2022 Michael Vetter - Update to 3.0.4:
* Eliminate some bogus calls to abort.
* Fix a typo in jas_safeui64_div (#323).
* Add some additional logging messages.
* Fix the source of a potential compiler warning (#321).
* Wed Mar 16 2022 Michael Vetter - Update to 3.0.3:
* Fix some portability issues in a few scripts.
* Mon Feb 14 2022 Wolfgang Bauer - Add back missing Requires to the devel package
* Mon Feb 14 2022 Michael Vetter - Update to 3.0.2:
* Fix a build issue that occurs when a cross-compiler is used (e.g., #319).
* Sat Feb 12 2022 Michael Vetter - Update to 3.0.1:
* Fix some build/portability issues (e.g., #317, #318).- Drop jasper-cmake-warnings.patch: contained in upstream release
* Mon Feb 07 2022 Michael Vetter - Update to 3.0.0:
* Introducing some API changes please refer to the \"News\" section of the JasPer manuel: https://jasper-software.github.io/jasper-manual
* Greatly improve documentation.
* Add support for multithreading.
* Add some customization points in the library, such as the memory allocator and error logging function.
* Add improved memory usage tracking and limiting.
* Add experimental partial encoding/decoding support for the HEIC format.
* Fix some longstanding issues in the JasPer I/O streams API.
* Fix many bugs (e.g., #305, #307, #308, #309, #312, #314, and many others not associated with any issue numbers).- Remove jasper-freeglut.patch: not needed anymore- Add jasper-cmake-warnings.patch: fix cmake warnings- Remove legacy provides/obsoletes related to sle11 and bsc#437293
* Sun Jan 30 2022 Carsten Ziepke - Add jasper-freeglut.patch, fixes freeglut detection and linking- Run spec-cleaner- Change license from SUSE-Public-Domain to JasPer-2.0- Cleanup docdir, only package the html and pdf docs and not the sources
* Mon Aug 16 2021 Michael Vetter - Update to 2.0.33:
* Fix a JP2/JPC decoder bug (#291)
* Fix a build issue impacting some platforms (#296)
* Mon Apr 19 2021 Michael Vetter - Update to 2.0.32:
* Between 2.0.29 and 2.0.32 were only experiments with GitHub Actions
* Mon Apr 19 2021 Michael Vetter - Update to 2.0.29:
* Loosen some overly tight restrictions on JP2 codestreams, which caused some valid codestreams to be rejected. (#289)
* Mon Mar 29 2021 Michael Vetter - Update to 2.0.28:
* Fix potential null pointer dereference in the JP2/JPC decoder. (#269) (CVE-2021-3443) bsc#1184798
* Fix ignoring of JAS_STREAM_FILEOBJ_NOCLOSE at stream close time. (#286)
* Fix integral type sizing problem in JP2 codec. (#284)
* Thu Mar 18 2021 Michael Vetter - Update to 2.0.27:
* Check for an image containing no samples in the PGX decoder. (#271, #272, #273, #274, #275, #276, #281)
* Check for dimensions of zero in the JPC and JPEG decoders.
* Fix an arguably incorrect type for an integer literal in the PGX decoder. (#270)
* Check for an invalid component reference in the JP2 decoder. (#269)
* Check on integer size in JP2 decoder. (#278)
* Fri Mar 05 2021 Michael Vetter - Update to 2.0.26:
* Fix JP2 decoder bug that can cause a null pointer dereference for some invalid CDEF boxes. (#268) (CVE-2021-3467) bsc#1184757
* Mon Feb 08 2021 Michael Vetter - Update to 2.0.25:
* Fix memory-related bugs in the JPEG-2000 codec resulting from attempting to decode invalid code streams. (#264, #265) This fix is associated with CVE-2021-26926 bsc#1182105 and bsc#1182104 CVE-2021-26927.
* Fix wrong return value under some compilers (#260)
* Fix bsc#1181483 CVE-2021-3272 heap buffer overflow in jp2_decode (#259)
* Mon Jan 04 2021 Michael Vetter - Update to 2.0.24:
* Add JAS_VERSION_MAJOR, JAS_VERSION_MINOR, JAS_VERSION_PATCH for easier access to the JasPer version.
* Fixes stack overflow bug on Windows, where variable-length arrays are not available. (#256)