diff --git a/CHANGELOG.md b/CHANGELOG.md index c24cf1ed..e45b3246 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,83 @@ # Changelog +## [v2.3.1](https://github.com/uclouvain/openjpeg/releases/v2.3.1) (2019-04-02) +[Full Changelog](https://github.com/uclouvain/openjpeg/compare/v2.3.0...v2.3.1) + +**Closed issues:** + +- v2.2.0 regression for decoding images where TNsot == 0 [\#1120](https://github.com/uclouvain/openjpeg/issues/1120) +- Int overflow in jp3d [\#1162](https://github.com/uclouvain/openjpeg/issues/1162) +- Heap buffer overflow in opj\_j2k\_update\_image\_data\(\) triggered with Ghostscript [\#1157](https://github.com/uclouvain/openjpeg/issues/1157) +- LINUX install doesn't work when building shared libraries is disabled [\#1155](https://github.com/uclouvain/openjpeg/issues/1155) +- OPENJPEG null ptr dereference in openjpeg-2.3.0/src/bin/jp2/convert.c:2243 [\#1152](https://github.com/uclouvain/openjpeg/issues/1152) +- How to drop certain subbands/layers in DWT [\#1147](https://github.com/uclouvain/openjpeg/issues/1147) +- where is the MQ-Coder ouput stream in t2.c? [\#1146](https://github.com/uclouvain/openjpeg/issues/1146) +- OpenJPEG 2.3 \(and 2.2?\) multi component image fails to decode with KDU v7.10 [\#1132](https://github.com/uclouvain/openjpeg/issues/1132) +- Missing checks for header\_info.height and header\_info.width in function pnmtoimage in src/bin/jpwl/convert.c, which can lead to heap buffer overflow [\#1126](https://github.com/uclouvain/openjpeg/issues/1126) +- Assertion Failure in jp2.c [\#1125](https://github.com/uclouvain/openjpeg/issues/1125) +- Division-by-zero vulnerabilities in the function pi\_next\_pcrl, pi\_next\_cprl and pi\_next\_rpcl in src/lib/openjp3d/pi.c [\#1123](https://github.com/uclouvain/openjpeg/issues/1123) +- Precinct switch \(-c\) doesn't right-shift last record to remaining resolution levels [\#1117](https://github.com/uclouvain/openjpeg/issues/1117) +- Sample: encode J2K a data using streams??? [\#1114](https://github.com/uclouvain/openjpeg/issues/1114) +- HIGH THROUGHPUT JPEG 2000 \(HTJ2K\) [\#1112](https://github.com/uclouvain/openjpeg/issues/1112) +- How to build openjpeg for arm linux? [\#1108](https://github.com/uclouvain/openjpeg/issues/1108) +- crash [\#1106](https://github.com/uclouvain/openjpeg/issues/1106) +- JP2000 returning OPJ\_CLRSPC\_UNKNOWN color space [\#1103](https://github.com/uclouvain/openjpeg/issues/1103) +- Compilation successful but install unsuccessful: Calling executables throws libraries missing error [\#1102](https://github.com/uclouvain/openjpeg/issues/1102) +- fprintf format string requires 1 parameter but only 0 are given [\#1093](https://github.com/uclouvain/openjpeg/issues/1093) +- fprintf format string requires 1 parameter but only 0 are given [\#1092](https://github.com/uclouvain/openjpeg/issues/1092) +- sprintf buffer overflow [\#1088](https://github.com/uclouvain/openjpeg/issues/1088) +- sprintf buffer overflow [\#1085](https://github.com/uclouvain/openjpeg/issues/1085) +- Infinite loop when reading jp2 [\#1081](https://github.com/uclouvain/openjpeg/issues/1081) +- missing format string parameter [\#1074](https://github.com/uclouvain/openjpeg/issues/1074) +- Excessive Iteration in opj\_t1\_encode\_cblks \(src/lib/openjp2/t1.c\) [\#1059](https://github.com/uclouvain/openjpeg/issues/1059) +- Out-of-bound left shift in opj\_j2k\_setup\_encoder \(src/lib/openjp2/j2k.c\) [\#1057](https://github.com/uclouvain/openjpeg/issues/1057) +- Encode image on Unsplash [\#1054](https://github.com/uclouvain/openjpeg/issues/1054) +- Integer overflow in opj\_t1\_encode\_cblks \(src/lib/openjp2/t1.c\) [\#1053](https://github.com/uclouvain/openjpeg/issues/1053) +- Signed Integer Overflow - 68065512 [\#1048](https://github.com/uclouvain/openjpeg/issues/1048) +- Similar vulnerable functions related to CVE-2017-14041 [\#1044](https://github.com/uclouvain/openjpeg/issues/1044) +- \[ERROR\] COD marker already read. No more than one COD marker per tile. [\#1043](https://github.com/uclouvain/openjpeg/issues/1043) +- failing to install latest version of openjpeg from source [\#1041](https://github.com/uclouvain/openjpeg/issues/1041) +- Trouble compressing large raw image [\#1032](https://github.com/uclouvain/openjpeg/issues/1032) +- Download and installed code from 2.3 archive. Installing 2.2? [\#1030](https://github.com/uclouvain/openjpeg/issues/1030) +- missing fclose [\#1029](https://github.com/uclouvain/openjpeg/issues/1029) +- NULL Pointer Access in function imagetopnm of convert.c\(jp2\):1289 [\#860](https://github.com/uclouvain/openjpeg/issues/860) +- NULL Pointer Access in function imagetopnm of convert.c:2226\(jp2\) [\#859](https://github.com/uclouvain/openjpeg/issues/859) +- Heap Buffer Overflow in function imagetotga of convert.c\(jp2\):942 [\#858](https://github.com/uclouvain/openjpeg/issues/858) + +**Merged pull requests:** + +- abi-check.sh: fix broken download URL [\#1188](https://github.com/uclouvain/openjpeg/pull/1188) ([rouault](https://github.com/rouault)) +- opj\_t1\_encode\_cblks: fix UBSAN signed integer overflow [\#1187](https://github.com/uclouvain/openjpeg/pull/1187) ([rouault](https://github.com/rouault)) +- convertbmp: detect invalid file dimensions early \(CVE-2018-6616\) [\#1172](https://github.com/uclouvain/openjpeg/pull/1172) ([hlef](https://github.com/hlef)) +- color\_apply\_icc\_profile: avoid potential heap buffer overflow [\#1170](https://github.com/uclouvain/openjpeg/pull/1170) ([rouault](https://github.com/rouault)) +- Fix multiple potential vulnerabilities and bugs [\#1168](https://github.com/uclouvain/openjpeg/pull/1168) ([Young-X](https://github.com/Young-X)) +- Fix several memory and resource leaks [\#1163](https://github.com/uclouvain/openjpeg/pull/1163) ([nforro](https://github.com/nforro)) +- Fix some potential overflow issues [\#1161](https://github.com/uclouvain/openjpeg/pull/1161) ([stweil](https://github.com/stweil)) +- jp3d/jpwl convert: fix write stack buffer overflow [\#1160](https://github.com/uclouvain/openjpeg/pull/1160) ([hlef](https://github.com/hlef)) +- Int overflow fixed [\#1159](https://github.com/uclouvain/openjpeg/pull/1159) ([ichlubna](https://github.com/ichlubna)) +- Update knownfailures- files given current configurations [\#1149](https://github.com/uclouvain/openjpeg/pull/1149) ([rouault](https://github.com/rouault)) +- CVE-2018-5785: fix issues with zero bitmasks [\#1148](https://github.com/uclouvain/openjpeg/pull/1148) ([hlef](https://github.com/hlef)) +- openjp2/jp2: Fix two format strings [\#1143](https://github.com/uclouvain/openjpeg/pull/1143) ([stweil](https://github.com/stweil)) +- Changes in pnmtoimage if image data are missing [\#1141](https://github.com/uclouvain/openjpeg/pull/1141) ([szukw000](https://github.com/szukw000)) +- Relative path to header files is hardcoded in OpenJPEGConfig.cmake.in file [\#1140](https://github.com/uclouvain/openjpeg/pull/1140) ([bukatlib](https://github.com/bukatlib)) +- Cast on uint ceildiv [\#1136](https://github.com/uclouvain/openjpeg/pull/1136) ([reverson](https://github.com/reverson)) +- Add -DBUILD\_PKGCONFIG\_FILES to install instructions [\#1133](https://github.com/uclouvain/openjpeg/pull/1133) ([robe2](https://github.com/robe2)) +- Fix some typos in code comments and documentation [\#1128](https://github.com/uclouvain/openjpeg/pull/1128) ([stweil](https://github.com/stweil)) +- Fix regression in reading files with TNsot == 0 \(refs \#1120\) [\#1121](https://github.com/uclouvain/openjpeg/pull/1121) ([rouault](https://github.com/rouault)) +- Use local type declaration for POSIX standard type only for MS compiler [\#1119](https://github.com/uclouvain/openjpeg/pull/1119) ([stweil](https://github.com/stweil)) +- Fix Mac builds [\#1104](https://github.com/uclouvain/openjpeg/pull/1104) ([rouault](https://github.com/rouault)) +- jp3d: Replace sprintf\(\) by snprintf\(\) in volumetobin\(\) [\#1101](https://github.com/uclouvain/openjpeg/pull/1101) ([kbabioch](https://github.com/kbabioch)) +- opj\_mj2\_extract: Rename output\_location to output\_prefix [\#1096](https://github.com/uclouvain/openjpeg/pull/1096) ([kbabioch](https://github.com/kbabioch)) +- mj2: Add missing variable to format string in fprintf\(\) invocation in meta\_out.c [\#1094](https://github.com/uclouvain/openjpeg/pull/1094) ([kbabioch](https://github.com/kbabioch)) +- Convert files to UTF-8 encoding [\#1090](https://github.com/uclouvain/openjpeg/pull/1090) ([stweil](https://github.com/stweil)) +- fix unchecked integer multiplication overflow [\#1080](https://github.com/uclouvain/openjpeg/pull/1080) ([setharnold](https://github.com/setharnold)) +- Fixed typos [\#1062](https://github.com/uclouvain/openjpeg/pull/1062) ([radarhere](https://github.com/radarhere)) +- Note that seek uses SEEK\_SET behavior. [\#1055](https://github.com/uclouvain/openjpeg/pull/1055) ([ideasman42](https://github.com/ideasman42)) +- Some Doxygen tags are removed [\#1050](https://github.com/uclouvain/openjpeg/pull/1050) ([szukw000](https://github.com/szukw000)) +- Fix resource leak \(CID 179466\) [\#1047](https://github.com/uclouvain/openjpeg/pull/1047) ([stweil](https://github.com/stweil)) +- Changed cmake version test to allow for cmake 2.8.11.x [\#1042](https://github.com/uclouvain/openjpeg/pull/1042) ([radarhere](https://github.com/radarhere)) +- Add missing fclose\(\) statement in error condition. [\#1037](https://github.com/uclouvain/openjpeg/pull/1037) ([gfiumara](https://github.com/gfiumara)) + ## [v2.3.0](https://github.com/uclouvain/openjpeg/releases/v2.3.0) (2017-10-04) [Full Changelog](https://github.com/uclouvain/openjpeg/compare/v2.2.0...v2.3.0) diff --git a/NEWS.md b/NEWS.md index 0d85a7a4..794a796e 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,6 +1,12 @@ # OpenJPEG NEWS -More details in the [Changelog](https://github.com/uclouvain/openjpeg/blob/master/CHANGELOG.md) +More details in the [CHANGELOG](https://github.com/uclouvain/openjpeg/blob/master/CHANGELOG.md) + +## OpenJPEG 2.3.1 (April 2019) + +No API/ABI break compared to v2.3.0 + +* Many bug fixes (including security fixes) ## OpenJPEG 2.3.0 (October 2017)