Web lists-archives.com

Re: Bug#862727: RFP: libjasper -- JasPer JPEG-2000 runtime library




Hi,

On Tue, May 16, 2017 at 11:40 AM, Adam Cecile <acecile@xxxxxxxxxxx> wrote:
> Package: wnpp
> Severity: wishlist
> X-Debbugs-CC: debian-devel@xxxxxxxxxxxxxxxx
>
> Package name: libjasper

Just keep the old naming convention please: 'jasper'.

> Version: 2.0.12
> Upstream: Michael David Adams
> License: JasPer License
> Description: This package has been scheduled for removal after Stretch
> release but is very important to me as it can be used to add JPEG 2000 to
> OpenCV (many satellite images comes as JPEG 2000). The new upstream on
> GitHub provides frequent updates as well as a decent CMake build system so I
> see no reason to not get it back in the archive :)

At the very least you'll need to address the old CVEs in that case:

https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no&src=jasper

- CVE-2016-8693
- CVE-2016-8691
- CVE-2016-8692
- CVE-2016-8690

I personally fought against having duplicate JPEG 2000 libraries in
Debian (esp. since jasper seems dead upstream). I still believe you
should invest some time in replace jasper with OpenJPEG throughout
your OpenCV codebase, since OpenJPEG is used to manipulate satellite
image in professional environment.


2cts
-M