Web lists-archives.com

Re: Bug#862727: RFP: libjasper -- JasPer JPEG-2000 runtime library




Hi
>> Version: 2.0.12
>> Upstream: Michael David Adams
>> License: JasPer License
>> Description: This package has been scheduled for removal after Stretch
>> release but is very important to me as it can be used to add JPEG 2000 to
>> OpenCV (many satellite images comes as JPEG 2000). The new upstream on
>> GitHub provides frequent updates as well as a decent CMake build system so I
>> see no reason to not get it back in the archive :)
> At the very least you'll need to address the old CVEs in that case:
>
> https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no&src=jasper
>
> - CVE-2016-8693
> - CVE-2016-8691
> - CVE-2016-8692
> - CVE-2016-8690
>
> I personally fought against having duplicate JPEG 2000 libraries in
> Debian (esp. since jasper seems dead upstream). I still believe you
> should invest some time in replace jasper with OpenJPEG throughout
> your OpenCV codebase, since OpenJPEG is used to manipulate satellite
> image in professional environment.
Hi,

Which file formats are you using ?
I've faced the similar problem earlier in GRIB files in Stretch, and
replaced Jasper with OpenJPEG2
to phase out Jasper. I've patches included in the two grib libaries
(grib_api, now eccodes, and g2clib)
for openjpeg2. I can help with porting

Regards
Alastair

>
> 2cts
> -M
>
-- 
Alastair McKinstry, <alastair@xxxxxxxx>, <mckinstry@xxxxxxxxxx>, https://diaspora.sceal.ie/u/amckinstry
Misentropy: doubting that the Universe is becoming more disordered. 


Attachment: signature.asc
Description: OpenPGP digital signature