Subject: CVS commit: pkgsrc/graphics/openjpeg
From: Adam Ciarcinski
Date: 2019-04-03 10:04:08
Message id: 20190403080408.E7D10FB16@cvs.NetBSD.org

Log Message:
openjpeg: updated to 2.3.1

v2.3.1:
v2.2.0 regression for decoding images where TNsot == 0
Int overflow in jp3d
Heap buffer overflow in opj_j2k_update_image_data() triggered with Ghostscript
LINUX install doesn't work when building shared libraries is disabled
OPENJPEG null ptr dereference in openjpeg-2.3.0/src/bin/jp2/convert.c:2243
How to drop certain subbands/layers in DWT
where is the MQ-Coder ouput stream in t2.c?
OpenJPEG 2.3 (and 2.2?) multi component image fails to decode with KDU v7.10
Missing checks for header_info.height and header_info.width in function \ 
pnmtoimage in src/bin/jpwl/convert.c, which can lead to heap buffer overflow
Assertion Failure in jp2.c
Division-by-zero vulnerabilities in the function pi_next_pcrl, pi_next_cprl and \ 
pi_next_rpcl in src/lib/openjp3d/pi.c
Precinct switch (-c) doesn't right-shift last record to remaining resolution levels
Sample: encode J2K a data using streams???
HIGH THROUGHPUT JPEG 2000 (HTJ2K)
How to build openjpeg for arm linux?
crash
JP2000 returning OPJ_CLRSPC_UNKNOWN color space
Compilation successful but install unsuccessful: Calling executables throws \ 
libraries missing error
fprintf format string requires 1 parameter but only 0 are given
fprintf format string requires 1 parameter but only 0 are given
sprintf buffer overflow
sprintf buffer overflow
Infinite loop when reading jp2
missing format string parameter
Excessive Iteration in opj_t1_encode_cblks (src/lib/openjp2/t1.c)
Out-of-bound left shift in opj_j2k_setup_encoder (src/lib/openjp2/j2k.c)
Encode image on Unsplash
Integer overflow in opj_t1_encode_cblks (src/lib/openjp2/t1.c)
Signed Integer Overflow - 68065512
Similar vulnerable functions related to CVE-2017-14041
[ERROR] COD marker already read. No more than one COD marker per tile.
failing to install latest version of openjpeg from source
Trouble compressing large raw image
Download and installed code from 2.3 archive. Installing 2.2?
missing fclose
NULL Pointer Access in function imagetopnm of convert.c(jp2):1289
NULL Pointer Access in function imagetopnm of convert.c:2226(jp2)
Heap Buffer Overflow in function imagetotga of convert.c(jp2):942

Merged pull requests:
abi-check.sh: fix broken download URL
opj_t1_encode_cblks: fix UBSAN signed integer overflow
convertbmp: detect invalid file dimensions early (CVE-2018-6616)
color_apply_icc_profile: avoid potential heap buffer overflow
Fix multiple potential vulnerabilities and bugs
Fix several memory and resource leaks
Fix some potential overflow issues
jp3d/jpwl convert: fix write stack buffer overflow
Int overflow fixed
Update knownfailures- files given current configurations
CVE-2018-5785: fix issues with zero bitmasks
openjp2/jp2: Fix two format strings
Changes in pnmtoimage if image data are missing
Relative path to header files is hardcoded in OpenJPEGConfig.cmake.in file
Cast on uint ceildiv
Add -DBUILD_PKGCONFIG_FILES to install instructions
Fix some typos in code comments and documentation
Fix regression in reading files with TNsot == 0 (refs
Use local type declaration for POSIX standard type only for MS compiler
Fix Mac builds
jp3d: Replace sprintf() by snprintf() in volumetobin()
opj_mj2_extract: Rename output_location to output_prefix
mj2: Add missing variable to format string in fprintf() invocation in meta_out.c
Convert files to UTF-8 encoding
fix unchecked integer multiplication overflow
Fixed typos
Note that seek uses SEEK_SET behavior.
Some Doxygen tags are removed
Fix resource leak (CID 179466)
Changed cmake version test to allow for cmake 2.8.11.x
Add missing fclose() statement in error condition.

Files:
RevisionActionfile
1.17modifypkgsrc/graphics/openjpeg/Makefile
1.14modifypkgsrc/graphics/openjpeg/distinfo