<br/>
<h1>Changelog from Git</h1><br/><br/>
<div class='changelog'>
-<pre class='wrap'>commit 948332e6ed17565100d1df5f6fdbf66865218e36
+<pre class='wrap'>commit 69a7a312dccebc8b5f28f8a5e4a703cb8d447d44
+Merge: d6b8aed 5151426
+Author: Even Rouault <even.rouault@mines-paris.org>
+Date: 2019-03-29 12:25:39 +0100
+
+ Merge pull request #1188 from rouault/fix_abi_check
+
+ abi-check.sh: fix broken download URL
+
+commit 5151426d6e6f7f0e1ae6f050aaa7cec6bc4ffd08
+Author: Even Rouault <even.rouault@spatialys.com>
+Date: 2019-03-29 11:53:23 +0100
+
+ abi-check.sh: fix broken download URL
+
+commit d6b8aed5612e6be6d3a4053867fbd2ae0cb7c8af
+Merge: 25b815d a1d32a5
+Author: Even Rouault <even.rouault@mines-paris.org>
+Date: 2019-03-29 11:52:38 +0100
+
+ Merge pull request #1187 from rouault/fix_ubsan_in_opj_t1_encode_cblks
+
+ opj_t1_encode_cblks: fix UBSAN signed integer overflow
+
+commit a1d32a596a94280178c44a55d7e7f1acd992ed5d
+Author: Even Rouault <even.rouault@spatialys.com>
+Date: 2019-03-29 11:17:39 +0100
+
+ opj_t1_encode_cblks: fix UBSAN signed integer overflow
+
+ Fixes #1053 / CVE-2018-5727
+
+ Note: I don't consider this issue to be a security vulnerability, in
+ practice.
+ At least with gcc or clang compilers on x86_64 which generate the same
+ assembly code with or without that fix.
+
+commit 25b815dc460dbf9def7e6b822c8998727094f85a
+Author: Even Rouault <even.rouault@spatialys.com>
+Date: 2019-03-29 10:44:35 +0100
+
+ Revert "[JPWL] tgatoimage(): avoid excessive memory allocation attempt,"
+
+ This reverts commit 05be3084460e46282ee63f04c72c451f3271fd28.
+
+ This commit doesn't compile due to missing OPJ_UINT64 type
+
+commit e1740e7ce79d0a1676db4da0f4189b64e85f52cb
+Author: Even Rouault <even.rouault@spatialys.com>
+Date: 2019-03-29 10:40:58 +0100
+
+ Revert "[MJ2] Avoid index out of bounds access to pi->include[]"
+
+ This reverts commit c277159986c80142180fbe5efb256bbf3bdf3edc.
+
+ The commit didn't compile. include_size is not defined in openmj2
+
+commit 51f097e6d5754ddae93e716276fe8176b44ec548
+Merge: e7640f5 8ee3352
+Author: Even Rouault <even.rouault@mines-paris.org>
+Date: 2018-12-21 16:41:00 +0100
+
+ Merge pull request #1172 from hlef/master
+
+ convertbmp: detect invalid file dimensions early (CVE-2018-6616)
+
+commit 8ee335227bbcaf1614124046aa25e53d67b11ec3
+Author: Hugo Lefeuvre <hle@debian.org>
+Date: 2018-12-14 04:58:40 +0100
+
+ convertbmp: detect invalid file dimensions early
+
+ width/length dimensions read from bmp headers are not necessarily
+ valid. For instance they may have been maliciously set to very large
+ values with the intention to cause DoS (large memory allocation, stack
+ overflow). In these cases we want to detect the invalid size as early
+ as possible.
+
+ This commit introduces a counter which verifies that the number of
+ written bytes corresponds to the advertized width/length.
+
+ Fixes #1059 (CVE-2018-6616).
+
+commit e7640f58f122d1228f3d750864543ad4703e18fc
+Merge: e0f5212 05be308
+Author: Even Rouault <even.rouault@mines-paris.org>
+Date: 2018-12-07 21:27:38 +0100
+
+ Merge pull request #1168 from Young-X/fix_dev
+
+ Fix multiple potential vulnerabilities and bugs
+
+commit 05be3084460e46282ee63f04c72c451f3271fd28
+Author: Young Xiao <YangX92@hotmail.com>
+Date: 2018-11-28 14:44:06 +0800
+
+ [JPWL] tgatoimage(): avoid excessive memory allocation attempt,
+ and fixes unaligned load
+
+ Signed-off-by: Young Xiao <YangX92@hotmail.com>
+
+commit bd88611ed9ad7144ec4f3de54790cd848175891b
+Author: Young_X <YangX92@hotmail.com>
+Date: 2018-11-23 17:15:05 +0800
+
+ [JP3D] To avoid divisions by zero / undefined behaviour on shift (CVE-2018-14423
+
+ Signed-off-by: Young_X <YangX92@hotmail.com>
+
+commit ce9583d1d7627e007a34a31ae4e22a00d78bd153
+Author: Young_X <YangX92@hotmail.com>
+Date: 2018-11-23 17:12:06 +0800
+
+ [JPWL] opj_compress: reorder checks related to code block dimensions to avoid potential int overflow
+
+ Signed-off-by: Young_X <YangX92@hotmail.com>
+
+commit c58df149900df862806d0e892859b41115875845
+Author: Young_X <YangX92@hotmail.com>
+Date: 2018-11-23 16:24:19 +0800
+
+ [OPENJP2] change the way to compute *p_tx0, *p_tx1, *p_ty0, *p_ty1 in function
+ opj_get_encoding_parameters
+
+ Signed-off-by: Young_X <YangX92@hotmail.com>
+
+commit c277159986c80142180fbe5efb256bbf3bdf3edc
+Author: Young_X <YangX92@hotmail.com>
+Date: 2018-11-23 16:12:53 +0800
+
+ [MJ2] Avoid index out of bounds access to pi->include[]
+
+ Signed-off-by: Young_X <YangX92@hotmail.com>
+
+commit e0f5212888c0c1abc5e060a75a3a4a5ff99afd1a
+Merge: 92023cd 2e5ab1d
+Author: Even Rouault <even.rouault@mines-paris.org>
+Date: 2018-11-28 00:04:30 +0100
+
+ Merge pull request #1170 from rouault/fix_color_apply_icc_profile
+
+ color_apply_icc_profile: avoid potential heap buffer overflow
+
+commit 2e5ab1d9987831c981ff05862e8ccf1381ed58ea
+Author: Even Rouault <even.rouault@spatialys.com>
+Date: 2018-11-27 23:31:30 +0100
+
+ color_apply_icc_profile: avoid potential heap buffer overflow
+
+ Derived from a patch by Thuan Pham
+
+commit 46822d0eddc3324b2a056bc60ffa997027bebd66
+Author: Young_X <YangX92@hotmail.com>
+Date: 2018-11-23 15:58:23 +0800
+
+ [JPWL] imagetotga(): fix read heap buffer overflow if numcomps < 3 (#987)
+
+ Signed-off-by: Young_X <YangX92@hotmail.com>
+
+commit 619e1b086eaa21ebd9b23eb67deee543b07bf06f
+Author: Young_X <YangX92@hotmail.com>
+Date: 2018-11-23 15:02:26 +0800
+
+ [JPWL] fix CVE-2018-16375
+
+ Signed-off-by: Young_X <YangX92@hotmail.com>
+
+commit c5bd64ea146162967c29bd2af0cbb845ba3eaaaf
+Author: Young_X <YangX92@hotmail.com>
+Date: 2018-11-23 14:47:36 +0800
+
+ [MJ2] To avoid divisions by zero / undefined behaviour on shift
+
+ Signed-off-by: Young_X <YangX92@hotmail.com>
+
+commit 92023cd6c377e0384a7725949b25655d4d94dced
+Merge: c196b23 cab352e
+Author: Even Rouault <even.rouault@mines-paris.org>
+Date: 2018-11-16 09:42:19 +0100
+
+ Merge pull request #1160 from hlef/master
+
+ jp3d/jpwl convert: fix write stack buffer overflow
+
+commit c196b23b90321b5c7e3238294607a2e8626c503f
+Author: ichlubna <43234438+ichlubna@users.noreply.github.com>
+Date: 2018-11-16 09:40:31 +0100
+
+ openjp3d: Int overflow fixed (#1159)
+
+ When compressing a lot of slices (starting from 44 FullHD slices with 3 8bit components in our experiments) the rate values are high enough to cause an int overflow that leads to negative lengths and wrong results. The cast happens too late.
+
+commit cab352e249ed3372dd9355c85e837613fff98fa2
+Author: Hugo Lefeuvre <hle@debian.org>
+Date: 2018-11-07 18:48:29 +0100
+
+ jp2: convert: fix null pointer dereference
+
+ Tile components in a JP2 image might have null data pointer by defining a
+ zero component size (for example using large horizontal or vertical
+ sampling periods). This null data pointer leads to null image component
+ data pointer, causing crash when dereferenced without != null check in
+ imagetopnm.
+
+ Add != null check.
+
+ This commit addresses #1152 (CVE-2018-18088).
+
+commit 0bc90e4062a5f9258c91eca018c019b179066c62
+Author: Hugo Lefeuvre <hle@debian.org>
+Date: 2018-10-22 16:59:41 +0200
+
+ jp3d/jpwl convert: fix write stack buffer overflow
+
+ Missing buffer length formatter in fscanf call might lead to write
+ stack buffer overflow.
+
+ fixes #1044 (CVE-2017-17480)
+
+commit 948332e6ed17565100d1df5f6fdbf66865218e36
Author: Stefan Weil <sw@weilnetz.de>
Date: 2018-10-31 20:44:30 +0100
Update NEWS.md
-commit 0b8903d9ea482d85dcaf8def1ddc41597105b228
-Author: Antonin Descampe <antonin@gmail.com>
-Date: 2017-10-03 17:08:30 -0300
-
- Preparing v2.3.0 release
-
-commit 47b43dbc2bb5a1e6d61bde91e57ccf7191b07616
-Merge: d45ccb0 8ed5886
-Author: Even Rouault <even.rouault@mines-paris.org>
-Date: 2017-09-28 11:24:59 +0200
-
- Merge pull request #1028 from quangnh89/master
-
- update instructions to build with Visual Studio and 64-Bit Visual C++ Toolset.
-
-commit 8ed588608f13af16f63e38267c1d51b124d6d8ad
-Author: Quang Nguyen <quangnh89@gmail.com>
-Date: 2017-09-28 10:00:09 +0700
-
- update instructions to build with Visual Studio and 64-Bit Visual C++ Toolset.
-
-commit d45ccb048bb2166c5d975f4e1b8acaf8ba3d198d
-Merge: 3f0de88 e17bbde
-Author: Antonin Descampe <antonin@descampe.net>
-Date: 2017-09-26 18:30:20 -0300
-
- Merge pull request #1022 from rouault/partial_component_decoding
-
- Add capability to decode only a subset of all components of an image.
-
-commit 3f0de88c7bf4e56826987aa7d3edb5acdd4399f2
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-22 21:43:09 +0200
-
- Remove opjstyle binary that went inadvertently committed in d4e54e9f35d532062533f1d369c159810b01d224 (#1026)
-
-commit 3dfb01228b4f06a538c2a19352e34fd172e20fe3
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-22 12:03:29 +0200
-
- INSTALL.md: add instructions to build with Visual Studio (#1023, from Winfried instructions)
-
-commit e5a561b5d86e6292832a7baefdcdf24e25821ae3
-Merge: 4c8aba2 f92d30f
-Author: Even Rouault <even.rouault@mines-paris.org>
-Date: 2017-09-21 17:39:24 +0200
-
- Merge pull request #1024 from stweil/warnings
-
- Add missing newline at end of file
-
-commit f92d30f9e7340f50294cca438c1fb62fb4fb03dd
-Author: Stefan Weil <sw@weilnetz.de>
-Date: 2017-09-14 22:02:41 +0200
-
- Add missing newline at end of file
-
- This fixes warnings from the clang compiler:
-
- /openjpeg/src/lib/openjp2/sparse_array.h:141:32: warning:
- no newline at end of file [-Wnewline-eof]
-
- Signed-off-by: Stefan Weil <sw@weilnetz.de>
-
-commit 4c8aba2add074c4a8101156037e9ca7051bc4baf
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-21 14:37:01 +0200
-
- Add assertion
-
-commit 113e0976e232ac2110d50405f8629787f3f53cfc
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-21 14:14:32 +0200
-
- Comment dead code (Coverity CID 94681)
-
-commit 39082fc6654553f43f6f3a73e0eeaedebc4bdf9f
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-21 14:13:16 +0200
-
- Workaround Coverity CID 113061
-
-commit 7711307d865d46ca1bb8bb152071178b10066d05
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-21 14:10:49 +0200
-
- Workaround Coverity CID 169392
-
-commit 19e157871ff28bb5e8296f9e9f9aee6a17a37ace
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-21 14:06:03 +0200
-
- opj_j2k_get_default_thread_count(): validate value of OPJ_NUM_THREADS to fix Coverity 179465 and 179463
-
-commit 68e596dada2ee38a66b01494e5a425e623688300
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-21 13:54:14 +0200
-
- Fix copy&paste error (Coverity CID 169394)
-
-commit 16b701659d7d9f72aade1d695818a645e2f603a6
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-20 01:06:02 +0200
-
- opj_decompress: add a warning when -d and -t are used together (#693)
-
-commit b8c4b450c4b5bec649463573f57235c4f41c57cd
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-20 00:55:22 +0200
-
- Use a #define J2K_MAX_POCS 32 to avoid hard-coded constant (#349)
-
-commit 9cba05762ded66b803df94b00adbd5a97727da95
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-20 00:43:54 +0200
-
- Avoid index-out-of-bounds access when invoking opj_compress with -n 11 or higher. But not a proper fix itself (refs #493)
-
-commit 8df07d5866c9e3517bf04a7abee4a07a04735df4
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-19 18:35:52 +0200
-
- Avoid relying on operator precedence (raised by cppcheck)
-
-commit c22ea12219c711031ef9b5823f2d9eb1081261e9
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-19 18:35:31 +0200
-
- Workaroudn cppcheck (correct) warning about same code in then and else branches
-
-commit c84e594cffb181b96f522becf1ba0302e2cc6da7
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-19 18:35:07 +0200
-
- Fix badly named variable in function prototype (raised by cppcheck)
-
-commit e17bbde9066600528ab523adee69d9c9c33ba157
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-19 17:48:07 +0200
-
- opj_set_decoded_components(): add a provision for a apply_color_transforms parameter in case we support it in the future
-
-commit 7e2b6bebff12eab8bdc17fc9af017e8c11652f4f
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-19 16:52:07 +0200
-
- Add capability to decode only a subset of all components of an image.
-
- This adds a opj_set_decoded_components(opj_codec_t *p_codec,
- OPJ_UINT32 numcomps, const OPJ_UINT32* comps_indices) function,
- and equivalent "opj_decompress -c compno[,compno]*" option.
-
- When specified, neither the MCT transform nor JP2 channel transformations
- will be applied.
-
- Tests added for various combinations of whole image vs tiled-based decoding,
- full or reduced resolution, use of decode area or not.
-
-commit ce199f42e77f972d6ee782b63492f6d861891053
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-19 12:48:12 +0200
-
- src/bin/jp3d/convert.c: add missing fclose() in error code path (#1018)
-
...</pre></div>
</body>