[openjpeg.git] / abi-check / changelog / openjpeg / current / log.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <meta name="keywords" content="OpenJPEG, current, changes, changelog" />
    <meta name="description" content="Log of changes in the package" />
    <link rel="stylesheet" type="text/css" href="../../../css/common.css" />
    <link rel="stylesheet" type="text/css" href="../../../css/changelog.css" />
    
    
    <title>
        OpenJPEG current: changelog
    </title>
    
    </head>

<body>
<table cellpadding='0' cellspacing='0'><tr><td align='center'><h1 class='tool'><a title='Home: ABI tracker for OpenJPEG' href='../../../timeline/openjpeg/index.html' class='tool'>ABI<br/>Tracker</a></h1></td><td width='30px;'></td><td><h1>(OpenJPEG)</h1></td></tr></table><hr/>
<br/>
<br/>
<h1>Changelog from Git</h1><br/><br/>
<div class='changelog'>
<pre class='wrap'>commit 5875a6b44618fb7dfd5cd6d742533eaee2014060
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2019-10-03 11:04:30 +0200

    opj_tcd_mct_decode()/opj_mct_decode()/opj_mct_encode_real()/opj_mct_decode_real(): proper deal with a number of samples larger than 4 billion (refs #1151)

commit e66125fe260deee49fdf6e9978d9bd29871dd5bb
Merge: 8db9d25 b275196
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2019-09-03 17:03:54 +0200

    Merge pull request #1164 from sebras/master
    
    openjp2/j2k: Report error if all wanted components are not decoded.

commit 8db9d25dcf360528fd1e094e4f9274c0635e90cc
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2019-06-15 09:55:16 +0200

    opj_decompress_fuzzer: remove checks regarding input dimensions (fixes #1079)

commit f4d65783593fd0490e0fdb9f323f2d5aff81a21d
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2019-05-26 11:06:01 +0200

    test_decode_area.c: assign tdy to *ptileh instead of *ptilew (fixes #1195)

commit 9b7620ee7a3d72bfcdbebd78e607c5ee8aa7fade
Merge: 4f447c6 3aef207
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2019-04-26 19:52:52 +0200

    Merge pull request #1185 from Young-X/fix
    
    Fix several potential vulnerabilities

commit 4f447c6e18444a4182f7844d25033861eee8df55
Merge: 5dd75f6 a94cfbd
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2019-04-25 15:32:22 +0200

    Merge pull request #1192 from rouault/poc_fixes
    
    compression: emit POC marker when only one single POC is requested (f…

commit a94cfbd5334922ca5b63cfac9d2e5e0ec98155be
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2019-04-25 14:07:46 +0200

    Change opj_j2k_check_poc_val() to take into account tile number

commit bdec5ae2723369be5abba7aaae398aa4ae3225cc
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2019-04-25 01:29:38 +0200

    Add test for previous commit

commit 6423163141412cb93364de4e33d90bcffefa0885
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2019-04-25 01:27:02 +0200

    Fix POC in multi-tile scenarios: avoid almost endless loop when a tile has no POC settings

commit b86717fdd36b628ea7ecb5c24f7a086bf5bcd3a7
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2019-04-25 00:40:04 +0200

    Add test for previous commit

commit 23883458b9de2c57fc1890b42efbd0832c8fbe3b
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2019-04-25 00:34:44 +0200

    opj_j2k_check_poc_val(): prevent potential write outside of allocated array

commit 6589c609f6d6b3743715fceefbdac6e4ecb76aee
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2019-04-25 00:28:05 +0200

    opj_j2k_check_poc_val(): fix starting index for checking layer dimension
    
    The standard mandates that the layer index always starts at zero for every
    progression.

commit 1e3a57563defb6aa7cf24ffd2394d4a820e13bda
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2019-04-25 00:17:13 +0200

    compression: emit POC marker when only one single POC is requested (fixes #1191)

commit 5dd75f62e20efff9f094fd1dbd0d4d00e8b37689
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2019-04-23 16:52:21 +0200

    j2k.c: use correct naming convention for total_data_size variable

commit 3aef207f90e937d4931daf6d411e092f76d82e66
Author: Young Xiao &lt;YangX92@hotmail.com&gt;
Date:   2019-03-16 20:09:59 +0800

    bmp_read_rle4_data(): avoid potential infinite loop

commit 21399f6b7d318fcdf4406d5e88723c4922202aa3
Author: Young Xiao &lt;YangX92@hotmail.com&gt;
Date:   2019-03-16 19:57:27 +0800

    convertbmp: detect invalid file dimensions early
    
    width/length dimensions read from bmp headers are not necessarily
    valid. For instance they may have been maliciously set to very large
    values with the intention to cause DoS (large memory allocation, stack
    overflow). In these cases we want to detect the invalid size as early
    as possible.
    
    This commit introduces a counter which verifies that the number of
    written bytes corresponds to the advertized width/length.
    
    See commit 8ee335227bbc for details.
    
    Signed-off-by: Young Xiao &lt;YangX92@hotmail.com&gt;

commit d0dd894ae24d0f2f09072adf1b966033dd64672d
Author: Antonin Descampe &lt;antonin@gmail.com&gt;
Date:   2019-04-02 15:37:38 +0200

    Comment back opj_previous_version in abi_check.sh

commit 291e45bb045e63334729ad9a894595f8e1e2b2c7
Author: Antonin Descampe &lt;antonin@gmail.com&gt;
Date:   2019-04-02 15:12:59 +0200

    Update version number for automatic abi check

commit 57096325457f96d8cd07bd3af04fe81d7a2ba788
Author: Antonin Descampe &lt;antonin@gmail.com&gt;
Date:   2019-04-02 14:45:15 +0200

    update token for appveyor auto release

commit 8b9a89bc2e61652d30bbc56673f8f03ef464430f
Author: Antonin Descampe &lt;antonin@gmail.com&gt;
Date:   2019-04-02 14:25:09 +0200

    update token for automatic release

commit d1d422c126cbc2a5435340bd85f4b52ff0477101
Author: Antonin Descampe &lt;antonin@gmail.com&gt;
Date:   2019-04-02 12:08:52 +0200

    Update for release 2.3.1

commit d3b0b8927acf2e050a6379320d36fc3bb3751fe3
Author: Antonin Descampe &lt;info@openjpeg.org&gt;
Date:   2019-04-02 11:03:16 +0200

    Update for release 2.3.1

commit c7798bb0c636c89ab7f0bab4d89e7f0136e0e55a
Author: Antonin Descampe &lt;info@openjpeg.org&gt;
Date:   2019-04-02 11:02:20 +0200

    update for release 2.3.1

commit 8196ab531e79602fe3c947d09d3240c25c358731
Author: Antonin Descampe &lt;info@openjpeg.org&gt;
Date:   2019-04-02 11:00:58 +0200

    Update BUILD version for release 2.3.1

commit 69a7a312dccebc8b5f28f8a5e4a703cb8d447d44
Merge: d6b8aed 5151426
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2019-03-29 12:25:39 +0100

    Merge pull request #1188 from rouault/fix_abi_check
    
    abi-check.sh: fix broken download URL

commit 5151426d6e6f7f0e1ae6f050aaa7cec6bc4ffd08
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2019-03-29 11:53:23 +0100

    abi-check.sh: fix broken download URL

commit d6b8aed5612e6be6d3a4053867fbd2ae0cb7c8af
Merge: 25b815d a1d32a5
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2019-03-29 11:52:38 +0100

    Merge pull request #1187 from rouault/fix_ubsan_in_opj_t1_encode_cblks
    
    opj_t1_encode_cblks: fix UBSAN signed integer overflow

commit a1d32a596a94280178c44a55d7e7f1acd992ed5d
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2019-03-29 11:17:39 +0100

    opj_t1_encode_cblks: fix UBSAN signed integer overflow
    
    Fixes #1053 / CVE-2018-5727
    
    Note: I don't consider this issue to be a security vulnerability, in
    practice.
    At least with gcc or clang compilers on x86_64 which generate the same
    assembly code with or without that fix.

commit 25b815dc460dbf9def7e6b822c8998727094f85a
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2019-03-29 10:44:35 +0100

    Revert "[JPWL] tgatoimage(): avoid excessive memory allocation attempt,"
    
    This reverts commit 05be3084460e46282ee63f04c72c451f3271fd28.
    
    This commit doesn't compile due to missing OPJ_UINT64 type

commit e1740e7ce79d0a1676db4da0f4189b64e85f52cb
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2019-03-29 10:40:58 +0100

    Revert "[MJ2] Avoid index out of bounds access to pi-&gt;include[]"
    
    This reverts commit c277159986c80142180fbe5efb256bbf3bdf3edc.
    
    The commit didn't compile. include_size is not defined in openmj2

commit b2751967ecabf8d8856e85ab91e25d4f235e2eb3
Author: Sebastian Rasmussen &lt;sebras@gmail.com&gt;
Date:   2018-10-31 20:22:11 +0100

    openjp2/j2k: Report error if all wanted components are not decoded.
    
    Previously the caller had to check whether each component data had
    been decoded. This means duplicating the checking in every user of
    openjpeg which is unnecessary. If the caller wantes to decode all
    or a set of, or a specific component then openjpeg ought to error
    out if it was unable to do so.
    
    Fixes #1158.

commit 51f097e6d5754ddae93e716276fe8176b44ec548
Merge: e7640f5 8ee3352
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-12-21 16:41:00 +0100

    Merge pull request #1172 from hlef/master
    
    convertbmp: detect invalid file dimensions early (CVE-2018-6616)

commit 8ee335227bbcaf1614124046aa25e53d67b11ec3
Author: Hugo Lefeuvre &lt;hle@debian.org&gt;
Date:   2018-12-14 04:58:40 +0100

    convertbmp: detect invalid file dimensions early
    
    width/length dimensions read from bmp headers are not necessarily
    valid. For instance they may have been maliciously set to very large
    values with the intention to cause DoS (large memory allocation, stack
    overflow). In these cases we want to detect the invalid size as early
    as possible.
    
    This commit introduces a counter which verifies that the number of
    written bytes corresponds to the advertized width/length.
    
    Fixes #1059 (CVE-2018-6616).

commit e7640f58f122d1228f3d750864543ad4703e18fc
Merge: e0f5212 05be308
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-12-07 21:27:38 +0100

    Merge pull request #1168 from Young-X/fix_dev
    
    Fix multiple potential vulnerabilities and bugs

commit 05be3084460e46282ee63f04c72c451f3271fd28
Author: Young Xiao &lt;YangX92@hotmail.com&gt;
Date:   2018-11-28 14:44:06 +0800

    [JPWL] tgatoimage(): avoid excessive memory allocation attempt,
    and fixes unaligned load
    
    Signed-off-by: Young Xiao &lt;YangX92@hotmail.com&gt;

commit bd88611ed9ad7144ec4f3de54790cd848175891b
Author: Young_X &lt;YangX92@hotmail.com&gt;
Date:   2018-11-23 17:15:05 +0800

     [JP3D] To avoid divisions by zero / undefined behaviour on shift (CVE-2018-14423
    
    Signed-off-by: Young_X &lt;YangX92@hotmail.com&gt;

commit ce9583d1d7627e007a34a31ae4e22a00d78bd153
Author: Young_X &lt;YangX92@hotmail.com&gt;
Date:   2018-11-23 17:12:06 +0800

     [JPWL] opj_compress: reorder checks related to code block dimensions to avoid potential int overflow
    
    Signed-off-by: Young_X &lt;YangX92@hotmail.com&gt;

commit c58df149900df862806d0e892859b41115875845
Author: Young_X &lt;YangX92@hotmail.com&gt;
Date:   2018-11-23 16:24:19 +0800

    [OPENJP2] change the way to compute *p_tx0, *p_tx1, *p_ty0, *p_ty1 in function
    opj_get_encoding_parameters
    
    Signed-off-by: Young_X &lt;YangX92@hotmail.com&gt;

commit c277159986c80142180fbe5efb256bbf3bdf3edc
Author: Young_X &lt;YangX92@hotmail.com&gt;
Date:   2018-11-23 16:12:53 +0800

    [MJ2] Avoid index out of bounds access to pi-&gt;include[]
    
    Signed-off-by: Young_X &lt;YangX92@hotmail.com&gt;

commit e0f5212888c0c1abc5e060a75a3a4a5ff99afd1a
Merge: 92023cd 2e5ab1d
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-11-28 00:04:30 +0100

    Merge pull request #1170 from rouault/fix_color_apply_icc_profile
    
    color_apply_icc_profile: avoid potential heap buffer overflow

commit 2e5ab1d9987831c981ff05862e8ccf1381ed58ea
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2018-11-27 23:31:30 +0100

    color_apply_icc_profile: avoid potential heap buffer overflow
    
    Derived from a patch by Thuan Pham

commit 46822d0eddc3324b2a056bc60ffa997027bebd66
Author: Young_X &lt;YangX92@hotmail.com&gt;
Date:   2018-11-23 15:58:23 +0800

    [JPWL] imagetotga(): fix read heap buffer overflow if numcomps &lt; 3 (#987)
    
    Signed-off-by: Young_X &lt;YangX92@hotmail.com&gt;

commit 619e1b086eaa21ebd9b23eb67deee543b07bf06f
Author: Young_X &lt;YangX92@hotmail.com&gt;
Date:   2018-11-23 15:02:26 +0800

    [JPWL] fix CVE-2018-16375
    
    Signed-off-by: Young_X &lt;YangX92@hotmail.com&gt;

commit c5bd64ea146162967c29bd2af0cbb845ba3eaaaf
Author: Young_X &lt;YangX92@hotmail.com&gt;
Date:   2018-11-23 14:47:36 +0800

    [MJ2] To avoid divisions by zero / undefined behaviour on shift
    
    Signed-off-by: Young_X &lt;YangX92@hotmail.com&gt;

commit 92023cd6c377e0384a7725949b25655d4d94dced
Merge: c196b23 cab352e
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-11-16 09:42:19 +0100

    Merge pull request #1160 from hlef/master
    
    jp3d/jpwl convert: fix write stack buffer overflow

commit c196b23b90321b5c7e3238294607a2e8626c503f
Author: ichlubna &lt;43234438+ichlubna@users.noreply.github.com&gt;
Date:   2018-11-16 09:40:31 +0100

    openjp3d: Int overflow fixed (#1159)
    
    When compressing a lot of slices (starting from 44 FullHD slices with 3 8bit components in our experiments) the rate values are high enough to cause an int overflow that leads to negative lengths and wrong results. The cast happens too late.

commit cab352e249ed3372dd9355c85e837613fff98fa2
Author: Hugo Lefeuvre &lt;hle@debian.org&gt;
Date:   2018-11-07 18:48:29 +0100

    jp2: convert: fix null pointer dereference
    
    Tile components in a JP2 image might have null data pointer by defining a
    zero component size (for example using large horizontal or vertical
    sampling periods). This null data pointer leads to null image component
    data pointer, causing crash when dereferenced without != null check in
    imagetopnm.
    
    Add != null check.
    
    This commit addresses #1152 (CVE-2018-18088).

commit 0bc90e4062a5f9258c91eca018c019b179066c62
Author: Hugo Lefeuvre &lt;hle@debian.org&gt;
Date:   2018-10-22 16:59:41 +0200

    jp3d/jpwl convert: fix write stack buffer overflow
    
    Missing buffer length formatter in fscanf call might lead to write
    stack buffer overflow.
    
    fixes #1044 (CVE-2017-17480)

commit 948332e6ed17565100d1df5f6fdbf66865218e36
Author: Stefan Weil &lt;sw@weilnetz.de&gt;
Date:   2018-10-31 20:44:30 +0100

    Fix some potential overflow issues (#1161)
    
    * Fix some potential overflow issues
    
    Put sizeof to the beginning of the multiplication to enforce that
    size_t instead of smaller integer types is used for the calculation.
    
    This fixes warnings from LGTM:
    
        Multiplication result may overflow 'unsigned int'
        before it is converted to 'unsigned long'.
    
    It also allows removing some type casts.
    
    Signed-off-by: Stefan Weil &lt;sw@weilnetz.de&gt;
    
    * Fix code indentation
    
    Signed-off-by: Stefan Weil &lt;sw@weilnetz.de&gt;

commit e52909f4c7896c5efff3340d707c12d0df55d3f9
Merge: cd900d9 943db0f
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-10-31 20:41:52 +0100

    Merge pull request #1163 from nforro/memory-and-resource-leaks
    
    Fix several memory and resource leaks

commit 943db0f1c28ca6a7df6d18483f97166a03be9bf7
Author: Nikola Forró &lt;nforro@redhat.com&gt;
Date:   2018-10-31 13:39:05 +0100

    Fix several memory and resource leaks
    
    Signed-off-by: Nikola Forró &lt;nforro@redhat.com&gt;

commit cd900d96618ab77e79812db654731dd6b5fc7bd8
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2018-10-18 11:45:45 +0200

    opj_thread_pool_setup(): fix infinite waiting if a thread creation failed

commit 0e6a5553cfef21b764d289585af2c6934a95456b
Merge: 8fc09e5 ca16fe5
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-09-22 23:54:12 +0200

    Merge pull request #1148 from hlef/master
    
    CVE-2018-5785: fix issues with zero bitmasks

commit 8fc09e50e557fa6af4c099b9c6d36bb1071ee1ed
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2018-09-22 23:47:56 +0200

    opj_jp2_apply_pclr(): remove useless assert that can trigger on some files (fixes #1125)

commit aaf48ee6bae91032f025f9ac11592c4085a0d96b
Merge: ee827ad cc38247
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2018-09-22 23:12:50 +0200

    Merge branch 'pr1095'

commit cc3824767bde397fedb8a1ae4786a222ba860c8d
Author: Karol Babioch &lt;kbabioch@suse.de&gt;
Date:   2018-03-02 14:40:58 +0100

    opj_mj2_extract: Check provided output prefix for length
    
    This uses snprintf() with correct buffer length instead of sprintf(), which
    prevents a buffer overflow when providing a long output prefix. Furthermore
    the program exits with an error when the provided output prefix is too long.
    
    Fixes #1088.

commit ee827ad3f32469d4854b2da71c9703a2af359f9f
Merge: 5d94bcd 1eb9a57
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2018-09-22 23:05:54 +0200

    Merge branch 'pr1107'

commit 1eb9a57ac1216209a4d9adf87bc47ba19810d3b3
Author: szukw000 &lt;szukw000@arcor.de&gt;
Date:   2018-03-13 18:11:54 +0100

    opj_mj2_extract: Avoid segfault for long filenames

commit 5d94bcd89c6e281614955c56cbfebb11b866a9dd
Merge: b54c06f 0fa7ebe
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-09-22 22:59:36 +0200

    Merge pull request #1136 from reverson/master
    
    Cast on uint ceildiv

commit b54c06fb350d318c8e74755710b3480eae3b9911
Merge: 17bbb0e 4aaf52e
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-09-22 22:59:17 +0200

    Merge pull request #1119 from stweil/ssize_t
    
    Use local type declaration for POSIX standard type only for MS compiler

commit 17bbb0e23ff03bb722914841a9b962b21fe7a310
Merge: ccc4441 3d6ffaf
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-09-22 22:55:33 +0200

    Merge pull request #1128 from stweil/typos
    
    Fix some typos in code comments and documentation

commit ccc4441aeb7bf4928e55bd543fab8de662f6d5e7
Merge: c6ee006 24fd3ce
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-09-22 22:54:51 +0200

    Merge pull request #1140 from bukatlib/fix_relpath
    
    Relative path to header files is hardcoded in OpenJPEGConfig.cmake.in file

commit c6ee006250b093f443e226288c6c866c5ebe12f5
Merge: 2d28610 98363e2
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-09-22 22:47:27 +0200

    Merge pull request #1141 from szukw000/changes-in-pnmtoimage
    
    Changes in pnmtoimage if image data are missing

commit 2d2861036cfb68560e0cf21340760781ea78595d
Merge: 1b9a81d 31a03b3
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-09-22 22:28:04 +0200

    Merge pull request #1143 from stweil/format
    
    openjp2/jp2: Fix two format strings

commit 1b9a81dff7c22ed0cb22bf1033e6dfee1292da31
Merge: 9d1a9dc c28ed52
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-09-22 22:27:14 +0200

    Merge pull request #1149 from rouault/fix_knownfailures
    
    Update knownfailures- files given current configurations

commit c28ed521633c074f1e4891208028fe97f7602a14
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2018-09-22 21:56:50 +0200

    Update knownfailures- files given current configurations

commit ca16fe55014c57090dd97369256c7657aeb25975
Author: Hugo Lefeuvre &lt;hle@debian.org&gt;
Date:   2018-09-22 14:33:19 -0400

    convertbmp: fix issues with zero bitmasks
    
    In the case where a BMP file declares compression 3 (BI_BITFIELDS)
    with header size &lt;= 56, all bitmask values keep their initialization
    value 0. This may lead to various undefined behavior later e.g. when
    doing 1 &lt;&lt; (l_comp-&gt;prec - 1).
    
    This issue does not affect files with bit count 16 because of a check
    added in 16240e2 which sets default values to the color masks if they
    are all 0.
    
    This commit adds similar checks for the 32 bit case.
    
    Also, if a BMP file declares compression 3 with header size &gt;= 56 and
    intentional 0 bitmasks, the same issue will be triggered in both the
    16 and 32 bit count case.
    
    This commit adds checks to bmp_read_info_header() rejecting BMP files
    with "intentional" 0 bitmasks. These checks might be removed in the
    future when proper handling of zero bitmasks will be available in
    openjpeg2.
    
    fixes #1057 (CVE-2018-5785)

commit 31a03b390a77bfbe4b0f140121d1296acb611f76
Author: Stefan Weil &lt;sw@weilnetz.de&gt;
Date:   2018-09-05 21:51:30 +0200

    openjp2/jp2: Fix two format strings
    
    Compiler warnings:
    
    src/lib/openjp2/jp2.c:1008:35: warning:
     too many arguments for format [-Wformat-extra-args]
    src/lib/openjp2/j2k.c:1928:73: warning:
     format ‘%d’ expects argument of type ‘int’, but argument 4 has type ‘OPJ_OFF_T {aka long int}’ [-Wformat=]
    
    Signed-off-by: Stefan Weil &lt;sw@weilnetz.de&gt;

commit 3d6ffaf3f3463b62830f88f50a8c1b510f555eb5
Author: Stefan Weil &lt;sw@weilnetz.de&gt;
Date:   2018-07-30 21:04:28 +0200

    Fix some typos in code comments and documentation
    
    All typos were found by Codespell.
    
    Signed-off-by: Stefan Weil &lt;sw@weilnetz.de&gt;

commit 98363e244e027c731f73ee8239d3c19451a9153b
Author: szukw000 &lt;szukw000@arcor.de&gt;
Date:   2018-08-31 16:24:41 +0200

    Changes in pnmtoimage if image data are missing

commit 24fd3ce777a64b8b315cfe1ee642ec7b1cc6aa97
Author: Libor Bukata &lt;libor.bukata@oracle.com&gt;
Date:   2018-08-31 12:57:40 +0200

    The change makes a relative path to header files
    always correct regardless of the number of sub-
    directories in OPENJPEG_INSTALL_PACKAGE_DIR variable.

commit 0fa7ebe2540990f590c2247b3505ac1dc84b6eec
Author: Robert Everson &lt;robert@reverson.net&gt;
Date:   2018-08-27 15:28:53 -0700

    Cast on uint ceildiv

commit 9d1a9dc20dd5155bab977a4f53d05c4bbd66533a
Merge: d2205ba 56f23b2
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-08-11 23:35:35 +0200

    Merge pull request #1133 from robe2/robe2-pkgconfig-instructions
    
    Add -DBUILD_PKGCONFIG_FILES to install instructions

commit 56f23b29a075467fc2377ba086c0263a3eb70fe6
Author: Regina Obe &lt;lr@pcorp.us&gt;
Date:   2018-08-11 16:59:30 -0400

    Add -DBUILD_PKGCONFIG_FILES to install instructions
    
    Building under msys/mingw doesn't automatically install the pkg config files needed to build GDAL and other libraries

commit d2205ba2ee78faeea659263383446c4472b1f9df
Merge: fd205f4 4170681
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-06-20 16:26:24 +0200

    Merge pull request #1121 from rouault/fix_tnsot_zero
    
    Fix regression in reading files with TNsot == 0 (refs #1120)

commit 4170681661126bc9c1348a0183633dc2f4fc8b05
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2018-06-20 15:06:16 +0200

    Add test cases for https://github.com/uclouvain/openjpeg/issues/1120 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785

commit 0c913b0aba409148b51ca43d45c50ae595449723
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2018-06-20 14:54:09 +0200

    Avoid assertion when running opj_j2k_merge_ppt() several time due to e6674f7ed66abdb32a0be5944f618722b6a7b5d5 revert. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785

commit 832dfd18665da08745748bde2d2563f00c7cd9e7
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2018-06-20 14:38:41 +0200

    Revert "Avoid assertion in opj_j2k_merge_ppt() in case premature EOC is encountered in opj_j2k_read_tile_header(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785. Credit to OSS Fuzz" (fixes #1120)
    
    This reverts commit 9906fbf737692486cebabe98169988d818e2e66a.
    which broke decoding of images where TNsot == 0

commit 4aaf52ec8d8ec7b94c73f77f9c0029a3d3cabbf9
Author: Stefan Weil &lt;sw@weilnetz.de&gt;
Date:   2018-06-18 14:06:25 +0200

    Use local type declaration for POSIX standard type only for MS compiler
    
    ssize_t is a POSIX type which is declared in POSIX include files.
    Mingw-w64 provides it also for Windows.
    
    Use the local declaration only with MS compilers.
    
    Signed-off-by: Stefan Weil &lt;sw@weilnetz.de&gt;

commit fd205f457b157e925e2a6eb03aba397b45b0ed4e
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2018-06-16 16:17:58 +0200

    opj_compress: try to make help message of -c switch clearer (fixes #1117)

commit 2c7eb4fed9cbed43ae402840f6706998ce2dd1c4
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2018-03-12 14:24:20 +0100

    opj_compress: fix help message regarding default precinct size

commit a59512e0990c5923de77a542a1386edee32acd47
Merge: 3910be8 8ad94f6
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-03-04 23:54:09 +0100

    Merge pull request #1104 from rouault/macos_fix
    
    Fix Mac builds

commit 8ad94f689ecabc5e9058874af42306793d5b93e9
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2018-03-04 23:27:44 +0100

    Fix Mac builds

commit 3910be8a68d21df5f23e764c593058ba35557051
Merge: e98d0a2 cfc5395
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-03-04 23:19:59 +0100

    Merge pull request #1062 from radarhere/master
    
    Fixed typos

commit e98d0a20f049c59ba31a19de2fccfaabdcbce502
Merge: 31a347a d4d7827
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-03-04 23:16:04 +0100

    Merge pull request #1094 from kbabioch/fix/missing-format-string-parameter
    
    mj2: Add missing variable to format string in fprintf() invocation in meta_out.c

commit 31a347a9a04209933c63b180c9ff04bdf8a427e5
Merge: b02e0d9 db6841a
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-03-04 23:13:45 +0100

    Merge pull request #1096 from kbabioch/fix/opj_mj2_extract-help
    
    opj_mj2_extract: Rename output_location to output_prefix

commit b02e0d9c4e746faf7448cb06f0487402dff66083
Merge: 564fbfb e351c22
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-03-04 23:10:48 +0100

    Merge pull request #1101 from kbabioch/fix/jp3d-sprintf-overflow
    
    jp3d: Replace sprintf() by snprintf() in volumetobin()

commit e351c22ee8c4d8cef0f212831a00447bc0400601
Author: Karol Babioch &lt;karol@babioch.de&gt;
Date:   2018-03-03 10:10:32 +0100

    jp3d: Replace sprintf() by snprintf() in volumetobin()
    
    This replaces the unsafe sprintf() invocation by the safer snprintf()
    one, with the correct buffer size to prevent buffer overflows.
    
    This fixes #1085.

commit db6841a099645f5063dc8c2f804b0724a9ea557b
Author: Karol Babioch &lt;kbabioch@suse.de&gt;
Date:   2018-03-02 15:19:19 +0100

    opj_mj2_extract: Rename output_location to output_prefix
    
    This renames the argument in the help output, as the latter better describes
    the the purpose of this argument.

commit d4d78272ebe3b65a22e5c98841d451f2078625fa
Author: Karol Babioch &lt;kbabioch@suse.de&gt;
Date:   2018-03-02 14:03:03 +0100

    mj2: Add missing variable to format string in fprintf() invocation in meta_out.c
    
    This adds the appropriate variables to the invocation of fprintf(). They were
    specified in the format string, but were missing in the actual call. This
    fixes #1074 and #1075.

commit 564fbfb67830e2eb234bc16b3db8fecf54261f95
Merge: bce2bd7 b49fa93
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-02-25 19:59:18 +0100

    Merge pull request #1090 from stweil/utf8
    
    Convert files to UTF-8 encoding

commit bce2bd71c06e3550e57442dfa715fcce5351bc7a
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2018-02-25 19:20:38 +0100

    .travis.yml: temporarily disable OPJ_CI_ASAN=1 (refs #1091)

commit b49fa93aa759cb2e2e22e174ef793470eb02a148
Author: Stefan Weil &lt;sw@weilnetz.de&gt;
Date:   2018-02-24 14:55:33 +0100

    openjp3d: Convert ISO-8859 to UTF-8
    
    Signed-off-by: Stefan Weil &lt;sw@weilnetz.de&gt;

commit 244f52483df75e6507d676b25d31e6e7bf08bdf5
Author: Stefan Weil &lt;sw@weilnetz.de&gt;
Date:   2018-02-24 14:51:28 +0100

    jp3d: Convert ISO-8859 to UTF-8
    
    Signed-off-by: Stefan Weil &lt;sw@weilnetz.de&gt;

commit 90b1bffa7e745c754afb56dc89ccb70f8aeeadcf
Merge: 06f7d41 24d08ff
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-02-25 18:21:23 +0100

    Merge pull request #1080 from setharnold/patch-1
    
    fix unchecked integer multiplication overflow

commit 06f7d412435ddb62f8e9935af7e306783bc4b75b
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2018-02-18 14:38:16 +0100

    bench_dwt: fix wrong index in iteration (issue found by Fethi Migaou)

commit 24d08ff94ad8b0f51534e46f87cf5a2f2f85d22a
Author: setharnold &lt;seth.arnold@gmail.com&gt;
Date:   2018-02-14 17:46:38 -0800

    fix unchecked integer multiplication overflow
    
    Hello, this fixes an unchecked integer multiplication overflow. Thanks.

commit da5e897232ef824daf9a492e746ed22cf2a43f18
Author: Even Rouault &lt;even.rouault@spatialys.com&gt;
Date:   2018-02-11 13:31:04 +0100

    Avoid out-of-bounds write overflow due to uint32 overflow computation on images with huge dimensions. Credit to Google Autofuzz project for providing test case

commit cfc539512a1b138c2feedda9fd2f57d36cdaa0db
Author: Andrew Murray &lt;radarhere@users.noreply.github.com&gt;
Date:   2018-02-09 21:02:25 +1100

    Fixed typos

commit d96d2b9a2524f41a8e024462f94417c09747ba99
Merge: 07d526e 6941bc6
Author: Even Rouault &lt;even.rouault@mines-paris.org&gt;
Date:   2018-02-05 17:31:49 +0100

    Merge pull request #1055 from ideasman42/patch-1
    
    Note that seek uses SEEK_SET behavior.

...</pre></div>

</body>
</html>