Prepare for OpenJPEG v2.5.1 release

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c7f5fb6d3d0c9615ebbb791a9403e8736b21ea5e..5237788888561d7638f4e9680ce4e1a536ab8519 100644 (file)
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,73 @@
 # Changelog
 
+## [v2.5.1](https://github.com/uclouvain/openjpeg/releases/v2.5.1) (2024-02-26)
+
+[Full Changelog](https://github.com/uclouvain/openjpeg/compare/v2.5.0...v2.5.1)
+
+**Closed issues:**
+
+- Exist a undefined-behavior issue in file src/lib/openjp2/dwt.c:2124 [\#1505](https://github.com/uclouvain/openjpeg/issues/1505)
+- Potential double-free vulnerability in j2k.c [\#1498](https://github.com/uclouvain/openjpeg/issues/1498)
+- opj\_compress -I / -mct 0 should conflict each others [\#1485](https://github.com/uclouvain/openjpeg/issues/1485)
+- Exist a undefined-behavior issue in file src/lib/openjp2/tcd.c:2327 [\#1480](https://github.com/uclouvain/openjpeg/issues/1480)
+- OOM in opj\_decompress [\#1476](https://github.com/uclouvain/openjpeg/issues/1476)
+- v2.5.0 cannot be built successfully on aarch64 CentOS machine [\#1475](https://github.com/uclouvain/openjpeg/issues/1475)
+- \[ Heap Overflow \] opj\_decompress [\#1473](https://github.com/uclouvain/openjpeg/issues/1473)
+- Possible bug reading JP2 as grayscale when should be in color [\#1464](https://github.com/uclouvain/openjpeg/issues/1464)
+- Crashes due to internal bad memory references when using reduce on a truncated file. [\#1459](https://github.com/uclouvain/openjpeg/issues/1459)
+- No error.h \(non standard compliant\) [\#1453](https://github.com/uclouvain/openjpeg/issues/1453)
+- JP2 File incorrectly decompressed to noise [\#1447](https://github.com/uclouvain/openjpeg/issues/1447)
+- UB in tcd.c opj\_tcd\_dc\_level\_shift\_decode - pointer arithmetic on NULL pointer [\#1445](https://github.com/uclouvain/openjpeg/issues/1445)
+- UB in ht\_dec.c opj\_t1\_ht\_decode\_cblk - memcpy invoked on NULL pointer [\#1444](https://github.com/uclouvain/openjpeg/issues/1444)
+- Integer Overflow in `src/lib/openjp2/image.c` [\#1438](https://github.com/uclouvain/openjpeg/issues/1438)
+- Integer-overflow · opj\_t1\_encode\_cblk  [\#1432](https://github.com/uclouvain/openjpeg/issues/1432)
+- OSX m1 v2.5.0 build fail [\#1430](https://github.com/uclouvain/openjpeg/issues/1430)
+- Pixel value could be changed by 0-4 after compression and decompression [\#1429](https://github.com/uclouvain/openjpeg/issues/1429)
+- Cannot determine library version at compile time [\#1428](https://github.com/uclouvain/openjpeg/issues/1428)
+- ARM builds on Windows unsupported with Version 2.5.0 [\#1422](https://github.com/uclouvain/openjpeg/issues/1422)
+- opj\_decompress heap overflow Denial of Service issue [\#1413](https://github.com/uclouvain/openjpeg/issues/1413)
+- Color chanel swapping for some JPEG2000 pictures [\#1382](https://github.com/uclouvain/openjpeg/issues/1382)
+- Heap-buffer-overflow in color.c:379:42 in sycc420\_to\_rgb [\#1347](https://github.com/uclouvain/openjpeg/issues/1347)
+- No colorspace information after opj\_read\_header [\#570](https://github.com/uclouvain/openjpeg/issues/570)
+
+**Merged pull requests:**
+
+- opj\_t2\_read\_packet\_header\(\): avoid unsigned integer overflow [\#1511](https://github.com/uclouvain/openjpeg/pull/1511) ([rouault](https://github.com/rouault))
+- opj\_dwt\_decode\_tile\(\): avoid potential UndefinedBehaviorSanitizer 'applying zero offset to null pointer' \(fixes \#1505\) [\#1510](https://github.com/uclouvain/openjpeg/pull/1510) ([rouault](https://github.com/rouault))
+- opj\_decompress: fix off-by-one read heap-buffer-overflow in sycc420\_to\_rgb\(\) when x0 and y0 are odd \(CVE-2021-3575, fixes \#1347\) [\#1509](https://github.com/uclouvain/openjpeg/pull/1509) ([rouault](https://github.com/rouault))
+- Always install pkgconfig files [\#1507](https://github.com/uclouvain/openjpeg/pull/1507) ([kmilos](https://github.com/kmilos))
+- CMake: drop support for cmake \< 3.5 [\#1503](https://github.com/uclouvain/openjpeg/pull/1503) ([domin144](https://github.com/domin144))
+- Fix compiler error on Windows [\#1502](https://github.com/uclouvain/openjpeg/pull/1502) ([scaramallion](https://github.com/scaramallion))
+- opj\_tcd\_dc\_level\_shift\_decode\(\): avoid increment nullptr \(fixes \#1480\) [\#1496](https://github.com/uclouvain/openjpeg/pull/1496) ([rouault](https://github.com/rouault))
+- Fix CI [\#1495](https://github.com/uclouvain/openjpeg/pull/1495) ([rouault](https://github.com/rouault))
+- suppress warning during build using clang [\#1494](https://github.com/uclouvain/openjpeg/pull/1494) ([tomoaki0705](https://github.com/tomoaki0705))
+- Add cmake version file [\#1493](https://github.com/uclouvain/openjpeg/pull/1493) ([domin144](https://github.com/domin144))
+- fix ht\_dec.c:1215 [\#1492](https://github.com/uclouvain/openjpeg/pull/1492) ([headshog](https://github.com/headshog))
+- Integer Overflow at j2k.c:11114 [\#1491](https://github.com/uclouvain/openjpeg/pull/1491) ([headshog](https://github.com/headshog))
+- Integer Overflow at j2k.c:3962 [\#1490](https://github.com/uclouvain/openjpeg/pull/1490) ([headshog](https://github.com/headshog))
+- Fixed typos [\#1486](https://github.com/uclouvain/openjpeg/pull/1486) ([radarhere](https://github.com/radarhere))
+- Require `stdint.h` & `inttypes.h` [\#1484](https://github.com/uclouvain/openjpeg/pull/1484) ([mayeut](https://github.com/mayeut))
+- fix: use `opj_uint_ceildiv` instead of `opj_int_ceildiv` when necessary [\#1482](https://github.com/uclouvain/openjpeg/pull/1482) ([mayeut](https://github.com/mayeut))
+- ht\_dec.c: Improve MSVC arm64 popcount performance [\#1479](https://github.com/uclouvain/openjpeg/pull/1479) ([PeterJohnson](https://github.com/PeterJohnson))
+- opj\_jp2\_read\_header\(\): move setting color\_space here instead in opj\_jp2\_decode\(\)/get\_tile\(\) \(fixes \#570\) [\#1463](https://github.com/uclouvain/openjpeg/pull/1463) ([rouault](https://github.com/rouault))
+- CMake: error out on warnings for strict/missing prototypes. [\#1462](https://github.com/uclouvain/openjpeg/pull/1462) ([sebras](https://github.com/sebras))
+- Fix CI [\#1461](https://github.com/uclouvain/openjpeg/pull/1461) ([rouault](https://github.com/rouault))
+- opj\_t2\_skip\_packet\_data\(\): avoid out-of-bounds reads on truncated images in non-strict mode \(fixes \#1459\) [\#1460](https://github.com/uclouvain/openjpeg/pull/1460) ([rouault](https://github.com/rouault))
+- Fix \#1424 [\#1456](https://github.com/uclouvain/openjpeg/pull/1456) ([autoantwort](https://github.com/autoantwort))
+- openjp2/j2k: replace sprintf calls with snprintf [\#1450](https://github.com/uclouvain/openjpeg/pull/1450) ([markmentovai](https://github.com/markmentovai))
+- Fix incorrect decoding of image with large number of progression levels [\#1448](https://github.com/uclouvain/openjpeg/pull/1448) ([rouault](https://github.com/rouault))
+- Fix Heap-buffer-overflow READ in opj\_jp2\_apply\_pclr [\#1441](https://github.com/uclouvain/openjpeg/pull/1441) ([sashashura](https://github.com/sashashura))
+- Significant speed-up rate allocation by rate/distoratio ratio [\#1440](https://github.com/uclouvain/openjpeg/pull/1440) ([rouault](https://github.com/rouault))
+- Make OpenJPEGConfig.cmake relocatable with CMake \> 3.0 [\#1439](https://github.com/uclouvain/openjpeg/pull/1439) ([arichardson](https://github.com/arichardson))
+- Replace the assert in mel\_init to an if statement to address an issue with fuzzing. [\#1436](https://github.com/uclouvain/openjpeg/pull/1436) ([aous72](https://github.com/aous72))
+- opj\_t1\_encode\_cblk\(\): avoid undefined behaviour on fuzzed input \(fixes \#1432\) [\#1433](https://github.com/uclouvain/openjpeg/pull/1433) ([rouault](https://github.com/rouault))
+- Build: fix linking of executables on some systems where TIFF/LCMS2 static libraries are not in system directories \(fixes \#1430\) [\#1431](https://github.com/uclouvain/openjpeg/pull/1431) ([rouault](https://github.com/rouault))
+- Fix opj\_t1\_allocate\_buffers malloc size error [\#1426](https://github.com/uclouvain/openjpeg/pull/1426) ([zodf0055980](https://github.com/zodf0055980))
+- Switch to GNUInstallDirs \[v2\] [\#1424](https://github.com/uclouvain/openjpeg/pull/1424) ([laumann](https://github.com/laumann))
+- Fix windows arm builds [\#1423](https://github.com/uclouvain/openjpeg/pull/1423) ([Neumann-A](https://github.com/Neumann-A))
+- pkgconfig: Define OPJ\_STATIC for static linking with pkgconf [\#1421](https://github.com/uclouvain/openjpeg/pull/1421) ([Biswa96](https://github.com/Biswa96))
+
+
 ## [v2.5.0](https://github.com/uclouvain/openjpeg/releases/v2.5.0) (2022-05-13)
 
 [Full Changelog](https://github.com/uclouvain/openjpeg/compare/v2.4.0...v2.5.0)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 7e64aee1834ac76e82c5c52e4bb85d5c12a56d42..127d34f034cb7e572ce1b877d6fbb0d6923ea07a 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -26,7 +26,7 @@ include_regular_expression("^.*$")
 # OPENJPEG version number, useful for packaging and doxygen doc:
 set(OPENJPEG_VERSION_MAJOR 2)
 set(OPENJPEG_VERSION_MINOR 5)
-set(OPENJPEG_VERSION_BUILD 0)
+set(OPENJPEG_VERSION_BUILD 1)
 set(OPENJPEG_VERSION
   "${OPENJPEG_VERSION_MAJOR}.${OPENJPEG_VERSION_MINOR}.${OPENJPEG_VERSION_BUILD}")
 set(PACKAGE_VERSION
@@ -52,6 +52,7 @@ set(PACKAGE_VERSION
 #   2.3.1 |  7
 #   2.4.0 |  7
 #   2.5.0 |  7
+#   2.5.1 |  7
 # above is the recommendation by the OPJ team. If you really need to override this default,
 # you can specify your own OPENJPEG_SOVERSION at cmake configuration time:
 # cmake -DOPENJPEG_SOVERSION:STRING=42 /path/to/openjpeg

diff --git a/HOWTO-RELEASE b/HOWTO-RELEASE
index fc75cebcb41d394c2f1c9bfed0093f4b110c29e4..74c3b57fcc6314088b556d6351bb74fa66880a3e 100644 (file)
--- a/HOWTO-RELEASE
+++ b/HOWTO-RELEASE
@@ -3,9 +3,10 @@ Check-list OpenJPEG Release
 * update MAJOR, MINOR, BUILD, SOVERSION in CMakeLists.txt
 * update MAJOR, MINOR, BUILD in appveyor.yml
 * update CHANGELOG with
-`github_changelog_generator --token TOKEN_HERE --exclude-labels gcode_fixed,OpjVersion-1.x --release-url "https://github.com/uclouvain/openjpeg/releases/%s" --since-tag v2.3.1 --future-release v2.4.0 --output append2changelog.md --user uclouvain --project openjpeg --exclude-tags version.1.0` . TOKEN_HERE is created at https://github.com/settings/tokens
+`github_changelog_generator --token TOKEN_HERE --exclude-labels gcode_fixed,OpjVersion-1.x --release-url "https://github.com/uclouvain/openjpeg/releases/%s" --since-tag v2.5.0 --future-release v2.5.1 --output append2changelog.md --user uclouvain --project openjpeg --exclude-tags version.1.0` . TOKEN_HERE is created at https://github.com/settings/tokens
 * update NEWS.md
-* git tag -a v2.4.0 -m "OpenJPEG v2.4.0 release"
+* git commit -a -m "Prepare for OpenJPEG v2.5.1 release"
+* git tag -a v2.5.1 -m "OpenJPEG v2.5.1 release"
 * git push origin --tags
 * add post to OpenJPEG website in gh-pages branch in _posts/ subdirectory. See commit https://github.com/uclouvain/openjpeg/commit/6563d704f5fb896209dd862ccfc6b97eb9183c5c
 * change binversion of openjpeg website in _config.yml in gh-pages branch

diff --git a/NEWS.md b/NEWS.md
index 9aadb9c8a4377390a68a1dceba13df92529eb1ff..5f9b11fa018275b04741e6c8b2fa37417915a94e 100644 (file)
--- a/NEWS.md
+++ b/NEWS.md
@@ -2,6 +2,14 @@
 
 More details in the [CHANGELOG](https://github.com/uclouvain/openjpeg/blob/master/CHANGELOG.md)
 
+## OpenJPEG 2.5.1 (Feb 2024)
+
+No API/ABI break compared to v2.5.0
+
+* CMake: drop support for cmake < 3.5
+* Several bugfixes, including [\#1509](https://github.com/uclouvain/openjpeg/pull/1509) for CVE-2021-3575
+* Significant speed-up rate allocation by rate/distoratio ratio [\#1440](https://github.com/uclouvain/openjpeg/pull/1440)
+
 ## OpenJPEG 2.5.0 (May 2022)
 
 No API/ABI break compared to v2.4.0, but additional symbols for subset of components decoding (hence the MINOR version bump).

diff --git a/appveyor.yml b/appveyor.yml
index 04502a8c1f88b7fe391de11d9d0f121b011de539..744226eb53a0e2329ed28ea8d94390954c3af34d 100644 (file)
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -1,4 +1,4 @@
-version: 2.5.0.{build}
+version: 2.5.1.{build}
 branches:
   except:
   - coverity_scan