forked from jasper-software/jasper
-
Notifications
You must be signed in to change notification settings - Fork 1
/
NEWS
194 lines (142 loc) · 5.98 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
2.0.32 (2021-04-18)
===================
* Test release performed with GitHub Actions.
2.0.29 (2021-04-16)
===================
* Loosen some overly tight restrictions on JP2 codestreams, which caused
some valid codestreams to be rejected. (#289)
2.0.28 (2021-03-29)
===================
* Fix potential null pointer dereference in the JP2/JPC decoder. (#269)
* Fix ignoring of JAS_STREAM_FILEOBJ_NOCLOSE at stream close time. (#286)
* Fix integral type sizing problem in JP2 codec. (#284)
2.0.27 (2021-03-18)
===================
* Check for an image containing no samples in the PGX
decoder. (#271, #272, #273, #274, #275, #276, #281)
* Check for dimensions of zero in the JPC and JPEG decoders.
* Fix an arguably incorrect type for an integer literal
in the PGX decoder. (#270)
* Check for an invalid component reference in the
JP2 decoder. (#269)
* Check on integer size in JP2 decoder. (#278)
2.0.26 (2021-03-05)
===================
* Fix JP2 decoder bug that can cause a null pointer dereference for
some invalid CDEF boxes. (#268) (CVE-2021-3467)
2.0.25 (2021-02-07)
===================
* Fix memory-related bugs in the JPEG-2000 codec resulting from
attempting to decode invalid code streams. (#264, #265)
This fix is associated with CVE-2021-26926 and CVE-2021-26927.
* Fix wrong return value under some compilers (#260)
* Fix CVE-2021-3272 heap buffer overflow in jp2_decode (#259)
2.0.24 (2021-01-03)
===================
* Add JAS_VERSION_MAJOR, JAS_VERSION_MINOR, JAS_VERSION_PATCH
for easier access to the JasPer version.
* Fixes stack overflow bug on Windows, where variable-length
arrays are not available. (#256)
2.0.23 (2020-12-08)
===================
* Fix CVE-2020-27828, heap-overflow in cp_create() in jpc_enc.c
https://github.com/jasper-software/jasper/issues/252
2.0.22 (2020-10-05)
===================
* Update manual
* Remove JPEG dummy codec. Jasper needs libjpeg for JPEG support
* Fix test suite build failure regarding disabled MIF codec (#249)
* Fix OpenGL/glut detection (#247)
2.0.21 (2020-09-20)
===================
* Fix ZDI-15-529
https://github.com/jasper-software/jasper/pull/245
* Fix CVE-2018-19541 in decoder
https://github.com/jasper-software/jasper/pull/244
2.0.20 (2020-09-05)
===================
* Fix several ISO/IEC 15444-4 conformance bugs
* Fix new variant of CVE-2016-9398
* Disable the MIF codec by default for security reasons (but it is still
included in the library);
in a future release, the MIF codec may also be excluded from the
library by default
* Add documentation for the I/O streams library API
2.0.19 (2020-07-11)
===================
* Fix CVE-2018-9154
https://github.com/jasper-software/jasper/issues/215
https://github.com/jasper-software/jasper/issues/166
https://github.com/jasper-software/jasper/issues/175
https://github.com/jasper-maint/jasper/issues/8
* Fix CVE-2018-19541 in encoder
https://github.com/jasper-software/jasper/pull/199
https://github.com/jasper-maint/jasper/issues/6
* Fix CVE-2016-9399, CVE-2017-13751
https://github.com/jasper-maint/jasper/issues/1
* Fix CVE-2018-19540
https://github.com/jasper-software/jasper/issues/182
https://github.com/jasper-maint/jasper/issues/22
* Fix CVE-2018-9055
https://github.com/jasper-maint/jasper/issues/9
* Fix CVE-2017-13748
https://github.com/jasper-software/jasper/issues/168
* Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505
https://github.com/jasper-maint/jasper/issues/3
https://github.com/jasper-maint/jasper/issues/4
https://github.com/jasper-maint/jasper/issues/5
https://github.com/jasper-software/jasper/issues/88
https://github.com/jasper-software/jasper/issues/89
https://github.com/jasper-software/jasper/issues/90
* Fix CVE-2018-9252
https://github.com/jasper-maint/jasper/issues/16
* Fix CVE-2018-19139
https://github.com/jasper-maint/jasper/issues/14
* Fix CVE-2018-19543, CVE-2017-9782
https://github.com/jasper-maint/jasper/issues/13
https://github.com/jasper-maint/jasper/issues/18
https://github.com/jasper-software/jasper/issues/140
https://github.com/jasper-software/jasper/issues/182
* Fix CVE-2018-20570
https://github.com/jasper-maint/jasper/issues/11
https://github.com/jasper-software/jasper/issues/191
* Fix CVE-2018-20622
https://github.com/jasper-maint/jasper/issues/12
https://github.com/jasper-software/jasper/issues/193
* Fix CVE-2016-9398
https://github.com/jasper-maint/jasper/issues/10
* Fix CVE-2017-14132
https://github.com/jasper-maint/jasper/issues/17
* Fix CVE-2017-5499
https://github.com/jasper-maint/jasper/issues/2
https://github.com/jasper-software/jasper/issues/63
* Fix CVE-2018-18873
https://github.com/jasper-maint/jasper/issues/15
https://github.com/jasper-software/jasper/issues/184
* Fix https://github.com/jasper-software/jasper/issues/207
* Fix https://github.com/jasper-software/jasper/issues/194 part 1
* Fix CVE-2017-13750
https://github.com/jasper-software/jasper/issues/165
https://github.com/jasper-software/jasper/issues/174
* New option -DJAS_ENABLE_HIDDEN=true to not export internal symbols in the public symbol table
* Fix various memory leaks
* Plenty of code cleanups, and performance improvements
* Some macros were changed to inline functions. This has to potential to
impact some code that made assumptions about the implementation. Some
potentially impacted macros include:
jas_matrix_numrows, jas_matrix_numcols
jas_matrix_get
jas_seq_get, jas_seq_start, jas_seq_end
jpc_ms_gettype
jas_matrix_set and jas_seq_set is affected differently; the old macro was
an actual expression returning the value, while the new function does not.
The following macros have been changed, too, but are likely not
affected, since they have been an rvalue-expression anyway:
JP2_DTYPETOBPC, JP2_BPCTODTYPE
JAS_IMAGE_CDT_{SETSGND,GETSGND,SETPREC,GETPREC}
jas_image_cmptdtype
macros from here
jas_matrix_setv, jas_matrix_getvref
jas_matrix_bind{row,col}
the jpc_fix_ family
the JPC_QCX and JPC_COX families