Page MenuHomeSolus
Differential D1156

Update openjpeg to 2.3.0
ClosedPublic
Actions

Authored by kyrios123 on Oct 5 2017, 4:34 PM.
Tags
Referenced Files
F11054508: D1156.id.diff
Fri, Aug 11, 12:52 AM
F11054507: D1156.id2797.diff
Fri, Aug 11, 12:52 AM
F11054506: D1156.id6749.diff
Fri, Aug 11, 12:52 AM
F11054505: D1156.id6752.diff
Fri, Aug 11, 12:52 AM
F11038172: D1156.diff
Wed, Aug 9, 10:11 PM
F11015657: D1156.id.diff
Sat, Aug 5, 1:28 PM
F10991262: D1156.id6749.diff
Tue, Jul 25, 12:48 AM
F10982546: D1156.id6752.diff
Sun, Jul 23, 10:56 AM
View All 16 Files
Subscribers
JoshStrobl
sunnyflunk
xulongwu4

Details

Reviewers
JoshStrobl
sunnyflunk
Group Reviewers
Triage Team
Commits
R2244:9865fe2365f0: Update openjpeg to 2.3.0
Summary

Release annoucement here
Include pkgconfig fix from @xulongwu4 (Longwu Ou) in D2622

Signed-off-by: Pierre-Yves <pyu@riseup.net>

Test Plan
$ opj_compress -i tst.png -o output.j2k

[INFO] tile number 1 / 1
[INFO] Generated outfile output.j2k
encode time: 73 ms

Diff Detail

Repository
R2244 openjpeg
Branch
master
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

kyrios123 created this revision.Oct 5 2017, 4:34 PM
Herald added a reviewer: Triage Team. · View Herald TranscriptOct 5 2017, 4:34 PM
kyrios123 added a comment.Oct 5 2017, 4:35 PM

there are certainly some CVE fixes but they didn't mention anything in their changelog

JoshStrobl requested changes to this revision.Oct 9 2017, 12:28 PM
JoshStrobl added a project: Restricted Project.
JoshStrobl added a subscriber: JoshStrobl.

there are certainly some CVE fixes but they didn't mention anything in their changelog

While they didn't list the CVE IDs, they listed the actual messages for it like heap-based buffer overflows. If you run a CVE check against openjpeg 2.2.0 it should give a better idea of the CVEs, but we should get them documented here.

This revision now requires changes to proceed.Oct 9 2017, 12:28 PM
kyrios123 added a comment.Oct 9 2017, 12:34 PM

I don't know if I missed something, but the cve report is empty...

report.html3 KBDownload

JoshStrobl added a comment.Oct 9 2017, 12:49 PM

You are doing that against 2.2.0, right?

report.html7 KBDownload

sunnyflunk added a subscriber: sunnyflunk.Oct 9 2017, 1:00 PM

There were a number of CVE's for 2.2.0 (your flaw is running cvecheck on the 2.3.0 package.yml, where there aren't any CVE's against 2.3.0).

However, this update doesn't fix any published CVE's that weren't fixed in the last snapshot build. Some CVE's were published afterwards (so the CVE's aren't mentioned), but had already been fixed a month earlier.

kyrios123 requested review of this revision.Oct 9 2017, 1:36 PM
kyrios123 edited edge metadata.

Indeed, I ran it against 2.3.0.
So actually it's ready to land then ?

sunnyflunk mentioned this in D2622: Fixing the broken pkgconfig file of openjp2.Apr 14 2018, 4:59 AM
kyrios123 updated this revision to Diff 6749.Apr 15 2018, 8:02 AM
kyrios123 edited the summary of this revision. (Show Details)
kyrios123 added a subscriber: xulongwu4.

Merge D2622 into D1156

sunnyflunk accepted this revision.Apr 15 2018, 1:03 PM

Note that this will break blender from rebuilding without first updating the include dir in the patch to 2.3

This revision was not accepted when it landed; it landed in state Needs Review.Apr 15 2018, 4:30 PM
Closed by commit R2244:9865fe2365f0: Update openjpeg to 2.3.0 (authored by kyrios123). · Explain Why
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
3 lines
6 lines
22 lines

Diff 2797

View Options

abi_symbols

Loading...
View Options

package.yml

Loading...
View Options

pspec_x86_64.xml

Loading...
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.