This repository has been archived by the owner on Sep 17, 2023. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update openjpeg to 2.2.0 to address multiple CVEs
Summary: This new release includes a significant number of improvements and bug fixes. In particular: - Multi-threading support at decoding side - Several speed optimisations both at encoder and decoder, and both on Wavelet Transform and Entropy Coding parts. On our test set, a single-threaded execution is now around 20% faster (encoding or decoding). - Huge memory consumption reduction at decoding side (~60% reduction on large images) - Several important bug fixes, in particular the one that was preventing OpenJPEG to encode lossless in some specific situations, as well as those related to mode switches (BYPASS/LAZY, RESTART/TERMALL, etc). - Several security fixes thanks to the inclusion of OpenJPEG in the Google OSS Fuzz project. Beside that, several improvements have been brought to the project maintenance, like inclusion of benchmarking scripts to compare speed with latest available kakadu binaries. Security fixes: - CVE-2016-5139, CVE-2016-5152, CVE-2016-5158, CVE-2016-5159 [#854](uclouvain/openjpeg#854) - CVE-2016-1626 and CVE-2016-1628 [#850](uclouvain/openjpeg#850) For more info check the [NEWS](https://github.com/uclouvain/openjpeg/blob/v2.2.0/NEWS.md) and the [Changelog](https://github.com/uclouvain/openjpeg/blob/v2.2.0/CHANGELOG.md) Signed-off-by: Pierre-Yves <pyu@riseup.net> Test Plan: ``` $ opj_compress -i test.png -o test.j2k [INFO] tile number 1 / 1 [INFO] Generated outfile test.j2k encode time: 283 ms ``` Reviewers: #triage_team, JoshStrobl Reviewed By: #triage_team, JoshStrobl Subscribers: sunnyflunk, JoshStrobl Tags: #security Differential Revision: https://dev.solus-project.com/D794
- Loading branch information