Bug#862727: RFP: libjasper -- JasPer JPEG-2000 runtime library
On Tue, 16 May 2017 11:40:41 +0200 Adam Cecile wrote: > Package: wnpp > Severity: wishlist > X-Debbugs-CC: debian-de...@lists.debian.org > > Package name: libjasper > Version: 2.0.12 > Upstream: Michael David Adams > License: JasPer License > Description: This package has been scheduled for removal after Stretch > release but is very important to me ... For what it's worth: JasPer upstream has recently been revived: https://github.com/jasper-software/jasper/issues/208 signature.asc Description: This is a digitally signed message part.
Bug#862727: RFP: libjasper -- JasPer JPEG-2000 runtime library
Hi, Thanks for the feedback. I think the CVEs have been addressed upstream but ofc, it has to be verified first. Btw, I'not involved at all in OpenCV so sadly, my biggest concern is to have a working python3 OpenCV package... Regards, Adam. On 05/16/2017 12:05 PM, Mathieu Malaterre wrote: Hi, On Tue, May 16, 2017 at 11:40 AM, Adam Cecilewrote: Package: wnpp Severity: wishlist X-Debbugs-CC: debian-de...@lists.debian.org Package name: libjasper Just keep the old naming convention please: 'jasper'. Version: 2.0.12 Upstream: Michael David Adams License: JasPer License Description: This package has been scheduled for removal after Stretch release but is very important to me as it can be used to add JPEG 2000 to OpenCV (many satellite images comes as JPEG 2000). The new upstream on GitHub provides frequent updates as well as a decent CMake build system so I see no reason to not get it back in the archive :) At the very least you'll need to address the old CVEs in that case: https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no=jasper - CVE-2016-8693 - CVE-2016-8691 - CVE-2016-8692 - CVE-2016-8690 I personally fought against having duplicate JPEG 2000 libraries in Debian (esp. since jasper seems dead upstream). I still believe you should invest some time in replace jasper with OpenJPEG throughout your OpenCV codebase, since OpenJPEG is used to manipulate satellite image in professional environment. 2cts -M
Bug#862727: RFP: libjasper -- JasPer JPEG-2000 runtime library
Hi, On Tue, May 16, 2017 at 11:40 AM, Adam Cecilewrote: > Package: wnpp > Severity: wishlist > X-Debbugs-CC: debian-de...@lists.debian.org > > Package name: libjasper Just keep the old naming convention please: 'jasper'. > Version: 2.0.12 > Upstream: Michael David Adams > License: JasPer License > Description: This package has been scheduled for removal after Stretch > release but is very important to me as it can be used to add JPEG 2000 to > OpenCV (many satellite images comes as JPEG 2000). The new upstream on > GitHub provides frequent updates as well as a decent CMake build system so I > see no reason to not get it back in the archive :) At the very least you'll need to address the old CVEs in that case: https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no=jasper - CVE-2016-8693 - CVE-2016-8691 - CVE-2016-8692 - CVE-2016-8690 I personally fought against having duplicate JPEG 2000 libraries in Debian (esp. since jasper seems dead upstream). I still believe you should invest some time in replace jasper with OpenJPEG throughout your OpenCV codebase, since OpenJPEG is used to manipulate satellite image in professional environment. 2cts -M
Bug#862727: RFP: libjasper -- JasPer JPEG-2000 runtime library
Package: wnpp Severity: wishlist X-Debbugs-CC: debian-de...@lists.debian.org Package name: libjasper Version: 2.0.12 Upstream: Michael David Adams License: JasPer License Description: This package has been scheduled for removal after Stretch release but is very important to me as it can be used to add JPEG 2000 to OpenCV (many satellite images comes as JPEG 2000). The new upstream on GitHub provides frequent updates as well as a decent CMake build system so I see no reason to not get it back in the archive :) In the meanwhile, I made my own package to rebuild OpenCV and it's available here: https://cloud.le-vert.net/index.php/s/2Ci3X1ARrZiONK4 I could easily finish the package to get it in a perfect state but are no DM and got no sponsor so if someone is interrested in uploading the package for me, just drop me a mail and I'll make a proper release. Best regards, Adam.