Bug 1088621

Summary: OpenJPEG 1.5.2 has been released
Product: [Fedora] Fedora Reporter: Account closed by the user <b38617>
Component: openjpegAssignee: Jaromír Cápík <jcapik>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 20CC: jcapik, oliver, ovasik, rdieter
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1138141 (view as bug list) Environment:
Last Closed: 2014-11-16 10:10:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Account closed by the user 2014-04-16 21:34:04 UTC 
OpenJPEG NEWS - user visible changes
====================================

Changes from OpenJPEG 1.5.2 to OpenJPEG 1.5.1
----------------------------------------------

Security:

    * Fixes: CVE-2013-4289 CVE-2013-4290
    * Fixes: CVE-2013-1447 CVE-2013-6045 CVE-2013-6052 CVE-2013-6054 CVE-2013-6053 CVE-2013-6887

New Features:

    * Compile Java with source/target specific java version
    * Do not set SONAME for Java module, fix linking (missing math lib)
    * Support some BMP/RGB8 files
    * Fix compilation on ARM

Misc:

    * Remove BSD-4 license from getopt copy, since upstream switched to BSD-3
    * Support compilation against system installed getopt
    * Fix Big Endian checking (autotools)
    * Huge amount of bug fixes. See CHANGES for details.


Changelog at: https://openjpeg.googlecode.com/svn/tags/version.1.5.2/CHANGES
Comment 1 Rex Dieter 2014-04-17 11:40:55 UTC 

*** This bug has been marked as a duplicate of bug 1088885 ***
Comment 2 Rex Dieter 2014-08-11 12:32:48 UTC 
Heh, the other bug started tracking openjpeg2 , re-opening this one for openjpeg(1) on f20:

$ koji latest-pkg f20-updates openjpeg openjpeg2
Build                                     Tag                   Built by
----------------------------------------  --------------------  ----------------
openjpeg-1.5.1-8.fc20                     f20-updates           rdieter
openjpeg2-2.0.1-1.fc20                    f20-updates           smani

Be mindful, that fedora's existing openjpeg-1.5.1 packaging has already been patched for all the aforementioned CVE/security issues.
Comment 3 Jaromír Cápík 2014-08-13 17:11:51 UTC 
I think we could update rawhide without worries. Gonna do that.
Comment 4 Account closed by the user 2014-09-30 08:33:48 UTC 
(In reply to Jaromír Cápík from comment #3)

> I think we could update rawhide without worries. Gonna do that.

1.5.1 -> 1.5.2 should be safe: http://upstream-tracker.org/versions/openjpeg.html