Hi all, On Mon, Oct 18, 2021 at 5:35 AM Norbert Preining <norb...@preining.info> wrote: > > Hi all, > > sending everyone that discussed on the bug an email. > > Since version 2.0.19 (2020-07-11) libjasper is now reasonably active > maintained and CVEs have been dealt with. > > For support in some KDE/Plasma packages I have revived/made some > packaging of the current version (2.0.33, from 2021-08-01). > > Adam, are you still interested in getting this back into Debian? > Any other comment? > > BTW, my source package are built on OBS: > https://build.opensuse.org/package/show/home:npreining:debian-kde:other-deps/jasper
In case this was missed in the original thread. The reason why I switched from jasper to openjpeg was mainly because of: * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681234 I do not know if this has been fixed upstream since. In any case: imagemagick, poppler and gdcm have all switched to openjpeg 2.x ABI (see usertag: stretch2000). I believe chrome is also using openjpeg for the PDF support. I see that opencv has support for openjpeg: * https://github.com/opencv/opencv/blob/master/modules/imgcodecs/src/grfmt_jpeg2000_openjpeg.cpp Technically opencv is built against gdcm, so openjpeg is already a dependency of opencv in Debian. Things may have changed a bit, but I believe openjpeg supports decoding by tile (I believe jasper required the entire image in memory). I do not mind having another jpeg 2000 implementation in Debian, but keep in mind that those low level imaging libraries have all sort of potential CVEs attached to them. Would be nice to include the KDE rationale for picking jasper over openjpeg, maybe there is a particular feature that is missing, that may convince debian-security team to help with maintenance. 2cts -M
