Hi Cyrille See below.
On Fri, 12 Apr 2024 at 10:44, Cyrille Bollu <cyri...@bollu.be> wrote: > > > >Thank you! Do you mean that freeimage copy in those files during the > >build process? > > If you download the tarball at > https://freeimage.sourceforge.io/download.html you'll find that the, > once unzipped, it contains a 'Source/LibOpenJPEG' folder that contains > about the same files as > https://github.com/uclouvain/openjpeg/tree/master/src/lib/openjp2, > though older. I see. The thing is that if you take the buster version that is not the case. ola@buster-lts:~/build/freeimage-3.18.0+ds2$ ls Source/LibOpenJPEG ls: cannot access 'Source/LibOpenJPEG': No such file or directory ola@buster-lts:~/build/freeimage-3.18.0+ds2$ find | grep -i open ./Examples/OpenGL ./Examples/OpenGL/TextureManager ./Examples/OpenGL/TextureManager/readme.txt ./Examples/OpenGL/TextureManager/TextureManager.h ./Examples/OpenGL/TextureManager/TextureManager.cpp ola@buster-lts:~/build/freeimage-3.18.0+ds2$ find | grep -i jpeg ./Wrapper/FreeImage.NET/cs/Library/Enumerations/FREE_IMAGE_JPEG_OPERATION.cs ./.pc/Disable-testing-of-JPEG-transform.patch ./.pc/Disable-testing-of-JPEG-transform.patch/TestAPI ./.pc/Disable-testing-of-JPEG-transform.patch/TestAPI/testJPEG.cpp ./.pc/Disable-vendored-dependencies.patch/Source/FreeImage/PluginJPEG.cpp ./debian/patches/Disable-testing-of-JPEG-transform.patch ./Source/FreeImage/PluginJPEG.cpp ./TestAPI/testJPEG.cpp > So, I guess they've copied them manually, even before the build. Looks so, but not in the buster version. > >If you could update the notes for this CVE it would be nice. I > >started > >but realized that I had more questions and then it is better if you > >do > >it who knows the answer. > > Ok, I'll crete a PR Thank you. // Ola -- --- Inguza Technology AB --- MSc in Information Technology ---- | o...@inguza.com o...@debian.org | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
