Mon Feb 26 20:09:43 UTC 202420240226200943_15.0

patches/packages/openjpeg-2.5.1-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed a heap-based buffer overflow in openjpeg in color.c:379:42 in
  sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use
  this to execute arbitrary code with the permissions of the application
  compiled against openjpeg.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2021-3575
  (* Security fix *)

1 files changed, 11 insertions, 0 deletions

diff --git a/patches/source/openjpeg/openjpeg2_remove-thirdparty.patch b/patches/source/openjpeg/openjpeg2_remove-thirdparty.patch
new file mode 100644
index 000000000..6987fc240
--- /dev/null
+++ b/patches/source/openjpeg/openjpeg2_remove-thirdparty.patch
@@ -0,0 +1,11 @@
+diff -rupN openjpeg-2.1.1/CMakeLists.txt openjpeg-2.1.1-new/CMakeLists.txt
+--- openjpeg-2.1.1/CMakeLists.txt	2016-07-05 16:54:17.000000000 +0200
++++ openjpeg-2.1.1-new/CMakeLists.txt	2016-07-06 09:38:26.083029127 +0200
+@@ -270,7 +270,6 @@ if(BUILD_CODEC OR BUILD_MJ2)
+   # OFF: It will only build 3rd party libs if they are not found on the system
+   # ON: 3rd party libs will ALWAYS be build, and used
+   option(BUILD_THIRDPARTY "Build the thirdparty executables if it is needed" OFF)
+-  add_subdirectory(thirdparty)
+   add_subdirectory(src/bin)
+ endif ()
+ add_subdirectory(wrapping)