Closed opoplawski closed 1 year ago
you are shipping a local copy of ...
There's quite a number of third party libraries and code files that are vendored for various reasons: https://github.com/cgohlke/imagecodecs/tree/master/3rdparty
I have a number of concerns about this
I understand. You'll have to disable modules in imagecodecs or modify the build config to use other sources or link libraries.
Have you contacted upstream about making color_sycc_to_rgb() public
I'm looking into packaging imagecodecs for Fedora and I've noticed that you are shipping a local copy of the openjpeg color.c file to make use of the color_sync_to_rgb() function. I have a number of concerns about this, particularly related to tracking possible security issues in openjpeg. Have you contacted upstream about making color_sycc_to_rgb() public or if there is an alternative way to achieve what you need to do in your code?