| Summary: | The core version of libheif is missing a libde265 dependency. The tainted version is OK | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Thomas Andrews <andrewsfarm> |
| Component: | RPM Packages | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, smelror, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | libheif, libde265 | CVE: | |
| Status comment: | |||
|
Description
Thomas Andrews
2023-03-11 23:31:34 CET
Thanks for the report TJ. Is libde265 is a 'tainted' thing ? Assigning to Stig who deals with libheif & libde265. Could it apply to Mageia 9 also? Assignee:
bugsquad =>
smelror Thanks TJ. Although I've pushed an update to include libde265, I do not believe the core version will be able to do much with HEIF/HEIC images besides loading them. To manipulate them, you need the tainted version. Assignee:
smelror =>
bugsquad Advisory ======== libheif was built without including the libde265 library in the core release version. This has been fixed in version 1.10.0-1.1. References ========== Files ===== Uploaded to core/updates_testing libheif1-1.10.0-1.1.mga8 libheif-1.10.0-1.1.mga8 libheif-devel-1.10.0-1.1.mga8 Uploaded to tainted/updates_testing libheif1-1.10.0-1.1.mga8.tainted libheif-1.10.0-1.1.mga8.tainted libheif-devel-1.10.0-1.1.mga8.tainted from libheif-1.10.0-1.1.mga8.src.rpm Assignee:
bugsquad =>
qa-bugs (In reply to Stig-Ørjan Smelror from comment #2) > Thanks TJ. > > Although I've pushed an update to include libde265, I do not believe the > core version will be able to do much with HEIF/HEIC images besides loading > them. > To manipulate them, you need the tainted version. That doesn't surprise me a bit. We have a similar situation with some video and audio codecs. I will check this out when I'm in front of the desktop where I have the "untainted" version of Mageia 8 in VirtualBox. In the meantime, can you answer Lewis' question about Cauldron/Mageia 9? I was going to look into it later, but I have to create an "untainted" Mageia 9 Vbox guest to do it. Though come to think of it, that might not be a bad idea, anyway. Thanks again. An update pushed to Cauldron with the same changes. In the "untainted" VirtualBox guest from Comment 0, I first removed the libde265 packages that I had installed while investigating the bug. This did not remove either Gimp or any libheif packages. Then I used QArepo to download the libheif packages from comment 3, as well as the libde265 packages waiting to be pushed from Bug 31289. Going to MCC and getting updates, I see this: The following 4 packages are going to be installed: - lib64de265_0-1.0.11-1.mga8.x86_64 - lib64heif1-1.10.0-1.1.mga8.x86_64 - libde265-1.0.11-1.mga8.x86_64 - libheif-1.10.0-1.1.mga8.x86_64 indicating that the libde265 packages are now dependencies of libheif. There were no installation issues, and now Gimp will display HEIF/HEIC images. For a user that just wants to view the photos of their grandchildren that were emailed from an iPhone, this is enough. Validating. Advisory in Comment 3. Keywords:
(none) =>
validated_update Oops. Almost forgot to test the tainted version. With the tainted version, I was able to load/view an HEIF/HEIC image, manipulate it with Gimp tools, and export it as a new HEIF/HEIC image. The validation stands.
Dave Hodgins
2023-03-14 20:57:11 CET
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2023-0025.html Resolution:
(none) =>
FIXED |