+++ This bug was initially created as a clone of Bug #17731 +++ A CVE was requested for an integer overflow that affects gtk+ and several apps: http://openwall.com/lists/oss-security/2016/02/10/2 A commit upstream in gtk+ to fix it is linked in the message above. Note to Olav, you might want to submit the various patches we've added in these updates upstream. Patched gnome-photos packages uploaded for Mageia 5 and Cauldron. Suggested advisory: ======================== Updated gnome-photos package fixes security vulnerabilities: Due to a logic error, an attempt to allocate a large block of memory fails in create_surface_from_pixbuf, leading to a crash of gnome-photos (CVE-2013-7447). A similar potential issue in view_helper_draw() in src/gegl-gtk-view-helper.c has also been patched. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7447 http://openwall.com/lists/oss-security/2016/02/10/6 ======================== Updated packages in core/updates_testing: ======================== gnome-photos-3.14.2-1.1.mga5 from gnome-photos-3.14.2-1.1.mga5.src.rpm
mga5 x86_64 Mate [lcl@belexeuli qa]$ sudo urpmi gnome-photos Package gnome-photos-3.14.2-1.mga5.x86_64 is already installed Nothing in the application menus so I started it from the command line. Lots of results on google for gnome-photos praising it as simple and easy to use. Simple to the point of sparse imho. Define "easy" as totally opaque and user-unfriendly. After nearly an hour I had to give up on adding an album. There is no manual, the help gives no indication of how to do anything. Three years ago people were saying that it does not do much of anything; three years later that seems to be the case still. Finally tried a google search on how to use gnome-photos. https://bbs.archlinux.org/viewtopic.php?id=162530 <quote> I found out how you can add albums. You first go to photos, than you select (via the 'tick' button in the upper right corner) a bunch of them. Below appears a bar with a '+' sign. Click on it, then choose add and give it a name. This is the album and will appear in the albums and in the photos view. You can also delete an album in the album view. This is just metadata that gets removed and does not delete the photos belonging to the (deleted) album. </quote> In fact you click on "Add to album" after selection and then in the Organise popup choose 'Add' and then fill in the new name and then OK. Click on Albums in the top menu and there you have it, a shiny new album. Another quote for adding photos from the file system: 1. Open up Settings > Search 2. Select the "Photos" icon by clicking on it in the list 3. Click on the "gears" icon (bottom right) to open up the "Search locations" screen 4. Select any folder you wish to use. The indexing of image files in the selected folders starts immediately. Tried this. Created an album called astro then clicked the search icon in the menubar (magnifying glass) which opened a search window. Typed in the name of a photo directory then clicked the down arrow and selected Photos from the drop-down menu. No gears icon anywhere. All that appeared was the message "No photos found". Have to give up at this point. There does not seem to be any point in my installing the update because there seems to be no way to properly test its functionality. Better hand this over to any GNOME 3 users.
CC: (none) => tarazed25
Testing M5 x64, OK Installed this from issued repos, tried it a bit under XFCE. I agree entirely, if not more, with Len Comment 1. This program is spectactularly useless. No menu item (command: gnome-photos). It immediately showed a screen of mixed format images from ~/Pictures/ , correctly *all* shown. Clicking on any one starts a directory view sequence, which curiously did not display all the images. I thought at first it did not like the *.ppm images, but doubt this later. The Recent/Albums/Favourites buttons were not there. No way to add anything. BTAIM I updated it to: gnome-photos-3.14.2-1.1.mga5 and tried again under XFCE. The results were the same, justifying OK. I then tried it under MATE. The behaviour was exactly the same, with the advantage of it showing the Recent/Albums/Favourites and the tick button Len mentioned. In my case it was inactive, so I could add nothing like he was able to. Still unable to ascertain which images it did not display individually (their names do not reflect their content). So the update is OK (same behaviour), but the program could be ditched with a clean conscience - unless some Gnome3 user wants to defend its existence.
Whiteboard: (none) => MGA5-64-OKCC: (none) => lewyssmith
Testing x64 under Gnome 3 ------------------------- First, the images that is shows on the summary screen, but not individual view: Above summary preview, Below individual display: jpg jpg jpg png png ppm png ppm png ppm png ppm png ppm yes yes yes yes yes yes yes no_ yes no_ yes no_ yes yes Len Comment 1 got further than I could. The RH tick did not offer a '+'; I found not a way to add photos. Apart from that, its sparse appearance looks correct.
x86_64 GNOME 3 Installed gnome-photos-3.14.2-1.1 under Mate then switched DE. Yes, I tried this in its native environment also, hoping for more functionality but could get no further than creating and populating albums from the 30 or 40 images which the application had found. This is obviously still a work in progress. Apart from that it is very difficult to get to know under GNOME because it is so immersive, cutting the user off from sources of information. It is better tested in a traditional DE like KDE/Plasma. I am not inclined to repeat all this in a 32bit VM so can we just go with Lewis's assessment and leave it at that?
Something called Tracker is used to index photos and can be (?) configured to look in specified folders but there does not seem to be a system wide configuration file for it; nothing in /etc. There is a ~/.config/tracker/ but here it is empty.
Tracker in the gnome file indexer IIRC, ie. baloo in kde. As long as behaviour is unchanged before/after update let's push it if you're happy with it. It may only show an icon in gnome menu.. $ urpmf gnome-photos | grep desktop gnome-photos:/usr/share/applications/org.gnome.Photos.desktop
OK, thanks Claire. Will do.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory uploaded.
Whiteboard: MGA5-64-OK => advisory has_procedure MGA5-64-OK
(In reply to claire robinson from comment #6) > It may only show an icon in gnome menu.. I checked that one, visually. No icon! (at least named gnome-photos).
It's likely just called "Photos", going by the .desktop filename at least.
Yes. It is called Photos in the Applications menu.
URL: (none) => http://lwn.net/Vulnerabilities/675834/
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0076.html
Status: NEW => RESOLVEDResolution: (none) => FIXED