23700 – cimg, gmic new security issues CVE-2018-758[7-9], CVE-2018-763[7-9], CVE-2018-764[01]

Bug 23700 - cimg, gmic new security issues CVE-2018-758[7-9], CVE-2018-763[7-9], CVE-2018-764[01]

Summary: cimg, gmic new security issues CVE-2018-758[7-9], CVE-2018-763[7-9], CVE-2018...

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	6
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA6-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2018-10-16 00:07 CEST by David Walser
Modified:	2018-11-03 20:21 CET (History)
CC List:	8 users (show)

See Also:
Source RPM:	gmic-2.0.0-2.mga6.src.rpm, cimg-2.2.1-2.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-10-16 00:07:55 CEST

Fedora has issued advisories on October 5:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6Z4EMB7JFEKIYRFRANRNDD7ZIIZP6T4Z/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OCWBP5ZUZHIZXP7IFUEZIJG7Q3VLJXBV/

The issues are fixed upstream in 2.3.6.

Mageia 6 is also affected.

David Walser 2018-10-16 00:08:06 CEST

Whiteboard: (none) => MGA6TOO
CC: (none) => geiger.david68210

Comment 1 David GEIGER 2018-10-16 07:40:58 CEST

Done for Cauldron and mga6 updating to latest 2.4.0 release!

Comment 2 Marja Van Waes 2018-10-16 19:47:37 CEST

Assigning to all packagers collectively, since the registered maintainer for gmic is most likely unavailable and there is no registered maintainer for cimg.

CC'ing the gmic maintainer.

CC: (none) => marja11, matteo.pasotti

Comment 3 Marja Van Waes 2018-10-16 19:49:10 CEST

(In reply to David GEIGER from comment #1)
> Done for Cauldron and mga6 updating to latest 2.4.0 release!

Ouch, I keep overlooking your comments :-((((

But I also forgot to assign to all packagers.... I understand David Walser will write the advisory?

Assignee: bugsquad => luigiwalser

Comment 4 David Walser 2018-10-17 20:00:42 CEST

Advisory:
========================

Updated cimg and gmic packages fix security vulnerabilities:

An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp
image that triggers an allocation failure in load_bmp in CImg.h
(CVE-2018-7587).

An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image (CVE-2018-7588).

An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h
occurs when loading a crafted bmp image (CVE-2018-7589).

An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a "16
colors" case, aka case 4 (CVE-2018-7637).

An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a "256
colors" case, aka case 8 (CVE-2018-7638).

An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a "16
bits colors" case, aka case 16 (CVE-2018-7639).

An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
Monochrome case, aka case 1 (CVE-2018-7640).

An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a "32
bits colors" case, aka case 32 (CVE-2018-7641).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7588
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7589
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7637
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7640
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7641
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6Z4EMB7JFEKIYRFRANRNDD7ZIIZP6T4Z/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OCWBP5ZUZHIZXP7IFUEZIJG7Q3VLJXBV/
========================

Updated packages in core/updates_testing:
========================
cimg-2.4.0-1.mga6
gmic-2.4.0-1.mga6
zart-2.4.0-1.mga6
gimp-plugin-gmic-2.4.0-1.mga6
libgmic2-2.4.0-1.mga6
libgmic-devel-2.4.0-1.mga6

from SRPMS:
cimg-2.4.0-1.mga6.src.rpm
gmic-2.4.0-1.mga6.src.rpm

Whiteboard: MGA6TOO => (none)
Version: Cauldron => 6
Assignee: luigiwalser => qa-bugs

Comment 5 Herman Viaene 2018-10-20 13:37:56 CEST

MGA6-32 MATE on IBM Thinkpad R50e
No installation issues.
Tried to run zart on a jpeg file and apply the negative color preset to it. Zart runs, but after 15 min, it is still running but no preview shows up yet.
This laptop is probably far too underpowered, but at least it does not crash or harm anything else.

CC: (none) => herman.viaene

Comment 6 Len Lawrence 2018-10-20 17:33:56 CEST

Trying this for 64-bits.  Installed all the packages except lib(64)gmic2.  Cannot be found.
$ urpmq -i lib64gmic2
No package named lib64gmic2

CC: (none) => tarazed25

Comment 7 Len Lawrence 2018-10-20 17:34:42 CEST

Continuing this test with gmic to load images.

Comment 8 Len Lawrence 2018-10-20 19:25:23 CEST

There is a stack of PoCs for this - crafted BMP files.
https://github.com/xiaoqx/pocs/tree/master/cimg
Looks like these should all be tested with cimgload, but...

$ cimgload cimg-crash-1
bash: cimgload: command not found
Is this because the library is missing?

$ urpmq -i lib64gmic1
Name        : lib64gmic1
Version     : 2.0.0
Release     : 2.mga6
Group       : System/Libraries
Size        : 11190488                     Architecture: x86_64
Source RPM  : gmic-2.0.0-2.mga6.src.rpm
URL         : http://gmic.eu/
Summary     : Library for gmic
Description :
This package contains the library needed to run programs
dynamically linked with gmic.
# urpmi lib64gmic1
Package lib64gmic1-2.0.0-2.mga6.x86_64 is already installed

$ cimgload cimg-crash-1
bash: cimgload: command not found

[root@difda lib64]# ls -l *gmic*
lrwxrwxrwx 1 root root      13 Jun  5  2017 libcgmic.so -> libcgmic.so.2*
lrwxrwxrwx 1 root root      15 Jun  5  2017 libcgmic.so.1 -> libcgmic.so.200*
lrwxrwxrwx 1 root root      15 Jun  5  2017 libcgmic.so.2 -> libcgmic.so.200*
-rwxr-xr-x 1 root root 5638392 Jun  5  2017 libcgmic.so.200*
lrwxrwxrwx 1 root root      12 Jun  5  2017 libgmic.so -> libgmic.so.2*
lrwxrwxrwx 1 root root      14 Jun  5  2017 libgmic.so.1 -> libgmic.so.200*
lrwxrwxrwx 1 root root      14 Jun  5  2017 libgmic.so.2 -> libgmic.so.200*
-rwxr-xr-x 1 root root 5552096 Jun  5  2017 libgmic.so.200*

The only command in bin is gmic and the documentation on that is extensive.
Running gmic starts the G'MIC interpreter.
By itself it brings up a gui containing a menu of demonstrations which might suffice for testing the package.
In command line mode it can be used to display or otherwise load images so that is how we should test the PoCs.

Before update:
--------------------------------------------------------------------------------
Note that there is uncertainty here about which CVEs are which - tried to align them but abandoned the task.

$ gmic cimg-crash-1
[gmic]-0./ *** Error *** [instance(0,0,0,0,(nil),non-shared)] gmic<float>::assign(): Failed to allocate memory (384.0 Gio) for image (1073741856,32,1,3).

$ gmic cimg-dos-load_bmp-1
[gmic] G'MIC encountered a fatal error (Segmentation fault). Please submit a bug report, at: https://github.com/dtschump/gmic-community/issues

$ gmic cimg-double-free-1
[gmic]-0./ Start G'MIC interpreter.
[gmic]-0./ Input file 'cimg-double-free-1' at position 0*** Error in `gmic': malloc(): memory corruption: 0x0000000001963b40 ***
======= Backtrace: =========
[...]
7f83197cf000-7f83197eb000 r--p 0008c000 08:02 271177                     /usr/lib64/libvorbisenc.so.2.0.11Aborted (core dumped)

$ gmic cimg-heap-overflow-1 
[gmic] G'MIC encountered a fatal error (Segmentation fault). Please submit a bug report, at: https://github.com/dtschump/gmic-community/issues

$ gmic cimg-heap-overflow-load_bmp-48378
[gmic]-1./ Display image [0] = 'cimg-heap-overflow-load_bmp-48378'.
[0] = 'cimg-heap-overflow-load_bmp-48378':
  size = (6,11,1,3) [792 b of floats].
  data = (3,3,3,3,3,3;3,3,3,3,3,3;(...),18,18,18,18,18,18;18,234,18,18,18,18).
  min = 0, max = 234, mean = 12.1515, std = 32.211, coords_min = (1,2,0,0), coords_max = (1,2,0,2).

$ gmic cimg-heap-overflow-load_bmp-48378
This displays an image, a black rectangle with three small coloured boxes down the left-hand side.

$ gmic cimg-heap-overflow-load_bmp-48397
This also displays an image without any error messages.

$ gmic cimg-heap-overflow-load_bmp-48413
This hangs without displaying anything.

$ gmic cimg-heap-overflow-load_bmp-48427
[gmic] G'MIC encountered a fatal error (Segmentation fault). Please submit a bug report, at: https://github.com/dtschump/gmic-community/issues

CVE-2018-7588*
$ gmic cimg-heap-overflow-load_bmp-48457
[gmic] G'MIC encountered a fatal error (Segmentation fault). Please submit a bug report, at: https://github.com/dtschump/gmic-community/issues

Comment 9 Len Lawrence 2018-10-20 20:18:40 CEST

Continuing from comment #8.

Updated to:
- cimg-2.4.0-1.mga6.x86_64
- gimp-plugin-gmic-2.4.0-1.mga6.x86_64
- gmic-2.4.0-1.mga6.x86_64
- lib64gmic-devel-2.4.0-1.mga6.x86_64
- lib64gmic2-2.4.0-1.mga6.x86_64
- zart-2.4.0-1.mga6.x86_64

file /usr/lib64/libgmic.so.2 from install of lib64gmic2-2.4.0-1.mga6.x86_64 conflicts with file from package lib64gmic1-2.0.0-2.mga6.x86_64

Backed out and removed lib64gmic1 which removed four of the newly installed packages.
Reinstalled those  one by one.

After update
------------------------------------------------------------------------------
Tested the PoCs without identifying specific CVEs.  Not enough information upstream to sort them out.  And, 9 PoC files for 8 CVEs.  Sometimes the names give a pointer to the address where failures occur but even that is not enough of a clue for certainty.

1)
$ gmic cimg-crash-1
Same message as before.

2)
$ gmic cimg-dos-load_bmp-1
[gmic]-0./ Start G'MIC interpreter.
[gmic]-0./ Input file 'cimg-dos-load_bmp-1' at position 0 (1 image 16416x65504x1x3).
[gmic]-1./ Display image [0] = 'cimg-dos-load_bmp-1'.
[0] = 'cimg-dos-load_bmp-1':
  size = (16416,65504,1,3) [12305 Mio of floats].
  data = (0,0,0,0,0,0,0,0,0,0,0,0,(...),0,0,0,0,0,0,0,0,0,0,0,0).
  min = 0, max = 0, mean = 0, std = 0, coords_min = (0,0,0,0), coords_max = (0,0,0,0).

This generated a large narrow vertical black rectangle.

3)
$ gmic cimg-double-free-1
[gmic]-0./ Start G'MIC interpreter.
[gmic]-0./ Input file 'cimg-double-free-1' at position 0 (1 image 33x32x1x3).
[gmic]-1./ Display image [0] = 'cimg-double-free-1'.
[0] = 'cimg-double-free-1':
  size = (33,32,1,3) [12 Kio of floats].
  data = (18,255,255,255,255,255,255,255,255,255,255,255,(...),0,255,255,255,255,255,255,255,255,255,255,255).
  min = 0, max = 255, mean = 180.133, std = 115.078, coords_min = (28,0,0,0), coords_max = (1,0,0,0).

Generated an image of random-length red and black bars on a white background.

4)
$ gmic cimg-heap-overflow-1
[gmic]-0./ Start G'MIC interpreter.
[gmic]-0./ Input file 'cimg-heap-overflow-1' at position 0 (1 image 16416x65504x1x3).
[gmic]-1./ Display image [0] = 'cimg-heap-overflow-1'.
[0] = 'cimg-heap-overflow-1':
  size = (16416,65504,1,3) [12305 Mio of floats].
  data = (0,0,0,0,0,0,0,0,0,0,0,0,(...),0,0,0,0,0,0,0,0,0,0,0,0).
  min = 0, max = 0, mean = 0, std = 0, coords_min = (0,0,0,0), coords_max = (0,0,0,0).

This generated the same image as test 2.  The test images are the same size, just 56 bytes so it is likely that they are identical.  diff gives zero.

5)
$ gmic cimg-heap-overflow-load_bmp-48378
[gmic]-0./ Start G'MIC interpreter.
[gmic]-0./ Input file 'cimg-heap-overflow-load_bmp-48378' at position 0 (1 image 6x11x1x3).
[gmic]-1./ Display image [0] = 'cimg-heap-overflow-load_bmp-48378'.
[0] = 'cimg-heap-overflow-load_bmp-48378':
  size = (6,11,1,3) [792 b of floats].
  data = (0,0,0,0,0,0;0,0,0,0,0,0;(...),0,0,0,0,0,0;0,0,0,0,0,0).
  min = 0, max = 0, mean = 0, std = 0, coords_min = (0,0,0,0), coords_max = (0,0,0,0).

Medium sized vertical black rectangle.

6)
$ gmic cimg-heap-overflow-load_bmp-48397
[gmic]-0./ Start G'MIC interpreter.
[gmic]-0./ Input file 'cimg-heap-overflow-load_bmp-48397' at position 0 (1 image 32x32x1x3).
[gmic]-1./ Display image [0] = 'cimg-heap-overflow-load_bmp-48397'.
[0] = 'cimg-heap-overflow-load_bmp-48397':
  size = (32,32,1,3) [12 Kio of floats].
  data = (0,0,0,0,0,0,0,0,0,0,0,0,(...),0,0,0,0,0,0,0,0,0,0,0,0).
  min = 0, max = 0, mean = 0, std = 0, coords_min = (0,0,0,0), coords_max = (0,0,0,0).

Displays a black square.

7)
$ gmic cimg-heap-overflow-load_bmp-48413
[gmic]-0./ Start G'MIC interpreter.
[gmic]-0./ Input file 'cimg-heap-overflow-load_bmp-48413' at position 0 (1 image 5x385875966x1x3).
[gmic]-1./ Display image [0] = 'cimg-heap-overflow-load_bmp-48413'.
[0] = 'cimg-heap-overflow-load_bmp-48413':
  size = (5,385875966,1,3) [22079 Mio of floats].
  data = (0,0,0,0,0;0,0,0,0,0;0,0,(...),0,0;0,0,0,0,0;0,0,0,0,0).
  min = 0, max = 0, mean = 0, std = 0, coords_min = (0,0,0,0), coords_max = (0,0,0,0).

Same image as test 2 but the files are different.

8)
$ gmic cimg-heap-overflow-load_bmp-48427
[gmic]-0./ Start G'MIC interpreter.
[gmic]-0./ Input file 'cimg-heap-overflow-load_bmp-48427' at position 0 (1 image 268435457x2x1x3).
[gmic]-1./ Display image [0] = 'cimg-heap-overflow-load_bmp-48427'.
[0] = 'cimg-heap-overflow-load_bmp-48427':
  size = (268435457,2,1,3) [6144 Mio of floats].
  data = (0,0,0,0,0,0,0,0,0,0,0,0,(...),0,0,0,0,0,0,0,0,0,0,0,0).
  min = 0, max = 0, mean = 0, std = 0, coords_min = (0,0,0,0), coords_max = (0,0,0,0).

Displays a large horizontal black rectangle.

9)
$ gmic cimg-heap-overflow-load_bmp-48457
[gmic]-0./ Start G'MIC interpreter.
[gmic]-0./ Input file 'cimg-heap-overflow-load_bmp-48457' at position 0 (1 image 402656015x1x1x3).
[gmic]-1./ Display image [0] = 'cimg-heap-overflow-load_bmp-48457'.
[0] = 'cimg-heap-overflow-load_bmp-48457':
  size = (402656015,1,1,3) [4608 Mio of floats].
  data = (0,0,0,0,0,0,0,0,0,0,0,0,(...),0,0,0,0,0,0,0,0,0,0,0,0).
  min = 0, max = 0, mean = 0, std = 0, coords_min = (0,0,0,0), coords_max = (0,0,0,0).

Image similar to that in test 8.

Conclusion:
The PoC tests are largely successful.  It is a pity that we cannot match them to the CVEs with any confidence.

There seems to be a packaging problem regarding the main library.  It does not update cleanly - there is a change of name.

Comment 10 Len Lawrence 2018-10-20 20:40:18 CEST

Continuing from comment #9.

Used the gmic test display to exercize the library.  Played a few games and watched some of the displays.

zart presented a window for developing "art" from a source image or video file.  There was also a window to echo the underlying script commands.  There is a snapshot button.  Switched to fullscreen and back with Esc.  Other than that I have no idea how to proceed.

The package appears to be working.
Withholding the 64-bit OK in case somebody thinks  the packaging problem should be fixed first.

Comment 11 Herman Viaene 2018-10-21 09:45:30 CEST

@Len for zart:
Maximize the window, then all buttons appear more clearly. At the right side, select image (e.g.) instead of Video, click the "Open" button, select a picture. Then select some effect and then click "Apply" on the left lower side.
I would expect to see a preview of the applied effect.

Comment 12 Len Lawrence 2018-10-21 11:00:41 CEST

@Herman: Thanks - shall give it a go.  And OT, good to see you back in the saddle.

Comment 13 Len Lawrence 2018-10-24 17:48:30 CEST

Back to zart.  Selected a picture of a Scottish waterfall, then presets -> artistic -> cartoon, then apply, and nothing changed.
Preview mode was Right.  The G'MIC program window showed this:
fx_cartoon_preview $"*"
Pressed the play button, which started the processing - a black rectangle appeared at the right lower corner of the screen and the application segfaulted.

??

Tried again with another colour image and chose the black and white -> inkwash effect and hit play then stopped it after a few seconds and the image changed to a greyscale one which looked fine.  So it looks like it works but you may have to avoid certain filters.
In another test successfully added drops of water to a picture of a face.

Good for 64-bits.

Whiteboard: (none) => MGA6-64-OK

Comment 14 Thomas Andrews 2018-10-26 01:58:19 CEST

Confirming the packaging problem noted in Comment 9.

First installed the packages to be tested on a 64-bit Plasma system. All packages installed cleanly. Then activated testing repositories and attempted to update the packages, receiving the following message:

"1 installation transactions failed

There was a problem during the installation:

file /usr/lib64/libcgmic.so.2 from install of lib64gmic2-2.4.0-1.mga6.x86_64 conflicts with file from package lib64gmic1-2.0.0-2.mga6.x86_64

file /usr/lib64/libgmic.so.2 from install of lib64gmic2-2.4.0-1.mga6.x86_64 conflicts with file from package lib64gmic1-2.0.0-2.mga6.x86_64"


This conflict needs to be resolved.

CC: (none) => andrewsfarm

Comment 15 Thomas Andrews 2018-10-26 20:47:14 CEST

Removing the 64-bit OK because the package conflict is with the 64-bit packages.

Whiteboard: MGA6-64-OK => (none)

Comment 16 Thomas Andrews 2018-10-31 14:03:17 CET

(In reply to Thomas Andrews from comment #14)
> Confirming the packaging problem noted in Comment 9.
> 
> First installed the packages to be tested on a 64-bit Plasma system. All
> packages installed cleanly. Then activated testing repositories and
> attempted to update the packages, receiving the following message:
> 
> "1 installation transactions failed
> 
> There was a problem during the installation:
> 
> file /usr/lib64/libcgmic.so.2 from install of lib64gmic2-2.4.0-1.mga6.x86_64
> conflicts with file from package lib64gmic1-2.0.0-2.mga6.x86_64
> 
> file /usr/lib64/libgmic.so.2 from install of lib64gmic2-2.4.0-1.mga6.x86_64
> conflicts with file from package lib64gmic1-2.0.0-2.mga6.x86_64"
> 
> 
> This conflict needs to be resolved.

The conflict exists in 32-bit as well. Doing the same test as described above, only on a 32-bit Plasma install, and I see the same message.

I forgot to note that in Comment 14 that I did not install the devel package, as I believe most users would not, as well.

Comment 17 David Walser 2018-10-31 14:27:19 CET

libgmic2 should conflict and obsolete libgmic1.  Under normal circumstances we wouldn't do that, but libgmic1 was packaged incorrectly and should have already been called libgmic2.

Keywords: (none) => feedback

Comment 18 Thomas Andrews 2018-10-31 16:29:04 CET

Well, whatever it should do, it's not doing it. Mageia Update refuses to update these packages as they are now.

Comment 19 David GEIGER 2018-11-01 18:03:52 CET

Should be fixed in next gmic-2.4.0-1.1.mga6

David Walser 2018-11-01 18:45:45 CET

Keywords: feedback => (none)

Comment 20 Thomas Andrews 2018-11-02 15:15:31 CET

Packages now install properly, though I did get the message that the conflicting library needed to be removed three times as I cherry-picked the packages I was to install. That's not likely to happen to most users.

Restoring the 64-bit OK. Validating. Advisory in Comment 4.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA6-64-OK
CC: (none) => sysadmin-bugs

Comment 21 Thomas Backlund 2018-11-03 12:14:15 CET

(In reply to Thomas Andrews from comment #20)
> Packages now install properly, though I did get the message that the
> conflicting library needed to be removed three times as I cherry-picked the
> packages I was to install. That's not likely to happen to most users.
> 
> Restoring the 64-bit OK. Validating. Advisory in Comment 4.


Nope, unvalidating...

Enduser should not see the "package need to be removed..."

So it still is missing the obsoletes David pointed out in comment 17

Keywords: validated_update => feedback
CC: (none) => tmb

Thomas Backlund 2018-11-03 12:14:26 CET

Whiteboard: MGA6-64-OK => (none)

Comment 22 Thomas Andrews 2018-11-03 14:05:51 CET

(In reply to Thomas Backlund from comment #21)
> (In reply to Thomas Andrews from comment #20)
> > Packages now install properly, though I did get the message that the
> > conflicting library needed to be removed three times as I cherry-picked the
> > packages I was to install. That's not likely to happen to most users.
> > 
> > Restoring the 64-bit OK. Validating. Advisory in Comment 4.
> 
> 
> Nope, unvalidating...
> 
> Enduser should not see the "package need to be removed..."
> 
> So it still is missing the obsoletes David pointed out in comment 17

Lesson learned. I will file that bit of information away for future reference.

Thanks.

Comment 23 David GEIGER 2018-11-03 16:03:00 CET

Ok, the obsoletes added now!



Updated packages in 6/core/updates_testing:
========================
gmic-2.4.0-1.2.mga6
zart-2.4.0-1.2.mga6
gimp-plugin-gmic-2.4.0-1.2.mga6
libgmic2-2.4.0-1.2.mga6
libgmic-devel-2.4.0-1.2.mga6

from SRPMS:
gmic-2.4.0-1.2.mga6.src.rpm

Comment 24 Thomas Andrews 2018-11-03 17:53:58 CET

Trying again... Packages install cleanly now in 64-bit. 

Decided to try my hand with Zart, and loaded a personal photo of the hot air balloon "B Happy." Tried Herman's advice from Comment 11, but clicking on "Apply" seemed to do nothing. Hovering over an arrow at the bottom of the gui showed the tooltip "Launch processing." Clicking on that produced previews of several effects, in turn.

Looks like this is OK now, to me anyway. Removing feedback notice, restoring 64-bit OK, and re-validating. Advisory in Comment 4, with updated package numbers in Comment 23.

Keywords: feedback => validated_update
Whiteboard: (none) => MGA6-64-OK

Comment 25 Thomas Backlund 2018-11-03 19:55:17 CET

Looks good, pushing

Keywords: (none) => advisory

Comment 26 Mageia Robot 2018-11-03 20:21:15 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0438.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.