Bug 31658 - The core version of libheif is missing a libde265 dependency. The tainted version is OK
Summary: The core version of libheif is missing a libde265 dependency. The tainted ver...
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2023-03-11 23:31 CET by Thomas Andrews
Modified: 2023-03-18 23:17 CET (History)
3 users (show)

See Also:
Source RPM: libheif, libde265
CVE:
Status comment:


Attachments

Description Thomas Andrews 2023-03-11 23:31:34 CET
Description of problem:
Discovered while testing Bug 31289, the core version of libheif is missing a dependency on libde265. Without it, Gimp is unable to load and display heic/heif images. The tainted version is OK, and WILL display the images.

This was found after creating an MGA8 VirtualBox guest, using the netinstall iso, with the tainted repos disabled. While libheif was installed, the necessary libde265 was not. Simply installing the missing library doesn't fix it, so it looks like libheif needs to be rebuilt to actually USE the missing library.
Comment 1 Lewis Smith 2023-03-12 10:13:10 CET
Thanks for the report TJ.

Is libde265 is a 'tainted' thing ?
Assigning to Stig who deals with libheif & libde265.
Could it apply to Mageia 9 also?

Assignee: bugsquad => smelror
Source RPM: (none) => libheif, libde265

Comment 2 Stig-Ørjan Smelror 2023-03-12 12:17:07 CET
Thanks TJ.

Although I've pushed an update to include libde265, I do not believe the core version will be able to do much with HEIF/HEIC images besides loading them.
To manipulate them, you need the tainted version.

Assignee: smelror => bugsquad

Comment 3 Stig-Ørjan Smelror 2023-03-12 12:17:26 CET
Advisory
========

libheif was built without including the libde265 library in the core release version.

This has been fixed in version 1.10.0-1.1.

References
==========


Files
=====

Uploaded to core/updates_testing

libheif1-1.10.0-1.1.mga8
libheif-1.10.0-1.1.mga8
libheif-devel-1.10.0-1.1.mga8

Uploaded to tainted/updates_testing

libheif1-1.10.0-1.1.mga8.tainted
libheif-1.10.0-1.1.mga8.tainted
libheif-devel-1.10.0-1.1.mga8.tainted

from libheif-1.10.0-1.1.mga8.src.rpm

Assignee: bugsquad => qa-bugs
CC: (none) => smelror

Comment 4 Thomas Andrews 2023-03-12 13:11:57 CET
(In reply to Stig-Ørjan Smelror from comment #2)
> Thanks TJ.
> 
> Although I've pushed an update to include libde265, I do not believe the
> core version will be able to do much with HEIF/HEIC images besides loading
> them.
> To manipulate them, you need the tainted version.

That doesn't surprise me a bit. We have a similar situation with some video and audio codecs. 

I will check this out when I'm in front of the desktop where I have the "untainted" version of Mageia 8 in VirtualBox. 

In the meantime, can you answer Lewis' question about Cauldron/Mageia 9? I was going to look into it later, but I have to create an "untainted" Mageia 9 Vbox guest to do it. Though come to think of it, that might not be a bad idea, anyway.
Comment 5 Stig-Ørjan Smelror 2023-03-12 13:31:29 CET
Thanks again.

An update pushed to Cauldron with the same changes.
Comment 6 Thomas Andrews 2023-03-12 15:40:11 CET
In the "untainted" VirtualBox guest from Comment 0, I first removed the libde265 packages that I had installed while investigating the bug. This did not remove either Gimp or any libheif packages.

Then I used QArepo to download the libheif packages from comment 3, as well as the libde265 packages waiting to be pushed from Bug 31289. Going to MCC and getting updates, I see this:

The following 4 packages are going to be installed:

- lib64de265_0-1.0.11-1.mga8.x86_64
- lib64heif1-1.10.0-1.1.mga8.x86_64
- libde265-1.0.11-1.mga8.x86_64
- libheif-1.10.0-1.1.mga8.x86_64

indicating that the libde265 packages are now dependencies of libheif.

There were no installation issues, and now Gimp will display HEIF/HEIC images. For a user that just wants to view the photos of their grandchildren that were emailed from an iPhone, this is enough. 

Validating. Advisory in Comment 3.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: (none) => MGA8-64-OK

Comment 7 Thomas Andrews 2023-03-12 15:55:21 CET
Oops. Almost forgot to test the tainted version. 

With the tainted version, I was able to load/view an HEIF/HEIC image, manipulate it with Gimp tools, and export it as a new HEIF/HEIC image.

The validation stands.
Dave Hodgins 2023-03-14 20:57:11 CET

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 8 Mageia Robot 2023-03-18 23:17:54 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2023-0025.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.