Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 735590 - media-gfx/blender depends on vulnerable media-libs/openjpeg:0
Summary: media-gfx/blender depends on vulnerable media-libs/openjpeg:0
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal major with 1 vote (vote)
Assignee: Adrian
URL:
Whiteboard:
Keywords:
Depends on: 746740
Blocks: CVE-2018-21010
  Show dependency tree
 
Reported: 2020-08-02 20:06 UTC by John Helmert III (ajak)
Modified: 2020-10-05 17:06 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III (ajak) 2020-08-02 20:06:44 UTC
media-gfx/blender is blocking cleanup of media-libs/openjpeg for bug 711260. Can anything be done about the dependency on openjpeg:0?

https://github.com/gentoo/gentoo/pull/16909
https://qa-reports.gentoo.org/output/gentoo-ci/bcba0b96a2/output.html#media-video/gpac
Comment 2 Adrian 2020-08-05 02:43:42 UTC
While blender compiles with openjpeg:2, it fails to import display jp2 files in the gui when adding a background image and reports "IMB_ibImageFromMemory: unknown fileformat". When using openjpeg:0 it loads and displays the image properly.

Openjpeg is an optional dependency and it would be possible to disable to jpeg2k USE flag.

I will next test whether blender-2.8x supports openjpeg:2 as if that has support then forcing an upgrade and retiring 2.79b might be a better solution.
Comment 3 Larry the Git Cow gentoo-dev 2020-08-24 13:42:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cca9b716491a91b496106a19df4e5f554b6a1717

commit cca9b716491a91b496106a19df4e5f554b6a1717
Author:     Adrian Grigo <agrigo2001@yahoo.com.au>
AuthorDate: 2020-08-22 01:08:55 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-08-24 13:41:55 +0000

    media-gfx/blender: Version bump to 2.83.4
    
    Blender 2.83.4 works with python 3.7. It may compile with 3.8, but
    blender only supports 3.7 officially as it follows the VFX Reference
    Platform to ensure that user add ons are not broken in the process.
    They plan to introduce 3.8 support in 2021.
    
    New features include a new interface, the realtime eevee renderer,
    and importing openvdb files created by other packages among others.
    Game engine and Blender Player were removed in 2.80.
    
    Bug fixes in this version are alembic support, upstream fixes for
    opencollada, requiring openjpeg:2 to avoid security issues, and
    mimeinfo cache is correctly updated. Where these issues remain in
    blender 2.79b, the bug is linked but should be closed only when
    blender 2.79b is removed.
    
    On my system the docs do not currently compile,
    and the polyfill2d test still fails like 2.79b.
    
    Blender 2.83 support for draco, embree, oidn, usd and openxr is not yet
    implemented pending development of ebuilds for these packages.
    
    Signed-off-by: Adrian Grigo <agrigo2001@yahoo.com.au>
    Bug: https://bugs.gentoo.org/667352
    Bug: https://bugs.gentoo.org/735590
    Bug: https://bugs.gentoo.org/718772
    Closes: https://bugs.gentoo.org/737388
    Closes: https://bugs.gentoo.org/689740
    Package-Manager: Portage-2.3.103, Repoman-2.3.23
    Signed-off-by: Sam James <sam@gentoo.org>

 media-gfx/blender/Manifest                         |   1 +
 media-gfx/blender/blender-2.83.4.ebuild            | 316 +++++++++++++++++++++
 .../blender/files/blender-fix-install-rules.patch  |  16 --
 media-gfx/blender/metadata.xml                     |  22 ++
 4 files changed, 339 insertions(+), 16 deletions(-)