Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 735598 - media-libs/openimageio depends on vulnerable media-libs/openjpeg:0
Summary: media-libs/openimageio depends on vulnerable media-libs/openjpeg:0
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: CVE-2018-21010
  Show dependency tree
 
Reported: 2020-08-02 20:15 UTC by John Helmert III (ajak)
Modified: 2020-10-08 21:24 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III (ajak) 2020-08-02 20:15:34 UTC
media-libs/openimageio is blocking cleanup of media-libs/openjpeg for bug 711260. Can anything be done about the dependency on openjpeg:0?

https://github.com/gentoo/gentoo/pull/16909
https://qa-reports.gentoo.org/output/gentoo-ci/bcba0b96a2/output.html#media-libs/openimageio
Comment 1 Jonas Stein gentoo-dev 2020-08-03 19:24:07 UTC
please ask upstream and link the ticket here.
Comment 2 John Helmert III (ajak) 2020-09-21 03:34:07 UTC
(In reply to Jonas Stein from comment #1)
> please ask upstream and link the ticket here.

It would appear support has been added in a newer upstream release.

https://github.com/OpenImageIO/oiio/blob/master/CHANGES.md#release-22-1-sept-2020----compared-to-21
Comment 3 Larry the Git Cow gentoo-dev 2020-10-08 21:23:48 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a74a1df3530a8d5abbedef5635d7eeae05310990

commit a74a1df3530a8d5abbedef5635d7eeae05310990
Author:     Aisha Tammy <gentoo@aisha.cc>
AuthorDate: 2020-10-01 11:24:50 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-10-08 20:16:30 +0000

    media-libs/openimageio: version bump
    
    new maintainer with science
    keyword ppc64 on closing of
    Bug: https://bugs.gentoo.org/746011
    Bug: https://bugs.gentoo.org/746014
    Bug: https://bugs.gentoo.org/745783
    
    Closes: https://bugs.gentoo.org/678294
    Closes: https://bugs.gentoo.org/735598
    
    Package-Manager: Portage-3.0.8, Repoman-3.0.1
    Signed-off-by: Aisha Tammy <gentoo@aisha.cc>
    Closes: https://github.com/gentoo/gentoo/pull/17728
    Signed-off-by: Sam James <sam@gentoo.org>

 media-libs/openimageio/Manifest                    |   1 +
 .../files/openimageio-2.2.6.1-pugixml.patch        |  21 ++++
 media-libs/openimageio/metadata.xml                |  10 +-
 media-libs/openimageio/openimageio-2.2.6.1.ebuild  | 139 +++++++++++++++++++++
 4 files changed, 170 insertions(+), 1 deletion(-)