extra-php-extensions icon indicating copy to clipboard operation
extra-php-extensions copied to clipboard
verified publisher icon brefphp

Bump libde265, libheif versions

Open tnken opened this issue 4 years ago • 4 comments

Hello. I’m a master’s student, and investigating whether updates from one project are useful for another project. In this pull request, I am updating libde265 from 1.0.5 to 1.0.8 and libheif from 1.62 to 1.12.0. Since these two updates are being done in https://github.com/carsales/pyheif/commit/06ca457f872045144e139b4117af7c99ab4f2ce2, I’m wondering if this project can update the libraries as well.

tnken avatar Dec 20 '21 10:12 tnken

Hey.

Lovely. What would the benefits for imagick be when we update these dependencies?

Nyholm avatar Jan 12 '22 19:01 Nyholm

Imagick requires libheif to support HEIC format images, and libheif requires libde265 for image codecs. Although this dependency update is mainly a major update (support for AVIF format), I believe that keeping the dependencies up-to-date is important from a maintenance perspective. Version compatibility between libheif and libde265 is probably guaranteed since they are used in https://github.com/carsales/pyheif/commit/06ca457f872045144e139b4117af7c99ab4f2ce2.

tnken avatar Jan 13 '22 07:01 tnken

Thank you.

I believe that keeping the dependencies up-to-date is important from a maintenance perspective.

True, but so is stable software. Each change, big or small, is a risk for bugs and issues. If a change does not bring any value it should not be considered.

Version compatibility between libheif and libde265 is probably guaranteed...

"probably guaranteed" does not sound like "guaranteed" =)

Note, Im not against this change. Im just curious why this is needed? How will it help you when you run imagick on with Bref? Will it introduce a new feature? Will it fix a bug for you? Or will it help you in any other way?

Please elaborate so I understand the motivation behind this PR.

Nyholm avatar Jan 13 '22 10:01 Nyholm

I thought it would be a good idea to update these libraries, not for any special features, but because there were some bug fixes (e.g., https://github.com/strukturag/libheif/commit/56c8a2613370562fc330af2c70c1510aa5fd9ff6, https://github.com/strukturag/libheif/commit/f454c27c1fc2562975e368d8822eeb6dd1ad1fab). Also, [email protected] seems to have a CVE-2020-23109 problem. However, I found that the proposed [email protected] has a CVE-2021-35452 problem. So, I am not sure if this PR update is appropriate.

tnken avatar Jan 26 '22 09:01 tnken

@GrahamCampbell would these updates be superseded by #434 ?

mnapoli avatar May 20 '23 16:05 mnapoli

Yes, this can be closed.

GrahamCampbell avatar May 21 '23 08:05 GrahamCampbell