Created attachment 245702 [details] Patch for libheif Replace libde265 with ffmpeg as HEVC decoder Enable JPEG and OpenJPEG 2000 support Disable Doxygen detection Backport multiple upstream commits Compile and runtime tested on FreeBSD 13.2-RELEASE (amd64) (make, make check-plist, make test) Poudriere testport OK 13.2-RELEASE (amd64) Poudriere testport OK 12.4-RELEASE (amd64)
Given the amount of patches we should probably wait a few days for a new release
Created attachment 245753 [details] Patch for libheif v2
Tested with following consumers in Poudriere, 13.2-RELEASE: astro/siril graphics/ImageMagick6 graphics/ImageMagick7 graphics/cimg graphics/darktable graphics/digikam graphics/geeqie graphics/gimp-app graphics/imv graphics/kf5-kimageformats graphics/krita graphics/openimageio graphics/py-openimageio graphics/py-pillow-heif graphics/vips x11/swayimg x11/wallutils
(In reply to Daniel Engberg from comment #0) Daniel, thanks for update. What's your reason for switching from libde265 to FFmpeg? FFmpeg support is still new, so I'd follow upstream here. Besides libde265 is much lighter as package comparing to FFmpeg.
Mainly because libde265 has a very poor track record, https://www.opencve.io/cve?vendor=struktur&product=libde265 but also that I don't see the need for using that library. I'm aware that FFmpeg's default config is heavier but I would also argue that the majority of users wanting to utilize libheif (HEIF/AVIF) are already using other multimedia applications and/or also a desktop environment so they're likely to have FFmpeg installed anyway.
Created attachment 245764 [details] Patch for libheif v3 Remove stray _DESC entry
Created attachment 245765 [details] Patch for libheif v4 Attach correct patch
(In reply to Daniel Engberg from comment #5) Ok, Please add the explanation to the commit message and feel free to commit (and take maintainership if you've changed your mind :).
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=5b0594f2a47728e296665858d46809ca79d9b060 commit 5b0594f2a47728e296665858d46809ca79d9b060 Author: Daniel Engberg <diizzy@FreeBSD.org> AuthorDate: 2023-10-21 07:17:41 +0000 Commit: Daniel Engberg <diizzy@FreeBSD.org> CommitDate: 2023-10-21 07:17:45 +0000 graphics/libheif: Update to 1.17.1 - Replace libde265 with FFmpeg as HEVC decoder - Enable JPEG and OpenJPEG 2000 support - Disable Doxygen detection While FFmpeg's default configuration can be a bit on the heavy side it's also relatively easy to tailor it to fit your needs and if libheif is needed you're likely to have other related ports depending on FFmpeg installed. Support is relatively new so there may be bugs lurking. Looking back libde265 has also been hit by several CVEs which is another reason for the switch. References: https://www.opencve.io/cve?vendor=struktur&product=libde265 PR: 274546 Reviewed by: makc (maintainer) graphics/libheif/Makefile | 28 +++++++++++++++++++++------- graphics/libheif/distinfo | 6 +++--- graphics/libheif/pkg-plist | 7 ++++++- 3 files changed, 30 insertions(+), 11 deletions(-)
Updated, thanks
The FFM decoder is not ready for practical use; there are many image modes for which it returns decoding errors. That is why in libheif it is not the default decoder. Unfortunately, I noticed this topic too late, and now nothing can be done about it.
(In reply to Alexander Piskun from comment #11) Not a problem at all, nothing prevents us from FFMPEG back to LIBDE265. Daniel, what do you think?
While I don't mind the dependency I'm more concerned about security than a few variants not working to be honest looking at the history. https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&orderBy=2.3&keyword=cpe%3A2.3%3Aa%3Astruktur%3Alibde265&status=FINAL%2CDEPRECATED
(In reply to Daniel Engberg from comment #13) Bugs and security issues happen everywhere. libde265 project is alive, they fix problems and make new releases promptly. On the other hand our libde265 port needs more care and maintenance. It has to be updated to the latest version before we switch back.