- Package:
- src:freeimage
- Source:
- src:freeimage
- Submitter:
- Emilio Pozuelo Monfort
- Date:
- 2026-06-18 13:11:01 UTC
- Severity:
- normal
- Tags:
Hi, It looks like freeimage is dead upstream (last upstream release in 2018, upstream maintainer email bounces[1]). With many open security issues[2], I believe freeimage is not in a shape to be released in Debian, and should be removed. This bug at RC severity should kick it out of testing for the time being, and if nobody is willing to take over it and look at the security issues, it should eventually be dropped from sid as well. Cheers, Emilio [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082375 [2] https://security-tracker.debian.org/tracker/source-package/freeimage
Sigh. I'm upstream for a project that uses libfreeimage. Does anybody have any recommendations for a replacement? Preferably with a C (not C++) API? Thanks for keeping tabs on this.
Sigh. I'm upstream for a project that uses libfreeimage. Does anybody have any recommendations for a replacement? Preferably with a C (not C++) API? Thanks for keeping tabs on this.
There are quite a few reverse dependencies, I guess those needs to be tackled first. $ ssh mirror.ftp-master.debian.org "dak rm -Rn freeimage" Will remove the following packages from unstable: freeimage | 3.18.0+ds2-11 | source libfreeimage-dev | 3.18.0+ds2-11 | amd64, arm64, armhf, i386, ppc64el, riscv64, s390x libfreeimage3 | 3.18.0+ds2-11 | amd64, arm64, armhf, i386, ppc64el, riscv64, s390x libfreeimageplus-dev | 3.18.0+ds2-11 | amd64, arm64, armhf, i386, ppc64el, riscv64, s390x libfreeimageplus-doc | 3.18.0+ds2-11 | all libfreeimageplus3 | 3.18.0+ds2-11 | amd64, arm64, armhf, i386, ppc64el, riscv64, s390x Maintainer: Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org> ------------------- Reason ----------------------------------------------------------------- Checking reverse dependencies... # Broken Depends: apriltag: apriltag colmap: colmap [amd64 arm64 i386 ppc64el riscv64 s390x] deepin-album: deepin-album deepin-image-viewer: deepin-image-viewer forge: libforge1t64 gl-image-display: libgl-image-display0 libkysdk-applications: libkysdk-applications mrcal: libmrcal4 nvidia-cuda-samples/contrib: nvidia-cuda-samples ogre-1.12: libogre1.12.10t64 ogre-1.9: libogre-1.9.0t64 opencascade: libocct-ivtk-dev libocct-visualization-7.8 libocct-visualization-7.9 libocct-visualization-dev perceptualdiff: perceptualdiff photoqt: photoqt [amd64 arm64 armhf ppc64el riscv64 s390x] posterazor: posterazor ruby-image-science: ruby-image-science # Broken Build-Depends: apriltag: libfreeimage-dev colmap: libfreeimage-dev deepin-album: libfreeimage-dev deepin-image-viewer: libfreeimage-dev dtkgui: libfreeimage-dev forge: libfreeimage-dev gl-image-display: libfreeimage-dev imv: libfreeimage-dev kew: libfreeimage-dev libkysdk-applications: libfreeimage-dev libfreeimageplus-dev mrcal: libfreeimage-dev ogre-1.12: libfreeimage-dev ogre-1.9: libfreeimage-dev opencascade: libfreeimage-dev perceptualdiff: libfreeimage-dev photoqt: libfreeimageplus-dev posterazor: libfreeimage-dev ruby-image-science: libfreeimage-dev xtrkcad: libfreeimage-dev Dependency problem found. 2018, upstream believe freeimage being, and if should https://security-tracker.debian.org/tracker/source-package/freeimage
Possibly switching to this fork might help down the road: https://github.com/agruzdev/FreeImageRe
/me got also several mails about future removals, noteable opencascade which would drop a lot of software I'm caring about (e.g freecad, slic3r-prusa etc.) It looks like that there has been a fork of freeimage, https://github.com/agruzdev/FreeImageRe that might be able to close the gap a bit, there are recent commits and also a MR targeting a few of the open CVEs. (As science-team member, I offer to help to get the package updated.)
I am not a team member, just an observation: Closest to being a maintainer inside the team would be Anton Gladky (added to Cc) who hasn't touched the package for 3.5 years. I'd guess the relevant question is now whether your "offer to help to get the package updated" implies that you are willing to become the maintainer of the package inside the team. cu Adrian
To ensure everyone is on the same page: - ogre-1.12 1.12.10+dfsg2-8 no longer build-depends on libfreeimage-dev - ogre-14 is making its way through NEW, without a build-dep on libfreeimage-dev So OGRE is no longer reliant on FreeImage, be it the unmaintained original or the active fork. With this e-mail I am proposing a much shorter CC list that should focus on people who still need a FreeImage replacement in the archive. (you can omit me too, my interest about FreeImage was limited to OGRE)
Hello all, I will try to have a look and maybe upload to experimental the proposed fork. Let us see how it works. Best regards Anton Am Sa., 17. Jan. 2026 um 16:13 Uhr schrieb Antoine Le Gonidec < vv221@debian.org>:
We believe that the bug you reported is fixed in the latest version of opencascade, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1121912@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tobias Frost <tobi@debian.org> (supplier of updated opencascade package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) Format: 1.8 Date: Sun, 01 Feb 2026 12:27:02 +0100 Source: opencascade Architecture: source Version: 7.9.2+dfsg-4 Distribution: unstable Urgency: medium Maintainer: Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org> Changed-By: Tobias Frost <tobi@debian.org> Closes: 1121912 Changes: opencascade (7.9.2+dfsg-4) unstable; urgency=medium . * Build without freeimage. (Closes: #1121912) Checksums-Sha1: a5409ccfabd39cc820547acd80f48192619a808d 3633 opencascade_7.9.2+dfsg-4.dsc 63cf5fef72e721d774575be780be3f6b5422a0b2 36498344 opencascade_7.9.2+dfsg.orig.tar.xz 627b5ef79f92a5a37697a0e7b4726bde1c35f798 67076 opencascade_7.9.2+dfsg-4.debian.tar.xz 86e2506668ec500f474bfb49ad48325fb91ed82e 25924 opencascade_7.9.2+dfsg-4_source.buildinfo Checksums-Sha256: 48ad45cac616163d3e64a9bfd1cc490b74b34db2279160c7b798b7fb6028d3fe 3633 opencascade_7.9.2+dfsg-4.dsc f6e272b6aaa14743a611eb4b8d7affa98986cdcaa60f5a91ca7ac46b177b7181 36498344 opencascade_7.9.2+dfsg.orig.tar.xz bb2225b558c1dfdf0b8b29a09334f34c59cc116e871e1e65ff3402db41637393 67076 opencascade_7.9.2+dfsg-4.debian.tar.xz 12fe5dae51f5d7d866686dddc59cebd677d13d2ff329811ac0450ad44c6433af 25924 opencascade_7.9.2+dfsg-4_source.buildinfo Files: 2c475b21f13e90478bc5b3bf8fd6054f 3633 science optional opencascade_7.9.2+dfsg-4.dsc eb95eb1d90d8e9ec64efa728c4991f26 36498344 science optional opencascade_7.9.2+dfsg.orig.tar.xz 845b02625b7c391386f0ecc1c1bfc054 67076 science optional opencascade_7.9.2+dfsg-4.debian.tar.xz 51177fdc2fdc1006ae1acc8eb1931697 25924 science optional opencascade_7.9.2+dfsg-4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAml/WHIACgkQkWT6HRe9 XTb92xAA3FwJRAXPOPho0PiH7+2ONm9+i5K6a5MZ9NYW8LVrgjiYhjcRe5iQ0TJq D11ZMVUSKsO9tOlY7umUr2T5+aCrLmhK/GXi1skoocJfZnYT9JT3CZzmGNZxKBb+ HKaoMaT2KnkfseYr8CKpznAniCkQ+z52/5ZeaPOBT5qu83SpD0w5ybD4s7J4ucu0 EOLgdAplDzbQxuh53QquFYm5KGU6Y82UD3a0PeUGj2vFBIelf6AekTtGlFtHJRjv 6HWMod3JihcXDS2FQMBJGE6ZymA0dLfNDZG5QYjaNLciT9rO5ic+XkSgjVu+s6XU 1GYR04eFbCKhkYLZcO5/E1jaeSVyWeZ4m5KQoAxZsUw0QAeCvp8YL259521M8GWl iivmFiVosdIqKOBxI+l1pE0gwyxteuSy7DJcK+BbxiH6XWxmljt5UGa8VRQ+4/sh G3pFRaCqyoJNtsaxzoNkY+Qj+vhtCbkN8GWIAvDphtJeJptmeXHQmGe/1t/nNheE xgFDgO5loBgXmEEH3InqeMD6Vjpis0s4uZ2ti5C84aL5GQ6aSd5Wfqc8eXu+YRS0 1elxvuAMnM5oWr7ouVVrT6F+5yt8IV0z30LMYCOY0cfZvtsDAteLzNfqjZ34ZapU WwFzdtOmqwEO4SG7yqrqWcmQTStnoc1QFyeT/mdIyDA/Ic3dlmQ= =gcAC -----END PGP SIGNATURE-----
Hello, Bug #1121912 in opencascade reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/science-team/opencascade/-/commit/fdd9a50da7030cfe500bc7733482a73910a3dbc5 (this message was generated automatically) -- Greetings https://bugs.debian.org/1121912
Hello, Bug #1121912 in opencascade reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/science-team/opencascade/-/commit/f671ca3ee09f1b15c356a4c94ab5be7f7c196d36 (this message was generated automatically) -- Greetings https://bugs.debian.org/1121912
On 2026-01-17 Anton Gladky <gladk@debian.org> wrote: [freeimage] Hello Antony, is there anything I can help you with? cu Andreas