Accepting request 1146590 from graphics

- version update to 3.2.2 [bsc#1219498]
  * [CVE-2023-5841](https://takeonme.org/cves/CVE-2023-5841.html).
    Note that this bug is present in the C++ API (since v3.1.0), although
    it is in a routine that is predominantly used for development and
    testing. It is not likely to appear in production code.
  * OSS-fuzz [66491](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66491)
    Out-of-memory in openexr_exrcorecheck_fuzzer
  * OSS-fuzz [66489](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66489)
    Null-dereference in `Imf_3_3::realloc_deepdata`
- deleted patches
  - openexr-CVE-2023-5841.patch (upstreamed)

- version update to 3.2.1
  ## Version 3.2.0 (August 30, 2023)
  * Zip compression via ``libdeflate``
  * New camdkit/camdkit-enabled standard attributes
  * Updated SO versioning policy
  * Python bindings & PyPI wheel
  * Miscellaneous improvements
  ## Version 3.2.1 (September 27, 2023)
  * Fix for linking statically against an external ``libdeflate``
  * Fix a compile error with ``OPENEXR_VERSION_HEX``
  * Fix various compiler warnings 
  * Pkg-config generation is now on by default for all systems, including Windows
- modified sources
  % baselibs.conf
- added patches
  fix CVE-2023-5841 [bsc#1219498], heap-based buffer overflow in generic_unpack_deep()
  + openexr-CVE-2023-5841.patch

OBS-URL: https://build.opensuse.org/request/show/1146590
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openexr?expand=0&rev=62

baselibs.conf

@@ -1,5 +1,5 @@
-libOpenEXR-3_1-30
-libOpenEXRCore-3_1-30
-libOpenEXRUtil-3_1-30
-libIlmThread-3_1-30
-libIex-3_1-30
+libOpenEXR-3_2-31
+libOpenEXRCore-3_2-31
+libOpenEXRUtil-3_2-31
+libIlmThread-3_2-31
+libIex-3_2-31

openexr.changes

@@ -1,3 +1,39 @@
+-------------------------------------------------------------------
+Wed Feb 14 14:32:50 UTC 2024 - pgajdos@suse.com
+
+- version update to 3.2.2 [bsc#1219498]
+  * [CVE-2023-5841](https://takeonme.org/cves/CVE-2023-5841.html).
+    Note that this bug is present in the C++ API (since v3.1.0), although
+    it is in a routine that is predominantly used for development and
+    testing. It is not likely to appear in production code.
+  * OSS-fuzz [66491](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66491)
+    Out-of-memory in openexr_exrcorecheck_fuzzer
+  * OSS-fuzz [66489](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66489)
+    Null-dereference in `Imf_3_3::realloc_deepdata`
+- deleted patches
+  - openexr-CVE-2023-5841.patch (upstreamed)
+
+-------------------------------------------------------------------
+Wed Feb  7 10:31:23 UTC 2024 - pgajdos@suse.com
+
+- version update to 3.2.1
+  ## Version 3.2.0 (August 30, 2023)
+  * Zip compression via ``libdeflate``
+  * New camdkit/camdkit-enabled standard attributes
+  * Updated SO versioning policy
+  * Python bindings & PyPI wheel
+  * Miscellaneous improvements
+  ## Version 3.2.1 (September 27, 2023)
+  * Fix for linking statically against an external ``libdeflate``
+  * Fix a compile error with ``OPENEXR_VERSION_HEX``
+  * Fix various compiler warnings 
+  * Pkg-config generation is now on by default for all systems, including Windows
+- modified sources
+  % baselibs.conf
+- added patches
+  fix CVE-2023-5841 [bsc#1219498], heap-based buffer overflow in generic_unpack_deep()
+  + openexr-CVE-2023-5841.patch
+
 -------------------------------------------------------------------
 Thu Aug 24 13:21:39 UTC 2023 - pgajdos@suse.com
 

openexr.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package openexr
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,10 +19,10 @@
 %define prjname      openexr
 # perhaps you want to build against corresponding Imath build
 %define debug_build 0
-%define sonum 30
-%global so_suffix -3_1
+%define sonum 31
+%global so_suffix -3_2
 Name:           openexr
-Version:        3.1.11
+Version:        3.2.2
 Release:        0
 Summary:        Utilities for working with HDR images in OpenEXR format
 License:        BSD-3-Clause
@@ -35,6 +35,7 @@ BuildRequires:  freeglut-devel
 BuildRequires:  gcc-c++
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(Imath)
+BuildRequires:  pkgconfig(libdeflate)
 BuildRequires:  pkgconfig(zlib)
 Obsoletes:      OpenEXR <= 1.6.1
 Provides:       OpenEXR = %{version}
@@ -136,6 +137,7 @@ License:        BSD-3-Clause
 Group:          Documentation/Other
 Obsoletes:      OpenEXR-doc <= 1.6.1
 Provides:       OpenEXR-doc = %{version}
+BuildArch:      noarch
 
 %description doc
 OpenEXR is a high dynamic-range (HDR) image file format developed by
@@ -159,6 +161,16 @@ export CXXFLAGS="%{optflags} -O0"
 %cmake_install
 
 %check
+# bin tests download test data from internet
+EXCLUDE_REGEX='OpenEXR.bin'
+%ifarch ppc64le
+# bsc#1205885
+EXCLUDE_REGEX="$EXCLUDE_REGEX|testMultiTiledPartThreading"
+%endif
+%ifarch aarch64
+# https://github.com/AcademySoftwareFoundation/openexr/issues/1460
+EXCLUDE_REGEX="$EXCLUDE_REGEX|DWA[AB]Compression"
+%endif
 # test failure on LE: https://github.com/AcademySoftwareFoundation/openexr/issues/1460
 %ifnarch i586 ppc ppc64 s390 s390x
 export LD_LIBRARY_PATH="%{buildroot}/%{_libdir}"
@@ -166,19 +178,9 @@ export LD_LIBRARY_PATH="%{buildroot}/%{_libdir}"
 %if 0%{?suse_version} < 1550
 # HACK - older versions of the ctest macro do not allow passing additional parameters
 %global __ctest %{__ctest} --timeout 3600
-%ctest
-%else
-%ifarch ppc64le
-# bsc#1205885
-EXCLUDE_REGEX='testMultiTiledPartThreading'
-%endif
-%ifarch aarch64
-# https://github.com/AcademySoftwareFoundation/openexr/issues/1460
-EXCLUDE_REGEX='DWA[AB]Compression'
 %endif
 %ctest --exclude-regex "$EXCLUDE_REGEX" --timeout 3600
 %endif
-%endif
 
 %post -n libIex%{so_suffix}-%{sonum} -p /sbin/ldconfig
 %postun -n libIex%{so_suffix}-%{sonum} -p /sbin/ldconfig