pool/openexr
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 711398 from graphics

Browse Source 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/711398
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openexr?expand=0&rev=29
This commit is contained in:
Dominique Leuenberger 2019-06-25 20:20:54 +00:00 committed by Git OBS Bridge
commit 50c99e20b2
3 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
openexr-CVE-2017-9111,9113,9115.patch Normal file
View File

@ -0,0 +1,28 @@
Index: openexr-2.3.0/exrmakepreview/makePreview.cpp
===================================================================
--- openexr-2.3.0.orig/exrmakepreview/makePreview.cpp 2018-08-10 03:35:00.000000000 +0200
+++ openexr-2.3.0/exrmakepreview/makePreview.cpp 2019-06-14 19:18:36.159142127 +0200
@@ -110,6 +110,9 @@ generatePreview (const char inFileName[]
int h = dw.max.y - dw.min.y + 1;
Array2D <Rgba> pixels (h, w);
+ if (INT_MAX / abs(w) < abs(dw.min.y) ||
+ INT_MAX - abs(dw.min.x) < abs(dw.min.y * w))
+ throw IEX_NAMESPACE::ArgExc ("Invalid data window in image header.");
in.setFrameBuffer (&pixels[0][0] - dw.min.y * w - dw.min.x, 1, w);
in.readPixels (dw.min.y, dw.max.y);
Index: openexr-2.3.0/exrmaketiled/Image.h
===================================================================
--- openexr-2.3.0.orig/exrmaketiled/Image.h 2018-08-10 03:35:00.000000000 +0200
+++ openexr-2.3.0/exrmaketiled/Image.h 2019-06-14 19:19:02.451287048 +0200
@@ -192,6 +192,9 @@ TypedImageChannel<T>::slice () const
const IMATH_NAMESPACE::Box2i &dw = image().dataWindow();
int w = dw.max.x - dw.min.x + 1;
+ if (INT_MAX / abs(w) < abs(dw.min.y) ||
+ INT_MAX - abs(dw.min.x) < abs(dw.min.y * w))
+ throw IEX_NAMESPACE::ArgExc ("Invalid data window in image header.");
return OPENEXR_IMF_INTERNAL_NAMESPACE::Slice (pixelType(),
(char *) (&_pixels[0][0] - dw.min.y * w - dw.min.x),
sizeof (T),

8
openexr.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Fri Jun 14 19:30:32 UTC 2019 - pgajdos@suse.com
- security update
- added patches
CVE-2017-9111 [bsc#1040109], CVE-2017-9113 [bsc#1040113], CVE-2017-9115 [bsc#1040115]
+ openexr-CVE-2017-9111,9113,9115.patch
-------------------------------------------------------------------
Wed Nov 7 11:07:19 UTC 2018 - Jan Engelhardt <jengelh@inai.de>

7
openexr.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package openexr
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -35,7 +35,11 @@ Source0: https://github.com/openexr/openexr/releases/download/v%{version}
Source1: https://github.com/openexr/openexr/releases/download/v%{version}/openexr-%{version}.tar.gz.sig
Source2: baselibs.conf
Source3: openexr.keyring
# https://github.com/openexr/openexr/pull/401
Patch0: openexr-CVE-2018-18444.patch
# https://github.com/openexr/openexr/pull/401
# CVE-2017-9111 [bsc#1040109], CVE-2017-9113 [bsc#1040113], CVE-2017-9115 [bsc#1040115]
Patch1: openexr-CVE-2017-9111,9113,9115.patch
BuildRequires: automake
BuildRequires: fltk-devel
BuildRequires: freeglut-devel
@ -135,6 +139,7 @@ This package contains documentation.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%build
export PTHREAD_LIBS="-lpthread"