diff --git a/openexr-CVE-2017-9111,9113,9115.patch b/openexr-CVE-2017-9111,9113,9115.patch new file mode 100644 index 0000000..5f56f8f --- /dev/null +++ b/openexr-CVE-2017-9111,9113,9115.patch @@ -0,0 +1,28 @@ +Index: openexr-2.3.0/exrmakepreview/makePreview.cpp +=================================================================== +--- openexr-2.3.0.orig/exrmakepreview/makePreview.cpp 2018-08-10 03:35:00.000000000 +0200 ++++ openexr-2.3.0/exrmakepreview/makePreview.cpp 2019-06-14 19:18:36.159142127 +0200 +@@ -110,6 +110,9 @@ generatePreview (const char inFileName[] + int h = dw.max.y - dw.min.y + 1; + + Array2D pixels (h, w); ++ if (INT_MAX / abs(w) < abs(dw.min.y) || ++ INT_MAX - abs(dw.min.x) < abs(dw.min.y * w)) ++ throw IEX_NAMESPACE::ArgExc ("Invalid data window in image header."); + in.setFrameBuffer (&pixels[0][0] - dw.min.y * w - dw.min.x, 1, w); + in.readPixels (dw.min.y, dw.max.y); + +Index: openexr-2.3.0/exrmaketiled/Image.h +=================================================================== +--- openexr-2.3.0.orig/exrmaketiled/Image.h 2018-08-10 03:35:00.000000000 +0200 ++++ openexr-2.3.0/exrmaketiled/Image.h 2019-06-14 19:19:02.451287048 +0200 +@@ -192,6 +192,9 @@ TypedImageChannel::slice () const + const IMATH_NAMESPACE::Box2i &dw = image().dataWindow(); + int w = dw.max.x - dw.min.x + 1; + ++ if (INT_MAX / abs(w) < abs(dw.min.y) || ++ INT_MAX - abs(dw.min.x) < abs(dw.min.y * w)) ++ throw IEX_NAMESPACE::ArgExc ("Invalid data window in image header."); + return OPENEXR_IMF_INTERNAL_NAMESPACE::Slice (pixelType(), + (char *) (&_pixels[0][0] - dw.min.y * w - dw.min.x), + sizeof (T), diff --git a/openexr.changes b/openexr.changes index e90ad0d..d5ba947 100644 --- a/openexr.changes +++ b/openexr.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri Jun 14 19:30:32 UTC 2019 - pgajdos@suse.com + +- security update +- added patches + CVE-2017-9111 [bsc#1040109], CVE-2017-9113 [bsc#1040113], CVE-2017-9115 [bsc#1040115] + + openexr-CVE-2017-9111,9113,9115.patch + ------------------------------------------------------------------- Wed Nov 7 11:07:19 UTC 2018 - Jan Engelhardt diff --git a/openexr.spec b/openexr.spec index ea32fbe..8b64916 100644 --- a/openexr.spec +++ b/openexr.spec @@ -1,7 +1,7 @@ # # spec file for package openexr # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -35,7 +35,11 @@ Source0: https://github.com/openexr/openexr/releases/download/v%{version} Source1: https://github.com/openexr/openexr/releases/download/v%{version}/openexr-%{version}.tar.gz.sig Source2: baselibs.conf Source3: openexr.keyring +# https://github.com/openexr/openexr/pull/401 Patch0: openexr-CVE-2018-18444.patch +# https://github.com/openexr/openexr/pull/401 +# CVE-2017-9111 [bsc#1040109], CVE-2017-9113 [bsc#1040113], CVE-2017-9115 [bsc#1040115] +Patch1: openexr-CVE-2017-9111,9113,9115.patch BuildRequires: automake BuildRequires: fltk-devel BuildRequires: freeglut-devel @@ -135,6 +139,7 @@ This package contains documentation. %prep %setup -q %patch0 -p1 +%patch1 -p1 %build export PTHREAD_LIBS="-lpthread"