Accepting request 909953 from graphics
- version update to 2.5.7 Patch release of 2.5 with security and build fixes: * OSS-fuzz 28051 Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer * OSS-fuzz 28155 Crash in Imf_2_5::PtrIStream::read * Fix broken symlink and pkg-config lib suffix for cmake debug builds - modified patches % 0001-Use-absolute-CMAKE_INSTALL_FULL_LIBDIR-for-libdir-in.patch (refreshed) - deleted patches - openexr-CVE-2021-3598.patch (upstreamed) - openexr-CVE-2021-3605.patch (upstreamed) OBS-URL: https://build.opensuse.org/request/show/909953 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openexr?expand=0&rev=45
This commit is contained in:
commit
6f1edef329
@ -19,10 +19,10 @@ Fixes https://github.com/AcademySoftwareFoundation/openexr/issues/595
|
|||||||
PyIlmBase/config/CMakeLists.txt | 4 ++--
|
PyIlmBase/config/CMakeLists.txt | 4 ++--
|
||||||
5 files changed, 6 insertions(+), 9 deletions(-)
|
5 files changed, 6 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
diff --git a/IlmBase/IlmBase.pc.in b/IlmBase/IlmBase.pc.in
|
Index: openexr-2.5.7/IlmBase/IlmBase.pc.in
|
||||||
index 45fc4de..1edd055 100644
|
===================================================================
|
||||||
--- a/IlmBase/IlmBase.pc.in
|
--- openexr-2.5.7.orig/IlmBase/IlmBase.pc.in 2021-06-15 02:15:14.000000000 +0200
|
||||||
+++ b/IlmBase/IlmBase.pc.in
|
+++ openexr-2.5.7/IlmBase/IlmBase.pc.in 2021-08-03 12:26:33.419242739 +0200
|
||||||
@@ -4,7 +4,6 @@
|
@@ -4,7 +4,6 @@
|
||||||
##
|
##
|
||||||
|
|
||||||
@ -31,10 +31,10 @@ index 45fc4de..1edd055 100644
|
|||||||
libdir=@libdir@
|
libdir=@libdir@
|
||||||
includedir=@includedir@
|
includedir=@includedir@
|
||||||
libsuffix=@LIB_SUFFIX_DASH@
|
libsuffix=@LIB_SUFFIX_DASH@
|
||||||
diff --git a/IlmBase/config/CMakeLists.txt b/IlmBase/config/CMakeLists.txt
|
Index: openexr-2.5.7/IlmBase/config/CMakeLists.txt
|
||||||
index d9c5ae4..fc161b0 100644
|
===================================================================
|
||||||
--- a/IlmBase/config/CMakeLists.txt
|
--- openexr-2.5.7.orig/IlmBase/config/CMakeLists.txt 2021-08-03 12:26:33.423242767 +0200
|
||||||
+++ b/IlmBase/config/CMakeLists.txt
|
+++ openexr-2.5.7/IlmBase/config/CMakeLists.txt 2021-08-03 12:26:47.735343624 +0200
|
||||||
@@ -76,8 +76,8 @@ if(ILMBASE_INSTALL_PKG_CONFIG)
|
@@ -76,8 +76,8 @@ if(ILMBASE_INSTALL_PKG_CONFIG)
|
||||||
function(ilmbase_pkg_config_help pcinfile)
|
function(ilmbase_pkg_config_help pcinfile)
|
||||||
set(prefix ${CMAKE_INSTALL_PREFIX})
|
set(prefix ${CMAKE_INSTALL_PREFIX})
|
||||||
@ -43,13 +43,13 @@ index d9c5ae4..fc161b0 100644
|
|||||||
- set(includedir "\${prefix}/${CMAKE_INSTALL_INCLUDEDIR}")
|
- set(includedir "\${prefix}/${CMAKE_INSTALL_INCLUDEDIR}")
|
||||||
+ set(libdir "${CMAKE_INSTALL_FULL_LIBDIR}")
|
+ set(libdir "${CMAKE_INSTALL_FULL_LIBDIR}")
|
||||||
+ set(includedir "${CMAKE_INSTALL_FULL_INCLUDEDIR}")
|
+ set(includedir "${CMAKE_INSTALL_FULL_INCLUDEDIR}")
|
||||||
set(LIB_SUFFIX_DASH ${ILMBASE_LIB_SUFFIX})
|
string(TOUPPER "${CMAKE_BUILD_TYPE}" uppercase_CMAKE_BUILD_TYPE)
|
||||||
|
set(LIB_SUFFIX_DASH ${ILMBASE_LIB_SUFFIX}${CMAKE_${uppercase_CMAKE_BUILD_TYPE}_POSTFIX})
|
||||||
if(TARGET Threads::Threads)
|
if(TARGET Threads::Threads)
|
||||||
# hrm, can't use properties as they end up as generator expressions
|
Index: openexr-2.5.7/OpenEXR/OpenEXR.pc.in
|
||||||
diff --git a/OpenEXR/OpenEXR.pc.in b/OpenEXR/OpenEXR.pc.in
|
===================================================================
|
||||||
index cf72f88..4df6035 100644
|
--- openexr-2.5.7.orig/OpenEXR/OpenEXR.pc.in 2021-06-15 02:15:14.000000000 +0200
|
||||||
--- a/OpenEXR/OpenEXR.pc.in
|
+++ openexr-2.5.7/OpenEXR/OpenEXR.pc.in 2021-08-03 12:26:33.423242767 +0200
|
||||||
+++ b/OpenEXR/OpenEXR.pc.in
|
|
||||||
@@ -4,7 +4,6 @@
|
@@ -4,7 +4,6 @@
|
||||||
##
|
##
|
||||||
|
|
||||||
@ -58,11 +58,11 @@ index cf72f88..4df6035 100644
|
|||||||
libdir=@libdir@
|
libdir=@libdir@
|
||||||
includedir=@includedir@
|
includedir=@includedir@
|
||||||
OpenEXR_includedir=@includedir@/OpenEXR
|
OpenEXR_includedir=@includedir@/OpenEXR
|
||||||
diff --git a/OpenEXR/config/CMakeLists.txt b/OpenEXR/config/CMakeLists.txt
|
Index: openexr-2.5.7/OpenEXR/config/CMakeLists.txt
|
||||||
index b52ad0d..59f4916 100644
|
===================================================================
|
||||||
--- a/OpenEXR/config/CMakeLists.txt
|
--- openexr-2.5.7.orig/OpenEXR/config/CMakeLists.txt 2021-08-03 12:26:33.423242767 +0200
|
||||||
+++ b/OpenEXR/config/CMakeLists.txt
|
+++ openexr-2.5.7/OpenEXR/config/CMakeLists.txt 2021-08-03 12:27:23.867598269 +0200
|
||||||
@@ -72,9 +72,8 @@ if(OPENEXR_INSTALL_PKG_CONFIG)
|
@@ -74,9 +74,8 @@ if(OPENEXR_INSTALL_PKG_CONFIG)
|
||||||
# use a helper function to avoid variable pollution, but pretty simple
|
# use a helper function to avoid variable pollution, but pretty simple
|
||||||
function(openexr_pkg_config_help pcinfile)
|
function(openexr_pkg_config_help pcinfile)
|
||||||
set(prefix ${CMAKE_INSTALL_PREFIX})
|
set(prefix ${CMAKE_INSTALL_PREFIX})
|
||||||
@ -71,13 +71,13 @@ index b52ad0d..59f4916 100644
|
|||||||
- set(includedir "\${prefix}/${CMAKE_INSTALL_INCLUDEDIR}")
|
- set(includedir "\${prefix}/${CMAKE_INSTALL_INCLUDEDIR}")
|
||||||
+ set(libdir "${CMAKE_INSTALL_FULL_LIBDIR}")
|
+ set(libdir "${CMAKE_INSTALL_FULL_LIBDIR}")
|
||||||
+ set(includedir "${CMAKE_INSTALL_FULL_INCLUDEDIR}")
|
+ set(includedir "${CMAKE_INSTALL_FULL_INCLUDEDIR}")
|
||||||
set(LIB_SUFFIX_DASH ${OPENEXR_LIB_SUFFIX})
|
string(TOUPPER "${CMAKE_BUILD_TYPE}" uppercase_CMAKE_BUILD_TYPE)
|
||||||
|
set(LIB_SUFFIX_DASH ${OPENEXR_LIB_SUFFIX}${CMAKE_${uppercase_CMAKE_BUILD_TYPE}_POSTFIX})
|
||||||
if(TARGET Threads::Threads)
|
if(TARGET Threads::Threads)
|
||||||
# hrm, can't use properties as they end up as generator expressions
|
Index: openexr-2.5.7/PyIlmBase/config/CMakeLists.txt
|
||||||
diff --git a/PyIlmBase/config/CMakeLists.txt b/PyIlmBase/config/CMakeLists.txt
|
===================================================================
|
||||||
index 1872c89..a971723 100644
|
--- openexr-2.5.7.orig/PyIlmBase/config/CMakeLists.txt 2021-08-03 12:26:33.423242767 +0200
|
||||||
--- a/PyIlmBase/config/CMakeLists.txt
|
+++ openexr-2.5.7/PyIlmBase/config/CMakeLists.txt 2021-08-03 12:27:01.255438907 +0200
|
||||||
+++ b/PyIlmBase/config/CMakeLists.txt
|
|
||||||
@@ -16,8 +16,8 @@ if(PYILMBASE_INSTALL_PKG_CONFIG)
|
@@ -16,8 +16,8 @@ if(PYILMBASE_INSTALL_PKG_CONFIG)
|
||||||
function(pyilmbase_pkg_config_help pcinfile)
|
function(pyilmbase_pkg_config_help pcinfile)
|
||||||
set(prefix ${CMAKE_INSTALL_PREFIX})
|
set(prefix ${CMAKE_INSTALL_PREFIX})
|
||||||
@ -86,9 +86,6 @@ index 1872c89..a971723 100644
|
|||||||
- set(includedir ${CMAKE_INSTALL_INCLUDEDIR})
|
- set(includedir ${CMAKE_INSTALL_INCLUDEDIR})
|
||||||
+ set(libdir ${CMAKE_INSTALL_FULL_LIBDIR})
|
+ set(libdir ${CMAKE_INSTALL_FULL_LIBDIR})
|
||||||
+ set(includedir ${CMAKE_INSTALL_FULL_INCLUDEDIR})
|
+ set(includedir ${CMAKE_INSTALL_FULL_INCLUDEDIR})
|
||||||
set(LIB_SUFFIX_DASH ${OPENEXR_LIB_SUFFIX})
|
string(TOUPPER "${CMAKE_BUILD_TYPE}" uppercase_CMAKE_BUILD_TYPE)
|
||||||
|
set(LIB_SUFFIX_DASH ${OPENEXR_LIB_SUFFIX}${CMAKE_${uppercase_CMAKE_BUILD_TYPE}_POSTFIX})
|
||||||
string(REPLACE ".in" "" pcout ${pcinfile})
|
string(REPLACE ".in" "" pcout ${pcinfile})
|
||||||
configure_file(${pcinfile} ${CMAKE_CURRENT_BINARY_DIR}/${pcout} @ONLY)
|
|
||||||
--
|
|
||||||
2.27.0
|
|
||||||
|
|
||||||
|
@ -1,17 +0,0 @@
|
|||||||
diff --git a/OpenEXR/IlmImf/ImfDeepScanLineInputFile.cpp b/OpenEXR/IlmImf/ImfDeepScanLineInputFile.cpp
|
|
||||||
index 5f0f43989..ead43c729 100644
|
|
||||||
--- a/OpenEXR/IlmImf/ImfDeepScanLineInputFile.cpp
|
|
||||||
+++ b/OpenEXR/IlmImf/ImfDeepScanLineInputFile.cpp
|
|
||||||
@@ -647,6 +647,11 @@ LineBufferTask::execute ()
|
|
||||||
|
|
||||||
_lineBuffer->format = Compressor::XDR;
|
|
||||||
_lineBuffer->uncompressedData = _lineBuffer->buffer;
|
|
||||||
+
|
|
||||||
+ if(_lineBuffer->packedDataSize!=maxBytesPerLine)
|
|
||||||
+ {
|
|
||||||
+ THROW (IEX_NAMESPACE::InputExc, "Incorrect size for uncompressed data. Expected " << maxBytesPerLine << " got " << _lineBuffer->packedDataSize << " bytes");
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
@ -1,15 +0,0 @@
|
|||||||
--- a/OpenEXR/IlmImf/ImfRle.cpp
|
|
||||||
+++ b/OpenEXR/IlmImf/ImfRle.cpp
|
|
||||||
@@ -146,6 +146,11 @@ rleUncompress (int inLength, int maxLength, const signed char in[], char out[])
|
|
||||||
if (0 > (maxLength -= count + 1))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
+ // check the input buffer is big enough to contain
|
|
||||||
+ // byte to be duplicated
|
|
||||||
+ if (inLength < 0)
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
memset(out, *(char*)in, count+1);
|
|
||||||
out += count+1;
|
|
||||||
|
|
||||||
|
|
@ -1,3 +1,17 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Aug 3 10:46:19 UTC 2021 - pgajdos@suse.com
|
||||||
|
|
||||||
|
- version update to 2.5.7
|
||||||
|
Patch release of 2.5 with security and build fixes:
|
||||||
|
* OSS-fuzz 28051 Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
|
||||||
|
* OSS-fuzz 28155 Crash in Imf_2_5::PtrIStream::read
|
||||||
|
* Fix broken symlink and pkg-config lib suffix for cmake debug builds
|
||||||
|
- modified patches
|
||||||
|
% 0001-Use-absolute-CMAKE_INSTALL_FULL_LIBDIR-for-libdir-in.patch (refreshed)
|
||||||
|
- deleted patches
|
||||||
|
- openexr-CVE-2021-3598.patch (upstreamed)
|
||||||
|
- openexr-CVE-2021-3605.patch (upstreamed)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jun 16 12:28:02 UTC 2021 - pgajdos@suse.com
|
Wed Jun 16 12:28:02 UTC 2021 - pgajdos@suse.com
|
||||||
|
|
||||||
|
@ -28,7 +28,7 @@
|
|||||||
%define sonum 25
|
%define sonum 25
|
||||||
%global so_suffix -2_5
|
%global so_suffix -2_5
|
||||||
Name: %{flavor}
|
Name: %{flavor}
|
||||||
Version: 2.5.6
|
Version: 2.5.7
|
||||||
Release: 0
|
Release: 0
|
||||||
%if "%{flavor}" == "openexr"
|
%if "%{flavor}" == "openexr"
|
||||||
Summary: Utilities for working with HDR images in OpenEXR format
|
Summary: Utilities for working with HDR images in OpenEXR format
|
||||||
@ -44,10 +44,6 @@ URL: http://www.openexr.com/
|
|||||||
Source0: https://github.com/openexr/openexr/archive/v%{version}.tar.gz
|
Source0: https://github.com/openexr/openexr/archive/v%{version}.tar.gz
|
||||||
Source2: baselibs.conf
|
Source2: baselibs.conf
|
||||||
Patch1: 0001-Use-absolute-CMAKE_INSTALL_FULL_LIBDIR-for-libdir-in.patch
|
Patch1: 0001-Use-absolute-CMAKE_INSTALL_FULL_LIBDIR-for-libdir-in.patch
|
||||||
# CVE-2021-3598 [bsc#1187310], Heap buffer overflow in Imf_3_1:CharPtrIO:readChars
|
|
||||||
Patch2: openexr-CVE-2021-3598.patch
|
|
||||||
# CVE-2021-3605 [bsc#1187395], Heap buffer overflow in the rleUncompress function
|
|
||||||
Patch3: openexr-CVE-2021-3605.patch
|
|
||||||
BuildRequires: cmake
|
BuildRequires: cmake
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
@ -227,8 +223,6 @@ Group: System/Libraries
|
|||||||
%prep
|
%prep
|
||||||
%setup -q -n %{prjname}-%{version}
|
%setup -q -n %{prjname}-%{version}
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
|
||||||
%patch3 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%if "%{flavor}" == "openexr"
|
%if "%{flavor}" == "openexr"
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:c9f4c268d91d3904b7784b7a65d1eba55334bddf391487e9f14c315fa3a362b5
|
|
||||||
size 27540385
|
|
3
v2.5.7.tar.gz
Normal file
3
v2.5.7.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:36ecb2290cba6fc92b2ec9357f8dc0e364b4f9a90d727bf9a57c84760695272d
|
||||||
|
size 27539574
|
Loading…
Reference in New Issue
Block a user