Accepting request 954468 from graphics

- update to 3.1.4 (bsc#1194333):
  * Several bug fixes to properly reject invalid input upon read 
  * A check to enable SSE2 when building with Visual Studio
  * A check to fix building with VisualStudio on ARM64
  * Update the automatically-downloaded version of Imath to v3.1.4
  * Miscellaneous documentation improvements
- drop openexr-CVE-2021-45942.patch (upstream) (forwarded request 954404 from dirkmueller)

OBS-URL: https://build.opensuse.org/request/show/954468
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openexr?expand=0&rev=50
This commit is contained in:
Dominique Leuenberger 2022-02-16 23:29:55 +00:00 committed by Git OBS Bridge
commit 77f2bb29a9
5 changed files with 15 additions and 38 deletions

View File

@ -1,32 +0,0 @@
diff --git a/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp b/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp
index 0acbed04b..364a1f04b 100644
--- a/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp
+++ b/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp
@@ -1961,14 +1961,20 @@ readSampleCountForLineBlock(InputStreamMutex* streamData,
// @TODO refactor the compressor code to ensure full 64-bit support.
//
- int compressorMaxDataSize = std::numeric_limits<int>::max();
- if (sampleCountTableDataSize > uint64_t(compressorMaxDataSize))
+ uint64_t compressorMaxDataSize = static_cast<uint64_t>(std::numeric_limits<int>::max());
+ if (packedDataSize > compressorMaxDataSize ||
+ unpackedDataSize > compressorMaxDataSize ||
+ sampleCountTableDataSize > compressorMaxDataSize)
{
- THROW (IEX_NAMESPACE::ArgExc, "This version of the library does not "
- << "support the allocation of data with size > "
- << compressorMaxDataSize
- << " file table size :" << sampleCountTableDataSize << ".\n");
+ THROW (IEX_NAMESPACE::ArgExc, "This version of the library does not"
+ << "support the allocation of data with size > "
+ << compressorMaxDataSize
+ << " file table size :" << sampleCountTableDataSize
+ << " file unpacked size :" << unpackedDataSize
+ << " file packed size :" << packedDataSize << ".\n");
}
+
+
streamData->is->read(data->sampleCountTableBuffer, static_cast<int>(sampleCountTableDataSize));
const char* readPtr;

View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Mon Feb 14 22:22:28 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 3.1.4 (bsc#1194333):
* Several bug fixes to properly reject invalid input upon read
* A check to enable SSE2 when building with Visual Studio
* A check to fix building with VisualStudio on ARM64
* Update the automatically-downloaded version of Imath to v3.1.4
* Miscellaneous documentation improvements
- drop openexr-CVE-2021-45942.patch (upstream)
-------------------------------------------------------------------
Wed Jan 5 12:55:27 UTC 2022 - pgajdos@suse.com

View File

@ -22,7 +22,7 @@
%define sonum 30
%global so_suffix -3_1
Name: openexr
Version: 3.1.3
Version: 3.1.4
Release: 0
Summary: Utilities for working with HDR images in OpenEXR format
License: BSD-3-Clause
@ -30,8 +30,6 @@ Group: Development/Libraries/C and C++
URL: https://www.openexr.com/
Source0: https://github.com/openexr/openexr/archive/v%{version}.tar.gz
Source2: baselibs.conf
# CVE-2021-45942 [bsc#1194333], heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute
Patch0: openexr-CVE-2021-45942.patch
BuildRequires: cmake >= 3.12
BuildRequires: fltk-devel
BuildRequires: freeglut-devel

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6f70a624d1321319d8269a911c4032f24950cde52e76f46e9ecbebfcb762f28c
size 20322346

3
v3.1.4.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:cb019c3c69ada47fe340f7fa6c8b863ca0515804dc60bdb25c942c1da886930b
size 20323658