Accepting request 715498 from graphics

- security update - added patches CVE-2017-14988 [bsc#1061305] + openexr-CVE-2017-14988.patch OBS-URL: https://build.opensuse.org/request/show/715498 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openexr?expand=0&rev=30
2019-07-17 12:23:43 +00:00 · 2019-07-17 12:23:43 +00:00 · bd1a34f946
commit bd1a34f946
parent 50c99e20b2 3c840ae9b8
3 changed files with 26 additions and 0 deletions
--- a/openexr-CVE-2017-14988.patch
+++ b/openexr-CVE-2017-14988.patch
@ -0,0 +1,15 @@
 --- a/IlmImf/ImfHeader.cpp
 +++ b/IlmImf/ImfHeader.cpp
@@ -1185,6 +1185,11 @@ Header::readFrom (OPENEXR_IMF_INTERNAL_NAMESPACE::IStream &is, int &version)
 	checkIsNullTerminated (typeName, "attribute type name");
 	OPENEXR_IMF_INTERNAL_NAMESPACE::Xdr::read <OPENEXR_IMF_INTERNAL_NAMESPACE::StreamIO> (is, size);
 +    if( size < 0 )
 +    {
 +        throw IEX_NAMESPACE::InputExc("Invalid size field in header attribute");
 +    }
 +
 	AttributeMap::iterator i = _map.find (name);
 	if (i != _map.end())
--- a/openexr.changes
+++ b/openexr.changes
@ -1,3 +1,11 @@
 -------------------------------------------------------------------
 Mon Jul 15 14:06:20 UTC 2019 - pgajdos@suse.com
 - security update
 - added patches
  CVE-2017-14988 [bsc#1061305]
  + openexr-CVE-2017-14988.patch
 -------------------------------------------------------------------
 Fri Jun 14 19:30:32 UTC 2019 - pgajdos@suse.com
--- a/openexr.spec
+++ b/openexr.spec
@ -40,6 +40,8 @@ Patch0:         openexr-CVE-2018-18444.patch
 # https://github.com/openexr/openexr/pull/401
 # CVE-2017-9111 [bsc#1040109], CVE-2017-9113 [bsc#1040113], CVE-2017-9115 [bsc#1040115]
 Patch1:         openexr-CVE-2017-9111,9113,9115.patch
 # CVE-2017-14988 [bsc#1061305]
 Patch2:         openexr-CVE-2017-14988.patch
 BuildRequires:  automake
 BuildRequires:  fltk-devel
 BuildRequires:  freeglut-devel
@ -140,6 +142,7 @@ This package contains documentation.
 %setup -q
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
 %build
 export PTHREAD_LIBS="-lpthread"