pool/openexr
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- security update

Browse Source 
- added patches
  fix CVE-2021-3598 [bsc#1187310], Heap buffer overflow in Imf_3_1:CharPtrIO:readChars
  + openexr-CVE-2021-3598.patch

- version update to 2.5.6
  * [#1013](https://github.com/AcademySoftwareFoundation/openexr/pull/1013)
  Fixed regression in Imath::succf() and Imath::predf() when negative values are given

OBS-URL: https://build.opensuse.org/package/show/graphics/openexr?expand=0&rev=66
This commit is contained in:
Petr Gajdos 2021-06-15 10:24:04 +00:00 committed by Git OBS Bridge
parent d4f1e8f4bb
commit f89cee985d
5 changed files with 39 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
openexr-CVE-2021-3598.patch Normal file
View File

@ -0,0 +1,17 @@
diff --git a/OpenEXR/IlmImf/ImfDeepScanLineInputFile.cpp b/OpenEXR/IlmImf/ImfDeepScanLineInputFile.cpp
index 5f0f43989..ead43c729 100644
--- a/OpenEXR/IlmImf/ImfDeepScanLineInputFile.cpp
+++ b/OpenEXR/IlmImf/ImfDeepScanLineInputFile.cpp
@@ -647,6 +647,11 @@ LineBufferTask::execute ()
_lineBuffer->format = Compressor::XDR;
_lineBuffer->uncompressedData = _lineBuffer->buffer;
+
+ if(_lineBuffer->packedDataSize!=maxBytesPerLine)
+ {
+ THROW (IEX_NAMESPACE::InputExc, "Incorrect size for uncompressed data. Expected " << maxBytesPerLine << " got " << _lineBuffer->packedDataSize << " bytes");
+ }
}
}

15
openexr.changes
View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Tue Jun 15 10:05:14 UTC 2021 - pgajdos@suse.com
- security update
- added patches
fix CVE-2021-3598 [bsc#1187310], Heap buffer overflow in Imf_3_1:CharPtrIO:readChars
+ openexr-CVE-2021-3598.patch
-------------------------------------------------------------------
Tue Jun 15 09:28:19 UTC 2021 - pgajdos@suse.com
- version update to 2.5.6
* [#1013](https://github.com/AcademySoftwareFoundation/openexr/pull/1013)
Fixed regression in Imath::succf() and Imath::predf() when negative values are given
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Mar 31 12:04:02 UTC 2021 - pgajdos@suse.com Wed Mar 31 12:04:02 UTC 2021 - pgajdos@suse.com

5
openexr.spec
View File

@ -28,7 +28,7 @@
%define sonum 25 %define sonum 25
%global so_suffix -2_5 %global so_suffix -2_5
Name: %{flavor} Name: %{flavor}
Version: 2.5.5 Version: 2.5.6
Release: 0 Release: 0
%if "%{flavor}" == "openexr" %if "%{flavor}" == "openexr"
Summary: Utilities for working with HDR images in OpenEXR format Summary: Utilities for working with HDR images in OpenEXR format
@ -44,6 +44,8 @@ URL: http://www.openexr.com/
Source0: https://github.com/openexr/openexr/archive/v%{version}.tar.gz Source0: https://github.com/openexr/openexr/archive/v%{version}.tar.gz
Source2: baselibs.conf Source2: baselibs.conf
Patch1: 0001-Use-absolute-CMAKE_INSTALL_FULL_LIBDIR-for-libdir-in.patch Patch1: 0001-Use-absolute-CMAKE_INSTALL_FULL_LIBDIR-for-libdir-in.patch
# CVE-2021-3598 [bsc#1187310], Heap buffer overflow in Imf_3_1:CharPtrIO:readChars
Patch2: openexr-CVE-2021-3598.patch
BuildRequires: cmake BuildRequires: cmake
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: pkgconfig BuildRequires: pkgconfig
@ -223,6 +225,7 @@ Group: System/Libraries
%prep %prep
%setup -q -n %{prjname}-%{version} %setup -q -n %{prjname}-%{version}
%patch1 -p1 %patch1 -p1
%patch2 -p1
%build %build
%if "%{flavor}" == "openexr" %if "%{flavor}" == "openexr"

3
v2.5.5.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:59e98361cb31456a9634378d0f653a2b9554b8900f233450f2396ff495ea76b3
size 27536865

3
v2.5.6.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c9f4c268d91d3904b7784b7a65d1eba55334bddf391487e9f14c315fa3a362b5
size 27540385