- version update to 3.4.3
* Buffer overflow in PyOpenEXR_old's channels() and channel() in legacy python
* Use after free in PyObject_StealAttrString in legacy python
* Use of Uninitialized Memory in openexr
* Heap-based Buffer Overflow Remote Code Execution Vulnerability
* OSS-fuzz 456158449 Heap-buffer-overflow in generic_unpack
* OSS-fuzz 447429458 Heap-buffer-overflow in DwaCompressor_uncompress
* OSS-fuzz 439237843 Heap-buffer-overflow in internal_exr_undo_ht
* OSS-fuzz 436037111 Heap-buffer-overflow in generic_unpack
* OSS-fuzz 435779241 Heap-buffer-overflow in generic_unpack
* OSS-fuzz 420744464 Abrt in __cxxabiv1::failed_throw
* Fix a bug with re-reading a scanline file with a different set of channels.
* Only populate CMAKE_DEBUG_POSTFIX with _d if it is undefined, which makes
it possible to set CMAKE_DEBUG_POSTFIX="".
- fixes bsc#1253233 (CVE-2025-64181)
bsc#1253234 (CVE-2025-64182)
bsc#1253235 (CVE-2025-64183)
OBS-URL: https://build.opensuse.org/request/show/1317761
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openexr?expand=0&rev=68
- version update to 3.4.0
* Additional compression option to the OpenEXR file format for
lossless compression with High Throughput JPEG-2000 (HTJ2K).
* New colorInteropID standard attribute.
* New bytes attribute type.
* TBB as a global thread provider.
* Using openexr via cmake add_subdirectory now works properly.
* The Python module now allows an empty part name for a single-part file
* The header_only option for Python module's OpenEXR.File now works properly.
OBS-URL: https://build.opensuse.org/request/show/1303634
OBS-URL: https://build.opensuse.org/package/show/graphics/openexr?expand=0&rev=114
- version update to 3.2.2 [bsc#1219498]
* [CVE-2023-5841](https://takeonme.org/cves/CVE-2023-5841.html).
Note that this bug is present in the C++ API (since v3.1.0), although
it is in a routine that is predominantly used for development and
testing. It is not likely to appear in production code.
* OSS-fuzz [66491](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66491)
Out-of-memory in openexr_exrcorecheck_fuzzer
* OSS-fuzz [66489](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66489)
Null-dereference in `Imf_3_3::realloc_deepdata`
- deleted patches
- openexr-CVE-2023-5841.patch (upstreamed)
- version update to 3.2.1
## Version 3.2.0 (August 30, 2023)
* Zip compression via ``libdeflate``
* New camdkit/camdkit-enabled standard attributes
* Updated SO versioning policy
* Python bindings & PyPI wheel
* Miscellaneous improvements
## Version 3.2.1 (September 27, 2023)
* Fix for linking statically against an external ``libdeflate``
* Fix a compile error with ``OPENEXR_VERSION_HEX``
* Fix various compiler warnings
* Pkg-config generation is now on by default for all systems, including Windows
- modified sources
% baselibs.conf
- added patches
fix CVE-2023-5841 [bsc#1219498], heap-based buffer overflow in generic_unpack_deep()
+ openexr-CVE-2023-5841.patch
OBS-URL: https://build.opensuse.org/request/show/1146590
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openexr?expand=0&rev=62
- version update to 3.2.1
## Version 3.2.0 (August 30, 2023)
* Zip compression via ``libdeflate``
* New camdkit/camdkit-enabled standard attributes
* Updated SO versioning policy
* Python bindings & PyPI wheel
* Miscellaneous improvements
## Version 3.2.1 (September 27, 2023)
* Fix for linking statically against an external ``libdeflate``
* Fix a compile error with ``OPENEXR_VERSION_HEX``
* Fix various compiler warnings
* Pkg-config generation is now on by default for all systems, including Windows
- modified sources
% baselibs.conf
- added patches
fix CVE-2023-5841 [bsc#1219498], heap-based buffer overflow in generic_unpack_deep()
+ openexr-CVE-2023-5841.patch
OBS-URL: https://build.opensuse.org/request/show/1144872
OBS-URL: https://build.opensuse.org/package/show/graphics/openexr?expand=0&rev=105
## Version 3.1.11 (August 13, 2023)
Patch release that fixes a build failure with `-march=x86-64-v3`
* Initialize `regs[]` to 0 in `check_for_x86_simd`
* Fix CPUID detection with `-march=x86-64-v3`
## Version 3.1.10 (August 2, 2023)
Patch release that addresses miscellaneous build issues, test
failures, and performance regressions, as well as:
* OSS-fuzz [59457](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59457)
Heap-buffer-overflow in `LossyDctDecoder_execute`
* Readdress #1456: disallow NaNs in `testOptimizedInterleavePatterns`
* Revert pre-computed values
* Fix handling for corrupt number of DC components
* Add `OPENEXR_MISSING_ARM_VLD1` workaround to `internal_dwa_simd.h`
* Fix Huffman performance regression on Linux/clang
* Fix range check in dwa compressor
* Fix build with i386 and musl libc
* Fix the code contains unhandled character
* Fix cpu detection of sse2 on non-64 x86
* Fix the code contains unhandled character
* Fix gcc-11 warnings: signed/unsigned integer comparison, unused variables
* Fix macOS and Windows build failures when threading is disabled
* Fix build error on win_arm64
- deleted patches
- 1488.patch (upstreamed)
OBS-URL: https://build.opensuse.org/package/show/graphics/openexr?expand=0&rev=103
- update to 3.1.6:
* NEON optimizations for ZIP reading
* Enable fast Huffman & Huffman zig-zag transform for Arm Neon
* Support relative and absolute libdir/includedir in pkg-config generation
* Fix for reading memory mapped files with DWA compression
* Enable SSE4 support on Windows
* Fast huf decoder
- Drop gcc13-fix.patch (forwarded request 1071437 from polslinux)
OBS-URL: https://build.opensuse.org/request/show/1071520
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openexr?expand=0&rev=56
- update to 3.1.4 (bsc#1194333):
* Several bug fixes to properly reject invalid input upon read
* A check to enable SSE2 when building with Visual Studio
* A check to fix building with VisualStudio on ARM64
* Update the automatically-downloaded version of Imath to v3.1.4
* Miscellaneous documentation improvements
- drop openexr-CVE-2021-45942.patch (upstream) (forwarded request 954404 from dirkmueller)
OBS-URL: https://build.opensuse.org/request/show/954468
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openexr?expand=0&rev=50
- update to 3.1.4 (bsc#1194333):
* Several bug fixes to properly reject invalid input upon read
* A check to enable SSE2 when building with Visual Studio
* A check to fix building with VisualStudio on ARM64
* Update the automatically-downloaded version of Imath to v3.1.4
* Miscellaneous documentation improvements
- drop openexr-CVE-2021-45942.patch (upstream)
OBS-URL: https://build.opensuse.org/request/show/954404
OBS-URL: https://build.opensuse.org/package/show/graphics/openexr?expand=0&rev=80
