diff --git a/openexr-CVE-2021-45942.patch b/openexr-CVE-2021-45942.patch deleted file mode 100644 index 281a0dd..0000000 --- a/openexr-CVE-2021-45942.patch +++ /dev/null @@ -1,32 +0,0 @@ -diff --git a/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp b/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp -index 0acbed04b..364a1f04b 100644 ---- a/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp -+++ b/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp -@@ -1961,14 +1961,20 @@ readSampleCountForLineBlock(InputStreamMutex* streamData, - // @TODO refactor the compressor code to ensure full 64-bit support. - // - -- int compressorMaxDataSize = std::numeric_limits::max(); -- if (sampleCountTableDataSize > uint64_t(compressorMaxDataSize)) -+ uint64_t compressorMaxDataSize = static_cast(std::numeric_limits::max()); -+ if (packedDataSize > compressorMaxDataSize || -+ unpackedDataSize > compressorMaxDataSize || -+ sampleCountTableDataSize > compressorMaxDataSize) - { -- THROW (IEX_NAMESPACE::ArgExc, "This version of the library does not " -- << "support the allocation of data with size > " -- << compressorMaxDataSize -- << " file table size :" << sampleCountTableDataSize << ".\n"); -+ THROW (IEX_NAMESPACE::ArgExc, "This version of the library does not" -+ << "support the allocation of data with size > " -+ << compressorMaxDataSize -+ << " file table size :" << sampleCountTableDataSize -+ << " file unpacked size :" << unpackedDataSize -+ << " file packed size :" << packedDataSize << ".\n"); - } -+ -+ - streamData->is->read(data->sampleCountTableBuffer, static_cast(sampleCountTableDataSize)); - - const char* readPtr; - diff --git a/openexr.changes b/openexr.changes index 3749f13..0c04fd4 100644 --- a/openexr.changes +++ b/openexr.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Mon Feb 14 22:22:28 UTC 2022 - Dirk Müller + +- update to 3.1.4 (bsc#1194333): + * Several bug fixes to properly reject invalid input upon read + * A check to enable SSE2 when building with Visual Studio + * A check to fix building with VisualStudio on ARM64 + * Update the automatically-downloaded version of Imath to v3.1.4 + * Miscellaneous documentation improvements +- drop openexr-CVE-2021-45942.patch (upstream) + ------------------------------------------------------------------- Wed Jan 5 12:55:27 UTC 2022 - pgajdos@suse.com diff --git a/openexr.spec b/openexr.spec index 4f560b3..b8eaa73 100644 --- a/openexr.spec +++ b/openexr.spec @@ -22,7 +22,7 @@ %define sonum 30 %global so_suffix -3_1 Name: openexr -Version: 3.1.3 +Version: 3.1.4 Release: 0 Summary: Utilities for working with HDR images in OpenEXR format License: BSD-3-Clause @@ -30,8 +30,6 @@ Group: Development/Libraries/C and C++ URL: https://www.openexr.com/ Source0: https://github.com/openexr/openexr/archive/v%{version}.tar.gz Source2: baselibs.conf -# CVE-2021-45942 [bsc#1194333], heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute -Patch0: openexr-CVE-2021-45942.patch BuildRequires: cmake >= 3.12 BuildRequires: fltk-devel BuildRequires: freeglut-devel diff --git a/v3.1.3.tar.gz b/v3.1.3.tar.gz deleted file mode 100644 index 6fcb4d5..0000000 --- a/v3.1.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6f70a624d1321319d8269a911c4032f24950cde52e76f46e9ecbebfcb762f28c -size 20322346 diff --git a/v3.1.4.tar.gz b/v3.1.4.tar.gz new file mode 100644 index 0000000..58444a5 --- /dev/null +++ b/v3.1.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cb019c3c69ada47fe340f7fa6c8b863ca0515804dc60bdb25c942c1da886930b +size 20323658