Accepting request 954404 from home:dirkmueller:Factory

- update to 3.1.4 (bsc#1194333):
  * Several bug fixes to properly reject invalid input upon read 
  * A check to enable SSE2 when building with Visual Studio
  * A check to fix building with VisualStudio on ARM64
  * Update the automatically-downloaded version of Imath to v3.1.4
  * Miscellaneous documentation improvements
- drop openexr-CVE-2021-45942.patch (upstream)

OBS-URL: https://build.opensuse.org/request/show/954404
OBS-URL: https://build.opensuse.org/package/show/graphics/openexr?expand=0&rev=80

openexr-CVE-2021-45942.patch

@@ -1,32 +0,0 @@
-diff --git a/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp b/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp
-index 0acbed04b..364a1f04b 100644
---- a/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp
-+++ b/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp
-@@ -1961,14 +1961,20 @@ readSampleCountForLineBlock(InputStreamMutex* streamData,
-     // @TODO refactor the compressor code to ensure full 64-bit support.
-     //
- 
--    int compressorMaxDataSize = std::numeric_limits<int>::max();
--    if (sampleCountTableDataSize > uint64_t(compressorMaxDataSize))
-+    uint64_t compressorMaxDataSize = static_cast<uint64_t>(std::numeric_limits<int>::max());
-+    if (packedDataSize         > compressorMaxDataSize ||
-+        unpackedDataSize > compressorMaxDataSize ||
-+        sampleCountTableDataSize        > compressorMaxDataSize)
-     {
--        THROW (IEX_NAMESPACE::ArgExc, "This version of the library does not "
--              << "support the allocation of data with size  > "
--              << compressorMaxDataSize
--              << " file table size    :" << sampleCountTableDataSize << ".\n");
-+        THROW (IEX_NAMESPACE::ArgExc, "This version of the library does not"
-+            << "support the allocation of data with size  > "
-+            << compressorMaxDataSize
-+            << " file table size    :" << sampleCountTableDataSize
-+            << " file unpacked size :" << unpackedDataSize
-+            << " file packed size   :" << packedDataSize << ".\n");
-     }
-+
-+
-     streamData->is->read(data->sampleCountTableBuffer, static_cast<int>(sampleCountTableDataSize));
-     
-     const char* readPtr;
-

openexr.changes

@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Mon Feb 14 22:22:28 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 3.1.4 (bsc#1194333):
+  * Several bug fixes to properly reject invalid input upon read 
+  * A check to enable SSE2 when building with Visual Studio
+  * A check to fix building with VisualStudio on ARM64
+  * Update the automatically-downloaded version of Imath to v3.1.4
+  * Miscellaneous documentation improvements
+- drop openexr-CVE-2021-45942.patch (upstream)
+
 -------------------------------------------------------------------
 Wed Jan  5 12:55:27 UTC 2022 - pgajdos@suse.com
 

openexr.spec

@@ -22,7 +22,7 @@
 %define sonum 30
 %global so_suffix -3_1
 Name:           openexr
-Version:        3.1.3
+Version:        3.1.4
 Release:        0
 Summary:        Utilities for working with HDR images in OpenEXR format
 License:        BSD-3-Clause
@@ -30,8 +30,6 @@ Group:          Development/Libraries/C and C++
 URL:            https://www.openexr.com/
 Source0:        https://github.com/openexr/openexr/archive/v%{version}.tar.gz
 Source2:        baselibs.conf
-# CVE-2021-45942 [bsc#1194333], heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute
-Patch0:         openexr-CVE-2021-45942.patch
 BuildRequires:  cmake >= 3.12
 BuildRequires:  fltk-devel
 BuildRequires:  freeglut-devel

v3.1.3.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6f70a624d1321319d8269a911c4032f24950cde52e76f46e9ecbebfcb762f28c
-size 20322346

v3.1.4.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cb019c3c69ada47fe340f7fa6c8b863ca0515804dc60bdb25c942c1da886930b
+size 20323658