SHA256
1
0
forked from pool/openexr

Accepting request 954404 from home:dirkmueller:Factory

- update to 3.1.4 (bsc#1194333):
  * Several bug fixes to properly reject invalid input upon read 
  * A check to enable SSE2 when building with Visual Studio
  * A check to fix building with VisualStudio on ARM64
  * Update the automatically-downloaded version of Imath to v3.1.4
  * Miscellaneous documentation improvements
- drop openexr-CVE-2021-45942.patch (upstream)

OBS-URL: https://build.opensuse.org/request/show/954404
OBS-URL: https://build.opensuse.org/package/show/graphics/openexr?expand=0&rev=80
This commit is contained in:
Petr Gajdos 2022-02-15 07:01:25 +00:00 committed by Git OBS Bridge
parent 4a1b52b0c1
commit 18db163acc
5 changed files with 15 additions and 38 deletions

View File

@ -1,32 +0,0 @@
diff --git a/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp b/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp
index 0acbed04b..364a1f04b 100644
--- a/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp
+++ b/src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp
@@ -1961,14 +1961,20 @@ readSampleCountForLineBlock(InputStreamMutex* streamData,
// @TODO refactor the compressor code to ensure full 64-bit support.
//
- int compressorMaxDataSize = std::numeric_limits<int>::max();
- if (sampleCountTableDataSize > uint64_t(compressorMaxDataSize))
+ uint64_t compressorMaxDataSize = static_cast<uint64_t>(std::numeric_limits<int>::max());
+ if (packedDataSize > compressorMaxDataSize ||
+ unpackedDataSize > compressorMaxDataSize ||
+ sampleCountTableDataSize > compressorMaxDataSize)
{
- THROW (IEX_NAMESPACE::ArgExc, "This version of the library does not "
- << "support the allocation of data with size > "
- << compressorMaxDataSize
- << " file table size :" << sampleCountTableDataSize << ".\n");
+ THROW (IEX_NAMESPACE::ArgExc, "This version of the library does not"
+ << "support the allocation of data with size > "
+ << compressorMaxDataSize
+ << " file table size :" << sampleCountTableDataSize
+ << " file unpacked size :" << unpackedDataSize
+ << " file packed size :" << packedDataSize << ".\n");
}
+
+
streamData->is->read(data->sampleCountTableBuffer, static_cast<int>(sampleCountTableDataSize));
const char* readPtr;

View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Mon Feb 14 22:22:28 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 3.1.4 (bsc#1194333):
* Several bug fixes to properly reject invalid input upon read
* A check to enable SSE2 when building with Visual Studio
* A check to fix building with VisualStudio on ARM64
* Update the automatically-downloaded version of Imath to v3.1.4
* Miscellaneous documentation improvements
- drop openexr-CVE-2021-45942.patch (upstream)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jan 5 12:55:27 UTC 2022 - pgajdos@suse.com Wed Jan 5 12:55:27 UTC 2022 - pgajdos@suse.com

View File

@ -22,7 +22,7 @@
%define sonum 30 %define sonum 30
%global so_suffix -3_1 %global so_suffix -3_1
Name: openexr Name: openexr
Version: 3.1.3 Version: 3.1.4
Release: 0 Release: 0
Summary: Utilities for working with HDR images in OpenEXR format Summary: Utilities for working with HDR images in OpenEXR format
License: BSD-3-Clause License: BSD-3-Clause
@ -30,8 +30,6 @@ Group: Development/Libraries/C and C++
URL: https://www.openexr.com/ URL: https://www.openexr.com/
Source0: https://github.com/openexr/openexr/archive/v%{version}.tar.gz Source0: https://github.com/openexr/openexr/archive/v%{version}.tar.gz
Source2: baselibs.conf Source2: baselibs.conf
# CVE-2021-45942 [bsc#1194333], heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute
Patch0: openexr-CVE-2021-45942.patch
BuildRequires: cmake >= 3.12 BuildRequires: cmake >= 3.12
BuildRequires: fltk-devel BuildRequires: fltk-devel
BuildRequires: freeglut-devel BuildRequires: freeglut-devel

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6f70a624d1321319d8269a911c4032f24950cde52e76f46e9ecbebfcb762f28c
size 20322346

3
v3.1.4.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:cb019c3c69ada47fe340f7fa6c8b863ca0515804dc60bdb25c942c1da886930b
size 20323658