From f89cee985d1ef195b38fc112e18339255a50574ff1ede22485952fd759781514 Mon Sep 17 00:00:00 2001
From: Petr Gajdos <pgajdos@suse.com>
Date: Tue, 15 Jun 2021 10:24:04 +0000
Subject: [PATCH 1/2] - security update - added patches   fix CVE-2021-3598
 [bsc#1187310], Heap buffer overflow in Imf_3_1:CharPtrIO:readChars   +
 openexr-CVE-2021-3598.patch

- version update to 2.5.6
  * [#1013](https://github.com/AcademySoftwareFoundation/openexr/pull/1013)
  Fixed regression in Imath::succf() and Imath::predf() when negative values are given

OBS-URL: https://build.opensuse.org/package/show/graphics/openexr?expand=0&rev=66
---
 openexr-CVE-2021-3598.patch | 17 +++++++++++++++++
 openexr.changes             | 15 +++++++++++++++
 openexr.spec                |  5 ++++-
 v2.5.5.tar.gz               |  3 ---
 v2.5.6.tar.gz               |  3 +++
 5 files changed, 39 insertions(+), 4 deletions(-)
 create mode 100644 openexr-CVE-2021-3598.patch
 delete mode 100644 v2.5.5.tar.gz
 create mode 100644 v2.5.6.tar.gz

diff --git a/openexr-CVE-2021-3598.patch b/openexr-CVE-2021-3598.patch
new file mode 100644
index 0000000..817c6be
--- /dev/null
+++ b/openexr-CVE-2021-3598.patch
@@ -0,0 +1,17 @@
+diff --git a/OpenEXR/IlmImf/ImfDeepScanLineInputFile.cpp b/OpenEXR/IlmImf/ImfDeepScanLineInputFile.cpp
+index 5f0f43989..ead43c729 100644
+--- a/OpenEXR/IlmImf/ImfDeepScanLineInputFile.cpp
++++ b/OpenEXR/IlmImf/ImfDeepScanLineInputFile.cpp
+@@ -647,6 +647,11 @@ LineBufferTask::execute ()
+ 
+                 _lineBuffer->format = Compressor::XDR;
+                 _lineBuffer->uncompressedData = _lineBuffer->buffer;
++
++                if(_lineBuffer->packedDataSize!=maxBytesPerLine)
++                {
++                    THROW (IEX_NAMESPACE::InputExc, "Incorrect size for uncompressed data. Expected " << maxBytesPerLine << " got " << _lineBuffer->packedDataSize << " bytes");
++                }
+             }
+         }
+ 
+
diff --git a/openexr.changes b/openexr.changes
index 605dec4..b749eb3 100644
--- a/openexr.changes
+++ b/openexr.changes
@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Tue Jun 15 10:05:14 UTC 2021 - pgajdos@suse.com
+
+- security update
+- added patches
+  fix CVE-2021-3598 [bsc#1187310], Heap buffer overflow in Imf_3_1:CharPtrIO:readChars
+  + openexr-CVE-2021-3598.patch
+
+-------------------------------------------------------------------
+Tue Jun 15 09:28:19 UTC 2021 - pgajdos@suse.com
+
+- version update to 2.5.6
+  * [#1013](https://github.com/AcademySoftwareFoundation/openexr/pull/1013)
+  Fixed regression in Imath::succf() and Imath::predf() when negative values are given
+
 -------------------------------------------------------------------
 Wed Mar 31 12:04:02 UTC 2021 - pgajdos@suse.com
 
diff --git a/openexr.spec b/openexr.spec
index 2c49d87..87d05fb 100644
--- a/openexr.spec
+++ b/openexr.spec
@@ -28,7 +28,7 @@
 %define sonum 25
 %global so_suffix -2_5
 Name:           %{flavor}
-Version:        2.5.5
+Version:        2.5.6
 Release:        0
 %if "%{flavor}" == "openexr"
 Summary:        Utilities for working with HDR images in OpenEXR format
@@ -44,6 +44,8 @@ URL:            http://www.openexr.com/
 Source0:        https://github.com/openexr/openexr/archive/v%{version}.tar.gz
 Source2:        baselibs.conf
 Patch1:         0001-Use-absolute-CMAKE_INSTALL_FULL_LIBDIR-for-libdir-in.patch
+# CVE-2021-3598 [bsc#1187310], Heap buffer overflow in Imf_3_1:CharPtrIO:readChars
+Patch2:         openexr-CVE-2021-3598.patch
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
 BuildRequires:  pkgconfig
@@ -223,6 +225,7 @@ Group:          System/Libraries
 %prep
 %setup -q -n %{prjname}-%{version}
 %patch1 -p1
+%patch2 -p1
 
 %build
 %if "%{flavor}" == "openexr"
diff --git a/v2.5.5.tar.gz b/v2.5.5.tar.gz
deleted file mode 100644
index 38b8a44..0000000
--- a/v2.5.5.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:59e98361cb31456a9634378d0f653a2b9554b8900f233450f2396ff495ea76b3
-size 27536865
diff --git a/v2.5.6.tar.gz b/v2.5.6.tar.gz
new file mode 100644
index 0000000..b1faecc
--- /dev/null
+++ b/v2.5.6.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c9f4c268d91d3904b7784b7a65d1eba55334bddf391487e9f14c315fa3a362b5
+size 27540385

From 6cc7edd22b263fa7cd148555700a9530bc18c0e86967b4e8b5f535ea5e783e18 Mon Sep 17 00:00:00 2001
From: Petr Gajdos <pgajdos@suse.com>
Date: Wed, 16 Jun 2021 12:39:58 +0000
Subject: [PATCH 2/2] - security update - added patches   fix CVE-2021-3605
 [bsc#1187395], Heap buffer overflow in the rleUncompress function   +
 openexr-CVE-2021-3605.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/openexr?expand=0&rev=67
---
 openexr-CVE-2021-3605.patch | 15 +++++++++++++++
 openexr.changes             |  8 ++++++++
 openexr.spec                |  5 ++++-
 3 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 openexr-CVE-2021-3605.patch

diff --git a/openexr-CVE-2021-3605.patch b/openexr-CVE-2021-3605.patch
new file mode 100644
index 0000000..4ccd553
--- /dev/null
+++ b/openexr-CVE-2021-3605.patch
@@ -0,0 +1,15 @@
+--- a/OpenEXR/IlmImf/ImfRle.cpp
++++ b/OpenEXR/IlmImf/ImfRle.cpp
+@@ -146,6 +146,11 @@ rleUncompress (int inLength, int maxLength, const signed char in[], char out[])
+ 	    if (0 > (maxLength -= count + 1))
+ 		return 0;
+ 
++        // check the input buffer is big enough to contain
++        // byte to be duplicated
++        if (inLength < 0)
++          return 0;
++
+         memset(out, *(char*)in, count+1);
+         out += count+1;
+ 
+
diff --git a/openexr.changes b/openexr.changes
index b749eb3..aa967c4 100644
--- a/openexr.changes
+++ b/openexr.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed Jun 16 12:28:02 UTC 2021 - pgajdos@suse.com
+
+- security update
+- added patches
+  fix CVE-2021-3605 [bsc#1187395], Heap buffer overflow in the rleUncompress function
+  + openexr-CVE-2021-3605.patch
+
 -------------------------------------------------------------------
 Tue Jun 15 10:05:14 UTC 2021 - pgajdos@suse.com
 
diff --git a/openexr.spec b/openexr.spec
index 87d05fb..a729a28 100644
--- a/openexr.spec
+++ b/openexr.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package openexr
+# spec file
 #
 # Copyright (c) 2021 SUSE LLC
 #
@@ -46,6 +46,8 @@ Source2:        baselibs.conf
 Patch1:         0001-Use-absolute-CMAKE_INSTALL_FULL_LIBDIR-for-libdir-in.patch
 # CVE-2021-3598 [bsc#1187310], Heap buffer overflow in Imf_3_1:CharPtrIO:readChars
 Patch2:         openexr-CVE-2021-3598.patch
+# CVE-2021-3605 [bsc#1187395], Heap buffer overflow in the rleUncompress function
+Patch3:         openexr-CVE-2021-3605.patch
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
 BuildRequires:  pkgconfig
@@ -226,6 +228,7 @@ Group:          System/Libraries
 %setup -q -n %{prjname}-%{version}
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 %build
 %if "%{flavor}" == "openexr"