Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openexr for openSUSE:Factory checked in at 2026-04-08 17:13:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openexr (Old) and /work/SRC/openSUSE:Factory/.openexr.new.21863 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openexr" Wed Apr 8 17:13:34 2026 rev:74 rq:1344902 version:3.4.9 Changes: -------- --- /work/SRC/openSUSE:Factory/openexr/openexr.changes 2026-03-12 22:22:07.465905829 +0100 +++ /work/SRC/openSUSE:Factory/.openexr.new.21863/openexr.changes 2026-04-08 17:13:44.163001151 +0200 @@ -1,0 +2,34 @@ +Tue Apr 7 07:57:03 UTC 2026 - Petr Gajdos <[email protected]> + +- version update to 3.4.9 + * [CVE-2026-34589](https://www.cve.org/CVERecord?id=CVE-2026-34589) DWA Lossy Decoder Heap Out-of-Bounds Write + * [CVE-2026-34588](https://www.cve.org/CVERecord?id=CVE-2026-34588) Signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write + * [CVE-2026-34380](https://www.cve.org/CVERecord?id=CVE-2026-34380) Signed integer overflow (undefined behavior) in undo_pxr24_impl may allow bounds-check bypass in PXR24 decompression + * [CVE-2026-34379](https://www.cve.org/CVERecord?id=CVE-2026-34379) Misaligned write in LossyDctDecoder_execute leading to undefined behavior (DWA/DWAB decompression) + * [CVE-2026-34378](https://www.cve.org/CVERecord?id=CVE-2026-34378) Signed integer overflow in generic_unpack() when parsing EXR files with crafted negative dataWindow.min.x + * Fix signed integer overflow in `LossyDctDecoder_execute()` pointer arithmatic + * fix integer overflow in PIZ wavelet buffer arithmetic + * Add a message about image size limits and OOM errors to SECURITY.md and website + * Fix shared lib symlink installation path + * Fix misaligned memory access in `LossyDctDecoder_execute` HALF→FLOAT expansion + * fix signed integer overflow in `undo_pxr24_impl()` + * Fix integer overflow in `srcbuffer` pointer arithmetic in `unpack_*` + * Add "cherry" and "changes" options to release.py + * Fix an integer-overflow bug reading malformed files compressed with + * B44A/B44B + * Fix a buffer-overrun bug reading malformed files compressed with PXR24 + * Fix a bug compressing half data with ZIPS/ZIP data when the + * compressed size equals packed size + * Single part files no longer get assigned a part name when writing + * via the python module + * Fix a build failure on FreeBSD involving `threads.h` + * Fix an integer overflow decoding very wide htj2k images + * Fix build failure with glibc 2.43 + * Fix Windows symbol visibility warnings +- fixes CVE-2026-34545 [bsc#1261344] + CVE-2026-34543 [bsc#1261339] + CVE-2026-34544 [bsc#1261342] +- deleted patches + * openexr-glibc-2.43.patch (upstreamed) + +------------------------------------------------------------------- Old: ---- openexr-glibc-2.43.patch v3.4.6.tar.gz New: ---- v3.4.9.tar.gz ----------(Old B)---------- Old:- deleted patches * openexr-glibc-2.43.patch (upstreamed) ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openexr.spec ++++++ --- /var/tmp/diff_new_pack.Z3He6v/_old 2026-04-08 17:13:45.227044898 +0200 +++ /var/tmp/diff_new_pack.Z3He6v/_new 2026-04-08 17:13:45.231045062 +0200 @@ -1,8 +1,7 @@ # # spec file for package openexr # -# Copyright (c) 2026 SUSE LLC -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,7 +26,7 @@ %endif Name: openexr -Version: 3.4.6 +Version: 3.4.9 Release: 0 Summary: Utilities for working with HDR images in OpenEXR format License: BSD-3-Clause @@ -35,8 +34,6 @@ URL: https://www.openexr.com/ Source0: https://github.com/AcademySoftwareFoundation/openexr/archive/v%{version}.tar.gz Source2: baselibs.conf -# fix build with glibc 2.43 [bsc#1258747] -Patch0: openexr-glibc-2.43.patch BuildRequires: cmake >= 3.12 BuildRequires: freeglut-devel BuildRequires: gcc%{?force_gcc_version} ++++++ v3.4.6.tar.gz -> v3.4.9.tar.gz ++++++ /work/SRC/openSUSE:Factory/openexr/v3.4.6.tar.gz /work/SRC/openSUSE:Factory/.openexr.new.21863/v3.4.9.tar.gz differ: char 12, line 1
