Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openexr for openSUSE:Factory checked in at 2021-06-19 23:01:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openexr (Old) and /work/SRC/openSUSE:Factory/.openexr.new.2625 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openexr" Sat Jun 19 23:01:58 2021 rev:44 rq:900381 version:2.5.6 Changes: -------- --- /work/SRC/openSUSE:Factory/openexr/openexr.changes 2021-04-01 14:16:55.883944593 +0200 +++ /work/SRC/openSUSE:Factory/.openexr.new.2625/openexr.changes 2021-06-19 23:01:59.459592472 +0200 @@ -1,0 +2,23 @@ +Wed Jun 16 12:28:02 UTC 2021 - pgaj...@suse.com + +- security update +- added patches + fix CVE-2021-3605 [bsc#1187395], Heap buffer overflow in the rleUncompress function + + openexr-CVE-2021-3605.patch + +------------------------------------------------------------------- +Tue Jun 15 10:05:14 UTC 2021 - pgaj...@suse.com + +- security update +- added patches + fix CVE-2021-3598 [bsc#1187310], Heap buffer overflow in Imf_3_1:CharPtrIO:readChars + + openexr-CVE-2021-3598.patch + +------------------------------------------------------------------- +Tue Jun 15 09:28:19 UTC 2021 - pgaj...@suse.com + +- version update to 2.5.6 + * [#1013](https://github.com/AcademySoftwareFoundation/openexr/pull/1013) + Fixed regression in Imath::succf() and Imath::predf() when negative values are given + +------------------------------------------------------------------- Old: ---- v2.5.5.tar.gz New: ---- openexr-CVE-2021-3598.patch openexr-CVE-2021-3605.patch v2.5.6.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openexr.spec ++++++ --- /var/tmp/diff_new_pack.I12s1w/_old 2021-06-19 23:02:00.555593873 +0200 +++ /var/tmp/diff_new_pack.I12s1w/_new 2021-06-19 23:02:00.559593878 +0200 @@ -1,5 +1,5 @@ # -# spec file for package openexr +# spec file # # Copyright (c) 2021 SUSE LLC # @@ -28,7 +28,7 @@ %define sonum 25 %global so_suffix -2_5 Name: %{flavor} -Version: 2.5.5 +Version: 2.5.6 Release: 0 %if "%{flavor}" == "openexr" Summary: Utilities for working with HDR images in OpenEXR format @@ -44,6 +44,10 @@ Source0: https://github.com/openexr/openexr/archive/v%{version}.tar.gz Source2: baselibs.conf Patch1: 0001-Use-absolute-CMAKE_INSTALL_FULL_LIBDIR-for-libdir-in.patch +# CVE-2021-3598 [bsc#1187310], Heap buffer overflow in Imf_3_1:CharPtrIO:readChars +Patch2: openexr-CVE-2021-3598.patch +# CVE-2021-3605 [bsc#1187395], Heap buffer overflow in the rleUncompress function +Patch3: openexr-CVE-2021-3605.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: pkgconfig @@ -223,6 +227,8 @@ %prep %setup -q -n %{prjname}-%{version} %patch1 -p1 +%patch2 -p1 +%patch3 -p1 %build %if "%{flavor}" == "openexr" ++++++ openexr-CVE-2021-3598.patch ++++++ diff --git a/OpenEXR/IlmImf/ImfDeepScanLineInputFile.cpp b/OpenEXR/IlmImf/ImfDeepScanLineInputFile.cpp index 5f0f43989..ead43c729 100644 --- a/OpenEXR/IlmImf/ImfDeepScanLineInputFile.cpp +++ b/OpenEXR/IlmImf/ImfDeepScanLineInputFile.cpp @@ -647,6 +647,11 @@ LineBufferTask::execute () _lineBuffer->format = Compressor::XDR; _lineBuffer->uncompressedData = _lineBuffer->buffer; + + if(_lineBuffer->packedDataSize!=maxBytesPerLine) + { + THROW (IEX_NAMESPACE::InputExc, "Incorrect size for uncompressed data. Expected " << maxBytesPerLine << " got " << _lineBuffer->packedDataSize << " bytes"); + } } } ++++++ openexr-CVE-2021-3605.patch ++++++ --- a/OpenEXR/IlmImf/ImfRle.cpp +++ b/OpenEXR/IlmImf/ImfRle.cpp @@ -146,6 +146,11 @@ rleUncompress (int inLength, int maxLength, const signed char in[], char out[]) if (0 > (maxLength -= count + 1)) return 0; + // check the input buffer is big enough to contain + // byte to be duplicated + if (inLength < 0) + return 0; + memset(out, *(char*)in, count+1); out += count+1; ++++++ v2.5.5.tar.gz -> v2.5.6.tar.gz ++++++ /work/SRC/openSUSE:Factory/openexr/v2.5.5.tar.gz /work/SRC/openSUSE:Factory/.openexr.new.2625/v2.5.6.tar.gz differ: char 28, line 1
