Hello community, here is the log from the commit of package openexr for openSUSE:Leap:15.2 checked in at 2020-05-19 14:08:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/openexr (Old) and /work/SRC/openSUSE:Leap:15.2/.openexr.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openexr" Tue May 19 14:08:30 2020 rev:19 rq:806880 version:2.2.1 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/openexr/openexr.changes 2020-01-15 15:36:54.111005693 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.openexr.new.2738/openexr.changes 2020-05-19 14:08:45.507031004 +0200 @@ -1,0 +2,26 @@ +Wed Apr 22 09:47:26 UTC 2020 - [email protected] + +- security update +- added patches + fix CVE-2020-11762 [bsc#1169549], out-of-bounds read and write in DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case + fix CVE-2020-11758 [bsc#1169573], out-of-bounds read in ImfOptimizedPixelReading.h. + fix CVE-2020-11764 [bsc#1169574], out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp + fix CVE-2020-11765 [bsc#1169575], off-by-one error in use of the ImfXdr.h read function by DwaCompressor:Classifier:Classifier + fix CVE-2020-11763 [bsc#1169576], out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp + fix CVE-2020-11761 [bsc#1169578], out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp + fix CVE-2020-11760 [bsc#1169580], out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp + + openexr-CVE-2020-11762,11758,11764,11765,11763,11761,11760.patch + +------------------------------------------------------------------- +Fri Sep 20 12:38:43 UTC 2019 - [email protected] + +- testsuite only for x86_64 [bsc#1146648] + +------------------------------------------------------------------- +Fri Sep 20 11:49:43 UTC 2019 - [email protected] + +- on behalf of Martin Pluskal: +- Enable tests on architectures with enough memory - boo#1146648 + * disable imffuzztest as it takes to much resources + +------------------------------------------------------------------- New: ---- openexr-CVE-2020-11762,11758,11764,11765,11763,11761,11760.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openexr.spec ++++++ --- /var/tmp/diff_new_pack.9x9DrZ/_old 2020-05-19 14:08:46.031032023 +0200 +++ /var/tmp/diff_new_pack.9x9DrZ/_new 2020-05-19 14:08:46.031032023 +0200 @@ -20,9 +20,6 @@ %define debug_build 0 %define sonum 23 %global so_suffix -2_2-23 -# tests should run at least during local build -# but do expect a HUGE number of memory, so beware -%bcond_with tests Name: openexr Version: 2.2.1 Release: 0 @@ -39,6 +36,8 @@ Patch1: openexr-CVE-2017-9111,9113,9115.patch # CVE-2017-14988 [bsc#1061305] Patch2: openexr-CVE-2017-14988.patch +# CVE-2020-11762 [bsc#1169549], out-of-bounds read and write in DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case|CVE-2020-11758 [bsc#1169573], out-of-bounds read in ImfOptimizedPixelReading.h.|CVE-2020-11764 [bsc#1169574], out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp|CVE-2020-11765 [bsc#1169575], off-by-one error in use of the ImfXdr.h read function by DwaCompressor:Classifier:Classifier|CVE-2020-11763 [bsc#1169576], out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp|CVE-2020-11761 [bsc#1169578], out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp|CVE-2020-11760 [bsc#1169580], out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp +Patch3: openexr-CVE-2020-11762,11758,11764,11765,11763,11761,11760.patch BuildRequires: automake BuildRequires: fltk-devel BuildRequires: freeglut-devel @@ -140,6 +139,7 @@ %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 # poor man's fdupes if cmp COPYING LICENSE; then @@ -163,7 +163,6 @@ %endif --enable-large-stack \ --enable-imfexamples \ - --enable-imffuzztest \ --enable-imfhugetest %if %{asan_build} vmemlimit=$(ulimit -v) @@ -187,7 +186,7 @@ mv %{buildroot}%{_datadir}/doc/OpenEXR-2* %{buildroot}%{_defaultdocdir}/%{name}-%{version} %check -%if %{with tests} +%ifarch x86_64 make %{?_smp_mflags} check %endif ++++++ openexr-CVE-2020-11762,11758,11764,11765,11763,11761,11760.patch ++++++ ++++ 1039 lines (skipped)
