* Wed Jan 05 2022 pgajdos@suse.com
- security update
- added patches
fix CVE-2021-45942 [bsc#1194333], heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute
+ openexr-CVE-2021-45942.patch
* Thu Nov 11 2021 pgajdos@suse.com
- security update
- added patches
fix CVE-2021-3941 [bsc#1192556], Divide-by-zero in Imf_3_1:RGBtoXYZ
+ openexr-CVE-2021-3941.patch
* Tue Nov 09 2021 pgajdos@suse.com
- security update
- added patches
fix CVE-2021-3933 [bsc#1192498], Integer-overflow in Imf_3_1:bytesPerDeepLineTable
+ openexr-CVE-2021-3933.patch
* Tue Aug 03 2021 pgajdos@suse.com
- security update
- modified patches
% openexr-CVE-2021-3476.patch (refreshed)
- added patches
fix CVE-2021-20298 [bsc#1188460], Out-of-memory in B44Compressor
+ openexr-CVE-2021-20298.patch
fix CVE-2021-20299 [bsc#1188459], Null-dereference READ in Imf_2_5:Header:operator
+ openexr-CVE-2021-20299.patch
fix CVE-2021-20300 [bsc#1188458], Integer-overflow in Imf_2_5:hufUncompress
+ openexr-CVE-2021-20300.patch
fix CVE-2021-20302 [bsc#1188462], Floating-point-exception in Imf_2_5:precalculateTileInfot
+ openexr-CVE-2021-20302.patch
fix CVE-2021-20303 [bsc#1188457], Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
+ openexr-CVE-2021-20303.patch
fix CVE-2021-20304 [bsc#1188461], Undefined-shift in Imf_2_5:hufDecode
+ openexr-CVE-2021-20304.patch
* Wed Jun 16 2021 pgajdos@suse.com
- security update
- added patches
fix CVE-2021-3605 [bsc#1187395], Heap buffer overflow in the rleUncompress function
+ openexr-CVE-2021-3605.patch
* Tue Jun 15 2021 pgajdos@suse.com
- security update
- added patches
fix CVE-2021-3598 [bsc#1187310], Heap buffer overflow in Imf_3_1:CharPtrIO:readChars
+ openexr-CVE-2021-3598.patch
* Tue Apr 27 2021 pgajdos@suse.com
- security update
- added patches
fix CVE-2021-23215 [bsc#1185216], Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers
fix CVE-2021-26260 [bsc#1185217], Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers
+ openexr-CVE-2021-23215,26260.patch
* Thu Apr 08 2021 pgajdos@suse.com
- security update
- modified patches
% openexr-CVE-2021-3474.patch (splitted into openexr-CVE-2021-20296.patch)
- added patches
fix CVE-2021-20296 [bsc#1184355], Segv on unknown address in Imf_2_5:hufUncompress - Null Pointer dereference
+ openexr-CVE-2021-20296.patch
fix CVE-2021-3477 [bsc#1184353], Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts
+ openexr-CVE-2021-3477.patch
fix CVE-2021-3479 [bsc#1184354], Out-of-memory caused by allocation of a very large buffer
+ openexr-CVE-2021-3479.patch
* Wed Mar 31 2021 pgajdos@suse.com
- security update
- added patches
fix CVE-2021-3474 [bsc#1184174], Undefined-shift in Imf_2_5::FastHufDecoder::FastHufDecoder
+ openexr-CVE-2021-3474.patch
fix CVE-2021-3475 [bsc#1184173], Integer-overflow in Imf_2_5::calculateNumTiles
+ openexr-CVE-2021-3475.patch
fix CVE-2021-3476 [bsc#1184172], Undefined-shift in Imf_2_5::unpack14
+ openexr-CVE-2021-3476.patch
* Wed Dec 16 2020 pgajdos@suse.com
- security update
- added patches
fix CVE-2020-16587, CVE-2020-16588, CVE-2020-16589 [bsc#1179879], multiple memory safety issues
+ openexr-CVE-2020-16587.patch
+ openexr-CVE-2020-16588.patch
+ openexr-CVE-2020-16589.patch
* Wed Jul 01 2020 pgajdos@suse.com
- security update
- added patches
fix CVE-2020-15304 [bsc#1173466], NULL pointer dereference in TiledInputFile:TiledInputFile()
+ openexr-CVE-2020-15304.patch
fix CVE-2020-15305 [bsc#1173467], use-after-free in DeepScanLineInputFile:DeepScanLineInputFile()
+ openexr-CVE-2020-15305.patch
fix CVE-2020-15306 [bsc#1173469], invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize()
+ openexr-CVE-2020-15306.patch
* Wed Apr 22 2020 pgajdos@suse.com
- security update
- added patches
fix CVE-2020-11762 [bsc#1169549], out-of-bounds read and write in DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case
fix CVE-2020-11758 [bsc#1169573], out-of-bounds read in ImfOptimizedPixelReading.h.
fix CVE-2020-11764 [bsc#1169574], out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp
fix CVE-2020-11765 [bsc#1169575], off-by-one error in use of the ImfXdr.h read function by DwaCompressor:Classifier:Classifier
fix CVE-2020-11763 [bsc#1169576], out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp
fix CVE-2020-11761 [bsc#1169578], out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp
fix CVE-2020-11760 [bsc#1169580], out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp
+ openexr-CVE-2020-11762,11758,11764,11765,11763,11761,11760.patch
* Fri Sep 20 2019 pgajdos@suse.com
- testsuite only for x86_64 [bsc#1146648]
* Fri Sep 20 2019 pgajdos@suse.com
- on behalf of Martin Pluskal:
- Enable tests on architectures with enough memory - boo#1146648
* disable imffuzztest as it takes to much resources
* Mon Jul 15 2019 pgajdos@suse.com
- security update
- added patches
CVE-2017-14988 [bsc#1061305]
+ openexr-CVE-2017-14988.patch
* Fri Jun 14 2019 pgajdos@suse.com
- security update
- added patches
CVE-2017-9111 [bsc#1040109], CVE-2017-9113 [bsc#1040113], CVE-2017-9115 [bsc#1040115]
+ openexr-CVE-2017-9111,9113,9115.patch
* Wed Nov 07 2018 pgajdos@suse.com
- security update
* CVE-2018-18444 [bsc#1113455]
+ openexr-CVE-2018-18444.patch
* Tue Nov 06 2018 pgajdos@suse.com
- asan_build: build ASAN included
- debug_build: build more suitable for debugging
* Mon Jan 15 2018 avindra@opensuse.org
- Update to 2.2.1
* Fix reported OpenEXR security vulnerabilities: CVE-2017-9110,
CVE-2017-9111, CVE-2017-9112, CVE-2017-9113, CVE-2017-9114,
CVE-2017-9115 and CVE-2017-9116
- pgajdos@suse.com: but really seem to fix only:
CVE-2017-9110 [bsc#1040107], CVE-2017-9114 [bsc#1040114],
CVE-2017-9116 [bsc#1040116], CVE-2017-12596 [bsc#1052522]; for
the rest of issues see [bsc#1040109], [bsc#1040112],
[bsc#1040113], [bsc#1040114], [bsc#1040115], and [bsc#1061305]
* Wed Jul 12 2017 tchvatal@suse.com
- Cleanup a bit with spec-cleaner