openexr-3.2.2-160000.3.1

- security update
- added patches
  fix CVE-2025-64181 [bsc#1253233], use of uninitialized memory in function generic_unpack()
  + openexr-CVE-2025-64181-1.patch
  + openexr-CVE-2025-64181-2.patch

- Build AVX2 enabled hwcaps library for x86_64-v3

- version update to 3.2.2 [bsc#1219498]
  * [CVE-2023-5841](https://takeonme.org/cves/CVE-2023-5841.html).
    Note that this bug is present in the C++ API (since v3.1.0), although
    it is in a routine that is predominantly used for development and
    testing. It is not likely to appear in production code.
  * OSS-fuzz [66491](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66491)
    Out-of-memory in openexr_exrcorecheck_fuzzer
  * OSS-fuzz [66489](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66489)
    Null-dereference in `Imf_3_3::realloc_deepdata`
- deleted patches
  - openexr-CVE-2023-5841.patch (upstreamed)

- version update to 3.2.1
  [#]# Version 3.2.0 (August 30, 2023)
  * Zip compression via ``libdeflate``
  * New camdkit/camdkit-enabled standard attributes
  * Updated SO versioning policy
  * Python bindings & PyPI wheel
  * Miscellaneous improvements
  [#]# Version 3.2.1 (September 27, 2023)
  * Fix for linking statically against an external ``libdeflate``
  * Fix a compile error with ``OPENEXR_VERSION_HEX``
  * Fix various compiler warnings
  * Pkg-config generation is now on by default for all systems, including Windows
- modified sources
  % baselibs.conf
- added patches
  fix CVE-2023-5841 [bsc#1219498], heap-based buffer overflow in generic_unpack_deep()
  + openexr-CVE-2023-5841.patch

- version update to 3.1.11
  [#]# Version 3.1.11 (August 13, 2023)
  Patch release that fixes a build failure with `-march=x86-64-v3`
  * Initialize `regs[]` to 0 in `check_for_x86_simd`
  * Fix CPUID detection with `-march=x86-64-v3`
  [#]# Version 3.1.10 (August 2, 2023)
  Patch release that addresses miscellaneous build issues, test
  failures, and performance regressions, as well as:
  * OSS-fuzz [59457](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59457)
  Heap-buffer-overflow in `LossyDctDecoder_execute`
  * Readdress #1456: disallow NaNs in `testOptimizedInterleavePatterns`
  * Revert pre-computed values
  * Fix handling for corrupt number of DC components
  * Add `OPENEXR_MISSING_ARM_VLD1` workaround to `internal_dwa_simd.h`
  * Fix Huffman performance regression on Linux/clang
  * Fix range check in dwa compressor
  * Fix build with i386 and musl libc
  * Fix the code contains unhandled character
  * Fix cpu detection of sse2 on non-64 x86
  * Fix the code contains unhandled character
  * Fix gcc-11 warnings: signed/unsigned integer comparison, unused variables
  * Fix macOS and Windows build failures when threading is disabled
  * Fix build error on win_arm64
- deleted patches
  - 1488.patch (upstreamed)

- Add patch to fix regression on non-SSE architectures
  https://github.com/AcademySoftwareFoundation/openexr/issues/1460:
  * 1488.patch
- Also disable 'DWA[AB]Compression' test on aarch64 as the patch
  above fixes the issue for all targets, except aarch64

- version update to 3.1.9
  * Patch release that addresses miscelleneous build and doc issues, as well as:
    . OSS-fuzz 59382 Heap-buffer-overflow in internal_huf_decompress

- update to 3.1.8:
  * Support for DWA compression in OpenEXRCore
  * Fix OSS-fuzz 59070 Stack-buffer-overflow in
    DwaCompressor_readChannelRules

- update to 3.1.7:
  * Patch release that fixes a build regression on ARMv7, and
    fixes a build issue with zlib.

- update to 3.1.6:
  * NEON optimizations for ZIP reading
  * Enable fast Huffman & Huffman zig-zag transform for Arm Neon
  * Support relative and absolute libdir/includedir in pkg-config generation
  * Fix for reading memory mapped files with DWA compression
  * Enable SSE4 support on Windows
  * Fast huf decoder
- Drop gcc13-fix.patch

- Add upstream fix gcc13-fix.patch.

- security update
- added patches
  fix CVE-2021-45942 [bsc#1194333], heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute
  + openexr-CVE-2021-45942.patch

- security update
- added patches
  fix CVE-2021-3941 [bsc#1192556], Divide-by-zero in Imf_3_1:RGBtoXYZ
  + openexr-CVE-2021-3941.patch

- security update
- added patches
  fix CVE-2021-3933 [bsc#1192498], Integer-overflow in Imf_3_1:bytesPerDeepLineTable
  + openexr-CVE-2021-3933.patch

- security update
- modified patches
  % openexr-CVE-2021-3476.patch (refreshed)
- added patches
  fix CVE-2021-20298 [bsc#1188460], Out-of-memory in B44Compressor
  + openexr-CVE-2021-20298.patch
  fix CVE-2021-20299 [bsc#1188459], Null-dereference READ in Imf_2_5:Header:operator
  + openexr-CVE-2021-20299.patch
  fix CVE-2021-20300 [bsc#1188458], Integer-overflow in Imf_2_5:hufUncompress
  + openexr-CVE-2021-20300.patch
  fix CVE-2021-20302 [bsc#1188462], Floating-point-exception in Imf_2_5:precalculateTileInfot
  + openexr-CVE-2021-20302.patch
  fix CVE-2021-20303 [bsc#1188457], Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
  + openexr-CVE-2021-20303.patch
  fix CVE-2021-20304 [bsc#1188461], Undefined-shift in Imf_2_5:hufDecode
  + openexr-CVE-2021-20304.patch

- security update
- added patches
  fix CVE-2021-3605 [bsc#1187395], Heap buffer overflow in the rleUncompress function
  + openexr-CVE-2021-3605.patch

- security update
- added patches
  fix CVE-2021-3598 [bsc#1187310], Heap buffer overflow in Imf_3_1:CharPtrIO:readChars
  + openexr-CVE-2021-3598.patch

- security update
- added patches
  fix CVE-2021-23215 [bsc#1185216], Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers
  fix CVE-2021-26260 [bsc#1185217], Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers
  + openexr-CVE-2021-23215,26260.patch

- security update
- modified patches
  % openexr-CVE-2021-3474.patch (splitted into openexr-CVE-2021-20296.patch)
- added patches
  fix CVE-2021-20296 [bsc#1184355], Segv on unknown address in Imf_2_5:hufUncompress - Null Pointer dereference
  + openexr-CVE-2021-20296.patch
  fix CVE-2021-3477 [bsc#1184353], Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts
  + openexr-CVE-2021-3477.patch
  fix CVE-2021-3479 [bsc#1184354], Out-of-memory caused by allocation of a very large buffer
  + openexr-CVE-2021-3479.patch

- security update
- added patches
  fix CVE-2021-3474 [bsc#1184174], Undefined-shift in Imf_2_5::FastHufDecoder::FastHufDecoder
  + openexr-CVE-2021-3474.patch
  fix CVE-2021-3475 [bsc#1184173], Integer-overflow in Imf_2_5::calculateNumTiles
  + openexr-CVE-2021-3475.patch
  fix CVE-2021-3476 [bsc#1184172], Undefined-shift in Imf_2_5::unpack14
  + openexr-CVE-2021-3476.patch

- security update
- added patches
  fix CVE-2020-16587, CVE-2020-16588, CVE-2020-16589 [bsc#1179879], multiple memory safety issues
  + openexr-CVE-2020-16587.patch
  + openexr-CVE-2020-16588.patch
  + openexr-CVE-2020-16589.patch

- security update
- added patches
  fix CVE-2020-15304 [bsc#1173466], NULL pointer dereference in TiledInputFile:TiledInputFile()
  + openexr-CVE-2020-15304.patch
  fix CVE-2020-15305 [bsc#1173467], use-after-free in DeepScanLineInputFile:DeepScanLineInputFile()
  + openexr-CVE-2020-15305.patch
  fix CVE-2020-15306 [bsc#1173469], invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize()
  + openexr-CVE-2020-15306.patch

- security update
- added patches
  fix CVE-2020-11762 [bsc#1169549], out-of-bounds read and write in DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case
  fix CVE-2020-11758 [bsc#1169573], out-of-bounds read in ImfOptimizedPixelReading.h.
  fix CVE-2020-11764 [bsc#1169574], out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp
  fix CVE-2020-11765 [bsc#1169575], off-by-one error in use of the ImfXdr.h read function by DwaCompressor:Classifier:Classifier
  fix CVE-2020-11763 [bsc#1169576], out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp
  fix CVE-2020-11761 [bsc#1169578], out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp
  fix CVE-2020-11760 [bsc#1169580], out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp
  + openexr-CVE-2020-11762,11758,11764,11765,11763,11761,11760.patch

- testsuite only for x86_64 [bsc#1146648]

- on behalf of Martin Pluskal:
- Enable tests on architectures with enough memory - boo#1146648
  * disable imffuzztest as it takes to much resources

- security update
- added patches
  CVE-2017-14988 [bsc#1061305]
  + openexr-CVE-2017-14988.patch

- security update
- added patches
  CVE-2017-9111 [bsc#1040109], CVE-2017-9113 [bsc#1040113], CVE-2017-9115 [bsc#1040115]
  + openexr-CVE-2017-9111,9113,9115.patch

- security update
  * CVE-2018-18444 [bsc#1113455]
    + openexr-CVE-2018-18444.patch

- asan_build: build ASAN included
- debug_build: build more suitable for debugging

- Update to 2.2.1
  * Fix reported OpenEXR security vulnerabilities: CVE-2017-9110,
    CVE-2017-9111, CVE-2017-9112, CVE-2017-9113, CVE-2017-9114,
    CVE-2017-9115 and CVE-2017-9116
- pgajdos@suse.com: but really seem to fix only:
  CVE-2017-9110 [bsc#1040107], CVE-2017-9114 [bsc#1040114],
  CVE-2017-9116 [bsc#1040116], CVE-2017-12596 [bsc#1052522]; for
  the rest of issues see [bsc#1040109], [bsc#1040112],
  [bsc#1040113], [bsc#1040114], [bsc#1040115], and [bsc#1061305]

- Cleanup a bit with spec-cleaner