packages/OpenEXR
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Changes to be committed:

Browse Source 
new file:   CVE-2021-20298.patch
	modified:   OpenEXR.spec

(cherry picked from commit cd531655669f557ec3d7ab8622c785a8b9c609e0)
This commit is contained in:
mayp 2022-08-25 17:54:45 +08:00 committed by openeuler-sync-bot
parent 658bfe75b5
commit 1dd3d0bd0f
2 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
CVE-2021-20298.patch Normal file
View File

@ -0,0 +1,26 @@
From 01d1b18611469470eb3a1016c970953c09312fd6 Mon Sep 17 00:00:00 2001
From: mayp <mayanping@ncti-gba.cn>
Date: Thu, 25 Aug 2022 17:13:53 +0800
Subject: [PATCH] Changes to be committed: modified:
IlmImf/ImfB44Compressor.cpp
---
IlmImf/ImfB44Compressor.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/IlmImf/ImfB44Compressor.cpp b/IlmImf/ImfB44Compressor.cpp
index d9fec62..2b85ed0 100644
--- a/IlmImf/ImfB44Compressor.cpp
+++ b/IlmImf/ImfB44Compressor.cpp
@@ -492,7 +492,7 @@ B44Compressor::B44Compressor
//
_tmpBuffer = new unsigned short
- [checkArraySize (uiMult (maxScanLineSize, numScanLines),
+ [checkArraySize (uiMult (maxScanLineSize / sizeof(unsigned short), numScanLines),
sizeof (unsigned short))];
const ChannelList &channels = header().channels();
--
2.33.0

6
OpenEXR.spec
View File

@ -1,7 +1,7 @@
Name: OpenEXR Name: OpenEXR
Summary: A high dynamic-range (HDR) image file format for use in computer imaging applications Summary: A high dynamic-range (HDR) image file format for use in computer imaging applications
Version: 2.2.0 Version: 2.2.0
Release: 27 Release: 28
License: BSD License: BSD
URL: http://www.openexr.com/ URL: http://www.openexr.com/
Source0: http://download.savannah.nongnu.org/releases/openexr/openexr-%{version}.tar.gz Source0: http://download.savannah.nongnu.org/releases/openexr/openexr-%{version}.tar.gz
@ -38,6 +38,7 @@ Patch0025: CVE-2021-20302.patch
#https://github.com/AcademySoftwareFoundation/openexr/commit/5a0adf1aba7d41c6b94ba167c0c4308d2eecfd17 #https://github.com/AcademySoftwareFoundation/openexr/commit/5a0adf1aba7d41c6b94ba167c0c4308d2eecfd17
Patch0026: CVE-2021-3933.patch Patch0026: CVE-2021-3933.patch
Patch0027: CVE-2021-20304.patch Patch0027: CVE-2021-20304.patch
Patch0028: CVE-2021-20298.patch
BuildConflicts: %{name}-devel < 2.2.0 BuildConflicts: %{name}-devel < 2.2.0
BuildRequires: gcc-c++ ilmbase-devel >= %{version} zlib-devel pkgconfig BuildRequires: gcc-c++ ilmbase-devel >= %{version} zlib-devel pkgconfig
@ -101,6 +102,9 @@ test "$(pkg-config --modversion OpenEXR)" = "%{version}"
%{_libdir}/pkgconfig/OpenEXR.pc %{_libdir}/pkgconfig/OpenEXR.pc
%changelog %changelog
* Thu Aug 25 2022 mayp <mayanping@ncti-gba.cn> - 2.2.0-28
- Fix CVE-2021-20298
* Thu Aug 18 2022 mayp <mayanping@ncti-gba.cn> - 2.2.0-27 * Thu Aug 18 2022 mayp <mayanping@ncti-gba.cn> - 2.2.0-27
- Fix CVE-2021-20304 - Fix CVE-2021-20304