|
|
|
|
Changelog for openexr-devel-3.1.5-12.10.x86_64.rpm :
* Mon May 02 2022 Dirk Müller - update to 3.1.5: * Add backwards-compatibilty flags to the core library to match original behavior of the the c++ library. Fixes reading of certain files by the new core. * Fix build failures on MSVC14 and MSVC 2022 * Fix build failure on latest 64-bit Ubuntu * Documentation refers to primary branch as \"main\" * Update the CI workflow matrix to VFX-CY2022 * Update auto-fetch Imath version to v3.1.5 Specific OSS-fuzz issues: * OSS-fuzz [46309](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46309) Heap-buffer-overflow in Imf_3_1::memstream_read * OSS-fuzz [46083](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46083) Out-of-memory in openexr_exrcheck_fuzzer * OSS-fuzz [45899](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45899) Integer-overflow in internal_exr_compute_chunk_offset_size * OSS-fuzz [44084](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44084) Out-of-memory in openexr_exrcheck_fuzzer * Mon Feb 14 2022 Dirk Müller - update to 3.1.4 (bsc#1194333): * Several bug fixes to properly reject invalid input upon read * A check to enable SSE2 when building with Visual Studio * A check to fix building with VisualStudio on ARM64 * Update the automatically-downloaded version of Imath to v3.1.4 * Miscellaneous documentation improvements- drop openexr-CVE-2021-45942.patch (upstream) * Wed Jan 05 2022 pgajdosAATTsuse.com- security update- added patches fix CVE-2021-45942 [bsc#1194333], heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute + openexr-CVE-2021-45942.patch * Tue Nov 09 2021 pgajdosAATTsuse.com- version update to 3.1.3 Patch release with a change to default zip compression level: * Default zip compression level is now 4 (instead of 6), which in our tests improves compression times by 2x with only a tiny drop in compression ratio. * ``setDefaultZipCompression()`` and ``setDefaultDwaCompression()`` now set default compression levels for writing. * The Header how has ``zipCompressionLevel()`` and ``dwaCompressionLevel()`` to return the levels used for writing. Also, various bug fixes, build improvements, and documentation updates. In particular: * Fixes a build failure with Imath prior to v3.1 * Fixes a bug in detecting invalid chromaticity values- deleted patches - openexr-fix-armv7-2.patch (upstreamed) - openexr-fix-armv7.patch (upstreamed) * Tue Aug 31 2021 Guillaume GARDET - Add patch to fix OpenEXRCore.testHUF on armv7: * openexr-fix-armv7.patch * openexr-fix-armv7-2.patch * Mon Aug 16 2021 pgajdosAATTsuse.com- devel package obsoletes and provides ilmbase-devel * Fri Aug 13 2021 pgajdosAATTsuse.com- run spec-cleaner * Fri Aug 13 2021 pgajdosAATTsuse.com- fix baselibs.conf- modified sources % baselibs.conf * Fri Aug 13 2021 pgajdosAATTsuse.com- version update to 3.1.1 3.1.1 * Patch release that fixes build failures on various systems, introduces CMake CMAKE_CROSSCOMPILING_EMULATOR support, and fixes a few other minor issues. 3.1 * The 3.1 release of OpenEXR introduces a new library, OpenEXRCore, which is the result of a significant re-thinking of how OpenEXR manages file I/O and provides access to image data. It begins to address long-standing scalability issues with multithreaded image reading and writing. 3.0.1 Major release with major build restructing, security improvements, and new features: * Restructuring: - The IlmBase/PyIlmBase submodules have been separated into the Imath project, now included by OpenEXR via a CMake submodule dependency, fetched automatically via CMake\'s FetchContent if necessary. - The library is now called ``libOpenEXR`` (instead of ``libIlmImf``). No header files have been renamed, they retain the ``Imf`` prefix. - Symbol linkage visibility is limited to specific public symbols. * Build improvements: - No more simultaneous static/shared build option. - Community-provided support for bazel. * New Features: - ID Manifest Attributes, as described in [\"A Scheme for Storing Object ID Manifests in OpenEXR Images\"](https://doi.org/10.1145/3233085.3233086), Peter Hillman, DigiPro 18: Proceedings of the 8th Annual Digital Production Symposium, August 2018. - New program: exrcheck validates the contents of an EXR file. * Changes: - EXR files with no channels are no longer allowed. - Hard limit on the size of deep tile sizes; tiles must be less than 2^30 pixels. - Tiled DWAB files used STATIC_HUFFMAN compression. - ``Int64`` and ``SInt64`` types are deprecated in favor of ``uint64_t`` and ``int64_t``. - Header files have been pruned of extraneous ``#include``\'s (\"Include What You Use\"), which may generate compiler errors in application source code from undefined symbols or partially-defined types. These can be resolved by identifying and including the appropriate header. - See the [porting guide](https://github.com/AcademySoftwareFoundation/Imath/blob/master/docs/PortingGuide2-3.md) for details about differences from previous releases and how to address them. - Also refer to the porting guide for details about changes to Imath- deleted patches - 0001-Use-absolute-CMAKE_INSTALL_FULL_LIBDIR-for-libdir-in.patch, renamed:- added patches fix https://github.com/AcademySoftwareFoundation/openexr/issues/595 + openexr-pkgconfig-fix-libdir.patch- deleted sources - _multibuild (not needed)- see CHANGES.md for details- deleted patches - openexr-pkgconfig-fix-libdir.patch (upstreamed) * Tue Aug 03 2021 pgajdosAATTsuse.com- version update to 2.5.7 Patch release of 2.5 with security and build fixes: * OSS-fuzz 28051 Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer * OSS-fuzz 28155 Crash in Imf_2_5::PtrIStream::read * Fix broken symlink and pkg-config lib suffix for cmake debug builds- modified patches % 0001-Use-absolute-CMAKE_INSTALL_FULL_LIBDIR-for-libdir-in.patch (refreshed)- deleted patches - openexr-CVE-2021-3598.patch (upstreamed) - openexr-CVE-2021-3605.patch (upstreamed) * Wed Jun 16 2021 pgajdosAATTsuse.com- security update- added patches fix CVE-2021-3605 [bsc#1187395], Heap buffer overflow in the rleUncompress function + openexr-CVE-2021-3605.patch * Tue Jun 15 2021 pgajdosAATTsuse.com- security update- added patches fix CVE-2021-3598 [bsc#1187310], Heap buffer overflow in Imf_3_1:CharPtrIO:readChars + openexr-CVE-2021-3598.patch * Tue Jun 15 2021 pgajdosAATTsuse.com- version update to 2.5.6 * [#1013](https://github.com/AcademySoftwareFoundation/openexr/pull/1013) Fixed regression in Imath::succf() and Imath::predf() when negative values are given * Wed Mar 31 2021 pgajdosAATTsuse.com- version update to 2.5.5 Patch release with various bug/sanitizer/security fixes, primarily related to reading corrupted input files, but also a fix for universal build support on macOS.- see CHANGES.md for details * Thu Jan 07 2021 pgajdosAATTsuse.com- merge also baselibs.conf- modified sources % baselibs.conf * Tue Jan 05 2021 pgajdosAATTsuse.com- merge ilmbase and openexr source packages into one _multibuild- added sources + _multibuild * Tue Jan 05 2021 pgajdosAATTsuse.com- version update to 2.5.4 * Patch release with various bug/sanitizer/security fixes, primarily related to reading corrupted input files. * Wed Sep 30 2020 pgajdosAATTsuse.com- version update to 2.5.3 * Various sanitizer/fuzz-identified issues related to handling of invalid input * Fixes to misc compiler warnings * Cmake fix for building on arm64 macOS (#772) * Read performance optimization (#782) * Fix for building on non-glibc (#798) * Fixes to tests * Tue Sep 15 2020 roAATTsuse.de- Disable testsuite also on s390/s390x, probably will not pass on any bigendian platform in current state * Thu Jul 16 2020 Andreas Schwab - Disable testsuite also on ppc * Sun Jul 05 2020 Stefan Brüns - Fix 0001-Use-absolute-CMAKE_INSTALL_FULL_LIBDIR-for-libdir-in.patch so pkgconfig file has no duplicate prefix.- Run test suite also on all other archs but i586 and ppc64(be) * Mon Jun 29 2020 pgajdosAATTsuse.com- version update to 2.5.2 2.5.2 * Invalid input could cause a heap-use-after-free error in DeepScanLineInputFile::DeepScanLineInputFile() * Invalid chunkCount attributes could cause heap buffer overflow in getChunkOffsetTableSize() * Invalid tiled input file could cause invalid memory access TiledInputFile::TiledInputFile() * OpenEXRConfig.h now correctly sets OPENEXR_PACKAGE_STRING to \"OpenEXR\" (rather than \"IlmBase\") 2.5.1 * A patch release that corrects the SO version for the v2.5 release, which missed getting bumped in v2.5.0. * This release also fixes an improper failure in IlmImfTest when running on ARMv7 and AAarch64. 2.5.0 * No more build-time header generation: toFloat.h, eLut.h, b44ExpLogTable.h, and dwaLookups.h are now ordinary header files, no longer generated on the fly. * New StdISSTream class, an \"input\" stringstream version of StdOSStream * New Matrix22 class in Imath * Chromaticity comparison operator now includes white (formerly ignored) * Various cmake fixes * Bug fixes for various memory leaks * Bug fixes for various invalid memory accesses * New checks to detect damaged input files * OpenEXR_Viewers has been deprecated, removed from the top-level cmake build and documentation.- modified patches % 0001-Use-absolute-CMAKE_INSTALL_FULL_LIBDIR-for-libdir-in.patch (refreshed)- modified sources % baselibs.conf * Thu Apr 16 2020 pgajdosAATTsuse.com- version update to 2.4.1 * Various fixes for memory leaks and invalid memory accesses * Various fixes for integer overflow with large images. * Various cmake fixes for build/install of python modules. * ImfMisc.h is no longer installed, since it\'s a private header.- deleted patches - Fix-the-symlinks-creation.patch (upstreamed) * Mon Feb 10 2020 Stefan Brüns - Fix relative paths in generated pkgconfig files: 0001-Use-absolute-CMAKE_INSTALL_FULL_LIBDIR-for-libdir-in.patch * Sun Nov 24 2019 Stefan Brüns - Fix build with older cmake package (Leap 15.0 up to 15.2), the included ctest macro does not accept extra parameters. * Thu Nov 14 2019 Christophe Giboudeaux - Add Fix-the-symlinks-creation.patch to fix the symlinks creation. * Mon Oct 07 2019 pgajdosAATTsuse.com- fix OpenEXR.pc * Fri Oct 04 2019 pgajdosAATTsuse.com- increase timeout for IlmImf test * Thu Sep 26 2019 pgajdosAATTsuse.com- version update to 2.4.0 * Completely re-written CMake configuration files * Improved support for building on Windows, via CMake * Improved support for building on macOS, via CMake * All code compiles without warnings on gcc, clang, msvc * Cleanup of license and copyright notices * floating-point exception handling is disabled by default * New Slice::Make method to reliably compute base pointer for a slice. * Miscellaneous bug fixes * CVE-2018-18444 Issue #351 Out of Memory * CVE-2018-18443 Issue #350 heap-buffer-overflow- upstream does not provide gpg signature anymore https://github.com/openexr/openexr/issues/565- modified sources % baselibs.conf- deleted patches - openexr-CVE-2017-14988.patch (upstreamed) - openexr-CVE-2017-9111,9113,9115.patch (upstreamed) - openexr-CVE-2018-18444.patch (upstreamed)- deleted sources - openexr-2.3.0.tar.gz.sig (not needed) - openexr.keyring (not needed) * Fri Sep 20 2019 pgajdosAATTsuse.com- testsuite only for x86_64 [bsc#1146648] * Wed Aug 21 2019 Martin Pluskal - Enable tests on architectures with enough memory - boo#1146648 * disable imffuzztest as it takes to much resources * Mon Jul 15 2019 pgajdosAATTsuse.com- security update- added patches CVE-2017-14988 [bsc#1061305] + openexr-CVE-2017-14988.patch * Fri Jun 14 2019 pgajdosAATTsuse.com- security update- added patches CVE-2017-9111 [bsc#1040109], CVE-2017-9113 [bsc#1040113], CVE-2017-9115 [bsc#1040115] + openexr-CVE-2017-9111,9113,9115.patch
|
|
|