[OpenEXR] - CVE-2009-1720 OpenEXR: Multiple integer overflows (#513995) - CVE-2009-1721 OpenEXR: Invalid point
Rex Dieter
rdieter at fedoraproject.org
Wed Aug 11 04:03:25 UTC 2010
commit d84052e6dcec584028408faf722e2df82cc50231
Author: Rex Dieter <rdieter at fedoraproject.org>
Date: Tue Aug 10 23:08:02 2010 -0500
- CVE-2009-1720 OpenEXR: Multiple integer overflows (#513995)
- CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression (#514003)
.gitignore | 4 +-
OpenEXR.spec | 49 +++++++++++++----------------------
openexr-1.6.1-CVE-2009-1720-1.patch | 22 ---------------
openexr-1.6.1-CVE-2009-1720-2.patch | 39 ---------------------------
openexr-1.6.1-CVE-2009-1721.patch | 12 --------
openexr-1.6.1-gcc43.patch | 23 ----------------
openexr-1.7.0-cstring.patch | 11 ++++++++
sources | 4 +-
8 files changed, 33 insertions(+), 131 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 5692496..6e23733 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-openexr-1.6.1.tar.gz
-openexr-1.6.1.tar.gz.sig
+openexr-1.7.0.tar.gz
+openexr-1.7.0.tar.gz.sig
diff --git a/OpenEXR.spec b/OpenEXR.spec
index e61b937..0d29342 100644
--- a/OpenEXR.spec
+++ b/OpenEXR.spec
@@ -1,12 +1,8 @@
-%if 0%{?fedora} > 7 || 0%{?rhel} > 5
-# make -libs subpkg
-%define libs 1
-%endif
Name: OpenEXR
-Version: 1.6.1
-Release: 8%{?dist}
+Version: 1.7.0
+Release: 1%{?dist}
Summary: A high dynamic-range (HDR) image file format
Group: System Environment/Libraries
@@ -19,25 +15,19 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Obsoletes: openexr < %{version}-%{release}
Provides: openexr = %{version}-%{release}
-Patch1: OpenEXR-1.6.1-pkgconfig.patch
-Patch2: openexr-1.6.1-gcc43.patch
+## upstreamable patches
+Patch50: OpenEXR-1.6.1-pkgconfig.patch
+# missing #include <cstring>
+Patch51: openexr-1.7.0-cstring.patch
## upstream patches
-Patch100: openexr-1.6.1-CVE-2009-1720-1.patch
-Patch101: openexr-1.6.1-CVE-2009-1720-2.patch
-Patch102: openexr-1.6.1-CVE-2009-1721.patch
BuildRequires: automake libtool
-BuildRequires: ilmbase-devel
+BuildRequires: ilmbase-devel
BuildRequires: zlib-devel
BuildRequires: pkgconfig
-%if 0%{?libs}
-Requires: %{name}-libs = %{version}-%{release}
-%else
-Obsoletes: %{name}-libs < %{version}-%{release}
-Provides: %{name}-libs = %{version}-%{release}
-%endif
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description
OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial
@@ -65,25 +55,23 @@ Group: System Environment/Libraries
%prep
%setup -q -n openexr-%{version}
-%patch1 -p1 -b .pkgconfig
-%patch2 -p1 -b .gcc43
-
-%patch100 -p1 -b .CVE-2009-1720-1
-%patch101 -p1 -b .CVE-2009-1720-2
-%patch102 -p1 -b .CVE-2009-1721
+%patch50 -p1 -b .pkgconfig
+%patch51 -p1 -b .cstring
+%if 0
# work to remove rpaths, recheck on new releases
aclocal -Im4
libtoolize --force
rm -f configure
autoconf
+%endif
%build
%configure --disable-static
# hack to omit unused-direct-shlib-dependencies
-sed -i -e 's! -shared ! -Wl,--as-needed\0!g' libtool
+#sed -i -e 's! -shared ! -Wl,--as-needed\0!g' libtool
make %{?_smp_mflags}
@@ -104,27 +92,26 @@ rm -rf rpmdocs/examples/.deps
%check
-# Not enabled, by default, takes a *very* long time. -- Rex
-%{?_with_check:make check}
+export PKG_CONFIG_PATH=%{buildroot}%{_datadir}/pkgconfig:%{buildroot}%{_libdir}/pkgconfig
+test "$(pkg-config --modversion OpenEXR)" = "%{version}"
+#make check
%clean
rm -rf $RPM_BUILD_ROOT
-%post %{?libs:libs} -p /sbin/ldconfig
+%post libs -p /sbin/ldconfig
-%postun %{?libs:libs} -p /sbin/ldconfig
+%postun libs -p /sbin/ldconfig
%files
%defattr(-,root,root,-)
%{_bindir}/*
-%if 0%{?libs}
%files libs
%defattr(-,root,root,-)
-%endif
%doc AUTHORS ChangeLog LICENSE NEWS README
%{_libdir}/libIlmImf.so.6*
diff --git a/openexr-1.7.0-cstring.patch b/openexr-1.7.0-cstring.patch
new file mode 100644
index 0000000..f861321
--- /dev/null
+++ b/openexr-1.7.0-cstring.patch
@@ -0,0 +1,11 @@
+diff -up openexr-1.7.0/exrenvmap/blurImage.cpp.cstring openexr-1.7.0/exrenvmap/blurImage.cpp
+--- openexr-1.7.0/exrenvmap/blurImage.cpp.cstring 2009-02-25 17:39:27.000000000 -0600
++++ openexr-1.7.0/exrenvmap/blurImage.cpp 2010-07-28 10:22:38.972704975 -0500
+@@ -43,6 +43,7 @@
+
+ #include <resizeImage.h>
+ #include "Iex.h"
++#include <cstring>
+ #include <iostream>
+ #include <algorithm>
+
diff --git a/sources b/sources
index 83177f0..4c8b019 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-11951f164f9c872b183df75e66de145a openexr-1.6.1.tar.gz
-2a45771c4d95eadbdf462561a70c24bb openexr-1.6.1.tar.gz.sig
+27113284f7d26a58f853c346e0851d7a openexr-1.7.0.tar.gz
+1ffd9feb14c373ebae68228b0495ada0 openexr-1.7.0.tar.gz.sig
More information about the scm-commits
mailing list