media-libs/openexr: Revision bump to 2.2.0-r2

* Added patch to fix a typo in the C bindings * Added patch to install the missing header files * Added patch to fix security issues: CVE-2017-9110, CVE-2017-9111, CVE-2017-9112, CVE-2017-9113, CVE-2017-9114, CVE-2017-9115, CVE-2017-9116 * Fixed build system patch * Added tabs in the metadata.xml file Closes: https://bugs.gentoo.org/616996 Closes: https://bugs.gentoo.org/631382 Closes: https://bugs.gentoo.org/620324
author: Jonathan Scruggs <j.scruggs@gmail.com> 2017-09-23 14:04:39 +0100
committer: Alexis Ballier <aballier@gentoo.org> 2017-09-28 14:45:07 +0200
commit: dd4ad81b5d8ba426b3d2d75b27f9993119f73e30 (patch)
tree: 37364d9ee45184e0e3740d3d7fa5c20972152171 /media-libs/openexr/files
parent: media-libs/ilmbase: Revision bump to 2.2.0-r1 (diff)
download: gentoo-dd4ad81b5d8ba426b3d2d75b27f9993119f73e30.tar.gz
gentoo-dd4ad81b5d8ba426b3d2d75b27f9993119f73e30.tar.bz2
gentoo-dd4ad81b5d8ba426b3d2d75b27f9993119f73e30.zip
4 files changed, 186 insertions, 2 deletions
diff --git a/media-libs/openexr/files/openexr-2.2.0-CVE-2017-9110-to-9116-security-fixes.patch b/media-libs/openexr/files/openexr-2.2.0-CVE-2017-9110-to-9116-security-fixes.patch
new file mode 100644
index 000000000000..0a37ee9c2d99
--- /dev/null
+++ b/media-libs/openexr/files/openexr-2.2.0-CVE-2017-9110-to-9116-security-fixes.patch
@@ -0,0 +1,98 @@
+From c2b32f21cbe2db7c7ef485d62ffe9bec8eaa5165 Mon Sep 17 00:00:00 2001
+From: Shawn Walker-Salas <shawn.walker@oracle.com>
+Date: Tue, 30 May 2017 19:07:52 -0700
+Subject: [PATCH] CVE-2017-{9110,9111,9112,9113,9114,9115,9116} fixes
+
+---
+ OpenEXR/IlmImf/ImfDwaCompressor.cpp |  7 ++++++-
+ OpenEXR/IlmImf/ImfHuf.cpp           | 10 ++++++----
+ OpenEXR/IlmImf/ImfPizCompressor.cpp |  6 ++++++
+ 3 files changed, 18 insertions(+), 5 deletions(-)
+
+diff --git a/IlmImf/ImfDwaCompressor.cpp b/IlmImf/ImfDwaCompressor.cpp
+index 1c1bd45..2ef8878 100644
+--- a/IlmImf/ImfDwaCompressor.cpp
++++ b/IlmImf/ImfDwaCompressor.cpp
+@@ -2377,7 +2377,12 @@ DwaCompressor::uncompress
+ 
+     const char *dataPtr            = inPtr + NUM_SIZES_SINGLE * sizeof(Int64);
+ 
+-    if (inSize < headerSize + compressedSize) 
++    /* Both the sum and individual sizes are checked in case of overflow. */
++    if (inSize < (headerSize + compressedSize) ||
++        inSize < unknownCompressedSize ||
++        inSize < acCompressedSize ||
++        inSize < dcCompressedSize ||
++        inSize < rleCompressedSize)
+     {
+         throw Iex::InputExc("Error uncompressing DWA data"
+                             "(truncated file).");
+diff --git a/IlmImf/ImfHuf.cpp b/IlmImf/ImfHuf.cpp
+index a375d05..97909a5 100644
+--- a/IlmImf/ImfHuf.cpp
++++ b/IlmImf/ImfHuf.cpp
+@@ -822,7 +822,7 @@ hufEncode				// return: output size (in bits)
+ }
+ 
+ 
+-#define getCode(po, rlc, c, lc, in, out, oe)	\
++#define getCode(po, rlc, c, lc, in, out, ob, oe)\
+ {						\
+     if (po == rlc)				\
+     {						\
+@@ -835,6 +835,8 @@ hufEncode				// return: output size (in bits)
+ 						\
+ 	if (out + cs > oe)			\
+ 	    tooMuchData();			\
++	else if (out - 1 < ob)			\
++	    notEnoughData();			\
+ 						\
+ 	unsigned short s = out[-1];		\
+ 						\
+@@ -895,7 +897,7 @@ hufDecode
+ 		//
+ 
+ 		lc -= pl.len;
+-		getCode (pl.lit, rlc, c, lc, in, out, oe);
++		getCode (pl.lit, rlc, c, lc, in, out, outb, oe);
+ 	    }
+ 	    else
+ 	    {
+@@ -925,7 +927,7 @@ hufDecode
+ 			    //
+ 
+ 			    lc -= l;
+-			    getCode (pl.p[j], rlc, c, lc, in, out, oe);
++			    getCode (pl.p[j], rlc, c, lc, in, out, outb, oe);
+ 			    break;
+ 			}
+ 		    }
+@@ -952,7 +954,7 @@ hufDecode
+ 	if (pl.len)
+ 	{
+ 	    lc -= pl.len;
+-	    getCode (pl.lit, rlc, c, lc, in, out, oe);
++	    getCode (pl.lit, rlc, c, lc, in, out, outb, oe);
+ 	}
+ 	else
+ 	{
+diff --git a/IlmImf/ImfPizCompressor.cpp b/IlmImf/ImfPizCompressor.cpp
+index 46c6fba..8b3ee38 100644
+--- a/IlmImf/ImfPizCompressor.cpp
++++ b/IlmImf/ImfPizCompressor.cpp
+@@ -573,6 +573,12 @@ PizCompressor::uncompress (const char *inPtr,
+     int length;
+     Xdr::read <CharPtrIO> (inPtr, length);
+ 
++    if (length > inSize)
++    {
++	throw InputExc ("Error in header for PIZ-compressed data "
++			"(invalid array length).");
++    }
++
+     hufUncompress (inPtr, length, _tmpBuffer, tmpBufferEnd - _tmpBuffer);
+ 
+     //
+-- 
+2.14.1
+
diff --git a/media-libs/openexr/files/openexr-2.2.0-Fix-typo-in-C-bindings.patch b/media-libs/openexr/files/openexr-2.2.0-Fix-typo-in-C-bindings.patch
new file mode 100644
index 000000000000..966e95e72c3c
--- /dev/null
+++ b/media-libs/openexr/files/openexr-2.2.0-Fix-typo-in-C-bindings.patch
@@ -0,0 +1,26 @@
+From c229dfe63380f41dfae1e977b10dfc7c49c7efc7 Mon Sep 17 00:00:00 2001
+From: Edward Kmett <ekmett@gmail.com>
+Date: Wed, 9 Dec 2015 12:15:48 -0500
+Subject: [PATCH] Fix typo in C bindings (Close #140)
+
+IMF_RAMDOM_Y should be IMF_RANDOM_Y
+---
+ OpenEXR/IlmImf/ImfCRgbaFile.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/IlmImf/ImfCRgbaFile.h b/IlmImf/ImfCRgbaFile.h
+index 5ac2bf8..db58247 100644
+--- a/IlmImf/ImfCRgbaFile.h
++++ b/IlmImf/ImfCRgbaFile.h
+@@ -98,7 +98,7 @@ typedef struct ImfRgba ImfRgba;
+ 
+ #define IMF_INCREASING_Y	0
+ #define IMF_DECREASING_Y	1
+-#define IMF_RAMDOM_Y		2
++#define IMF_RANDOM_Y		2
+ 
+ 
+ /*
+-- 
+2.14.1
+
diff --git a/media-libs/openexr/files/openexr-2.2.0-Install-missing-header-files.patch b/media-libs/openexr/files/openexr-2.2.0-Install-missing-header-files.patch
new file mode 100644
index 000000000000..1075cd9a30fa
--- /dev/null
+++ b/media-libs/openexr/files/openexr-2.2.0-Install-missing-header-files.patch
@@ -0,0 +1,60 @@
+From a018f82655402421a995565dd4a5192259cbc207 Mon Sep 17 00:00:00 2001
+From: Jonathan Scruggs <j.scruggs@gmail.com>
+Date: Sat, 23 Sep 2017 10:36:40 +0100
+Subject: [PATCH] OpenEXR: Install missing header files
+
+Some header files are not installed via Autotools, but are with
+CMake which breaks compatibility with certain programs. This patch
+enables Autotools to install these header files.
+
+Signed-off by: Jonathan Scruggs <j.scruggs@gmail.com>
+---
+ OpenEXR/IlmImf/Makefile.am     |  3 ++-
+ OpenEXR/IlmImfUtil/Makefile.am | 17 +++++++++++++++++
+ 2 files changed, 19 insertions(+), 1 deletion(-)
+
+diff --git a/IlmImf/Makefile.am b/IlmImf/Makefile.am
+index a7c219c..b7b96ac 100644
+--- a/IlmImf/Makefile.am
++++ b/IlmImf/Makefile.am
+@@ -162,7 +162,8 @@ libIlmImfinclude_HEADERS = ImfForward.h ImfAttribute.h ImfBoxAttribute.h \
+ 			   ImfMisc.h          \
+ 			   ImfPartHelper.h \
+ 			   ImfDeepImageState.h \
+-			   ImfDeepImageStateAttribute.h
++			   ImfDeepImageStateAttribute.h \
++			   ImfFloatVectorAttribute.h
+ 
+ noinst_HEADERS = ImfCompressor.h    \
+ 		 ImfRleCompressor.h \
+diff --git a/IlmImfUtil/Makefile.am b/IlmImfUtil/Makefile.am
+index 8005ee1..e1d3674 100644
+--- a/IlmImfUtil/Makefile.am
++++ b/IlmImfUtil/Makefile.am
+@@ -33,6 +33,23 @@ libIlmImfUtil_la_LIBADD =  -L$(top_builddir)/IlmImf $(ILMBASE_LIBS) -lIlmImf
+ 
+ libIlmImfUtilincludedir = $(includedir)/OpenEXR
+ 
++libIlmImfUtilinclude_HEADERS = ImfFlatImage.h \
++			       ImfDeepImage.h \
++			       ImfDeepImageChannel.h \
++			       ImfImageLevel.h \
++			       ImfDeepImageLevel.h \
++			       ImfDeepImageIO.h \
++			       ImfImageChannelRenaming.h \
++			       ImfImageIO.h \
++			       ImfFlatImageChannel.h \
++			       ImfImage.h \
++			       ImfFlatImageLevel.h \
++			       ImfImageDataWindow.h \
++			       ImfSampleCountChannel.h \
++			       ImfFlatImageIO.h \
++			       ImfImageChannel.h
++
++
+ EXTRA_DIST = CMakeLists.txt
+ 
+ INCLUDES = \
+-- 
+2.14.1
+
diff --git a/media-libs/openexr/files/openexr-2.2.0-fix-build-system.patch b/media-libs/openexr/files/openexr-2.2.0-fix-build-system.patch
index 446e4e53c872..3ccfb1da7ac5 100644
--- a/media-libs/openexr/files/openexr-2.2.0-fix-build-system.patch
+++ b/media-libs/openexr/files/openexr-2.2.0-fix-build-system.patch
@@ -69,8 +69,8 @@
 -AC_DEFINE_UNQUOTED(OPENEXR_VERSION_MAJOR, ${OPENEXR_VERSION_MAJOR})
 -AC_DEFINE_UNQUOTED(OPENEXR_VERSION_MINOR, ${OPENEXR_VERSION_MINOR})
 -AC_DEFINE_UNQUOTED(OPENEXR_VERSION_PATCH, ${OPENEXR_VERSION_PATCH})
-+AC_DEFINE_UNQUOTED([OPENEXR_VERSION_STRING], [${VERSION}], [OpenEXR version string])
-+AC_DEFINE_UNQUOTED([OPENEXR_PACKAGE_STRING], [${PACKAGE_STRING}], [OpenEXR version string])
++AC_DEFINE_UNQUOTED([OPENEXR_VERSION_STRING], ["${VERSION}"], [OpenEXR version string])
++AC_DEFINE_UNQUOTED([OPENEXR_PACKAGE_STRING], ["${PACKAGE_STRING}"], [OpenEXR version string])
 +AC_DEFINE_UNQUOTED([OPENEXR_VERSION_MAJOR], [${OPENEXR_VERSION_MAJOR}], [OpenEXR version string])
 +AC_DEFINE_UNQUOTED([OPENEXR_VERSION_MINOR], [${OPENEXR_VERSION_MINOR}], [OpenEXR version string])
 +AC_DEFINE_UNQUOTED([OPENEXR_VERSION_PATCH], [${OPENEXR_VERSION_PATCH}], [OpenEXR version string])
author	Jonathan Scruggs <j.scruggs@gmail.com>	2017-09-23 14:04:39 +0100
committer	Alexis Ballier <aballier@gentoo.org>	2017-09-28 14:45:07 +0200
commit	dd4ad81b5d8ba426b3d2d75b27f9993119f73e30 (patch)
tree	37364d9ee45184e0e3740d3d7fa5c20972152171 /media-libs/openexr/files
parent	media-libs/ilmbase: Revision bump to 2.2.0-r1 (diff)
download	gentoo-dd4ad81b5d8ba426b3d2d75b27f9993119f73e30.tar.gz gentoo-dd4ad81b5d8ba426b3d2d75b27f9993119f73e30.tar.bz2 gentoo-dd4ad81b5d8ba426b3d2d75b27f9993119f73e30.zip