2022-02-02 15:48:18 by Thomas Klausner | Files touched by this commit (3) | |
Log message:
openexr: update to 3.1.4.
## Version 3.1.4 (January 26, 2022)
Patch release that addresses various issues:
* Several bug fixes to properly reject invalid input upon read
* A check to enable SSE2 when building with Visual Studio
* A check to fix building with VisualStudio on ARM64
* Update the automatically-downloaded version of Imath to v3.1.4
* Miscellaneous documentation improvements
This addresses one public security vulnerability:
* [CVE-2021-45942](https://nvd.nist.gov/vuln/detail/CVE-2021-45942) \
Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute
Specific OSS-fuzz issues:
* OSS-fuzz [43961](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43961) \
Heap-buffer-overflow in generic_unpack
* OSS-fuzz [43916](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43916) \
Heap-buffer-overflow in hufDecode
* OSS-fuzz [43763](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43763) \
Heap-buffer-overflow in internal_huf_decompress
* OSS-fuzz [43745](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43745) \
Floating-point-exception in internal_exr_compute_tile_information
* OSS-fuzz [43744](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43744) \
Divide-by-zero in internal_exr_compute_tile_information
* OSS-fuzz [42197](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42197) \
Out-of-memory in openexr_exrcheck_fuzzer
* OSS-fuzz [42001](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42001) \
Timeout in openexr_exrcheck_fuzzer
* OSS-fuzz [41999](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41999) \
Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute
* OSS-fuzz [41669](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41669) \
Integer-overflow in Imf_3_1::rleUncompress
* OSS-fuzz [41625](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41625) \
Heap-buffer-overflow in uncompress_b44_impl
* OSS-fuzz [41416](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416) \
Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute
* OSS-fuzz [41075](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41075) \
Integer-overflow in Imf_3_1::copyIntoDeepFrameBuffer
* OSS-fuzz [40704](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40704) \
Crash in Imf_3_1::DeepTiledInputFile::readPixelSampleCounts
* OSS-fuzz [40702](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40702) \
Null-dereference in bool \
Imf_3_1::readDeepTile<Imf_3_1::DeepTiledInputFile>
* OSS-fuzz [40701](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40701) \
Null-dereference in bool \
Imf_3_1::readDeepTile<Imf_3_1::DeepTiledInputPart>
* OSS-fuzz [40423](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40423) \
Out-of-memory in openexr_exrcheck_fuzzer
* OSS-fuzz [40234](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40234) \
Heap-buffer-overflow in generic_unpack
* OSS-fuzz [40231](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40231) \
Heap-buffer-overflow in hufDecode
* OSS-fuzz [40091](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40091) \
Heap-buffer-overflow in hufDecode
Merged Pull Requests:
* [1225](https://github.com/AcademySoftwareFoundation/openexr/pull/1225)
Bazel build: Update Imath
* [1224](https://github.com/AcademySoftwareFoundation/openexr/pull/1224)
Add error check to prevent corrupt files trying to unpack
* [1223](https://github.com/AcademySoftwareFoundation/openexr/pull/1223)
Fix issues with a a "short" huf table and checking boundary \
conditions, missing return value
* [1222](https://github.com/AcademySoftwareFoundation/openexr/pull/1222)
Fix OSS Fuzz 43763, 43745
* [1218](https://github.com/AcademySoftwareFoundation/openexr/pull/1218)
OSS-Fuzz pass 15jan2022
* [1217](https://github.com/AcademySoftwareFoundation/openexr/pull/1217)
Added missing check _M_IX86 or _M_X64 when using __lzcnt.
* [1216](https://github.com/AcademySoftwareFoundation/openexr/pull/1216)
Corrected the check to enable SSE2 when building with Visual Studio.
* [1214](https://github.com/AcademySoftwareFoundation/openexr/pull/1214)
prevent overflow in allocation of RLE buufer
* [1213](https://github.com/AcademySoftwareFoundation/openexr/pull/1213)
add check for decompressed deepscanline datasize
* [1209](https://github.com/AcademySoftwareFoundation/openexr/pull/1209)
enforce xSampling/ySampling==1 in CompositeDeepScanLine
* [1208](https://github.com/AcademySoftwareFoundation/openexr/pull/1208)
Reduce memory consumption with very large deepscanline images
* [1206](https://github.com/AcademySoftwareFoundation/openexr/pull/1206)
Update INSTALL.md
* [1205](https://github.com/AcademySoftwareFoundation/openexr/pull/1205)
DeepScanlineInputFile now uses chunk size test from DeepTiledInputFile
* [1200](https://github.com/AcademySoftwareFoundation/openexr/pull/1200)
Corrected Deep Docs & Example Code
* [1199](https://github.com/AcademySoftwareFoundation/openexr/pull/1199)
Fix C++ DeepTile reading in Imf::CheckFile
* [1195](https://github.com/AcademySoftwareFoundation/openexr/pull/1195)
Fix bugs in ImfCheckFile.cpp:readDeepTile()
* [1193](https://github.com/AcademySoftwareFoundation/openexr/pull/1193)
mention multipart files in multiview doc
* [1191](https://github.com/AcademySoftwareFoundation/openexr/pull/1191)
Replace Doxygen/Sphinx targets with "docs"
* [1190](https://github.com/AcademySoftwareFoundation/openexr/pull/1190)
Add Compression section to "Reading and Writing Image Files" doc
* [1189](https://github.com/AcademySoftwareFoundation/openexr/pull/1189)
Fix typo in readthedocs url
|
2021-11-01 12:25:05 by Thomas Klausner | Files touched by this commit (4) | |
Log message:
openexr: update to 3.1.3.
## Version 3.1.3 (October 27, 2021)
Patch release with a change to default zip compression level:
* Default zip compression level is now 4 (instead of 6), which in our
tests improves compression times by 2x with only a tiny drop in
compression ratio.
* ``setDefaultZipCompression()`` and ``setDefaultDwaCompression()``
now set default compression levels for writing.
* The Header how has ``zipCompressionLevel()`` and
``dwaCompressionLevel()`` to return the levels used for writing.
Also, various bug fixes, build improvements, and documentation
updates. In particular:
* Fixes a build failure with Imath prior to v3.1
* Fixes a bug in detecting invalid chromaticity values
## Version 3.1.2 (October 4, 2021)
Patch release with various bug fixes, build improvements, and
documentation updates. In particular:
* Fix a test failure on arm7
* Proper handling of pthread with glibc 2.34+
* Miscellaneous fixes for handling of invalid input by the new
OpenEXRCore library
With this version, the OpenEXR technical documentation formerly
distributed exclusivly as pdf's is now published online at
https://openexr.readthedocs.io, with the document source now
maintained as .rst files in the repo's docs subfolder.
|
2021-10-26 12:47:26 by Nia Alarie | Files touched by this commit (800) |
Log message:
graphics: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
|
2021-10-07 16:13:27 by Nia Alarie | Files touched by this commit (800) |
Log message:
graphics: Remove SHA1 hashes for distfiles
|
2021-09-17 07:35:01 by Martin Husemann | Files touched by this commit (2) |
Log message:
Fix build for non-amd64 NetBSD architectures (already reported upstream)
|
2021-08-15 16:15:03 by Thomas Klausner | Files touched by this commit (4) | |
Log message:
openexr: update to 3.1.1.
## Version 3.1.1 (August 2, 2021)
Patch release that fixes build failures on various systems, introduces
CMake ``CMAKE_CROSSCOMPILING_EMULATOR`` support, and fixes a few other
minor issues.
## Version 3.1.0 (July 22, 2021)
The 3.1 release of OpenEXR introduces a new library, OpenEXRCore,
which is the result of a significant re-thinking of how OpenEXR
manages file I/O and provides access to image data. It begins to
address long-standing scalability issues with multithreaded image
reading and writing.
The OpenEXRCore library provides thread-safe, non-blocking access to
files, which was not possible with the current API, where the
framebuffer management is separate from read requests. It is written
entirely in C and provides a new C-language API alongside the existing
C++ API. This new low-level API allows applications to do custom
unpacking of EXR data, such as on the GPU, while still benefiting from
efficient I/O, file validation, and other semantics. It provides
efficient direct access to EXR files in texturing applications. This C
library also introduces an easier path to implementing OpenEXR
bindings in other languages, such as Rust.
The 3.1 release represents a technology preview for upcoming
releases. The initial release is incremental; the existing API and
underlying behavior has not changed. The new API is available now for
performance validation testing, and then in future OpenEXR releases,
the C++ API will migrate to use the new core in stages. It is not the
intention to entirely deprecate the C++ API, nor must all applications
re-implement EXR I/O in terms of the C library. The C API does not,
and will not, provide the rich set of utility classes that exist in
the C++ layer. The 3.1 release of the OpenEXRCore library simply
offers new functionality for specialty applications seeking the
highest possible performance. In the future, the ABI will evolve, but
the API will remain consistent, or only have additions.
|
2021-07-19 19:52:15 by Tobias Nygren | Files touched by this commit (1) |
Log message:
openexr: add a CHECK_PORTABILITY_SKIP
|
2021-07-08 23:13:06 by Mark Davies | Files touched by this commit (7) | |
Log message:
openexr: update to 3.0.5
## Version 3.0.5 (July 1, 2021)
Patch release that fixes problems with library symlinks and
pkg-config, as well as miscellaneous bugs/security issues.
## Version 3.0.4 (June 3, 2021)
Patch release that corrects a problem with the release version number
of v3.0.2/v3.0.3:
## Version 3.0.3 (May 18, 2021)
Patch release that fixes a regression in v3.0.2 the prevented headers
from being installed properly.
# Version 3.0.2 (May 17, 2021)
Patch release with miscellaneous bug/build fixes, including:
* Fix TimeCode.frame max value
* Don't impose C++14 on downstream projects
* Restore fix to macOS universal 2 build lost from #854
* Imath auto-build version defaults to v3.0.2
## Version 3.0.1 (April 1, 2021)
Major release with major build restructing, security improvements, and
new features:
* Restructuring:
- The IlmBase/PyIlmBase submodules have been separated into the
Imath project, now included by OpenEXR via a CMake submodule
dependency, fetched automatically via CMake's FetchContent if
necessary.
- The library is now called ``libOpenEXR`` (instead of
``libIlmImf``). No header files have been renamed, they retain
the ``Imf`` prefix.
- Symbol linkage visibility is limited to specific public symbols.
* Build improvements:
- No more simultaneous static/shared build option.
- Community-provided support for bazel.
* New Features:
- ID Manifest Attributes, as described in ["A Scheme for Storing
Object ID Manifests in OpenEXR
Images"](https://doi.org/10.1145/3233085.3233086), Peter Hillman,
DigiPro 18: Proceedings of the 8th Annual Digital Production
Symposium, August 2018.
- New program: exrcheck validates the contents of an EXR file.
* Changes:
- EXR files with no channels are no longer allowed.
- Hard limit on the size of deep tile sizes; tiles must be less than
2^30 pixels.
- Tiled DWAB files used STATIC_HUFFMAN compression.
- ``Int64`` and ``SInt64`` types are deprecated in favor of
``uint64_t`` and ``int64_t``.
- Header files have been pruned of extraneous ``#include``'s
("Include What You Use"), which may generate compiler errors in
application source code from undefined symbols or
partially-defined types. These can be resolved by identifying and
including the appropriate header.
|
2021-03-17 12:46:08 by Thomas Klausner | Files touched by this commit (3) | |
Log message:
ilmbase, openexr: update to 2.5.5
## Version 2.5.5 (February 12, 2021)
Patch release with various bug/sanitizer/security fixes, primarily
related to reading corrupted input files, but also a fix for universal
build support on macOS.
Specific OSS-fuzz issues include:
* OSS-fuzz [#30291](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30291)
* OSS-fuzz [#29106](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29106)
* OSS-fuzz [#28971](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28971)
* OSS-fuzz [#29829](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29829)
* OSS-fuzz [#30121](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30121)
### Merged Pull Requests
* [#914](https://github.com/AcademySoftwareFoundation/openexr/pull/914) \
additional verification of DWA data sizes
* [#910](https://github.com/AcademySoftwareFoundation/openexr/pull/910) update \
tileoffset sanitycheck to handle ripmaps
* [#903](https://github.com/AcademySoftwareFoundation/openexr/pull/903) prevent \
overflows by using Int64 for all vars in DWA initialize
* [#901](https://github.com/AcademySoftwareFoundation/openexr/pull/901) Use \
size_t for DWA buffersize calculation
* [#897](https://github.com/AcademySoftwareFoundation/openexr/pull/897) prevent \
overflow in RgbaFile cachePadding
* [#896](https://github.com/AcademySoftwareFoundation/openexr/pull/896) add \
buffer size validation to FastHuf decode
* [#893](https://github.com/AcademySoftwareFoundation/openexr/pull/893) Include \
<limits> where required by newer compilers
* [#889](https://github.com/AcademySoftwareFoundation/openexr/pull/889) Add \
explicit #include <limits> for numeric_limits
* [#854](https://github.com/AcademySoftwareFoundation/openexr/pull/854) Fix \
Apple Universal 2 (arm64/x86_64) builds
|
2021-01-04 13:38:05 by Thomas Klausner | Files touched by this commit (3) | |
Log message:
openexr, ilmbase: update to 2.5.4
Patch release with various bug/sanitizer/security fixes, primarily
related to reading corrupted input files.
|