Hello community,
here is the log from the commit of package OpenEXR for openSUSE:Factory
checked in at Wed Sep 2 18:34:04 CEST 2009.
--------
--- OpenEXR/OpenEXR.changes 2009-03-02 05:42:46.000000000 +0100
+++ OpenEXR/OpenEXR.changes 2009-08-04 09:14:16.000000000 +0200
@@ -1,0 +2,8 @@
+Tue Aug 4 07:09:30 UTC 2009 - mvyskocil@suse.cz
+
+- fixed bnc#527539: VUL-0: OpenEXR: [ MDVSA-2009:190 ] OpenEXR
+ used patches from Mandriva
+ * CVE-2009-1720
+ * CVE-2009-1721
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
New:
----
OpenEXR-1.6.1-CVE-2009-1720-1.diff
OpenEXR-1.6.1-CVE-2009-1720-2.diff
OpenEXR-1.6.1-CVE-2009-1721.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ OpenEXR.spec ++++++
--- /var/tmp/diff_new_pack.rsDqrr/_old 2009-09-02 18:32:17.000000000 +0200
+++ /var/tmp/diff_new_pack.rsDqrr/_new 2009-09-02 18:32:17.000000000 +0200
@@ -22,8 +22,8 @@
BuildRequires: IlmBase-devel fltk-devel freeglut-devel gcc-c++ libdrm-devel
Summary: Library to Handle EXR Pictures in 16-Bit Floating-Point Format
Version: 1.6.1
-Release: 84
-License: BSD 3-Clause; GPL v2 or later
+Release: 85
+License: BSD 3-clause (or similar) ; GPL v2 or later
Group: Development/Libraries/C and C++
Url: http://www.openexr.com/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -35,6 +35,9 @@
Source0: openexr-%version.tar.bz2
Patch0: OpenEXR-docdir.patch
Patch1: OpenEXR-include-string_h.patch
+Patch3: OpenEXR-1.6.1-CVE-2009-1720-1.diff
+Patch4: OpenEXR-1.6.1-CVE-2009-1720-2.diff
+Patch5: OpenEXR-1.6.1-CVE-2009-1721.diff
%description
OpenEXR is a high dynamic-range (HDR) image file format developed by
@@ -91,7 +94,7 @@
Lutz Latta
%package devel
-License: BSD 3-Clause; GPL v2 or later
+License: BSD 3-clause (or similar) ; GPL v2 or later
Requires: OpenEXR = %version zlib-devel IlmBase-devel
Group: Development/Libraries/C and C++
Summary: Library to Handle EXR Pictures (16-bit floating-point format)
@@ -145,7 +148,7 @@
Lutz Latta
%package doc
-License: BSD 3-Clause; GPL v2 or later
+License: BSD 3-clause (or similar) ; GPL v2 or later
Group: Development/Libraries/C and C++
Summary: Library to Handle EXR Pictures in 16-Bit Floating-Point Format
@@ -207,6 +210,9 @@
%setup -q -n openexr-%{version}
%patch0 -b .sav
%patch1 -b .sav
+%patch3 -p1 -b .CVE-2009-1720-1
+%patch4 -p1 -b .CVE-2009-1720-2
+%patch5 -p1 -b .CVE-2009-1721
# rename a non-linux file
rm README.win32
++++++ OpenEXR-1.6.1-CVE-2009-1720-1.diff ++++++
Fix integer overflow in Imf::PreviewImage::PreviewImage, CVE-2009-1720 [1/2].
--- a/IlmImf/ImfPreviewImage.cpp
+++ b/IlmImf/ImfPreviewImage.cpp
@@ -40,6 +40,7 @@
//-----------------------------------------------------------------------------
#include