From c54ffbc86d562b12ffef86f2af11628ec0647899 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Thu, 29 Oct 2020 21:55:56 +0000 Subject: Thu Oct 29 21:55:56 UTC 2020 a/aaa_elflibs-15.0-x86_64-26.txz: Rebuilt. Upgraded: liblber-2.4.so.2.11.3, libldap-2.4.so.2.11.3, libmpc.so.3.2.1. Added temporarily to allow for third-party packages to be recompiled: libHalf.so.12.0.0, libIex-2_2.so.12.0.0, libIexMath-2_2.so.12.0.0, libIlmImf-2_2.so.22.0.0, libIlmImfUtil-2_2.so.22.0.0, libIlmThread-2_2.so.12.0.0, libImath-2_2.so.12.0.0, libpoppler-qt4.so.4.11.0, libpoppler.so.79.0.0. a/kernel-generic-5.4.73-x86_64-1.txz: Upgraded. a/kernel-huge-5.4.73-x86_64-1.txz: Upgraded. a/kernel-modules-5.4.73-x86_64-1.txz: Upgraded. d/kernel-headers-5.4.73-x86-1.txz: Upgraded. k/kernel-source-5.4.73-noarch-1.txz: Upgraded. l/LibRaw-0.20.2-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/exiv2-0.27.3-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/gegl-0.4.26-x86_64-2.txz: Rebuilt. Recompiled against openexr-2.5.3. l/gexiv2-0.12.1-x86_64-1.txz: Upgraded. Compiled against exiv2-0.27.3. l/graphene-1.10.2-x86_64-1.txz: Added. l/gst-plugins-base-1.18.1-x86_64-2.txz: Rebuilt. Recompiled against system libgraphene. l/ilmbase-2.2.0-x86_64-2.txz: Removed. These libraries are now part of openexr. l/imagemagick-7.0.10_34-x86_64-2.txz: Rebuilt. Recompiled against LibRaw-0.20.2 and openexr-2.5.3. l/openexr-2.5.3-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/poppler-20.10.0-x86_64-1.txz: Upgraded. Shared library .so-version bump. Qt4 support dropped. n/samba-4.13.1-x86_64-1.txz: Upgraded. This update fixes security issues: Missing handle permissions check in SMB1/2/3 ChangeNotify. Denial-of-service vulnerabilities. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14318 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14323 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14383 (* Security fix *) xap/geeqie-1.5.1-x86_64-2.txz: Rebuilt. Recompiled against exiv2-0.27.3. xap/gimp-2.10.22-x86_64-2.txz: Rebuilt. Recompiled against openexr-2.5.3. xap/xlockmore-5.66-x86_64-1.txz: Upgraded. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt. --- .../l/openexr/openexr.CVE-2017-9110-to-9116.patch | 82 ---------------------- source/l/openexr/openexr.SlackBuild | 49 ++++++------- source/l/openexr/openexr.url | 1 + 3 files changed, 24 insertions(+), 108 deletions(-) delete mode 100644 source/l/openexr/openexr.CVE-2017-9110-to-9116.patch create mode 100644 source/l/openexr/openexr.url (limited to 'source/l/openexr') diff --git a/source/l/openexr/openexr.CVE-2017-9110-to-9116.patch b/source/l/openexr/openexr.CVE-2017-9110-to-9116.patch deleted file mode 100644 index 98c03a997..000000000 --- a/source/l/openexr/openexr.CVE-2017-9110-to-9116.patch +++ /dev/null @@ -1,82 +0,0 @@ ---- a/IlmImf/ImfDwaCompressor.cpp -+++ b/IlmImf/ImfDwaCompressor.cpp -@@ -2377,7 +2377,12 @@ DwaCompressor::uncompress - - const char *dataPtr = inPtr + NUM_SIZES_SINGLE * sizeof(Int64); - -- if (inSize < headerSize + compressedSize) -+ /* Both the sum and individual sizes are checked in case of overflow. */ -+ if (inSize < (headerSize + compressedSize) || -+ inSize < unknownCompressedSize || -+ inSize < acCompressedSize || -+ inSize < dcCompressedSize || -+ inSize < rleCompressedSize) - { - throw Iex::InputExc("Error uncompressing DWA data" - "(truncated file)."); -diff --git a/IlmImf/ImfHuf.cpp b/IlmImf/ImfHuf.cpp -index a375d05..97909a5 100644 ---- a/IlmImf/ImfHuf.cpp -+++ b/IlmImf/ImfHuf.cpp -@@ -822,7 +822,7 @@ hufEncode // return: output size (in bits) - } - - --#define getCode(po, rlc, c, lc, in, out, oe) \ -+#define getCode(po, rlc, c, lc, in, out, ob, oe)\ - { \ - if (po == rlc) \ - { \ -@@ -835,6 +835,8 @@ hufEncode // return: output size (in bits) - \ - if (out + cs > oe) \ - tooMuchData(); \ -+ else if (out - 1 < ob) \ -+ notEnoughData(); \ - \ - unsigned short s = out[-1]; \ - \ -@@ -895,7 +897,7 @@ hufDecode - // - - lc -= pl.len; -- getCode (pl.lit, rlc, c, lc, in, out, oe); -+ getCode (pl.lit, rlc, c, lc, in, out, outb, oe); - } - else - { -@@ -925,7 +927,7 @@ hufDecode - // - - lc -= l; -- getCode (pl.p[j], rlc, c, lc, in, out, oe); -+ getCode (pl.p[j], rlc, c, lc, in, out, outb, oe); - break; - } - } -@@ -952,7 +954,7 @@ hufDecode - if (pl.len) - { - lc -= pl.len; -- getCode (pl.lit, rlc, c, lc, in, out, oe); -+ getCode (pl.lit, rlc, c, lc, in, out, outb, oe); - } - else - { -diff --git a/IlmImf/ImfPizCompressor.cpp b/IlmImf/ImfPizCompressor.cpp -index 46c6fba..8b3ee38 100644 ---- a/IlmImf/ImfPizCompressor.cpp -+++ b/IlmImf/ImfPizCompressor.cpp -@@ -573,6 +573,12 @@ PizCompressor::uncompress (const char *inPtr, - int length; - Xdr::read (inPtr, length); - -+ if (length > inSize) -+ { -+ throw InputExc ("Error in header for PIZ-compressed data " -+ "(invalid array length)."); -+ } -+ - hufUncompress (inPtr, length, _tmpBuffer, tmpBufferEnd - _tmpBuffer); - - // diff --git a/source/l/openexr/openexr.SlackBuild b/source/l/openexr/openexr.SlackBuild index a99d238d3..6305eae95 100755 --- a/source/l/openexr/openexr.SlackBuild +++ b/source/l/openexr/openexr.SlackBuild @@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=openexr VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-3} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -79,41 +79,38 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ -# Patch security issues: -zcat $CWD/openexr.CVE-2017-9110-to-9116.patch.gz | patch -p1 --verbose || exit 1 - -CFLAGS="$SLKCFLAGS" \ -CXXFLAGS="$SLKCFLAGS" \ -./configure \ - --prefix=/usr \ - --libdir=/usr/lib${LIBDIRSUFFIX} \ - --sysconfdir=/etc \ - --localstatedir=/var \ - --disable-static \ - --build=$ARCH-slackware-linux || exit 1 - -make $NUMJOBS || make || exit 1 -make install DESTDIR=$PKG || exit 1 - -# Don't ship .la files: -rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la +# Configure, build, and install: +mkdir cmake-build +cd cmake-build + cmake \ + -DCMAKE_C_FLAGS="$SLKCFLAGS" \ + -DCMAKE_CXX_FLAGS="$SLKCFLAGS" \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DLIB_SUFFIX="$LIBDIRSUFFIX" \ + -DDOC_INSTALL_DIR="doc" \ + -DMAN_INSTALL_DIR=/usr/man \ + .. || exit 1 + make $NUMJOBS || make || exit 1 + make install DESTDIR=$PKG || exit 1 +cd .. find $PKG | xargs file | grep -e "executable" -e "shared object" \ | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION cp -a \ - AUTHORS COPYING* INSTALL LICENSE NEWS README* \ + CHANGES* CODE_OF_CONDUCT* CONTRIBUTING* CONTRIBUTORS* GOVERNANCE* INSTALL* LICENSE* README* SECURITY* \ $PKG/usr/doc/$PKGNAM-$VERSION -mv $PKG/usr/share/doc/OpenEXR-$VERSION/*.pdf $PKG/usr/doc/$PKGNAM-$VERSION/ -rm -rf $PKG/usr/share/doc -# If there's a ChangeLog, installing at least part of the recent history +mv $PKG/usr/share/doc/OpenEXR/* $PKG/usr/doc/$PKGNAM-$VERSION +rmdir $PKG/usr/share/doc/OpenEXR $PKG/usr/share/doc $PKG/usr/share + +# If there's a CHANGES file, installing at least part of the recent history # is useful, but don't let it get totally out of control: -if [ -r ChangeLog ]; then +if [ -r CHANGES ]; then DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION) - cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog - touch -r ChangeLog $DOCSDIR/ChangeLog + cat CHANGES | head -n 1000 > $DOCSDIR/CHANGES + touch -r CHANGES $DOCSDIR/CHANGES fi mkdir -p $PKG/install diff --git a/source/l/openexr/openexr.url b/source/l/openexr/openexr.url new file mode 100644 index 000000000..1fa6596a1 --- /dev/null +++ b/source/l/openexr/openexr.url @@ -0,0 +1 @@ +https://github.com/AcademySoftwareFoundation/openexr -- cgit v1.2.3-65-gdbad