diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2019-07-21 16:55:19 -0300 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2019-07-21 16:56:38 -0300 |
| commit | b78bdd461f3bf9cc42126ddfd87fb31bc28319cd (patch) | |
| tree | b21dcd09b0c3eac732b4776bfdc9ccc5c0131b13 /community | |
| parent | cba9db72423fbb58598391ac61688df954bc28f8 (diff) | |
community/openexr: fix CVE-2018-18444
Fixes https://gitlab.alpinelinux.org/alpine/aports/issues/10395
Diffstat (limited to 'community')
| -rw-r--r-- | community/openexr/APKBUILD | 13 | ||||
| -rw-r--r-- | community/openexr/CVE-2018-18444.patch | 23 |
2 files changed, 33 insertions, 3 deletions
diff --git a/community/openexr/APKBUILD b/community/openexr/APKBUILD index 821309910e8..0b1516b02b5 100644 --- a/community/openexr/APKBUILD +++ b/community/openexr/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Mark Riedesel <mark+alpine@klowner.com> pkgname=openexr pkgver=2.2.1 -pkgrel=0 +pkgrel=1 pkgdesc="A high dynamic-range image file format library" url="http://www.openexr.com/" arch="all" @@ -10,9 +10,15 @@ license="BSD" depends="" makedepends="ilmbase-dev zlib-dev" subpackages="$pkgname-doc $pkgname-dev $pkgname-tools" -source="http://download.savannah.nongnu.org/releases/openexr/${pkgname}-${pkgver}.tar.gz" +source="http://download.savannah.nongnu.org/releases/openexr/${pkgname}-${pkgver}.tar.gz + CVE-2018-18444.patch + " builddir="$srcdir/$pkgname-$pkgver" +# secfixes: +# 2.2.1-r1: +# - CVE-2018-18444 + build() { cd "$builddir" ./configure \ @@ -37,4 +43,5 @@ tools() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -sha512sums="192100c6ac47534f3a93c55327d2ab90b07a8265156855086b326184328c257dcde12991b3f3f1831e2df4226fe884adcfe481c2f02a157c715aee665e89a480 openexr-2.2.1.tar.gz" +sha512sums="192100c6ac47534f3a93c55327d2ab90b07a8265156855086b326184328c257dcde12991b3f3f1831e2df4226fe884adcfe481c2f02a157c715aee665e89a480 openexr-2.2.1.tar.gz +c88f42bf9cb4fb2ccff493a3fded1a6efc67dedbe9475c0fa16e2bde8970fd6a03c5684558203cc7261b91c1f4521b0e007a653233ba16dfa3153320c7efe93d CVE-2018-18444.patch" diff --git a/community/openexr/CVE-2018-18444.patch b/community/openexr/CVE-2018-18444.patch new file mode 100644 index 00000000000..54be2400ba1 --- /dev/null +++ b/community/openexr/CVE-2018-18444.patch @@ -0,0 +1,23 @@ +From 1b0f1e5d7dcf2e9d6cbb4e005e803808b010b1e0 Mon Sep 17 00:00:00 2001 +From: pgajdos <pgajdos@suse.cz> +Date: Fri, 14 Jun 2019 22:19:30 +0200 +Subject: [PATCH] fix CVE-2018-18444 + +--- + exrmultiview/Image.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/OpenEXR/exrmultiview/Image.h b/OpenEXR/exrmultiview/Image.h +index 5d718f5d..c465d380 100644 +--- a/exrmultiview/Image.h ++++ b/exrmultiview/Image.h +@@ -227,7 +227,7 @@ template <class T> + void + TypedImageChannel<T>::black () + { +- memset(&_pixels[0][0],0,image().width()/_xSampling*image().height()/_ySampling*sizeof(T)); ++ memset(&_pixels[0][0],0,image().width()/_xSampling*(image().height()/_ySampling)*sizeof(T)); + } + + + |