aboutsummaryrefslogtreecommitdiffstats
path: root/community/openexr
diff options
context:
space:
mode:
Diffstat (limited to 'community/openexr')
-rw-r--r--community/openexr/APKBUILD13
-rw-r--r--community/openexr/CVE-2018-18444.patch23
2 files changed, 33 insertions, 3 deletions
diff --git a/community/openexr/APKBUILD b/community/openexr/APKBUILD
index 821309910e..0b1516b02b 100644
--- a/community/openexr/APKBUILD
+++ b/community/openexr/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Mark Riedesel <mark+alpine@klowner.com>
pkgname=openexr
pkgver=2.2.1
-pkgrel=0
+pkgrel=1
pkgdesc="A high dynamic-range image file format library"
url="http://www.openexr.com/"
arch="all"
@@ -10,9 +10,15 @@ license="BSD"
depends=""
makedepends="ilmbase-dev zlib-dev"
subpackages="$pkgname-doc $pkgname-dev $pkgname-tools"
-source="http://download.savannah.nongnu.org/releases/openexr/${pkgname}-${pkgver}.tar.gz"
+source="http://download.savannah.nongnu.org/releases/openexr/${pkgname}-${pkgver}.tar.gz
+ CVE-2018-18444.patch
+ "
builddir="$srcdir/$pkgname-$pkgver"
+# secfixes:
+# 2.2.1-r1:
+# - CVE-2018-18444
+
build() {
cd "$builddir"
./configure \
@@ -37,4 +43,5 @@ tools() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-sha512sums="192100c6ac47534f3a93c55327d2ab90b07a8265156855086b326184328c257dcde12991b3f3f1831e2df4226fe884adcfe481c2f02a157c715aee665e89a480 openexr-2.2.1.tar.gz"
+sha512sums="192100c6ac47534f3a93c55327d2ab90b07a8265156855086b326184328c257dcde12991b3f3f1831e2df4226fe884adcfe481c2f02a157c715aee665e89a480 openexr-2.2.1.tar.gz
+c88f42bf9cb4fb2ccff493a3fded1a6efc67dedbe9475c0fa16e2bde8970fd6a03c5684558203cc7261b91c1f4521b0e007a653233ba16dfa3153320c7efe93d CVE-2018-18444.patch"
diff --git a/community/openexr/CVE-2018-18444.patch b/community/openexr/CVE-2018-18444.patch
new file mode 100644
index 0000000000..54be2400ba
--- /dev/null
+++ b/community/openexr/CVE-2018-18444.patch
@@ -0,0 +1,23 @@
+From 1b0f1e5d7dcf2e9d6cbb4e005e803808b010b1e0 Mon Sep 17 00:00:00 2001
+From: pgajdos <pgajdos@suse.cz>
+Date: Fri, 14 Jun 2019 22:19:30 +0200
+Subject: [PATCH] fix CVE-2018-18444
+
+---
+ exrmultiview/Image.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/OpenEXR/exrmultiview/Image.h b/OpenEXR/exrmultiview/Image.h
+index 5d718f5d..c465d380 100644
+--- a/exrmultiview/Image.h
++++ b/exrmultiview/Image.h
+@@ -227,7 +227,7 @@ template <class T>
+ void
+ TypedImageChannel<T>::black ()
+ {
+- memset(&_pixels[0][0],0,image().width()/_xSampling*image().height()/_ySampling*sizeof(T));
++ memset(&_pixels[0][0],0,image().width()/_xSampling*(image().height()/_ySampling)*sizeof(T));
+ }
+
+
+