File openexr.spec of Package openexr.20697
#
# spec file for package openexr
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# perhaps you want to build against corresponding ilmbase build
%define asan_build 0
%define debug_build 0
%define sonum 23
%global so_suffix -2_2-23
Name: openexr
Version: 2.2.1
Release: 0
Summary: Utilities for work with HDR images in OpenEXR format
License: BSD-3-Clause
Group: Productivity/Graphics/Other
Url: http://www.openexr.com/
Source0: http://download.savannah.nongnu.org/releases/%{name}/%{name}-%{version}.tar.gz
Source1: http://download.savannah.nongnu.org/releases/%{name}/%{name}-%{version}.tar.gz.sig
Source2: baselibs.conf
Source3: openexr.keyring
Patch0: openexr-CVE-2018-18444.patch
# CVE-2017-9111 [bsc#1040109], CVE-2017-9113 [bsc#1040113], CVE-2017-9115 [bsc#1040115]
Patch1: openexr-CVE-2017-9111,9113,9115.patch
# CVE-2017-14988 [bsc#1061305]
Patch2: openexr-CVE-2017-14988.patch
# CVE-2020-11762 [bsc#1169549], out-of-bounds read and write in DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case|CVE-2020-11758 [bsc#1169573], out-of-bounds read in ImfOptimizedPixelReading.h.|CVE-2020-11764 [bsc#1169574], out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp|CVE-2020-11765 [bsc#1169575], off-by-one error in use of the ImfXdr.h read function by DwaCompressor:Classifier:Classifier|CVE-2020-11763 [bsc#1169576], out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp|CVE-2020-11761 [bsc#1169578], out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp|CVE-2020-11760 [bsc#1169580], out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp
Patch3: openexr-CVE-2020-11762,11758,11764,11765,11763,11761,11760.patch
# CVE-2020-15305 [bsc#1173467], use-after-free in DeepScanLineInputFile:DeepScanLineInputFile()
Patch4: openexr-CVE-2020-15305.patch
# CVE-2020-15306 [bsc#1173469], invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize()
Patch5: openexr-CVE-2020-15306.patch
# CVE-2020-15304 [bsc#1173466], NULL pointer dereference in TiledInputFile:TiledInputFile()
Patch6: openexr-CVE-2020-15304.patch
# CVE-2020-16587 [bsc#1179879], multiple memory safety issues
Patch7: openexr-CVE-2020-16587.patch
Patch8: openexr-CVE-2020-16588.patch
# CVE not found in bugzilla
Patch9: openexr-CVE-2020-16589.patch
# CVE-2021-3476 [bsc#1184172], Undefined-shift in Imf_2_5::unpack14
Patch10: openexr-CVE-2021-3476.patch
# CVE-2021-3475 [bsc#1184173], Integer-overflow in Imf_2_5::calculateNumTiles
Patch11: openexr-CVE-2021-3475.patch
# CVE-2021-3474 [bsc#1184174], Undefined-shift in Imf_2_5::FastHufDecoder::FastHufDecoder
Patch12: openexr-CVE-2021-3474.patch
# CVE-2021-3477 [bsc#1184353], Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts
Patch13: openexr-CVE-2021-3477.patch
# CVE-2021-20296 [bsc#1184355], Segv on unknown address in Imf_2_5:hufUncompress - Null Pointer dereference
Patch14: openexr-CVE-2021-20296.patch
# CVE-2021-3479 [bsc#1184354], Out-of-memory caused by allocation of a very large buffer
Patch15: openexr-CVE-2021-3479.patch
# CVE-2021-23215 [bsc#1185216], Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers|CVE-2021-26260 [bsc#1185217], Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers
Patch16: openexr-CVE-2021-23215,26260.patch
# CVE-2021-3598 [bsc#1187310], Heap buffer overflow in Imf_3_1:CharPtrIO:readChars
Patch17: openexr-CVE-2021-3598.patch
# CVE-2021-3605 [bsc#1187395], Heap buffer overflow in the rleUncompress function
Patch18: openexr-CVE-2021-3605.patch
# CVE-2021-20300 [bsc#1188458], Integer-overflow in Imf_2_5:hufUncompress
Patch19: openexr-CVE-2021-20300.patch
# CVE-2021-20299 [bsc#1188459], Null-dereference READ in Imf_2_5:Header:operator
Patch20: openexr-CVE-2021-20299.patch
# CVE-2021-20304 [bsc#1188461], Undefined-shift in Imf_2_5:hufDecode
Patch21: openexr-CVE-2021-20304.patch
# CVE-2021-20302 [bsc#1188462], Floating-point-exception in Imf_2_5:precalculateTileInfot
Patch22: openexr-CVE-2021-20302.patch
# CVE-2021-20303 [bsc#1188457], Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
Patch23: openexr-CVE-2021-20303.patch
# CVE-2021-20298 [bsc#1188460], Out-of-memory in B44Compressor
Patch24: openexr-CVE-2021-20298.patch
BuildRequires: automake
BuildRequires: fltk-devel
BuildRequires: freeglut-devel
BuildRequires: gcc-c++
BuildRequires: pkgconfig
BuildRequires: pkgconfig(IlmBase) >= 2.2.0
BuildRequires: pkgconfig(zlib)
%if %{asan_build} || %{debug_build}
BuildRequires: ilmbase-debugsource
BuildRequires: libHalf%{sonum}-debuginfo
BuildRequires: libIex%{so_suffix}-debuginfo
BuildRequires: libIexMath%{so_suffix}-debuginfo
BuildRequires: libIlmThread%{so_suffix}-debuginfo
BuildRequires: libImath%{so_suffix}-debuginfo
%endif
Obsoletes: OpenEXR <= 1.6.1
Provides: OpenEXR = %{version}
%description
OpenEXR is a high dynamic-range (HDR) image file format developed by
Industrial Light & Magic for use in computer imaging applications. This package
contains a set of utilities to work with this format.
* exrheader, a utility for dumping header information
* exrstdattr, a utility for modifying OpenEXR standard attributes
* exrmaketiled, for generating tiled and rip/mipmapped images
* exrenvmap, for creating OpenEXR environment maps
* exrmakepreview, for creating preview images for OpenEXR files
* exr2aces, converter to ACES format
* exrmultiview, combine two or more images into one multi-view
%package -n libIlmImf%{so_suffix}
Summary: Library to Handle EXR Pictures in 16-Bit Floating-Point Format
Group: Development/Libraries/C and C++
%description -n libIlmImf%{so_suffix}
OpenEXR is a high dynamic-range (HDR) image file format developed by
Industrial Light & Magic for use in computer imaging applications.
This package contains shared library libIlmImf
%post -n libIlmImf%{so_suffix} -p /sbin/ldconfig
%postun -n libIlmImf%{so_suffix} -p /sbin/ldconfig
%files -n libIlmImf%{so_suffix}
%doc COPYING
%{_libdir}/libIlmImf-*.so.*
%package -n libIlmImfUtil%{so_suffix}
Summary: Library to simplify development of OpenEXR utilities
Group: Development/Libraries/C and C++
%description -n libIlmImfUtil%{so_suffix}
OpenEXR is a high dynamic-range (HDR) image file format developed by
Industrial Light & Magic for use in computer imaging applications.
This package contains shared library libIlmImfUtil
%post -n libIlmImfUtil%{so_suffix} -p /sbin/ldconfig
%postun -n libIlmImfUtil%{so_suffix} -p /sbin/ldconfig
%files -n libIlmImfUtil%{so_suffix}
%doc COPYING
%{_libdir}/libIlmImfUtil-*.so.*
%package devel
Summary: Library to Handle EXR Pictures (16-bit floating-point format)
Group: Development/Libraries/C and C++
Requires: libIlmImf%{so_suffix} = %{version}
Requires: libIlmImfUtil%{so_suffix} = %{version}
Requires: libilmbase-devel
Requires: pkgconfig
Requires: pkgconfig(zlib)
Obsoletes: OpenEXR-devel <= 1.6.1
Provides: OpenEXR-devel = %{version}
Obsoletes: libopenexr-devel <= 1.7.0
Provides: libopenexr-devel = %{version}
%description devel
OpenEXR is a high dynamic-range (HDR) image file format developed by
Industrial Light & Magic for use in computer imaging applications.
This package contains header files.
%package doc
Summary: Library to Handle EXR Pictures in 16-Bit Floating-Point Format
Group: Development/Libraries/C and C++
Obsoletes: OpenEXR-doc <= 1.6.1
Provides: OpenEXR-doc = %{version}
%description doc
OpenEXR is a high dynamic-range (HDR) image file format developed by
Industrial Light & Magic for use in computer imaging applications.
This package contains a documentation
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
# poor man's fdupes
if cmp COPYING LICENSE; then
rm -rf LICENSE
ln -sf COPYING LICENSE
fi
# remove non-linux file
rm README.OSX
%build
export PTHREAD_LIBS="-lpthread"
%if %{debug_build}
export CXXFLAGS="%{optflags} -O0"
%endif
%configure \
--disable-static \
--with-pic \
%if %{asan_build}
--disable-ilmbasetest \
%endif
--enable-large-stack \
--enable-imfexamples \
--enable-imfhugetest
%if %{asan_build}
vmemlimit=$(ulimit -v)
if [ $vmemlimit != unlimited ]; then
echo "ulimit -v has to be unlimited (currently $vmemlimit) to run ASAN build"
exit 1
fi
for i in $(find -name Makefile); do
sed -i -e 's/\(^CXXFLAGS.*\)/\1 -fsanitize=address/' \
-e 's/\(^LIBS =.*\)/\1 -lasan/' \
$i
done
%endif
make %{?_smp_mflags}
%install
%make_install
find %{buildroot} -type f -name "*.la" -delete -print
install -d -m 0755 %{buildroot}%{_defaultdocdir}/
mv %{buildroot}%{_datadir}/doc/OpenEXR-2* %{buildroot}%{_defaultdocdir}/%{name}-%{version}
%check
%ifarch x86_64
make %{?_smp_mflags} check
%endif
%files
%doc AUTHORS ChangeLog COPYING LICENSE NEWS README*
%{_bindir}/exrenvmap
%{_bindir}/exrheader
%{_bindir}/exrmakepreview
%{_bindir}/exrmaketiled
%{_bindir}/exrstdattr
%{_bindir}/exrmultiview
%{_bindir}/exrmultipart
%files devel
%{_includedir}/OpenEXR
%{_libdir}/libIlmImf.so
%{_libdir}/libIlmImfUtil.so
%{_libdir}/pkgconfig/OpenEXR.pc
%{_datadir}/aclocal/openexr.m4
%files doc
%{_docdir}/%{name}-%{version}
%changelog
