packages/OpenEXR
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:34d7fae4cdec9890c33cb280feb354d64180e6c6
Branches Tags
packages:main
..
compare: packages:739ebad147ed584fdf08d7ea74922edd7b7dfda0
Branches Tags
packages:main

No commits in common. "34d7fae4cdec9890c33cb280feb354d64180e6c6" and "739ebad147ed584fdf08d7ea74922edd7b7dfda0" have entirely different histories.
34d7fae4cd ... 739ebad147

4 changed files with 4 additions and 568 deletions
Show Stats Expand all files Collapse all files

503
CVE-2023-5841.patch
View File

@ -1,503 +0,0 @@
From df4d77471f2722025011da2e699d581d1e757f6b Mon Sep 17 00:00:00 2001
From: Kimball Thurston <kdt3rd@gmail.com>
Date: Mon, 5 Feb 2024 08:44:21 +1300
Subject: [PATCH] Fix CVE 2023 5841 (#1627)
* enable deep file checks for core
Signed-off-by: Kimball Thurston <kdt3rd@gmail.com>
* fix possible int overflow
Signed-off-by: Kimball Thurston <kdt3rd@gmail.com>
* fix validation of deep sample counts
Addresses CVE-2023-5841, fixing sample count check to not only check
against 0 but previous sample as well.
Signed-off-by: Kimball Thurston <kdt3rd@gmail.com>
* add clarifying comment
Signed-off-by: Kimball Thurston <kdt3rd@gmail.com>
---------
Signed-off-by: Kimball Thurston <kdt3rd@gmail.com>
---
src/lib/OpenEXRCore/decoding.c | 40 +++---
src/lib/OpenEXRCore/unpack.c | 9 +-
src/lib/OpenEXRUtil/ImfCheckFile.cpp | 190 +++++++++++++++++++++------
3 files changed, 182 insertions(+), 57 deletions(-)
diff --git a/src/lib/OpenEXRCore/decoding.c b/src/lib/OpenEXRCore/decoding.c
index e9e8f7f9b..bf5ae2105 100644
--- a/src/lib/OpenEXRCore/decoding.c
+++ b/src/lib/OpenEXRCore/decoding.c
@@ -289,7 +289,11 @@ default_decompress_chunk (exr_decode_pipeline_t* decode)
part->storage_mode == EXR_STORAGE_DEEP_TILED)
{
uint64_t sampsize =
- (((uint64_t) decode->chunk.width) * ((uint64_t) decode->chunk.height));
+ (((uint64_t) decode->chunk.width) *
+ ((uint64_t) decode->chunk.height));
+
+ if ((decode->decode_flags & EXR_DECODE_SAMPLE_COUNTS_AS_INDIVIDUAL))
+ sampsize += 1;
sampsize *= sizeof (int32_t);
rv = decompress_data (
@@ -342,7 +346,7 @@ unpack_sample_table (
exr_result_t rv = EXR_ERR_SUCCESS;
int32_t w = decode->chunk.width;
int32_t h = decode->chunk.height;
- int32_t totsamp = 0;
+ uint64_t totsamp = 0;
int32_t* samptable = decode->sample_count_table;
size_t combSampSize = 0;
@@ -353,38 +357,44 @@ unpack_sample_table (
{
for (int32_t y = 0; y < h; ++y)
{
+ int32_t *cursampline = samptable + y * w;
int32_t prevsamp = 0;
for (int32_t x = 0; x < w; ++x)
{
int32_t nsamps =
- (int32_t) one_to_native32 ((uint32_t) samptable[y * w + x]);
- if (nsamps < 0) return EXR_ERR_INVALID_SAMPLE_DATA;
- samptable[y * w + x] = nsamps - prevsamp;
- prevsamp = nsamps;
+ (int32_t) one_to_native32 ((uint32_t) cursampline[x]);
+ if (nsamps < prevsamp) return EXR_ERR_INVALID_SAMPLE_DATA;
+
+ cursampline[x] = nsamps - prevsamp;
+ prevsamp = nsamps;
}
- totsamp += prevsamp;
+ totsamp += (uint64_t)prevsamp;
}
- samptable[w * h] = totsamp;
+ if (totsamp >= (uint64_t)INT32_MAX)
+ return EXR_ERR_INVALID_SAMPLE_DATA;
+ samptable[w * h] = (int32_t)totsamp;
}
else
{
for (int32_t y = 0; y < h; ++y)
{
+ int32_t *cursampline = samptable + y * w;
int32_t prevsamp = 0;
for (int32_t x = 0; x < w; ++x)
{
int32_t nsamps =
- (int32_t) one_to_native32 ((uint32_t) samptable[y * w + x]);
- if (nsamps < 0) return EXR_ERR_INVALID_SAMPLE_DATA;
- samptable[y * w + x] = nsamps;
- prevsamp = nsamps;
+ (int32_t) one_to_native32 ((uint32_t) cursampline[x]);
+ if (nsamps < prevsamp) return EXR_ERR_INVALID_SAMPLE_DATA;
+
+ cursampline[x] = nsamps;
+ prevsamp = nsamps;
}
- totsamp += prevsamp;
+
+ totsamp += (uint64_t)prevsamp;
}
}
- if (totsamp < 0 ||
- (((uint64_t) totsamp) * combSampSize) > decode->chunk.unpacked_size)
+ if ((totsamp * combSampSize) > decode->chunk.unpacked_size)
{
rv = pctxt->report_error (
pctxt, EXR_ERR_INVALID_SAMPLE_DATA, "Corrupt sample count table");
diff --git a/src/lib/OpenEXRCore/unpack.c b/src/lib/OpenEXRCore/unpack.c
index 9ecb729cf..80990e0d2 100644
--- a/src/lib/OpenEXRCore/unpack.c
+++ b/src/lib/OpenEXRCore/unpack.c
@@ -1205,9 +1205,10 @@ generic_unpack_deep_pointers (exr_decode_pipeline_t* decode)
if (outpix)
{
uint8_t* cdata = outpix;
+
UNPACK_SAMPLES (samps)
}
- srcbuffer += bpc * samps;
+ srcbuffer += ((size_t) bpc) * ((size_t) samps);
}
}
sampbuffer += w;
@@ -1251,12 +1252,14 @@ generic_unpack_deep (exr_decode_pipeline_t* decode)
}
else
prevsamps = sampbuffer[w - 1];
+
srcbuffer += ((size_t) bpc) * ((size_t) prevsamps);
if (incr_tot) totsamps += (size_t) prevsamps;
continue;
}
+
cdata += totsamps * ((size_t) ubpc);
for (int x = 0; x < w; ++x)
@@ -1272,7 +1275,7 @@ generic_unpack_deep (exr_decode_pipeline_t* decode)
UNPACK_SAMPLES (samps)
- srcbuffer += bpc * samps;
+ srcbuffer += ((size_t) bpc) * ((size_t) samps);
if (incr_tot) totsamps += (size_t) samps;
}
}
@@ -1310,7 +1313,7 @@ internal_exr_match_decode (
if (isdeep)
{
- if ((decode->decode_flags & EXR_DECODE_SAMPLE_COUNTS_AS_INDIVIDUAL))
+ if ((decode->decode_flags & EXR_DECODE_NON_IMAGE_DATA_AS_POINTERS))
return &generic_unpack_deep_pointers;
return &generic_unpack_deep;
}
diff --git a/src/lib/OpenEXRUtil/ImfCheckFile.cpp b/src/lib/OpenEXRUtil/ImfCheckFile.cpp
index 8c4fbe84f..cdc0fa3da 100644
--- a/src/lib/OpenEXRUtil/ImfCheckFile.cpp
+++ b/src/lib/OpenEXRUtil/ImfCheckFile.cpp
@@ -1172,11 +1172,86 @@ runChecks(T& source,bool reduceMemory,bool reduceTime)
return threw;
}
+// This is not entirely needed in that the chunk info has the
+// total unpacked_size field which can be used for allocation
+// but this adds an additional point to use when debugging issues.
+static exr_result_t
+realloc_deepdata(exr_decode_pipeline_t* decode)
+{
+ int32_t w = decode->chunk.width;
+ int32_t h = decode->chunk.height;
+ uint64_t totsamps = 0, bytes = 0;
+ const int32_t *sampbuffer = decode->sample_count_table;
+ std::vector<uint8_t>* ud = static_cast<std::vector<uint8_t>*>(
+ decode->decoding_user_data);
+
+ if ( ! ud )
+ {
+ for (int c = 0; c < decode->channel_count; c++)
+ {
+ exr_coding_channel_info_t& outc = decode->channels[c];
+ outc.decode_to_ptr = NULL;
+ outc.user_pixel_stride = outc.user_bytes_per_element;
+ outc.user_line_stride = 0;
+ }
+ return EXR_ERR_SUCCESS;
+ }
+
+ if ((decode->decode_flags &
+ EXR_DECODE_SAMPLE_COUNTS_AS_INDIVIDUAL))
+ {
+ for (int32_t y = 0; y < h; ++y)
+ {
+ for (int x = 0; x < w; ++x)
+ totsamps += sampbuffer[x];
+ sampbuffer += w;
+ }
+ }
+ else
+ {
+ for (int32_t y = 0; y < h; ++y)
+ totsamps += sampbuffer[y*w + w - 1];
+ }
+
+ for (int c = 0; c < decode->channel_count; c++)
+ {
+ exr_coding_channel_info_t& outc = decode->channels[c];
+ bytes += totsamps * outc.user_bytes_per_element;
+ }
+
+ if (bytes >= gMaxBytesPerDeepScanline * h)
+ {
+ for (int c = 0; c < decode->channel_count; c++)
+ {
+ exr_coding_channel_info_t& outc = decode->channels[c];
+ outc.decode_to_ptr = NULL;
+ outc.user_pixel_stride = outc.user_bytes_per_element;
+ outc.user_line_stride = 0;
+ }
+ return EXR_ERR_SUCCESS;
+ }
+
+ if (ud->size () < bytes)
+ ud->resize (bytes);
+
+ uint8_t* dptr = &((*ud)[0]);
+ for (int c = 0; c < decode->channel_count; c++)
+ {
+ exr_coding_channel_info_t& outc = decode->channels[c];
+ outc.decode_to_ptr = dptr;
+ outc.user_pixel_stride = outc.user_bytes_per_element;
+ outc.user_line_stride = 0;
+
+ dptr += totsamps * (uint64_t) outc.user_bytes_per_element;
+ }
+ return EXR_ERR_SUCCESS;
+}
+
////////////////////////////////////////
bool readCoreScanlinePart(exr_context_t f, int part, bool reduceMemory, bool reduceTime)
{
- exr_result_t rv;
+ exr_result_t rv, frv;
exr_attr_box2i_t datawin;
rv = exr_get_data_window (f, part, &datawin);
if (rv != EXR_ERR_SUCCESS)
@@ -1194,6 +1269,8 @@ bool readCoreScanlinePart(exr_context_t f, int part, bool reduceMemory, bool red
if (rv != EXR_ERR_SUCCESS)
return true;
+ frv = rv;
+
for (uint64_t chunk = 0; chunk < height; chunk += lines_per_chunk)
{
exr_chunk_info_t cinfo = { 0 };
@@ -1202,8 +1279,8 @@ bool readCoreScanlinePart(exr_context_t f, int part, bool reduceMemory, bool red
rv = exr_read_scanline_chunk_info (f, part, y, &cinfo);
if (rv != EXR_ERR_SUCCESS)
{
- if (reduceTime)
- break;
+ frv = rv;
+ if (reduceTime) break;
continue;
}
@@ -1224,59 +1301,72 @@ bool readCoreScanlinePart(exr_context_t f, int part, bool reduceMemory, bool red
bytes += width * (uint64_t)outc.user_bytes_per_element * (uint64_t)lines_per_chunk;
}
- // TODO: check we are supposed to multiple by lines per chunk above
doread = true;
- if (reduceMemory && bytes >= gMaxBytesPerScanline)
- doread = false;
+ if (cinfo.type == EXR_STORAGE_DEEP_SCANLINE)
+ {
+ decoder.decoding_user_data = &imgdata;
+ decoder.realloc_nonimage_data_fn = &realloc_deepdata;
+ }
+ else
+ {
+ if (reduceMemory && bytes >= gMaxBytesPerScanline) doread = false;
- if (doread)
- imgdata.resize( bytes );
+ if (doread) imgdata.resize (bytes);
+ }
rv = exr_decoding_choose_default_routines (f, part, &decoder);
if (rv != EXR_ERR_SUCCESS)
+ {
+ frv = rv;
break;
+ }
}
else
{
rv = exr_decoding_update (f, part, &cinfo, &decoder);
if (rv != EXR_ERR_SUCCESS)
{
- if (reduceTime)
- break;
+ frv = rv;
+ if (reduceTime) break;
continue;
}
}
if (doread)
{
- uint8_t *dptr = &(imgdata[0]);
- for (int c = 0; c < decoder.channel_count; c++)
+ if (cinfo.type != EXR_STORAGE_DEEP_SCANLINE)
{
- exr_coding_channel_info_t & outc = decoder.channels[c];
- outc.decode_to_ptr = dptr;
- outc.user_pixel_stride = outc.user_bytes_per_element;
- outc.user_line_stride = outc.user_pixel_stride * width;
- dptr += width * (uint64_t)outc.user_bytes_per_element * (uint64_t)lines_per_chunk;
+ uint8_t* dptr = &(imgdata[0]);
+ for (int c = 0; c < decoder.channel_count; c++)
+ {
+ exr_coding_channel_info_t& outc = decoder.channels[c];
+ outc.decode_to_ptr = dptr;
+ outc.user_pixel_stride = outc.user_bytes_per_element;
+ outc.user_line_stride = outc.user_pixel_stride * width;
+
+ dptr += width * (uint64_t) outc.user_bytes_per_element *
+ (uint64_t) lines_per_chunk;
+ }
}
rv = exr_decoding_run (f, part, &decoder);
if (rv != EXR_ERR_SUCCESS)
{
- if (reduceTime)
- break;
+ frv = rv;
+ if (reduceTime) break;
}
}
}
exr_decoding_destroy (f, &decoder);
- return (rv != EXR_ERR_SUCCESS);
+ return (frv != EXR_ERR_SUCCESS);
}
////////////////////////////////////////
bool readCoreTiledPart(exr_context_t f, int part, bool reduceMemory, bool reduceTime)
{
- exr_result_t rv;
+ exr_result_t rv, frv;
exr_attr_box2i_t datawin;
rv = exr_get_data_window (f, part, &datawin);
@@ -1296,6 +1386,7 @@ bool readCoreTiledPart(exr_context_t f, int part, bool reduceMemory, bool reduce
if (rv != EXR_ERR_SUCCESS)
return true;
+ frv = rv;
bool keepgoing = true;
for (int32_t ylevel = 0; keepgoing && ylevel < levelsy; ++ylevel )
{
@@ -1305,6 +1396,7 @@ bool readCoreTiledPart(exr_context_t f, int part, bool reduceMemory, bool reduce
rv = exr_get_level_sizes (f, part, xlevel, ylevel, &levw, &levh);
if (rv != EXR_ERR_SUCCESS)
{
+ frv = rv;
if (reduceTime)
{
keepgoing = false;
@@ -1317,6 +1409,7 @@ bool readCoreTiledPart(exr_context_t f, int part, bool reduceMemory, bool reduce
rv = exr_get_tile_sizes (f, part, xlevel, ylevel, &curtw, &curth);
if (rv != EXR_ERR_SUCCESS)
{
+ frv = rv;
if (reduceTime)
{
keepgoing = false;
@@ -1343,6 +1436,7 @@ bool readCoreTiledPart(exr_context_t f, int part, bool reduceMemory, bool reduce
rv = exr_read_tile_chunk_info (f, part, tx, ty, xlevel, ylevel, &cinfo);
if (rv != EXR_ERR_SUCCESS)
{
+ frv = rv;
if (reduceTime)
{
keepgoing = false;
@@ -1356,6 +1450,7 @@ bool readCoreTiledPart(exr_context_t f, int part, bool reduceMemory, bool reduce
rv = exr_decoding_initialize (f, part, &cinfo, &decoder);
if (rv != EXR_ERR_SUCCESS)
{
+ frv = rv;
keepgoing = false;
break;
}
@@ -1372,14 +1467,23 @@ bool readCoreTiledPart(exr_context_t f, int part, bool reduceMemory, bool reduce
}
doread = true;
- if (reduceMemory && bytes >= gMaxTileBytes)
- doread = false;
+ if (cinfo.type == EXR_STORAGE_DEEP_TILED)
+ {
+ decoder.decoding_user_data = &tiledata;
+ decoder.realloc_nonimage_data_fn = &realloc_deepdata;
+ }
+ else
+ {
+ if (reduceMemory && bytes >= gMaxTileBytes)
+ doread = false;
- if (doread)
- tiledata.resize( bytes );
- rv = exr_decoding_choose_default_routines (f, part, &decoder);
+ if (doread) tiledata.resize (bytes);
+ }
+ rv = exr_decoding_choose_default_routines (
+ f, part, &decoder);
if (rv != EXR_ERR_SUCCESS)
{
+ frv = rv;
keepgoing = false;
break;
}
@@ -1389,6 +1493,7 @@ bool readCoreTiledPart(exr_context_t f, int part, bool reduceMemory, bool reduce
rv = exr_decoding_update (f, part, &cinfo, &decoder);
if (rv != EXR_ERR_SUCCESS)
{
+ frv = rv;
if (reduceTime)
{
keepgoing = false;
@@ -1400,19 +1505,28 @@ bool readCoreTiledPart(exr_context_t f, int part, bool reduceMemory, bool reduce
if (doread)
{
- uint8_t *dptr = &(tiledata[0]);
- for (int c = 0; c < decoder.channel_count; c++)
+ if (cinfo.type != EXR_STORAGE_DEEP_TILED)
{
- exr_coding_channel_info_t & outc = decoder.channels[c];
- outc.decode_to_ptr = dptr;
- outc.user_pixel_stride = outc.user_bytes_per_element;
- outc.user_line_stride = outc.user_pixel_stride * curtw;
- dptr += (uint64_t)curtw * (uint64_t)outc.user_bytes_per_element * (uint64_t)curth;
+ uint8_t* dptr = &(tiledata[0]);
+ for (int c = 0; c < decoder.channel_count; c++)
+ {
+ exr_coding_channel_info_t& outc =
+ decoder.channels[c];
+ outc.decode_to_ptr = dptr;
+ outc.user_pixel_stride =
+ outc.user_bytes_per_element;
+ outc.user_line_stride =
+ outc.user_pixel_stride * curtw;
+ dptr += (uint64_t) curtw *
+ (uint64_t) outc.user_bytes_per_element *
+ (uint64_t) curth;
+ }
}
rv = exr_decoding_run (f, part, &decoder);
if (rv != EXR_ERR_SUCCESS)
{
+ frv = rv;
if (reduceTime)
{
keepgoing = false;
@@ -1448,16 +1562,14 @@ bool checkCoreFile(exr_context_t f, bool reduceMemory, bool reduceTime)
if (rv != EXR_ERR_SUCCESS)
return true;
- // TODO: Need to fill this in
- if (store == EXR_STORAGE_DEEP_SCANLINE || store == EXR_STORAGE_DEEP_TILED)
- continue;
-
- if (store == EXR_STORAGE_SCANLINE)
+ if (store == EXR_STORAGE_SCANLINE ||
+ store == EXR_STORAGE_DEEP_SCANLINE)
{
if ( readCoreScanlinePart (f, p, reduceMemory, reduceTime) )
return true;
}
- else if (store == EXR_STORAGE_TILED)
+ else if (store == EXR_STORAGE_TILED ||
+ store == EXR_STORAGE_DEEP_TILED)
{
if ( readCoreTiledPart (f, p, reduceMemory, reduceTime) )
return true;

42
CVE-2024-31047.patch
View File

@ -1,42 +0,0 @@
From 7aa89e1d09b09d9f5dbb96976ee083a331ab9d71 Mon Sep 17 00:00:00 2001
From: xiaoxiaoafeifei <zhailiangliang@loongson.cn>
Date: Wed, 20 Mar 2024 00:09:05 +0800
Subject: [PATCH] prevent integer overflows in file exrmultipart.cpp (#1681)
Signed-off-by: ZhaiLiangliang <zhailiangliang@loongson.cn>
Origin: https://github.com/AcademySoftwareFoundation/openexr/pull/1681
---
src/bin/exrmultipart/exrmultipart.cpp | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/bin/exrmultipart/exrmultipart.cpp b/src/bin/exrmultipart/exrmultipart.cpp
index 931cebc..1c624b8 100644
--- a/src/bin/exrmultipart/exrmultipart.cpp
+++ b/src/bin/exrmultipart/exrmultipart.cpp
@@ -326,12 +326,17 @@ convert(vector <const char*> in,
}
Box2i dataWindow = infile.header(0).dataWindow();
- int pixel_count = (dataWindow.size().y+1)*(dataWindow.size().x+1);
- int pixel_width = dataWindow.size().x+1;
-
+ //
+ // use int64_t for dimensions, since possible overflow int storage
+ //
+ int64_t pixel_count = (static_cast<int64_t>(dataWindow.size ().y) + 1) * (static_cast<int64_t>(dataWindow.size ().x) + 1);
+ int64_t pixel_width = static_cast<int64_t>(dataWindow.size ().x) + 1;
+ //
// offset in pixels between base of array and 0,0
- int pixel_base = dataWindow.min.y*pixel_width+dataWindow.min.x;
+ // use int64_t for dimensions, since dataWindow.min.y * pixel_width could overflow int storage
+ //
+ int64_t pixel_base = static_cast<int64_t>(dataWindow.min.y) * pixel_width + static_cast<int64_t>(dataWindow.min.x);
vector< vector<char> > channelstore(channel_count);
--
2.43.0

27
OpenEXR.spec
View File

@ -1,13 +1,10 @@
Name: OpenEXR Name: OpenEXR
Summary: A high dynamic-range (HDR) image file format for use in computer imaging applications Summary: A high dynamic-range (HDR) image file format for use in computer imaging applications
Version: 3.1.11 Version: 3.1.5
Release: 3 Release: 2
License: BSD-3-Clause License: BSD-3-Clause
URL: http://www.openexr.com/ URL: http://www.openexr.com/
Source0: https://github.com/AcademySoftwareFoundation/openexr/archive/v%{version}/openexr-%{version}.tar.gz Source0: https://github.com/AcademySoftwareFoundation/openexr/archive/v%{version}/openexr-%{version}.tar.gz
# https://github.com/AcademySoftwareFoundation/openexr/commit/df4d77471f2722025011da2e699d581d1e757f6b
Patch0: CVE-2023-5841.patch
Patch1: CVE-2024-31047.patch
BuildRequires: gcc-c++ zlib-devel pkgconfig python3-devel BuildRequires: gcc-c++ zlib-devel pkgconfig python3-devel
BuildRequires: cmake gcc boost-devel pkgconfig(Imath) BuildRequires: cmake gcc boost-devel pkgconfig(Imath)
@ -50,11 +47,7 @@ This package contains libraries and header files for development of %{name}.
%make_install %make_install
%check %check
%ifarch aarch64 ppc64le %make_build test
# https://github.com/AcademySoftwareFoundation/openexr/issues/1460
EXCLUDE_REGEX='DWA[AB]Compression'
%endif
/usr/bin/ctest --output-on-failure --force-new-ctest-process -j${RPM_BUILD_NCPUS} --exclude-regex "$EXCLUDE_REGEX"
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
@ -75,18 +68,6 @@ EXCLUDE_REGEX='DWA[AB]Compression'
%{_libdir}/pkgconfig/OpenEXR.pc %{_libdir}/pkgconfig/OpenEXR.pc
%changelog %changelog
* Wed Apr 17 2024 wangkai <13474090681@163.com> - 3.1.11-3
- Fix CVE-2024-31047
* Mon Feb 26 2024 yaoxin <yao_xin001@hoperun.com> - 3.1.11-2
- Fix CVE-2023-5841
* Thu Oct 12 2023 yaoxin <yao_xin001@hoperun.com> - 3.1.11-1
- Upgrade to 3.1.11
* Wed Jul 12 2023 liyanan <thistleslyn@163.com> - 3.1.9-1
- update to 3.1.9
* Tue May 10 2022 Ge Wang <wangge20@h-partners.com> - 3.1.5-2 * Tue May 10 2022 Ge Wang <wangge20@h-partners.com> - 3.1.5-2
- license compliance rectification - license compliance rectification
@ -102,7 +83,7 @@ EXCLUDE_REGEX='DWA[AB]Compression'
* Fri Mar 11 2022 yaoxin <yaoxin30@huawei.com> - 2.2.0-24 * Fri Mar 11 2022 yaoxin <yaoxin30@huawei.com> - 2.2.0-24
- Fix CVE-2021-20303 - Fix CVE-2021-20303
* Wed Sep 1 2021 liwu<liwu13@huawei.com> - 2.2.0-23 * Wed Sat 1 2021 liwu<liwu13@huawei.com> - 2.2.0-23
- fix CVE-2021-3605 - fix CVE-2021-3605
* Mon Jul 12 2021 yaoxin <yaoxin30@huawei.com> - 2.2.0-22 * Mon Jul 12 2021 yaoxin <yaoxin30@huawei.com> - 2.2.0-22

BIN
openexr-3.1.11.tar.gz → openexr-3.1.5.tar.gz
View File

Binary file not shown.