Changes to be committed:

new file: CVE-2021-20298.patch modified: OpenEXR.spec (cherry picked from commit cd531655669f557ec3d7ab8622c785a8b9c609e0)
2022-08-25 17:54:45 +08:00 · 2022-08-25 17:54:45 +08:00 · 1dd3d0bd0f
commit 1dd3d0bd0f
parent 658bfe75b5
2 changed files with 31 additions and 1 deletions
--- a/CVE-2021-20298.patch
+++ b/CVE-2021-20298.patch
@ -0,0 +1,26 @@
+From 01d1b18611469470eb3a1016c970953c09312fd6 Mon Sep 17 00:00:00 2001
+From: mayp <mayanping@ncti-gba.cn>
+Date: Thu, 25 Aug 2022 17:13:53 +0800
+Subject: [PATCH]  Changes to be committed: 	modified:  
+ IlmImf/ImfB44Compressor.cpp
+
+---
+ IlmImf/ImfB44Compressor.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/IlmImf/ImfB44Compressor.cpp b/IlmImf/ImfB44Compressor.cpp
+index d9fec62..2b85ed0 100644
+--- a/IlmImf/ImfB44Compressor.cpp
+++ b/IlmImf/ImfB44Compressor.cpp
+@@ -492,7 +492,7 @@ B44Compressor::B44Compressor
+     //
+ 
+     _tmpBuffer = new unsigned short
+-        [checkArraySize (uiMult (maxScanLineSize, numScanLines),
+        [checkArraySize (uiMult (maxScanLineSize / sizeof(unsigned short), numScanLines),
+                          sizeof (unsigned short))];
+ 
+     const ChannelList &channels = header().channels();
+-- 
+2.33.0
+
--- a/OpenEXR.spec
+++ b/OpenEXR.spec
@ -1,7 +1,7 @@
 Name:           OpenEXR
 Summary:        A high dynamic-range (HDR) image file format for use in computer imaging applications
 Version:        2.2.0
-Release:        27
+Release:        28
 License:        BSD
 URL:	        http://www.openexr.com/
 Source0:        http://download.savannah.nongnu.org/releases/openexr/openexr-%{version}.tar.gz
@ -38,6 +38,7 @@ Patch0025:      CVE-2021-20302.patch
 #https://github.com/AcademySoftwareFoundation/openexr/commit/5a0adf1aba7d41c6b94ba167c0c4308d2eecfd17
 Patch0026:      CVE-2021-3933.patch
 Patch0027:      CVE-2021-20304.patch
+Patch0028:      CVE-2021-20298.patch

 BuildConflicts: %{name}-devel < 2.2.0
 BuildRequires:  gcc-c++ ilmbase-devel >= %{version} zlib-devel pkgconfig
@ -101,6 +102,9 @@ test "$(pkg-config --modversion OpenEXR)" = "%{version}"
 %{_libdir}/pkgconfig/OpenEXR.pc

 %changelog
+* Thu Aug 25 2022 mayp <mayanping@ncti-gba.cn> - 2.2.0-28
+- Fix CVE-2021-20298 
+
 * Thu Aug 18 2022 mayp <mayanping@ncti-gba.cn> - 2.2.0-27
 - Fix CVE-2021-20304