From 12c7aa7a9472360b0ba1390e38d6479c3305d542 Mon Sep 17 00:00:00 2001
From: Josef Ridky <jridky@redhat.com>
Date: Tue, 31 Mar 2026 09:41:11 +0200
Subject: [PATCH] Resolves: RHEL-153418 - fix CVE-2026-27622

Signed-off-by: Josef Ridky <jridky@redhat.com>
---
 gating.yaml                  |  2 +-
 openexr-CVE-2026-27622.patch | 14 ++++++++++++++
 openexr.spec                 |  8 +++++++-
 3 files changed, 22 insertions(+), 2 deletions(-)
 create mode 100644 openexr-CVE-2026-27622.patch

diff --git a/gating.yaml b/gating.yaml
index 4124226..c190bde 100644
--- a/gating.yaml
+++ b/gating.yaml
@@ -3,4 +3,4 @@ product_versions:
   - rhel-9
 decision_context: osci_compose_gate
 rules:
-  - !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
diff --git a/openexr-CVE-2026-27622.patch b/openexr-CVE-2026-27622.patch
new file mode 100644
index 0000000..75a6b27
--- /dev/null
+++ b/openexr-CVE-2026-27622.patch
@@ -0,0 +1,14 @@
+diff -urNp a/src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp b/src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp
+--- a/src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp	2026-03-26 08:27:58.855705716 +0100
++++ b/src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp	2026-03-26 08:32:52.955196547 +0100
+@@ -462,6 +462,10 @@ CompositeDeepScanLine::readPixels(int st
+        num_sources[ptr]=0;
+        for(size_t j=0;j<parts;j++)
+        {
++          if (total_sizes[ptr] > std::numeric_limits<unsigned int>::max() - counts[j][ptr])
++              throw IEX_NAMESPACE::ArgExc (
++                  "Cannot composite scanline: pixel cannot have more than UINT_MAX samples");
++
+           total_sizes[ptr]+=counts[j][ptr];
+           if(counts[j][ptr]>0) num_sources[ptr]++;
+        }
diff --git a/openexr.spec b/openexr.spec
index cd199bc..6facf89 100644
--- a/openexr.spec
+++ b/openexr.spec
@@ -3,7 +3,7 @@
 
 Name:           openexr
 Version:        3.1.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Provides the specification and reference implementation of the EXR file format
 
 License:        BSD
@@ -17,6 +17,8 @@ BuildRequires:  python%{python3_pkgversion}-devel
 BuildRequires:  zlib-devel
 
 Patch1:         openexr-CVE-2023-5481.patch
+# Fix CVE 2026-27622
+Patch2:         openexr-CVE-2026-27622.patch
 
 Obsoletes:      OpenEXR < 2.5.3
 Provides:       OpenEXR = %{version}-%{release}
@@ -33,6 +35,7 @@ This package containes the binaries for OpenEXR.
 Summary:        OpenEXR Libraries
 Provides:       OpenEXR-libs = %{version}-%{release}
 Obsoletes:      OpenEXR-libs < 2.5.3
+Requires:       openexr-libs = %{version}-%{release}
 
 %description libs
 OpenEXR is an open-source high-dynamic-range floating-point image file format
@@ -128,6 +131,9 @@ Summary:        Development files for %{name}
 
 
 %changelog
+* Thu Mar 26 2026 Josef Ridky <jridky@redhat.com> - 3.1.1-4
+- fix CVE-2026-27622
+
 * Wed Oct 23 2024 Josef Ridky <jridky@redhat.com> - 3.1.1-3
 - fix CVE-2023-5481 (RHEL-23879)