From 9af9574a662043e6a91b1b69d79b36a6ca3b56a1 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Mon, 20 Apr 2026 02:26:36 +0000 Subject: [PATCH] import UBI OpenEXR-2.2.0-12.el8_10.1 --- SOURCES/openexr-CVE-2026-27622.patch | 22 ++++++++++++++++++++++ SPECS/OpenEXR.spec | 9 +++++++-- 2 files changed, 29 insertions(+), 2 deletions(-) create mode 100644 SOURCES/openexr-CVE-2026-27622.patch diff --git a/SOURCES/openexr-CVE-2026-27622.patch b/SOURCES/openexr-CVE-2026-27622.patch new file mode 100644 index 0000000..5d6113f --- /dev/null +++ b/SOURCES/openexr-CVE-2026-27622.patch @@ -0,0 +1,22 @@ +diff -urNp a/IlmImf/ImfCompositeDeepScanLine.cpp b/IlmImf/ImfCompositeDeepScanLine.cpp +--- a/IlmImf/ImfCompositeDeepScanLine.cpp 2026-04-14 08:44:06.993263491 +0200 ++++ b/IlmImf/ImfCompositeDeepScanLine.cpp 2026-04-14 09:22:40.284776121 +0200 +@@ -44,6 +44,7 @@ + + #include + #include ++#include + OPENEXR_IMF_INTERNAL_NAMESPACE_SOURCE_ENTER + + using std::vector; +@@ -488,6 +489,10 @@ CompositeDeepScanLine::readPixels(int st + num_sources[ptr]=0; + for(size_t j=0;j std::numeric_limits::max() - counts[j][ptr]) ++ throw IEX_NAMESPACE::ArgExc ( ++ "Cannot composite scanline: pixel cannot have more than UINT_MAX samples"); ++ + total_sizes[ptr]+=counts[j][ptr]; + if(counts[j][ptr]>0) num_sources[ptr]++; + } diff --git a/SPECS/OpenEXR.spec b/SPECS/OpenEXR.spec index 4c75009..8558f66 100644 --- a/SPECS/OpenEXR.spec +++ b/SPECS/OpenEXR.spec @@ -1,7 +1,7 @@ Name: OpenEXR Summary: A high dynamic-range (HDR) image file format Version: 2.2.0 -Release: 12%{?dist} +Release: 12%{?dist}.1 License: BSD URL: http://www.openexr.com/ @@ -9,6 +9,8 @@ Source0: http://download.savannah.nongnu.org/releases/openexr/openexr-%{version} # fix tests for big endian arches # https://github.com/openexr/openexr/issues/81 Patch0: openexr-2.1.0-bigendian.patch +# Fix CVE 2026-27622 +Patch1: openexr-CVE-2026-27622.patch Obsoletes: openexr < %{version}-%{release} Provides: openexr = %{version}-%{release} @@ -45,7 +47,7 @@ Summary: %{name} runtime libraries %prep %setup -q -n openexr-%{version} %patch0 -p1 -b .bigendian - +%patch1 -p1 -b .CVE-2026-27622 %build %configure --disable-static @@ -91,6 +93,9 @@ make %{?_smp_mflags} check ||: %changelog +* Tue Apr 14 2026 Josef Ridky - 2.2.0-12.1 +- fix CVE-2026-27622 + * Tue Dec 15 2020 Owen Taylor - 2.2.0-12 - In check, don't override PKG_CONFIG_PATH from the environment (#1907528)