OpenEXR team released a maintainer release addressing several security issues. These include CVE-2017-{9110,9111,9112,9113,9114,9115,9116}
The only difference between 2.2.0 and 2.2.1 is the CVE fix linked to this bug report. None of the other fixes have made it in. The 2.2.0-r2 ebuild with the CVE fix is exactly the same as this new version. The only caveat is that it bumps all SONAME versions which broke other distros. https://github.com/openexr/openexr/issues/250 I'm a bit nervous about something that has been reported as breaking things.
Created attachment 517298 [details] openexr-2.2.1.ebuild
Created attachment 517300 [details, diff] openexr-2.2.1-fix-build-system.patch
Created attachment 517304 [details] ilmbase-2.2.1.ebuild
The version bump should suffice to close bug 632261 as well as bug 278191, bug 499690 and bug 598006 (obsolete /unreproducible).
I made a PR here: https://github.com/gentoo/gentoo/pull/9729 However, I couldn't get PyIlmBase to compile at all and I don't have much time to work on it. If anyone wants to work on it, my work for it is here: https://github.com/dracwyrm/gentoo-ebuilds/tree/master/dev-python/pyilmbase A lot has changed including the security bug reports should be closed with this release. I tested against gegl and the needed patches are already in the tree. It works with Blender and OpenImageIO, and other software. OpenEXR_Viewers has dropped the dependency against ctl finally (it's unmaintained software). There were a few tweaks to the ebuilds, however, some eclasses aren't eapi 7 ready yet. At least when I tested.
Jonathan, I'm gonna pickup your work and see if I can help with it. I'm finally having more time again for developing.
Hi Bernd, That would be a big help! All my current code is at https://github.com/gentoo/gentoo/pull/9729. There were just a few issues that mgorny wanted fixing, I could do those if you want?
Hi Jonathan, I already fixed most of the issues mgorny wanted to get changed. Only the openexr_viewers is not complete yet. I'm hoping to get this one too finished until the end of the week. Had to change some more things, than just those that were requested, some of the patches for 2.2 were also needed for some of ilmbase, openexr, pyilmbase. If you find some time, I'd be glad if you can test the ebuilds. They are currently on my repo at https://github.com/waebbl/waebbl-gentoo.git
So openexr_viewers is compiling, but it fails to find cg and so only one of the binaries is compiled. I completely removed the media-libs/ctl dependency on the way, because I'm not able to compile this lib. I added your nvidia-automagic patch from older version, which helped solving autoheader stop to complain, but still doesn't solve the issue of not finding Cg. I have merely no knowledge of m4 / autotools. You use AC_ARG_ENABLE with default=check to find Cg, but Cg does provide two pkgconfig files (nvidia-cg-toolkit.pc and nvidia-cg-toolkit-gl.pc). If the search for Cg could be improved to use pkgconfig on one of those files (PKG_CHECK_MODULES?), and sets the include und library paths from it, we might have more success on this. I also tried using append-c{,xx}flags and append-ldflags with the proper Cg directories to myeconfargs, but this also didn't help. The --with-cg-prefix seems not to be properly recognized by configure. I pushed it for now to my github repo, but will investigate this further, as I'm not happy with the solution so far.
I finally got it to find the Cg libraries in the openexr_viewers ebuild. But the search for ctl is back in, I suppose I was too careless in deleting ctl related stuff from configure and the Makefiles, so I put this all back in. I'm don't know much enough of autotools to handle this properly. Additionally it's only a warning and the ctl support get's simply disabled by configure. I also noticed that openexr is moving towards cmake, so using autotools will hopefully get obsolete for this package soon :) I guess, I'm now going to prepare a new PR for it.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5536d29f8eda56741b434b92f3885434dba7282a commit 5536d29f8eda56741b434b92f3885434dba7282a Author: Bernd Waibel <waebbl@gmail.com> AuthorDate: 2018-09-30 19:49:21 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2018-10-11 18:42:50 +0000 dev-python/pyilmbase: bump to version 2.3.0 Remove multilib inherit, python isn't multilib aware Improve ebuild functions Closes: https://bugs.gentoo.org/639998 Suggested-by: Jonathan Scruggs <dracwyrm@gentoo.org> Signed-off-by: Bernd Waibel <waebbl@gmail.com> Package-Manager: Portage-2.3.49, Repoman-2.3.10 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-python/pyilmbase/Manifest | 1 + .../files/pyilmbase-2.3.0-fix-build-system.patch | 48 ++++++++++++++++++ .../files/pyilmbase-2.3.0-link-pyimath.patch | 13 +++++ dev-python/pyilmbase/pyilmbase-2.3.0.ebuild | 59 ++++++++++++++++++++++ 4 files changed, 121 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=086e36c12dff193371ce5fe3e54fb9058f1e9d52 commit 086e36c12dff193371ce5fe3e54fb9058f1e9d52 Author: Bernd Waibel <waebbl@gmail.com> AuthorDate: 2018-09-30 19:45:39 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2018-10-11 18:42:49 +0000 media-libs/openexr: bump to version 2.3.0 Closes: https://bugs.gentoo.org/639998 Suggested-by: Jonathan Scruggs <dracwyrm@gentoo.org> Signed-off-by: Bernd Waibel <waebbl@gmail.com> Package-Manager: Portage-2.3.49, Repoman-2.3.10 Signed-off-by: Michał Górny <mgorny@gentoo.org> media-libs/openexr/Manifest | 1 + .../files/openexr-2.3.0-fix-build-system.patch | 68 +++++++++++++++++++++ media-libs/openexr/openexr-2.3.0.ebuild | 71 ++++++++++++++++++++++ 3 files changed, 140 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f7fbc18a745b1d120e866c2ea7d601fbe7e4a6e commit 4f7fbc18a745b1d120e866c2ea7d601fbe7e4a6e Author: Bernd Waibel <waebbl@gmail.com> AuthorDate: 2018-09-30 19:41:34 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2018-10-11 18:42:49 +0000 media-libs/ilmbase: bump to version 2.3.0 Remove .la files, as the package provides pkgconfig files. Closes: https://bugs.gentoo.org/639998 Suggested-by: Jonathan Scruggs <dracwyrm@gentoo.org> Signed-off-by: Bernd Waibel <waebbl@gmail.com> Package-Manager: Portage-2.3.49, Repoman-2.3.10 Signed-off-by: Michał Górny <mgorny@gentoo.org> media-libs/ilmbase/Manifest | 1 + media-libs/ilmbase/ilmbase-2.3.0.ebuild | 35 +++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) Additionally, it has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f82dcf755d6676dda0ac065883e93076afc6d84 commit 7f82dcf755d6676dda0ac065883e93076afc6d84 Author: Bernd Waibel <waebbl@gmail.com> AuthorDate: 2018-09-30 19:52:49 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2018-10-11 18:42:50 +0000 media-gfx/openexr_viewers: bump to version 2.3.0 Bug: https://bugs.gentoo.org/639998 Suggested-by: Jonathan Scruggs <dracwyrm@gentoo.org> Signed-off-by: Bernd Waibel <waebbl@gmail.com> Package-Manager: Portage-2.3.49, Repoman-2.3.10 Signed-off-by: Michał Górny <mgorny@gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/10030 media-gfx/openexr_viewers/Manifest | 1 + .../openexr_viewers-2.3.0-fix-cg-libdir.patch | 13 ++++ .../openexr_viewers-2.3.0-fix-configure.patch | 83 ++++++++++++++++++++++ .../openexr_viewers/openexr_viewers-2.3.0.ebuild | 67 +++++++++++++++++ 4 files changed, 164 insertions(+)
