Numerous vulnerabilities said to be fixed in 2.5.4, please bump: * OSS-fuzz [#24854](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854) Segv on unknown address in Imf_2_5::hufUncompress * OSS-fuzz [#24831](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831) Undefined-shift in Imf_2_5::FastHufDecoder::FastHufDecoder * OSS-fuzz [#24969](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24969) Invalid-enum-value in Imf_2_5::TypedAttribute<Imf_2_5::Envmap>::writeValueTo * OSS-fuzz [#25297](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297) Integer-overflow in Imf_2_5::calculateNumTiles * OSS-fuzz [#24787](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787) Undefined-shift in Imf_2_5::unpack14 * OSS-fuzz [#25326](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25326) Out-of-memory in openexr_scanlines_fuzzer * OSS-fuzz [#25399](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25399) Heap-buffer-overflow in Imf_2_5::FastHufDecoder::FastHufDecoder * OSS-fuzz [#25415](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25415) Abrt in __cxxabiv1::failed_throw * OSS-fuzz [#25370](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370) Out-of-memory in openexr_exrenvmap_fuzzer * OSS-fuzz [#25501](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25501) Out-of-memory in openexr_scanlines_fuzzer * OSS-fuzz [#25505](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505) Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer * OSS-fuzz [#25562](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562) Integer-overflow in Imf_2_5::hufUncompress * OSS-fuzz [#25740](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740) Null-dereference READ in Imf_2_5::Header::operator * OSS-fuzz [#25743](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25743) Null-dereference in Imf_2_5::MultiPartInputFile::header * OSS-fuzz [#25913](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913) Out-of-memory in openexr_exrenvmap_fuzzer * OSS-fuzz [#26229](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26229) Undefined-shift in Imf_2_5::hufDecode * OSS-fuzz [#26658](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26658) Out-of-memory in openexr_scanlines_fuzzer * OSS-fuzz [#26956](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956) Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts * OSS-fuzz [#27409](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409) Out-of-memory in openexr_exrcheck_fuzzer * OSS-fuzz [#25892](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25892) Divide-by-zero in Imf_2_5::calculateNumTiles * OSS-fuzz [#25894](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894) Floating-point-exception in Imf_2_5::precalculateTileInfot
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f49c50e51da2ea663ee68a683c07ae97f682f20 commit 0f49c50e51da2ea663ee68a683c07ae97f682f20 Author: Bernd Waibel <waebbl@gmail.com> AuthorDate: 2021-01-03 09:50:25 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-01-24 01:48:05 +0000 media-libs/openexr: bump to 2.5.4 Bug: https://bugs.gentoo.org/656680 Bug: https://bugs.gentoo.org/762862 Bug: https://bugs.gentoo.org/746794 Closes: https://bugs.gentoo.org/762901 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Bernd Waibel <waebbl@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> media-libs/openexr/Manifest | 1 + media-libs/openexr/openexr-2.5.4.ebuild | 62 +++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3879f7d07fd0e99b3dc26e63f1134ac202a6dd1a commit 3879f7d07fd0e99b3dc26e63f1134ac202a6dd1a Author: Bernd Waibel <waebbl@gmail.com> AuthorDate: 2021-01-02 22:26:42 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-01-24 01:48:04 +0000 media-libs/ilmbase: bump to 2.5.4 Bug: https://bugs.gentoo.org/746794 Bug: https://bugs.gentoo.org/762862 Bug: https://bugs.gentoo.org/762901 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Bernd Waibel <waebbl@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> media-libs/ilmbase/Manifest | 1 + ...2.5.4-0001-disable-failing-test-on-x86_32.patch | 24 +++++++++++++ media-libs/ilmbase/ilmbase-2.5.4.ebuild | 42 ++++++++++++++++++++++ 3 files changed, 67 insertions(+)
Thanks for merging. I give it a week to see whether any issues pop up, before opening a stablereq.
(In reply to Bernd from comment #2) > Thanks for merging. I give it a week to see whether any issues pop up, > before opening a stablereq. Ready? Let’s stabilise in this bug
(In reply to Sam James from comment #3) > (In reply to Bernd from comment #2) > > Thanks for merging. I give it a week to see whether any issues pop up, > > before opening a stablereq. > > Ready? Let’s stabilise in this bug Yes, perfect timing. I had it on my todo for this weekend.
(In reply to Bernd from comment #4) > (In reply to Sam James from comment #3) > > (In reply to Bernd from comment #2) > > > Thanks for merging. I give it a week to see whether any issues pop up, > > > before opening a stablereq. > > > > Ready? Let’s stabilise in this bug > > Yes, perfect timing. I had it on my todo for this weekend. Awesome! Any chance you can offer input on the impact of these vulnerabilities? DoS, RCE, etc?
could you please also add dev-python/pyilmbase? It's part of the suite. (In reply to John Helmert III (ajak) from comment #5) > Awesome! Any chance you can offer input on the impact of these > vulnerabilities? DoS, RCE, etc? Only what's available in their release notes. Please see https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md and search for Security. All versions from 2.3.0 up are relevant.
hppa/sparc stable
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=00ce4f7721d0c886ba613dbe3d5c67f7361f1934 commit 00ce4f7721d0c886ba613dbe3d5c67f7361f1934 Author: Bernd Waibel <waebbl-gentoo@posteo.net> AuthorDate: 2021-02-27 14:25:14 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-02-27 16:37:15 +0000 media-libs/openexr: drop 2.5.4 Security cleanup. Bug: https://bugs.gentoo.org/770229 Bug: https://bugs.gentoo.org/762862 Package-Manager: Portage-3.0.15, Repoman-3.0.2 Signed-off-by: Bernd Waibel <waebbl-gentoo@posteo.net> Signed-off-by: Sam James <sam@gentoo.org> media-libs/openexr/Manifest | 1 - media-libs/openexr/openexr-2.5.4.ebuild | 62 --------------------------------- 2 files changed, 63 deletions(-)
This PR should finish the cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=58d2ffc5446d020cde8d473c32485ad5f2e4c6f1 commit 58d2ffc5446d020cde8d473c32485ad5f2e4c6f1 Author: Bernd Waibel <waebbl-gentoo@posteo.net> AuthorDate: 2021-03-26 16:46:35 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-03-31 06:29:14 +0000 media-libs/openexr: drop 2.3.0 Security cleanup Bug: https://bugs.gentoo.org/770229 Bug: https://bugs.gentoo.org/762862 Bug: https://bugs.gentoo.org/746794 Bug: https://bugs.gentoo.org/717474 Bug: https://bugs.gentoo.org/656680 Package-Manager: Portage-3.0.17, Repoman-3.0.2 Signed-off-by: Bernd Waibel <waebbl-gentoo@posteo.net> Signed-off-by: Joonas Niilola <juippis@gentoo.org> media-libs/openexr/Manifest | 1 - ...penexr-2.2.0-Install-missing-header-files.patch | 60 ----------- .../openexr-2.2.0-fix-config.h-collision.patch | 43 -------- .../openexr-2.2.0-fix-cpuid-on-abi_x86_32.patch | 75 ------------- .../openexr/files/openexr-2.3.0-bigendian.patch | 71 ------------- .../openexr/files/openexr-2.3.0-bigendian2.patch | 17 --- .../openexr/files/openexr-2.3.0-fix-bashisms.patch | 117 --------------------- .../files/openexr-2.3.0-fix-build-system.patch | 68 ------------ .../files/openexr-2.3.0-skip-bogus-tests.patch | 31 ------ .../files/openexr-2.3.0-tests-32bits-2.patch | 17 --- .../openexr/files/openexr-2.3.0-tests-32bits.patch | 36 ------- media-libs/openexr/openexr-2.3.0.ebuild | 79 -------------- 12 files changed, 615 deletions(-)
GLSA request filed.
This issue was resolved and addressed in GLSA 202107-27 at https://security.gentoo.org/glsa/202107-27 by GLSA coordinator John Helmert III (ajak).
