Summary: | <media-libs/openexr-2.5.6: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Bernd <waebbl-gentoo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | media-video, proxy-maint |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | Flags: | nattka:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/AcademySoftwareFoundation/openexr/blob/RB-2.5/CHANGES.md#version-256-may-17-2021 | ||
See Also: |
https://github.com/gentoo/gentoo/pull/19964 https://github.com/gentoo/gentoo/pull/20899 https://github.com/gentoo/gentoo/pull/21373 https://github.com/gentoo/gentoo/pull/21582 |
||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
media-libs/openexr-2.5.6
media-libs/ilmbase-2.5.6
dev-python/pyilmbase-2.5.6 amd64
|
Runtime testing required: | --- |
Bug Depends on: | 776805 | ||
Bug Blocks: | 770229 |
Description
Bernd
2021-03-17 06:35:12 UTC
We don't put the version in the summary until a fixed version is in tree. It doesn't look like 3.0.0 is released upstream anyway, either. The 3.0.0-beta has been released as a pre-release, see https://github.com/AcademySoftwareFoundation/openexr/releases (In reply to Bernd from comment #2) > The 3.0.0-beta has been released as a pre-release, see > https://github.com/AcademySoftwareFoundation/openexr/releases Yeah, and if it was merged to ::gentoo right now then that still wouldn't be the 3.0.0 that was in the summary. 3.0.1 is released, maybe a proper candidate for packaging? Also seems a few CVEs have been assigned to some of this issues. (In reply to John Helmert III from comment #4) > 3.0.1 is released, maybe a proper candidate for packaging? See PR #19964 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1bbe14fe858980251f702b71491303041623014b commit 1bbe14fe858980251f702b71491303041623014b Author: Bernd Waibel <waebbl-gentoo@posteo.net> AuthorDate: 2021-03-30 05:29:31 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-05-04 22:02:16 +0000 media-libs/openexr: bump to 3.0.1 Security fixes Bug: https://bugs.gentoo.org/776808 Closes: https://bugs.gentoo.org/776805 Package-Manager: Portage-3.0.17, Repoman-3.0.2 Signed-off-by: Bernd Waibel <waebbl-gentoo@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/19964 Signed-off-by: Sam James <sam@gentoo.org> media-libs/openexr/Manifest | 1 + media-libs/openexr/metadata.xml | 5 ++- media-libs/openexr/openexr-3.0.1.ebuild | 65 +++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+), 1 deletion(-) Thanks! Let us know when ready. Sanity check failed:
> media-libs/openexr-3.0.1
> depend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
> dev-libs/imath:=
> depend amd64 stable profile default/linux/amd64/17.1 (26 total)
> dev-libs/imath:=
> rdepend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
> dev-libs/imath:=
> rdepend amd64 stable profile default/linux/amd64/17.1 (26 total)
> dev-libs/imath:=
Thanks for merging Sam. Do we have to look at the many revdeps before going stable? Or do we handle those individually and independently of stabilization, once build failures are coming up? (In reply to Bernd from comment #9) > Thanks for merging Sam. > Do we have to look at the many revdeps before going stable? Or do we handle > those individually and independently of stabilization, once build failures > are coming up? The stabilization process includes testing few revdeps. https://qa-reports.gentoo.org/output/genrdeps/dindex/media-libs/openexr this isn't a huge list, I could maybe launch a test off right away. # emerge -1av media-libs/openexr These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild N ] dev-libs/imath-3.0.1:0/27::gentoo USE="-doc -large-stack -python -static-libs -test" PYTHON_SINGLE_TARGET="python3_8 -python3_9" 516 KiB [ebuild N ] media-libs/openexr-3.0.1:0/27::gentoo USE="-doc -examples -large-stack -static-libs -test -threads -utils" ABI_X86="32 (64) (-x32)" CPU_FLAGS_X86="avx" 24473 KiB Total: 2 packages (2 new), Size of downloads: 24988 KiB Would you like to merge these packages? [Yes/No] y >>> Verifying ebuild manifests >>> Emerging (1 of 2) dev-libs/imath-3.0.1::gentoo >>> Installing (1 of 2) dev-libs/imath-3.0.1::gentoo >>> Emerging (2 of 2) media-libs/openexr-3.0.1::gentoo >>> Failed to emerge media-libs/openexr-3.0.1, Log file: >>> '/var/tmp/portage/media-libs/openexr-3.0.1/temp/build.log' >>> Jobs: 1 of 2 complete, 1 failed Load avg: 0.22, 0.05, 0.02 * Package: media-libs/openexr-3.0.1 * Repository: gentoo * Maintainer: waebbl-gentoo@posteo.net proxy-maint@gentoo.org,media-video@gentoo.org * USE: abi_x86_32 abi_x86_64 amd64 cpu_flags_x86_avx elibc_glibc kernel_linux userland_GNU * FEATURES: network-sandbox preserve-libs sandbox userpriv usersandbox >>> Unpacking source... >>> Unpacking openexr-3.0.1.tar.gz to /var/tmp/portage/media-libs/openexr-3.0.1/work >>> Source unpacked in /var/tmp/portage/media-libs/openexr-3.0.1/work >>> Preparing source in /var/tmp/portage/media-libs/openexr-3.0.1/work/openexr-3.0.1 ... * Working in BUILD_DIR: "/var/tmp/portage/media-libs/openexr-3.0.1/work/openexr-3.0.1_build" >>> Source prepared. >>> Configuring source in /var/tmp/portage/media-libs/openexr-3.0.1/work/openexr-3.0.1 ... * abi_x86_32.x86: running multilib-minimal_abi_src_configure * Working in BUILD_DIR: "/var/tmp/portage/media-libs/openexr-3.0.1/work/openexr-3.0.1_build-abi_x86_32.x86" cmake -C /var/tmp/portage/media-libs/openexr-3.0.1/work/openexr-3.0.1_build-abi_x86_32.x86/gentoo_common_config.cmake -G Ninja -DCMAKE_INSTALL_PREFIX=/usr -DBUILD_SHARED_LIBS=yes -DBUILD_TESTING=no -DOPENEXR_BUILD_UTILS=no -DOPENEXR_ENABLE_LARGE_STACK=no -DOPENEXR_ENABLE_THREADING=no -DOPENEXR_INSTALL_EXAMPLES=no -DOPENEXR_INSTALL_PKG_CONFIG=ON -DOPENEXR_INSTALL_TOOLS=no -DOPENEXR_USE_CLANG_TIDY=OFF -DCMAKE_BUILD_TYPE=Gentoo -DCMAKE_TOOLCHAIN_FILE=/var/tmp/portage/media-libs/openexr-3.0.1/work/openexr-3.0.1_build-abi_x86_32.x86/gentoo_toolchain.cmake /var/tmp/portage/media-libs/openexr-3.0.1/work/openexr-3.0.1 loading initial cache file /var/tmp/portage/media-libs/openexr-3.0.1/work/openexr-3.0.1_build-abi_x86_32.x86/gentoo_common_config.cmake -- Configure OpenEXR Version: 3.0.1 Lib API: 27.0.0 -- The C compiler identification is GNU 11.1.0 -- The CXX compiler identification is GNU 11.1.0 -- Detecting C compiler ABI info -- Detecting C compiler ABI info - done -- Check for working C compiler: /usr/bin/x86_64-pc-linux-gnu-gcc - skipped -- Detecting C compile features -- Detecting C compile features - done -- Detecting CXX compiler ABI info -- Detecting CXX compiler ABI info - done -- Check for working CXX compiler: /usr/bin/x86_64-pc-linux-gnu-g++ - skipped -- Detecting CXX compile features -- Detecting CXX compile features - done -- Imath was not found, installing from https://github.com/AcademySoftwareFoundation/Imath.git (v3.0.1) [1/9] Creating directories for 'imath-populate' [1/9] Performing download step (git clone) for 'imath-populate' Cloning into 'imath-src'... fatal: unable to access 'https://github.com/AcademySoftwareFoundation/Imath.git/': Could not resolve host: github.com Cloning into 'imath-src'... fatal: unable to access 'https://github.com/AcademySoftwareFoundation/Imath.git/': Could not resolve host: github.com Cloning into 'imath-src'... fatal: unable to access 'https://github.com/AcademySoftwareFoundation/Imath.git/': Could not resolve host: github.com -- Had to git clone more than once: 3 times. CMake Error at imath-subbuild/imath-populate-prefix/tmp/imath-populate-gitclone.cmake:31 (message): Failed to clone repository: 'https://github.com/AcademySoftwareFoundation/Imath.git' FAILED: imath-populate-prefix/src/imath-populate-stamp/imath-populate-download cd /var/tmp/portage/media-libs/openexr-3.0.1/work/openexr-3.0.1_build-abi_x86_32.x86/_deps && /usr/bin/cmake -P /var/tmp/portage/media-libs/openexr-3.0.1/work/openexr-3.0.1_build-abi_x86_32.x86/_deps/imath-subbuild/imath-populate-prefix/tmp/imath-populate-gitclone.cmake && /usr/bin/cmake -E touch /var/tmp/portage/media-libs/openexr-3.0.1/work/openexr-3.0.1_build-abi_x86_32.x86/_deps/imath-subbuild/imath-populate-prefix/src/imath-populate-stamp/imath-populate-download ninja: build stopped: subcommand failed. CMake Error at /usr/share/cmake/Modules/FetchContent.cmake:1012 (message): Build step for imath failed: 1 Call Stack (most recent call first): /usr/share/cmake/Modules/FetchContent.cmake:1141:EVAL:2 (__FetchContent_directPopulate) /usr/share/cmake/Modules/FetchContent.cmake:1141 (cmake_language) cmake/OpenEXRSetup.cmake:276 (FetchContent_Populate) CMakeLists.txt:33 (include) -- Configuring incomplete, errors occurred! See also "/var/tmp/portage/media-libs/openexr-3.0.1/work/openexr-3.0.1_build-abi_x86_32.x86/CMakeFiles/CMakeOutput.log". * ERROR: media-libs/openexr-3.0.1::gentoo failed (configure phase): * cmake failed * * Call stack: * ebuild.sh, line 125: Called src_configure * environment, line 2543: Called cmake-multilib_src_configure * environment, line 664: Called multilib-minimal_src_configure * environment, line 1886: Called multilib_foreach_abi 'multilib-minimal_abi_src_configure' * environment, line 2139: Called multibuild_foreach_variant '_multilib_multibuild_wrapper' 'multilib-minimal_abi_src_configure' * environment, line 1816: Called _multibuild_run '_multilib_multibuild_wrapper' 'multilib-minimal_abi_src_configure' * environment, line 1814: Called _multilib_multibuild_wrapper 'multilib-minimal_abi_src_configure' * environment, line 442: Called multilib-minimal_abi_src_configure * environment, line 1880: Called multilib_src_configure * environment, line 2356: Called cmake_src_configure * environment, line 919: Called die * The specific snippet of code: * "${CMAKE_BINARY}" "${cmakeargs[@]}" "${CMAKE_USE_DIR}" || die "cmake failed"; * * If you need support, post the output of `emerge --info '=media-libs/openexr-3.0.1::gentoo'`, * the complete build log and the output of `emerge -pqv '=media-libs/openexr-3.0.1::gentoo'`. * The complete build log is located at '/var/tmp/portage/media-libs/openexr-3.0.1/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/media-libs/openexr-3.0.1/temp/environment'. * Working directory: '/var/tmp/portage/media-libs/openexr-3.0.1/work/openexr-3.0.1_build-abi_x86_32.x86' * S: '/var/tmp/portage/media-libs/openexr-3.0.1/work/openexr-3.0.1' * Messages for package media-libs/openexr-3.0.1: * ERROR: media-libs/openexr-3.0.1::gentoo failed (configure phase): * cmake failed * * Call stack: * ebuild.sh, line 125: Called src_configure * environment, line 2543: Called cmake-multilib_src_configure * environment, line 664: Called multilib-minimal_src_configure * environment, line 1886: Called multilib_foreach_abi 'multilib-minimal_abi_src_configure' * environment, line 2139: Called multibuild_foreach_variant '_multilib_multibuild_wrapper' 'multilib-minimal_abi_src_configure' * environment, line 1816: Called _multibuild_run '_multilib_multibuild_wrapper' 'multilib-minimal_abi_src_configure' * environment, line 1814: Called _multilib_multibuild_wrapper 'multilib-minimal_abi_src_configure' * environment, line 442: Called multilib-minimal_abi_src_configure * environment, line 1880: Called multilib_src_configure * environment, line 2356: Called cmake_src_configure * environment, line 919: Called die * The specific snippet of code: * "${CMAKE_BINARY}" "${cmakeargs[@]}" "${CMAKE_USE_DIR}" || die "cmake failed"; * * If you need support, post the output of `emerge --info '=media-libs/openexr-3.0.1::gentoo'`, * the complete build log and the output of `emerge -pqv '=media-libs/openexr-3.0.1::gentoo'`. * The complete build log is located at '/var/tmp/portage/media-libs/openexr-3.0.1/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/media-libs/openexr-3.0.1/temp/environment'. * Working directory: '/var/tmp/portage/media-libs/openexr-3.0.1/work/openexr-3.0.1_build-abi_x86_32.x86' * S: '/var/tmp/portage/media-libs/openexr-3.0.1/work/openexr-3.0.1' # emerge --info media-libs/openexr Portage 3.0.18 (python 3.9.5-final-0, default/linux/amd64/17.1, gcc-11.1.0, glibc-2.33, 5.11.0-pf8 x86_64) ================================================================= System Settings ================================================================= System uname: Linux-5.11.0-pf8-x86_64-AMD_Ryzen_7_3700X_8-Core_Processor-with-glibc2.33 KiB Mem: 32863252 total, 32717524 free KiB Swap: 0 total, 0 free Timestamp of repository gentoo: Wed, 05 May 2021 01:50:11 +0000 Head commit of repository gentoo: cde9f4d4b551177f65e6ab7a679b8e2ba0070f73 sh bash 5.1_p8 ld GNU ld (Gentoo 2.36.1 p3) 2.36.1 app-shells/bash: 5.1_p8::gentoo dev-lang/perl: 5.32.1::gentoo dev-lang/python: 3.7.10_p3::gentoo, 3.8.10::gentoo, 3.9.5::gentoo dev-lang/rust-bin: 1.51.0::gentoo dev-util/cmake: 3.20.2::gentoo sys-apps/baselayout: 2.7-r2::gentoo sys-apps/openrc: 0.42.1-r1::gentoo sys-apps/sandbox: 2.24::gentoo sys-devel/autoconf: 2.13-r1::gentoo, 2.69-r5::gentoo sys-devel/automake: 1.16.3-r1::gentoo sys-devel/binutils: 2.36.1-r1::gentoo sys-devel/gcc: 10.3.0::gentoo, 11.1.0::gentoo sys-devel/gcc-config: 2.4::gentoo sys-devel/libtool: 2.4.6-r6::gentoo sys-devel/make: 4.3::gentoo sys-kernel/linux-headers: 5.12::gentoo (virtual/os-headers) sys-libs/glibc: 2.33::gentoo Repositories: gentoo location: /var/db/repos/gentoo sync-type: git sync-uri: https://anongit.gentoo.org/git/repo/sync/gentoo.git priority: -1000 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/var/cache/distfiles" EMERGE_DEFAULT_OPTS="--jobs=8 --usepkg --binpkg-respect-use=n --autounmask=y --autounmask-write --autounmask-continue --autounmask-use=y" ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-march=native -O2 -pipe" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch parallel-install pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict strict-keepdir unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-march=native -O2 -pipe" GENTOO_MIRRORS="https://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/" LANG="C.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS=" en en_US en-US fi sv " MAKEOPTS="-j16 -l10" PKGDIR="/var/cache/binpkgs" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="X acl amd64 berkdb bzip2 cli crypt dbus dri elogind fortran gdbm iconv ipv6 libglvnd libtirpc multilib ncurses nptl openmp openrc pam pcre readline seccomp split-usr ssl tcpd udev unicode xattr zlib" ABI_X86="64 32" ADA_TARGET="gnat_2018" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt sha sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev joystick" KERNEL="linux" L10N="en en_US en-US fi sv" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LLVM_TARGETS="AMDGPU BPF" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-3 php7-4" POSTGRES_TARGETS="postgres10 postgres11" PYTHON_SINGLE_TARGET="python3_8" PYTHON_TARGETS="pypy3 python3_7 python3_8 python3_9" RUBY_TARGETS="ruby26" SANE_BACKENDS="pixma" USERLAND="GNU" VIDEO_CARDS="amdgpu radeonsi" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RUSTFLAGS Oh well. I think you’ve hit that because imath isn’t multilib. Anyway, this belongs in a new bug. (And to confirm, it happens on stable amd64 too, I have multilib enabled for testing purposes there too) (In reply to Bernd from comment #9) > Thanks for merging Sam. No problem, thanks for being patient! > Do we have to look at the many revdeps before going stable? Or do we handle > those individually and independently of stabilization, once build failures > are coming up? We will let it soak in ~arch for a while and mask if anything serious seems broken. Of course as juippis says, someone testing rdeps would be neat too. (In reply to Sam James from comment #12) > I think you’ve hit that because imath isn’t multilib. Anyway, this belongs > in a new bug. (As in, we need to shove multilib on imath then adjust the dep) Yes this looks like a multilib issue. Do you open a new bug Joonas? Else I bring up one myself later this day after work. I take a look into the multilib awareness of imath starting Friday and in the process look at some of the revdeps too. Unable to check for sanity:
> package masked: media-libs/openexr-3.0.1
Today I received the message from upstreams ML, that they want to backport fixes for above CVE's to a 2.5.6 release. Because I'm not able, so far, to add multilib support to dev-libs/imath, I'm thinking about checking, whether both releases can be installed side by side and moving them to separate slots. In theory this should be possible, and would relax the multilib issue with release 3 a little and also the big effort of porting all revdeps to release 3. The message says: A regression was recently discovered in OpenEXR 2.4.2, a bug in Imath::succf() and Imath::predf(). Also, several CVE's have been filed for issues that are addressed in 3.0.1 but still present in 2.4 and 2.5, so I'm going to patch those releases: v2.4.3:[...] v2.5.6: fix for the Imath::succf()/Imath::predf() regression fixes for CVE-2021-3474, CVE-2021-34745, CVE-2021-3476, CVE-2021-3477, CVE-2021-3478, CVE-2021-34789, CVE-2021-20296 See https://lists.aswf.io/g/openexr-dev/message/4859?p=,,,20,0,0,0::created,0,,1,2,0,4859 After mailing with one of the upstream devs, the CVE's have actually been fixed with 2.5.4 already[1]. So I think, there's no need to stabilize this quickly. Instead we need to merge this with bug #770229. I will continue checking the possibility of make slotted installations of both release 2 and release 3 versions. [1]https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md (In reply to Bernd from comment #19) > After mailing with one of the upstream devs, the CVE's have actually been > fixed with 2.5.4 already[1]. So I think, there's no need to stabilize this > quickly. Instead we need to merge this with bug #770229. > > I will continue checking the possibility of make slotted installations of > both release 2 and release 3 versions. > > [1]https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY. > md Thank you! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e719b19ac0d518305ec3ca9cef56cb8741742b1 commit 0e719b19ac0d518305ec3ca9cef56cb8741742b1 Author: Bernd Waibel <waebbl-gentoo@posteo.net> AuthorDate: 2021-05-19 21:41:38 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-06-01 00:27:50 +0000 media-libs/openexr: bump to 2.5.6 Bug: https://bugs.gentoo.org/791136 Bug: https://bugs.gentoo.org/776808 Bug: https://bugs.gentoo.org/770229 Bug: https://bugs.gentoo.org/656680 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Bernd Waibel <waebbl-gentoo@posteo.net> Signed-off-by: Sam James <sam@gentoo.org> media-libs/openexr/Manifest | 1 + media-libs/openexr/openexr-2.5.6.ebuild | 61 +++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) Is 2.5.6 a better stable target than 3.0.1? Short-term I would say yes. Only a few consumers are already supporting imath/openexr-3 from what I've seen so far. Let's use that then, I guess. Let us know when it's ready to stable. Sanity check failed:
> media-libs/openexr-2.5.6
> depend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
> ~media-libs/ilmbase-2.5.6:=[abi_x86_32(-),abi_x86_64(-),abi_x86_x32(-),static-libs]
> depend amd64 stable profile default/linux/amd64/17.1 (12 total)
> ~media-libs/ilmbase-2.5.6:=[abi_x86_32(-),abi_x86_64(-),static-libs]
> depend amd64 stable profile default/linux/amd64/17.1/no-multilib (3 total)
> ~media-libs/ilmbase-2.5.6:=[abi_x86_64(-),static-libs]
> rdepend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
> ~media-libs/ilmbase-2.5.6:=[abi_x86_32(-),abi_x86_64(-),abi_x86_x32(-),static-libs]
> rdepend amd64 stable profile default/linux/amd64/17.1 (12 total)
> ~media-libs/ilmbase-2.5.6:=[abi_x86_32(-),abi_x86_64(-),static-libs]
> rdepend amd64 stable profile default/linux/amd64/17.1/no-multilib (3 total)
> ~media-libs/ilmbase-2.5.6:=[abi_x86_64(-),static-libs]
> depend arm64 stable profile default/linux/arm64/17.0 (39 total)
> ~media-libs/ilmbase-2.5.6:=[static-libs]
> rdepend arm64 stable profile default/linux/arm64/17.0 (39 total)
> ~media-libs/ilmbase-2.5.6:=[static-libs]
> depend ppc64 dev profile default/linux/ppc64le/17.0/desktop/gnome (4 total)
> ~media-libs/ilmbase-2.5.6:=[static-libs]
> rdepend ppc64 dev profile default/linux/ppc64le/17.0/desktop/gnome (4 total)
> ~media-libs/ilmbase-2.5.6:=[static-libs]
> depend x86 stable profile default/linux/x86/17.0 (11 total)
> ~media-libs/ilmbase-2.5.6:=[abi_x86_32(-),static-libs]
> rdepend x86 stable profile default/linux/x86/17.0 (11 total)
> ~media-libs/ilmbase-2.5.6:=[abi_x86_32(-),static-libs]
We should pyilmbase to this too, as it's part of the release for versions <3. I think, the suffix on ilmbase in the package list should be * instead of ^ or am I wrong? The changes from 2.5.5 to 2.5.6 is only one fix (see the updated URL) and 2.5.5 is in the tree for some time, so I think we can start stabilization immediately. Oh one more point. Stabilization on sparc will probably fail due to a failing test, c.f. https://bugs.gentoo.org/656680#c19 I'm looking to add a patch for this. (In reply to Bernd from comment #26) > We should pyilmbase to this too, as it's part of the release for versions > <3. I think, the suffix on ilmbase in the package list should be * instead > of ^ or am I wrong? > Sounds right to me! > The changes from 2.5.5 to 2.5.6 is only one fix (see the updated URL) and > 2.5.5 is in the tree for some time, so I think we can start stabilization > immediately. Let's go. sparc isn't a regression so I don't think we need to wait. x86 done amd64 done arm64 done sparc stable commit 20f7cae0a56ba36a0562ddc7e14410e0eeed02b9 Author: Rolf Eike Beer <eike@sf-mail.de> Date: Thu Jun 17 17:01:17 2021 +0200 media-libs/openexr: stable 2.5.6 for hppa, bug #776808 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=075636aa0f50bf863c6185af87942ee1eca5e044 commit 075636aa0f50bf863c6185af87942ee1eca5e044 Author: Bernd Waibel <waebbl-gentoo@posteo.net> AuthorDate: 2021-06-21 22:38:44 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-06-22 18:35:06 +0000 media-libs/openexr: bump to 2.5.7 Closes: https://bugs.gentoo.org/656680 Bug: https://bugs.gentoo.org/776808 Bug: https://bugs.gentoo.org/787452 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Bernd Waibel <waebbl-gentoo@posteo.net> Signed-off-by: Sam James <sam@gentoo.org> media-libs/openexr/Manifest | 1 + ...nexr-2.5.7-0001-disable-testRgba-on-sparc.patch | 31 ++++++++++ media-libs/openexr/openexr-2.5.7.ebuild | 68 ++++++++++++++++++++++ 3 files changed, 100 insertions(+) ppc done ppc64 done all arches done The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5995fad1ec2cb2ac11e9c471be1778e6e0464426 commit 5995fad1ec2cb2ac11e9c471be1778e6e0464426 Author: Bernd Waibel <waebbl-gentoo@posteo.net> AuthorDate: 2021-07-10 09:13:52 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-07-10 12:37:09 +0000 media-libs/openexr: drop 2.5.5 Security cleanup Bug: https://bugs.gentoo.org/776808 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Bernd Waibel <waebbl-gentoo@posteo.net> Signed-off-by: John Helmert III <ajak@gentoo.org> media-libs/openexr/Manifest | 1 - media-libs/openexr/openexr-2.5.5.ebuild | 62 --------------------------------- 2 files changed, 63 deletions(-) GLSA request filed. This issue was resolved and addressed in GLSA 202107-27 at https://security.gentoo.org/glsa/202107-27 by GLSA coordinator John Helmert III (ajak). |