!23 fix CVE-2021-3598
From: @wang_yue111 Reviewed-by: @jackie_wu123,@small_leek Signed-off-by: @small_leek
This commit is contained in:
openeuler-ci-bot
Gitee
commit
7920b76342
26
CVE-2021-3598.patch
Normal file
26
CVE-2021-3598.patch
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
From e2667ae1a3ff8a9fce730e61129868b326abb3f5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: peterhillman <peterh@wetafx.co.nz>
|
||||||
|
Date: Fri, 4 Jun 2021 11:13:49 +1200
|
||||||
|
Subject: [PATCH] verify data size in deepscanlines with NO_COMPRESSION (#1037)
|
||||||
|
|
||||||
|
Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
|
||||||
|
---
|
||||||
|
IlmImf/ImfDeepScanLineInputFile.cpp | 5 +++++
|
||||||
|
1 file changed, 5 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/IlmImf/ImfDeepScanLineInputFile.cpp b/IlmImf/ImfDeepScanLineInputFile.cpp
|
||||||
|
index 5f0f43989..ead43c729 100644
|
||||||
|
--- a/IlmImf/ImfDeepScanLineInputFile.cpp
|
||||||
|
+++ b/IlmImf/ImfDeepScanLineInputFile.cpp
|
||||||
|
@@ -647,6 +647,11 @@ LineBufferTask::execute ()
|
||||||
|
|
||||||
|
_lineBuffer->format = Compressor::XDR;
|
||||||
|
_lineBuffer->uncompressedData = _lineBuffer->buffer;
|
||||||
|
+
|
||||||
|
+ if(_lineBuffer->packedDataSize!=maxBytesPerLine)
|
||||||
|
+ {
|
||||||
|
+ THROW (IEX_NAMESPACE::InputExc, "Incorrect size for uncompressed data. Expected " << maxBytesPerLine << " got " << _lineBuffer->packedDataSize << " bytes");
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@ -1,7 +1,7 @@
|
|||||||
Name: OpenEXR
|
Name: OpenEXR
|
||||||
Summary: A high dynamic-range (HDR) image file format for use in computer imaging applications
|
Summary: A high dynamic-range (HDR) image file format for use in computer imaging applications
|
||||||
Version: 2.2.0
|
Version: 2.2.0
|
||||||
Release: 20
|
Release: 21
|
||||||
License: BSD
|
License: BSD
|
||||||
URL: http://www.openexr.com/
|
URL: http://www.openexr.com/
|
||||||
Source0: http://download.savannah.nongnu.org/releases/openexr/openexr-%{version}.tar.gz
|
Source0: http://download.savannah.nongnu.org/releases/openexr/openexr-%{version}.tar.gz
|
||||||
@ -23,6 +23,7 @@ Patch0013: CVE-2021-3475.patch
|
|||||||
Patch0014: CVE-2021-23215.patch
|
Patch0014: CVE-2021-23215.patch
|
||||||
Patch0015: CVE-2021-23169.patch
|
Patch0015: CVE-2021-23169.patch
|
||||||
Patch0016: CVE-2021-26260.patch
|
Patch0016: CVE-2021-26260.patch
|
||||||
|
Patch0017: CVE-2021-3598.patch
|
||||||
|
|
||||||
BuildConflicts: %{name}-devel < 2.2.0
|
BuildConflicts: %{name}-devel < 2.2.0
|
||||||
BuildRequires: gcc-c++ ilmbase-devel >= %{version} zlib-devel pkgconfig
|
BuildRequires: gcc-c++ ilmbase-devel >= %{version} zlib-devel pkgconfig
|
||||||
@ -86,6 +87,9 @@ test "$(pkg-config --modversion OpenEXR)" = "%{version}"
|
|||||||
%{_libdir}/pkgconfig/OpenEXR.pc
|
%{_libdir}/pkgconfig/OpenEXR.pc
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Jul 10 2021 wangyue <wangyue92@huawei.com> - 2.2.0-21
|
||||||
|
- fix CVE-2021-3598
|
||||||
|
|
||||||
* Tue Jun 22 2021 houyingchao <houyingchao@huawei.com> - 2.2.0-20
|
* Tue Jun 22 2021 houyingchao <houyingchao@huawei.com> - 2.2.0-20
|
||||||
- fix CVE-2021-23215 CVE-2021-23169 CVE-2021-26260
|
- fix CVE-2021-23215 CVE-2021-23169 CVE-2021-26260
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user