OpenEXR v2.5.3 Release Notes
Release Date: 2020-08-12 // 7 months ago-
π Patch release with various bug/security fixes and build/install fixes, plus a performance optimization:
Summary
- Various sanitizer/fuzz-identified issues related to handling of invalid input
- π Fixes to misc compiler warnings
- π Cmake fix for building on arm64 macOS (#772)
- π Read performance optimization (#782)
- π Fix for building on non-glibc (#798)
- π Fixes to tests
π Merged Pull Requests
- π 812 free memory if precalculateTileInfo throws
- 809 Avoid integer overflow in calculateNumTiles()
- 806 suppress clang undefined behavior sanitizer in EnvmapAttribute::copyValuesFrom()
- π 805 remove extraneous vector allocation in getScanlineChunkOffsetTableSize
- 804 prevent invalid tile description enums
- β 803 Fix stack corruption in Matrix tests
- 801 prevent invalid Compression enum values being read from file
- π 798 IexMathFpu.cpp: Fix build on non-glibc (e.g. musl libc)
- 795 prevent invalid values in LineOrder enum
- 794 suppress clang undefined behavior sanitizer in DeepImageStateAttribute::copyValuesFrom()
- 793 sanityCheckDisplayWindow() ensures that width and height don't cause integer overflow
- 792 cast signed chars to unsigned longs before left shift in Xdr::read of signed long
- 788 use 64 bit computation in chunk offset table reconstruction
- 787 change sanity check in stringvectorattribute to prevent overflow
- 785 prevent invalid values in Channel's PixelType enum
- 784 sanity check preview attribute sizes
- 783 explicitly cast signed chars to unsigned before bitwise left shift in Xdr::read()
- β»οΈ 782 refactor: use local loop variable in copyFromFrameBuffer
- 778 Sanity check stringvector size fields on read
- β 777 IlmImfFuzzTest reports incorrect test names and missing files as errors
- π¦ 775 Removes overridden find_package in CMakeLists.txt
- 772 Disable OPENEXR_IMF_HAVE_GCC_INLINE_ASM_AVX when building on arm64 macOS
- β 770 IlmImf: Fix clang compiler warnings
- 738 always ignore chunkCount attribute unless it cannot be computed #738
π² Commits [ git log v2.5.2...v2.5.3]
- π 425c104f free memory if precalculateTileInfo throws ([Peter Hillman](@[email protected]) 2020-08-10)
- 7212e337 Set LIBTOOL_VERSION to 25:2:0 for 2.5.3 ([Cary Phillips](@[email protected]) 2020-08-09)
- π 0b6d5185 Release notes for 2.5.3 ([Cary Phillips](@[email protected]) 2020-08-09)
- 6b55722b Bump version to 2.5.3 and LIBTOOL_CURRENT to 26 ([Cary Phillips](@[email protected]) 2020-08-09)
- 40a7ed76 Change >= to > in overflow calculation ([Cary Phillips](@[email protected]) 2020-08-08)
- b10412d5 Avoid integer overflow in calculateNumTiles() ([Cary Phillips](@[email protected]) 2020-08-08)
- ed469311 reformatted references to CVEs in CHANGES.md ([Cary Phillips](@[email protected]) 2020-07-07)
- π f7c8a7a1 Add references to CVE-2020-15304, CVE-2020-15305, CVE-2020-15306 to SECURITY.md and CHANGES.md ([Cary Phillips](@[email protected]) 2020-07-07)
- π 0d226001 Add #755 to 2.4.2 release notes ([Cary Phillips](@[email protected]) 2020-06-13)
- π 4a4a4f4a Improved formatting of commits in release notes ([Cary Phillips](@[email protected]) 2020-06-11)
- π 9c42766b added merged PR's to v2.4.2 release notes. ([Cary Phillips](@[email protected]) 2020-06-11)
- π cc1809ed Release notes for v2.4.2 ([Cary Phillips](@[email protected]) 2020-06-11)
- π 7fe8d40d Remove non-code-related PR's and commits from v2.5.2 release notes. ([Cary Phillips](@[email protected]) 2020-06-11)
- π bc0b229c add commit history to release notes for v2.5.1 and v2.5.2 ([Cary Phillips](@[email protected]) 2020-06-11)
- ba76b8ca always ignore chunkCount attribute unless it cannot be computed (#738) ([peterhillman](@[email protected]) 2020-05-27)
- 81818f2a suppress clang undefined behavior sanitizer in EnvmapAttribute::copyValuesFrom() ([Peter Hillman](@[email protected]) 2020-08-07)
- 2f83442f allow undefined EnvMap enum values for future proofing ([Peter Hillman](@[email protected]) 2020-08-07)
- π 485b5fe4 remove extraneous vector allocation in getScanlineChunkOffsetTableSize ([Peter Hillman](@[email protected]) 2020-08-06)
- β»οΈ 7da32d3c refactor: use local loop variable in copyFromFrameBuffer ([Gyula Gubacsi](@[email protected]) 2020-07-14)
- 1ecaf4bd prevent invalid tile description enums ([Peter Hillman](@[email protected]) 2020-08-05)
- 88420f93 prevent invalid Compression enum values being read from file ([Peter Hillman](@[email protected]) 2020-07-31)
- 90736089 Fix out of bounds assignments ([Darby Johnston](@[email protected]) 2020-08-01)
- π 9752e70d IexMathFpu.cpp: Fix build on non-glibc (e.g. musl libc). ([Niklas HambΓΌchen](@[email protected]) 2020-07-30)
- 37e16a88 cast signed chars to unsigned longs before left shift in read of signed long ([Cary Phillips](@[email protected]) 2020-07-17)
- 02e1ac54 suppress clang undefined behavior sanitizer in DeepImageStateAttribute::copyValuesFrom() ([Cary Phillips](@[email protected]) 2020-07-22)
- π· bf3edf27 fixed CI and Analysis badges in README.md ([Cary Phillips](@[email protected]) 2020-07-16)
- 93e9f2ac prevent invalid values in LineOrder enum ([Cary Phillips](@[email protected]) 2020-07-22)
- π 6bb6257f fixed comment ([Cary Phillips](@[email protected]) 2020-07-20)
- 1a1e13fd sanityCheckDisplayWindow() ensures that width and height don't cause integer overflow ([Cary Phillips](@[email protected]) 2020-07-20)
- β 45e14fdf IlmImfFuzzTest reports incorrect test names and missing files as errors rather than silently succeeding. ([Cary Phillips](@[email protected]) 2020-07-09)
- a6bc10f5 use ll in chunk size computation ([Peter Hillman](@[email protected]) 2020-07-17)
- c6058144 use 64 bit computation in chunkoffsettable reconstruction ([Peter Hillman](@[email protected]) 2020-07-17)
- b33b1187 prevent invalid values in Channel's PixelType enum ([Peter Hillman](@[email protected]) 2020-07-16)
- b7b8a568 change sanity check in stringvectorattribute to prevent overflow (#787) ([peterhillman](@[email protected]) 2020-07-17)
- 09eadd12 cast signed chars to unsigned before bitwise left shift in Xdr::read() ([Cary Phillips](@[email protected]) 2020-07-14)
- 3cf874cb sanity check preview attribute sizes ([Peter Hillman](@[email protected]) 2020-07-15)
- 849c6776 Tidy whitespace in ImfStringVectorAttribute.cpp ([peterhillman](@[email protected]) 2020-07-10)
- fcaa1691 sanity check string vectors on read ([Peter Hillman](@[email protected]) 2020-07-10)
- π¦ 0d13c74a Removes overridden find_package in CMakeLists.txt in favor of reusing the generated config files and setting (IlmBase/OpenEXR)_DIR variables Overriding a cmake function is undocumented functionallity and only works one time. Better to avoid if possible. ([Peter Steneteg](@[email protected]) 2020-06-17)
- 1343c08a Cast to uintptr_t instead of size_t for mask ops on ptrs. ([Arkell Rasiah](@[email protected]) 2020-06-25)
- π 72de4c9e Switching to current c++ casting style. ([Arkell Rasiah](@[email protected]) 2020-06-24)
- β 9534e36d IlmImf: Fix misc compiler warnings. ([Arkell Rasiah](@[email protected]) 2020-06-23)
- 8e53ab8d Disable OPENEXR_IMF_HAVE_GCC_INLINE_ASM_AVX when building on arm64 macOS ([Yining Karl Li](@[email protected]) 2020-07-03)
- 67b1b88d Addresses PR#767: Removal of legacy .cvsignore files. ([Arkell Rasiah](@[email protected]) 2020-06-19)
- 801e5d87 Fix typo in README ([cia-rana](@[email protected]) 2020-06-15)
Previous changes from v2.5.2
-
π Patch release with various bug/security fixes and build/install fixes.
Summary
- π CVE-2020-15305 Invalid input could cause a heap-use-after-free error in DeepScanLineInputFile::DeepScanLineInputFile()
- CVE-2020-15306 Invalid chunkCount attributes could cause heap buffer overflow in getChunkOffsetTableSize()
- CVE-2020-15304 Invalid tiled input file could cause invalid memory access TiledInputFile::TiledInputFile()
- π¦ OpenEXRConfig.h now correctly sets OPENEXR_PACKAGE_STRING to "OpenEXR" (rather than "IlmBase")
- π Various Windows build fixes
π Merged Pull Requests
- π¦ 755 Fix OPENEXR_PACKAGE_NAME
- π 747 Fix the PyIlmBase tests for the autotools build
- 743 Applies OPENEXR_DLL only to shared libraries and no longer to static libraries
- π 742 Removes symlink creation under Windows
- 738 always ignore chunkCount attribute unless it cannot be computed
- π 733 added missing PyImathMatrix22.cpp to Makefile.am, for the autotools build
- 730 fix #728 - missing 'throw' in deepscanline error handling
- 727 check null pointer in broken tiled file handling
π² Commits [ git log v2.5.1...v2.5.2]
- 6f0d14d5 bump version to 2.5.2 ([Cary Phillips](@[email protected]) 2020-06-11)
- π¦ 162fe820 Fix OPENXR_PACKAGE_NAME ([Cary Phillips](@[email protected]) 2020-06-10)
- π 58e96f53 removed commented out lines in Makefile.am ([Cary Phillips](@[email protected]) 2020-05-28)
- π 6c82409e Fix PyImathTest, PyImathNumpyTest, PyIexTest to work in the autotools build. ([Cary Phillips](@[email protected]) 2020-05-28)
- β 248abc23 Fix OPENEXR_DLL on test applications ([Transporter](@[email protected]) 2020-05-29)
- ccf91b95 Applies OPENEXR_DLL only to shared libraries and no longer to static libraries ([Transporter](@[email protected]) 2020-05-26)
- π c8f2463a Removes symlink creation under Windows ([Transporter](@[email protected]) 2020-05-26)
- π 78274436 added missing PyImathMatrix22.cpp to Makefile.am, for the autotools build. ([Cary Phillips](@[email protected]) 2020-05-19)
- β 30349291 fix memory leak in deep scanline IlmImfFuzzTest ([Peter Hillman](@[email protected]) 2020-05-16)
- β 21014549 fix memory leak in deep scanline IlmImfFuzzTest ([Peter Hillman](@[email protected]) 2020-05-16)
- 07e93a3d check null pointer in broken tiled file handling ([Peter Hillman](@[email protected]) 2020-05-16)
- d8741bcc fix #728 - missing 'throw' in deepscanline error handling ([Peter Hillman](@[email protected]) 2020-05-19)