OpenEXR v2.5.3 Release Notes

Release Date: 2020-08-12 // 7 months ago
  • πŸš€ Patch release with various bug/security fixes and build/install fixes, plus a performance optimization:

    Summary

    • Various sanitizer/fuzz-identified issues related to handling of invalid input
    • πŸ›  Fixes to misc compiler warnings
    • 🍎 Cmake fix for building on arm64 macOS (#772)
    • 🐎 Read performance optimization (#782)
    • πŸ›  Fix for building on non-glibc (#798)
    • πŸ›  Fixes to tests

    πŸ”€ Merged Pull Requests

    • πŸ†“ 812 free memory if precalculateTileInfo throws
    • 809 Avoid integer overflow in calculateNumTiles()
    • 806 suppress clang undefined behavior sanitizer in EnvmapAttribute::copyValuesFrom()
    • 🚚 805 remove extraneous vector allocation in getScanlineChunkOffsetTableSize
    • 804 prevent invalid tile description enums
    • βœ… 803 Fix stack corruption in Matrix tests
    • 801 prevent invalid Compression enum values being read from file
    • πŸ— 798 IexMathFpu.cpp: Fix build on non-glibc (e.g. musl libc)
    • 795 prevent invalid values in LineOrder enum
    • 794 suppress clang undefined behavior sanitizer in DeepImageStateAttribute::copyValuesFrom()
    • 793 sanityCheckDisplayWindow() ensures that width and height don't cause integer overflow
    • 792 cast signed chars to unsigned longs before left shift in Xdr::read of signed long
    • 788 use 64 bit computation in chunk offset table reconstruction
    • 787 change sanity check in stringvectorattribute to prevent overflow
    • 785 prevent invalid values in Channel's PixelType enum
    • 784 sanity check preview attribute sizes
    • 783 explicitly cast signed chars to unsigned before bitwise left shift in Xdr::read()
    • ♻️ 782 refactor: use local loop variable in copyFromFrameBuffer
    • 778 Sanity check stringvector size fields on read
    • βœ… 777 IlmImfFuzzTest reports incorrect test names and missing files as errors
    • πŸ“¦ 775 Removes overridden find_package in CMakeLists.txt
    • 772 Disable OPENEXR_IMF_HAVE_GCC_INLINE_ASM_AVX when building on arm64 macOS
    • ⚠ 770 IlmImf: Fix clang compiler warnings
    • 738 always ignore chunkCount attribute unless it cannot be computed #738

    🌲 Commits [ git log v2.5.2...v2.5.3]


Previous changes from v2.5.2

  • πŸš€ Patch release with various bug/security fixes and build/install fixes.

    Summary

    • πŸ†“ CVE-2020-15305 Invalid input could cause a heap-use-after-free error in DeepScanLineInputFile::DeepScanLineInputFile()
    • CVE-2020-15306 Invalid chunkCount attributes could cause heap buffer overflow in getChunkOffsetTableSize()
    • CVE-2020-15304 Invalid tiled input file could cause invalid memory access TiledInputFile::TiledInputFile()
    • πŸ“¦ OpenEXRConfig.h now correctly sets OPENEXR_PACKAGE_STRING to "OpenEXR" (rather than "IlmBase")
    • 🏁 Various Windows build fixes

    πŸ”€ Merged Pull Requests

    • πŸ“¦ 755 Fix OPENEXR_PACKAGE_NAME
    • πŸ— 747 Fix the PyIlmBase tests for the autotools build
    • 743 Applies OPENEXR_DLL only to shared libraries and no longer to static libraries
    • 🏁 742 Removes symlink creation under Windows
    • 738 always ignore chunkCount attribute unless it cannot be computed
    • πŸ— 733 added missing PyImathMatrix22.cpp to Makefile.am, for the autotools build
    • 730 fix #728 - missing 'throw' in deepscanline error handling
    • 727 check null pointer in broken tiled file handling

    🌲 Commits [ git log v2.5.1...v2.5.2]