Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openexr for openSUSE:Factory checked in at 2026-06-09 14:14:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openexr (Old) and /work/SRC/openSUSE:Factory/.openexr.new.2375 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openexr" Tue Jun 9 14:14:57 2026 rev:79 rq:1357249 version:3.4.12 Changes: -------- --- /work/SRC/openSUSE:Factory/openexr/openexr.changes 2026-05-13 17:18:36.177461359 +0200 +++ /work/SRC/openSUSE:Factory/.openexr.new.2375/openexr.changes 2026-06-09 14:15:35.084877484 +0200 @@ -1,0 +2,30 @@ +Mon Jun 1 14:24:47 UTC 2026 - Petr Gajdos <[email protected]> + +- version update to 3.4.12 + * Fix several minor memory leaks recovering from reading invalid + files. + * The compressor API incorrectly identfied `HTJ2K` and `HTJ2K256` as + lossy; they are lossles. + * Fix CMake AVX feature detection that caused DWA SIMD code to fail on + certain architectures. + * The `WidenFilename` utility function is marked as deprecated, to be + removed in a future release. + * `exrmetrics` now print the on-disk size of the data portion of each + part. Useful for determining compression impact on part data + * Reject files where the dataWindows does not match the + pixel array dimensions. + * Support NumPy float vector attributes + * Reading now skips over invalid parts, returns the valid parts only. + * Doc strings have proper indentation + * [CVE-2026-45696](https://www.cve.org/CVERecord?id=CVE-2026-45696) + OpenEXR `ht_undo_impl` heap-buffer-overflow READ via + codestream/channel width mismatch in HTJ2K decode + * [CVE-2026-44663](https://www.cve.org/CVERecord?id=CVE-2026-44663) + Integer overflow in HTJ2K decoder ( `ht_undo_impl` ) leading to + heap-buffer-overflow + * [OSS-Fuzz 512895184](https://issues.oss-fuzz.com/issues/512895184) + * [OSS-Fuzz 512314697](https://issues.oss-fuzz.com/issues/512314697) + * [OSS-Fuzz 508362159](https://issues.oss-fuzz.com/issues/508362159) + * [OSS-Fuzz 507413960](https://issues.oss-fuzz.com/issues/507413960) + +------------------------------------------------------------------- Old: ---- v3.4.11.tar.gz New: ---- v3.4.12.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openexr.spec ++++++ --- /var/tmp/diff_new_pack.DxVfOM/_old 2026-06-09 14:15:37.916994831 +0200 +++ /var/tmp/diff_new_pack.DxVfOM/_new 2026-06-09 14:15:37.916994831 +0200 @@ -26,7 +26,7 @@ %endif Name: openexr -Version: 3.4.11 +Version: 3.4.12 Release: 0 Summary: Utilities for working with HDR images in OpenEXR format License: BSD-3-Clause ++++++ v3.4.11.tar.gz -> v3.4.12.tar.gz ++++++ /work/SRC/openSUSE:Factory/openexr/v3.4.11.tar.gz /work/SRC/openSUSE:Factory/.openexr.new.2375/v3.4.12.tar.gz differ: char 13, line 1
