Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bazel build: Update Imath #1225

Merged

Conversation

Vertexwahn
Copy link
Contributor

This PR only affects the Bazel build experience:

  • Bazel version was updated to 5.0.0
  • Bazelisk version used within CI was updated
  • Imath was updated to 3.1.4

Signed-off-by: Vertexwahn <julian.amann@tum.de>
Signed-off-by: Vertexwahn <julian.amann@tum.de>
@Vertexwahn Vertexwahn force-pushed the bazel-build-update-imath branch 7 times, most recently from 923bf90 to 6c3a2d2 Compare January 23, 2022 15:32
Signed-off-by: Vertexwahn <julian.amann@tum.de>
@Vertexwahn Vertexwahn force-pushed the bazel-build-update-imath branch from 6c3a2d2 to faaa168 Compare January 23, 2022 16:05
@cary-ilm cary-ilm merged commit 3c30740 into AcademySoftwareFoundation:master Jan 23, 2022
cary-ilm added a commit to cary-ilm/openexr that referenced this pull request Jan 23, 2022
Signed-off-by: Cary Phillips <cary@ilm.com>
cary-ilm pushed a commit to cary-ilm/openexr that referenced this pull request Jan 23, 2022
* Switch to newest Bazel version 5.0.0

Signed-off-by: Vertexwahn <julian.amann@tum.de>

* Make use of newest bazelisk version in CI

Signed-off-by: Vertexwahn <julian.amann@tum.de>

* Switch to Imath 3.1.4

Signed-off-by: Vertexwahn <julian.amann@tum.de>
Signed-off-by: Cary Phillips <cary@ilm.com>
cary-ilm added a commit that referenced this pull request Jan 23, 2022
Signed-off-by: Cary Phillips <cary@ilm.com>
cary-ilm pushed a commit that referenced this pull request Jan 23, 2022
* Switch to newest Bazel version 5.0.0

Signed-off-by: Vertexwahn <julian.amann@tum.de>

* Make use of newest bazelisk version in CI

Signed-off-by: Vertexwahn <julian.amann@tum.de>

* Switch to Imath 3.1.4

Signed-off-by: Vertexwahn <julian.amann@tum.de>
Signed-off-by: Cary Phillips <cary@ilm.com>
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Feb 2, 2022
## Version 3.1.4 (January 26, 2022)

Patch release that addresses various issues:

* Several bug fixes to properly reject invalid input upon read
* A check to enable SSE2 when building with Visual Studio
* A check to fix building with VisualStudio on ARM64
* Update the automatically-downloaded version of Imath to v3.1.4
* Miscellaneous documentation improvements

This addresses one public security vulnerability:

* [CVE-2021-45942](https://nvd.nist.gov/vuln/detail/CVE-2021-45942) Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute

Specific OSS-fuzz issues:

* OSS-fuzz [43961](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43961) Heap-buffer-overflow in generic_unpack
* OSS-fuzz [43916](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43916) Heap-buffer-overflow in hufDecode
* OSS-fuzz [43763](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43763) Heap-buffer-overflow in internal_huf_decompress
* OSS-fuzz [43745](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43745) Floating-point-exception in internal_exr_compute_tile_information
* OSS-fuzz [43744](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43744) Divide-by-zero in internal_exr_compute_tile_information
* OSS-fuzz [42197](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42197) Out-of-memory in openexr_exrcheck_fuzzer
* OSS-fuzz [42001](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42001) Timeout in openexr_exrcheck_fuzzer
* OSS-fuzz [41999](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41999) Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute
* OSS-fuzz [41669](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41669) Integer-overflow in Imf_3_1::rleUncompress
* OSS-fuzz [41625](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41625) Heap-buffer-overflow in uncompress_b44_impl
* OSS-fuzz [41416](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416) Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute
* OSS-fuzz [41075](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41075) Integer-overflow in Imf_3_1::copyIntoDeepFrameBuffer
* OSS-fuzz [40704](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40704) Crash in Imf_3_1::DeepTiledInputFile::readPixelSampleCounts
* OSS-fuzz [40702](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40702) Null-dereference in bool Imf_3_1::readDeepTile<Imf_3_1::DeepTiledInputFile>
* OSS-fuzz [40701](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40701) Null-dereference in bool Imf_3_1::readDeepTile<Imf_3_1::DeepTiledInputPart>
* OSS-fuzz [40423](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40423) Out-of-memory in openexr_exrcheck_fuzzer
* OSS-fuzz [40234](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40234) Heap-buffer-overflow in generic_unpack
* OSS-fuzz [40231](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40231) Heap-buffer-overflow in hufDecode
* OSS-fuzz [40091](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40091) Heap-buffer-overflow in hufDecode

Merged Pull Requests:

* [1225](AcademySoftwareFoundation/openexr#1225)
Bazel build: Update Imath
* [1224](AcademySoftwareFoundation/openexr#1224)
Add error check to prevent corrupt files trying to unpack
* [1223](AcademySoftwareFoundation/openexr#1223)
Fix issues with a a "short" huf table and checking boundary conditions, missing return value
* [1222](AcademySoftwareFoundation/openexr#1222)
Fix OSS Fuzz 43763, 43745
* [1218](AcademySoftwareFoundation/openexr#1218)
OSS-Fuzz pass 15jan2022
* [1217](AcademySoftwareFoundation/openexr#1217)
Added missing check _M_IX86 or _M_X64 when using __lzcnt.
* [1216](AcademySoftwareFoundation/openexr#1216)
Corrected the check to enable SSE2 when building with Visual Studio.
* [1214](AcademySoftwareFoundation/openexr#1214)
prevent overflow in allocation of RLE buufer
* [1213](AcademySoftwareFoundation/openexr#1213)
add check for decompressed deepscanline datasize
* [1209](AcademySoftwareFoundation/openexr#1209)
enforce xSampling/ySampling==1 in CompositeDeepScanLine
* [1208](AcademySoftwareFoundation/openexr#1208)
Reduce memory consumption with very large deepscanline images
* [1206](AcademySoftwareFoundation/openexr#1206)
Update INSTALL.md
* [1205](AcademySoftwareFoundation/openexr#1205)
DeepScanlineInputFile now uses chunk size test from DeepTiledInputFile
* [1200](AcademySoftwareFoundation/openexr#1200)
Corrected Deep Docs & Example Code
* [1199](AcademySoftwareFoundation/openexr#1199)
Fix C++ DeepTile reading in Imf::CheckFile
* [1195](AcademySoftwareFoundation/openexr#1195)
Fix bugs in ImfCheckFile.cpp:readDeepTile()
* [1193](AcademySoftwareFoundation/openexr#1193)
mention multipart files in multiview doc
* [1191](AcademySoftwareFoundation/openexr#1191)
Replace Doxygen/Sphinx targets with "docs"
* [1190](AcademySoftwareFoundation/openexr#1190)
Add Compression section to "Reading and Writing Image Files" doc
* [1189](AcademySoftwareFoundation/openexr#1189)
Fix typo in readthedocs url
cary-ilm pushed a commit to cary-ilm/openexr that referenced this pull request Apr 2, 2022
* Switch to newest Bazel version 5.0.0

Signed-off-by: Vertexwahn <julian.amann@tum.de>

* Make use of newest bazelisk version in CI

Signed-off-by: Vertexwahn <julian.amann@tum.de>

* Switch to Imath 3.1.4

Signed-off-by: Vertexwahn <julian.amann@tum.de>
Signed-off-by: Cary Phillips <cary@ilm.com>
cary-ilm pushed a commit to cary-ilm/openexr that referenced this pull request Apr 2, 2022
* Switch to newest Bazel version 5.0.0

Signed-off-by: Vertexwahn <julian.amann@tum.de>

* Make use of newest bazelisk version in CI

Signed-off-by: Vertexwahn <julian.amann@tum.de>

* Switch to Imath 3.1.4

Signed-off-by: Vertexwahn <julian.amann@tum.de>
Signed-off-by: Cary Phillips <cary@ilm.com>
cary-ilm pushed a commit that referenced this pull request Apr 7, 2022
* Switch to newest Bazel version 5.0.0

Signed-off-by: Vertexwahn <julian.amann@tum.de>

* Make use of newest bazelisk version in CI

Signed-off-by: Vertexwahn <julian.amann@tum.de>

* Switch to Imath 3.1.4

Signed-off-by: Vertexwahn <julian.amann@tum.de>
Signed-off-by: Cary Phillips <cary@ilm.com>
@Vertexwahn Vertexwahn deleted the bazel-build-update-imath branch May 3, 2022 18:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants