graphics/openexr: graphics/ilmbase: v2.5.4 update
"Patch release with various bug/sanitizer/security fixes, primarily related to
reading corrupted input files."
<https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.4>
Cherry-pick upstream commit for GCC 11 compatibility:
<a40a6151c4>
Since this changes the patchlevel of the solibs, bump PORTREVISION of dependent
ports just to be sure.
(graphics/py-openshadinglanguage is unaltered and .includes the revision bump
from .../openshadinglanguage.)
graphics/openexr: really commit v2.5.4 update.
Unfortunately, this was missed with the ilmbase update, and
causes yet another PORTREVISION bump on all dependent ports.
repeating ilmbase's commit log here:
"Patch release with various bug/sanitizer/security fixes, primarily related to
reading corrupted input files."
<https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.4>
Cherry-pick upstream commit for GCC 11 compatibility:
<a40a6151c4>
Since this changes the patchlevel of the solibs, bump PORTREVISION of dependent
ports just to be sure.
(graphics/py-openshadinglanguage is unaltered and .includes the revision bump
from .../openshadinglanguage.)
Reported by: VVD (IRC, #bsdports)
graphics/openexr, ilmbase: security update to v2.5.5
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.5
"Specific OSS-fuzz issues include:
OSS-fuzz #30291 Timeout in openexr_exrcheck_fuzzer
OSS-fuzz #29106 Heap-buffer-overflow in Imf_2_5::FastHufDecoder::decode
OSS-fuzz #28971 Undefined-shift in Imf_2_5::cachePadding
OSS-fuzz #29829 Integer-overflow in Imf_2_5::DwaCompressor::initializeBuffers
OSS-fuzz #30121 Out-of-memory in openexr_exrcheck_fuzzer"
Bump PORTREVISION of ports that directly depend on openexr and/or ilmbase.
Security: 98044aba-6d72-11eb-aed7-1b1b8a70cc8b
15ab1c611b