Releases: AcademySoftwareFoundation/openexr
Releases · AcademySoftwareFoundation/openexr
v2.5.1
v2.5.0
Minor release with miscellaneous bug fixes and small features:
- No more build-time header generation: toFloat.h, eLut.h, b44ExpLogTable.h, and dwaLookups.h are now ordinary header files, no longer generated on the fly.
- New StdISSTream class, an "input" stringstream version of StdOSStream
- New Matrix22 class in Imath
- Chromaticity comparison operator now includes white (formerly ignored)
- Various cmake fixes
- Bug fixes for various memory leaks
- Bug fixes for various invalid memory accesses
- New checks to detect damaged input files
- OpenEXR_Viewers has been deprecated, removed from the top-level cmake build and documentation.
See CHANGES.md for more details.
v2.2.2
This is a patch release that backports fixes for the following CVE's into the 2.2.1 (Nov 30, 2017) release:
- CVE-2020-11765 There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
- CVE-2020-11764 There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
- CVE-2020-11763 There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
- CVE-2020-11762 There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
- CVE-2020-11761 There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
- CVE-2020-11760 There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
- CVE-2020-11759 Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.
- CVE-2020-11758 There is an out-of-bounds read in ImfOptimizedPixelReading.h.
v2.4.1
Patch release with minor bug fixes.
Summary:
- Various fixes for memory leaks and invalid memory accesses
- Various fixes for integer overflow with large images.
- Various cmake fixes for build/install of python modules.
- ImfMisc.h is no longer installed, since it's a private header.
This version fixes the following security vulnerabilities:
- CVE-2020-11765 There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::ClasGsifier, leading to an out-of-bounds read.
- CVE-2020-11764 There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
- CVE-2020-11763 There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
- CVE-2020-11762 There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
- CVE-2020-11761 There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
- CVE-2020-11760 There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
- CVE-2020-11759 Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.
- CVE-2020-11758 There is an out-of-bounds read in ImfOptimizedPixelReading.h.
v2.4.0
Version 2.4.0
Summary of changes:
- Completely re-written CMake configuration files
- Improved support for building on Windows, via CMake
- Improved support for building on macOS, via CMake
- All code compiles without warnings on gcc, clang, msvc
- Cleanup of license and copyright notices
- floating-point exception handling is disabled by default
- New Slice::Make method to reliably compute base pointer for a slice.
- Miscellaneous bug fixes
Security Vulnerabilities
This version fixes the following security vulnerabilities:
- CVE-2018-18444 Issue #351 Out of Memory
- CVE-2018-18443 Issue #350 heap-buffer-overflow
v2.4.0-beta.1
Version 2.4.0
Summary of changes:
- Completely re-written CMake configuration files
- Improved support for building on Windows, via CMake
- Improved support for building on macOS, via CMake
- All code compiles without warnings on gcc, clang, msvc
- Cleanup of license and copyright notices
- floating-point exception handling is disabled by default
- New Slice::Make method to reliably compute base pointer for a slice.
- Miscellaneous bug fixes
Security Vulnerabilities
This version fixes the following security vulnerabilities:
- CVE-2018-18444 Issue #351 Out of Memory
- CVE-2018-18443 Issue #350 heap-buffer-overflow
v2.3.0
OpenEXR Release Notes
Version 2.3.0:
Features/Improvements:
- ThreadPool overhead improvements, enable custom thread pool to be registered via ThreadPoolProvider class
- Fixes to enable custom namespaces for Iex, Imf
- Improve read performance for deep/zipped data, and SIMD-accelerated uncompress support
- Added rawPixelDataToBuffer() function for access to compressed scanlines
- Iex::BaseExc no longer derived from std::string.
- Imath throw() specifiers removed
- Initial Support for Python 3
Bugs:
- 25+ various bug fixes
Security Vulnerabilities:
This release addresses vulnerability CVE-2017-12596.
Build Fixes:
- Various fixes to the cmake and autoconf build infrastructures
- Various changes to support compiling for C++11 / C++14 / C++17 and GCC 6.3.1
- Various fixes to address Windows build issues
- 60+ total build-related fixes (see detailed Release Notes for the full list)
v2.2.1
Version 2.2.1
Summary of changes:
Maintenance release - security patches for OpenEXR
The 2.2.1 release addresses the known OpenEXR security vulnerabilities, specifically:
August 2014 Release - IlmBase, PyIlmBase, OpenEXR, OpenEXR_Viewers
The significant new features of v2.2 include:
- DreamWorks Lossy Compression A new high quality, high performance lossy compression codec contributed by DreamWorks Animation. This codec allows control over variable lossiness to balance visual quality and file size. This contribution also includes performance improvements that speed up the PIZ codec.
- IlmImfUtil A new library intended to aid in development of image file manipulation utilities that support the many types of OpenEXR images.
This release also includes improvements to cross-platform build support using CMake.