CVS commit: pkgsrc/graphics/openexr

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/graphics/openexr
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Sun, 19 Apr 2026 14:58:58 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Sun Apr 19 14:58:58 UTC 2026

Modified Files:
        pkgsrc/graphics/openexr: Makefile distinfo

Log Message:
openexr: update to 3.4.10.

## Version 3.4.10 (April 16, 2026)

Patch release that addresses the following security vulnerabilities:

* [CVE-2026-39886](https://www.cve.org/CVERecord?id=CVE-2026-39886) HTJ2K Signed Integer Overflow in `ht_undo_impl()`
* [CVE-2026-40244](https://www.cve.org/CVERecord?id=CVE-2026-40244) Integer overflow in DWA `setupChannelData` `planarUncRle` pointer arithmetic (missed variant of CVE-2026-34589)
* [CVE-2026-40250](https://www.cve.org/CVERecord?id=CVE-2026-40250) Integer overflow in DWA decoder `outBufferEnd` pointer arithmetic (missed variant of CVE-2026-34589)

### Merged Pull Requests

* [2346](https://github.com/AcademySoftwareFoundation/openexr/pull/2346)
Fix integer overflow in internal_dwa_compressor.h
* [2345](https://github.com/AcademySoftwareFoundation/openexr/pull/2345)
Fix HTJ2K bytes-per-line integer overflow in internal_ht.cpp
* [2340](https://github.com/AcademySoftwareFoundation/openexr/pull/2340)
Fix 3.4.9 cve list formatting
* [2339](https://github.com/AcademySoftwareFoundation/openexr/pull/2339)
fix link formatting typo
* [2337](https://github.com/AcademySoftwareFoundation/openexr/pull/2337)
notes and news for v3.4.9, v3.3.9, v3.2.7
* [2334](https://github.com/AcademySoftwareFoundation/openexr/pull/2334)
Add CVE-2026-34589,34588,34545,34544,34543,34380,34379,34378 to SECURITY.md
* [2316](https://github.com/AcademySoftwareFoundation/openexr/pull/2316)
Fix Pinned-Dependencies Scorecard alert in website workflow

### Merged Workflow Pull Requests

* [2360](https://github.com/AcademySoftwareFoundation/openexr/pull/2360)
Bump actions/cache from 5.0.4 to 5.0.5
* [2354](https://github.com/AcademySoftwareFoundation/openexr/pull/2354)
Bump actions/upload-artifact from 7.0.0 to 7.0.1
* [2343](https://github.com/AcademySoftwareFoundation/openexr/pull/2343)
Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0
* [2341](https://github.com/AcademySoftwareFoundation/openexr/pull/2341)
Bump jmertic/slack-release-notifier from 32206e01ee0b0f66865d2be13bb3c62e474b5ce0 to 9d7d3a84563d2ebc8f7b2271be6c9568fedd7f3a
* [2338](https://github.com/AcademySoftwareFoundation/openexr/pull/2338)
Fix CodeQL SARIF upload ref for pull_request workflows
* [2336](https://github.com/AcademySoftwareFoundation/openexr/pull/2336)
Bump pypa/cibuildwheel from 3.4.0 to 3.4.1
* [2333](https://github.com/AcademySoftwareFoundation/openexr/pull/2333)
Add CI test to validate "cmake --install .. --prefix <path>


To generate a diff of this commit:
cvs rdiff -u -r1.80 -r1.81 pkgsrc/graphics/openexr/Makefile
cvs rdiff -u -r1.72 -r1.73 pkgsrc/graphics/openexr/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/openexr/Makefile
diff -u pkgsrc/graphics/openexr/Makefile:1.80 pkgsrc/graphics/openexr/Makefile:1.81
--- pkgsrc/graphics/openexr/Makefile:1.80       Sun Apr  5 11:30:45 2026
+++ pkgsrc/graphics/openexr/Makefile    Sun Apr 19 14:58:58 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.80 2026/04/05 11:30:45 wiz Exp $
+# $NetBSD: Makefile,v 1.81 2026/04/19 14:58:58 wiz Exp $
 
-DISTNAME=      openexr-3.4.9
+DISTNAME=      openexr-3.4.10
 CATEGORIES=    graphics
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=openexr/}
 GITHUB_PROJECT=        openexr

Index: pkgsrc/graphics/openexr/distinfo
diff -u pkgsrc/graphics/openexr/distinfo:1.72 pkgsrc/graphics/openexr/distinfo:1.73
--- pkgsrc/graphics/openexr/distinfo:1.72       Sun Apr  5 11:30:45 2026
+++ pkgsrc/graphics/openexr/distinfo    Sun Apr 19 14:58:58 2026
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.72 2026/04/05 11:30:45 wiz Exp $
+$NetBSD: distinfo,v 1.73 2026/04/19 14:58:58 wiz Exp $
 
-BLAKE2s (openexr-3.4.9.tar.gz) = 604996eeddeec786185612cd6443c5a9929754c81427274ac2aa33ec3a955b9e
-SHA512 (openexr-3.4.9.tar.gz) = 785496d9b749f2272c108262796abde7ec40f7c328bb91cde9d7ffecf0670826399233aa7bf0db881f0b07748c78660e49b1ca5511fadd0dfe1d9d7bd1fb0f93
-Size (openexr-3.4.9.tar.gz) = 25732191 bytes
+BLAKE2s (openexr-3.4.10.tar.gz) = c547c428de82bf59f3b8451ce0596afd0049af55958c4e93bfbdcdf61a1a2eec
+SHA512 (openexr-3.4.10.tar.gz) = c2c14cdfec3c211ee33d8d4706ac2aa8f0e4ad5effe097678aeb7bb87a833dd66c41c50b59d15f26bb08e92f6f703af50cf20baf3d97110c9ac36f75f9fa7442
+Size (openexr-3.4.10.tar.gz) = 25747896 bytes

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index