Site Navigation

Date:      Mon, 23 Feb 2026 00:22:37 +0000
From:      Daniel Engberg <diizzy@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Cc:        Matthias Andree <mandree@FreeBSD.org>
Subject:   git: 6b50d3885e31 - main - graphics/openexr*: Security update to v3.4.5 and i386 fix
Message-ID:  <699b9dcd.3c5c5.737478a6@gitrepo.freebsd.org>

---

index | next in thread | raw e-mail

---

The branch main has been updated by diizzy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6b50d3885e31662c439e89f43c74617100ce0bd0

commit 6b50d3885e31662c439e89f43c74617100ce0bd0
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2026-02-22 10:17:32 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2026-02-23 00:22:11 +0000

    graphics/openexr*: Security update to v3.4.5 and i386 fix
    
    "Patch release that fixes an incorrect size check in
    istream_nonparallel_read that could lead to a buffer overflow on invalid
    input data."
    
    Also fix i386 self-tests by adding -msse2: i386 builds require SSE2, but
    the upstream cmake stuff does not enable this, so use CFLAGS_i386.
    
    To prevent people seeing SIGILL crashes down late at run-time,
    check if the CPU is sse2-capable by querying the clang compiler from
    the pre-install script (pkg-plist's @preexec). Suggested by diizzy@.
      Other than that we could use the cpuid or the lscpu port instead, but
    let's for now assume everything that wants to run OpenEXR also has a
    working cc that is clang and has -march=native and gives us CPU details).
    (GCC also gives us this but will use a different output format.)
    
    While here, make failed tests verbose through ctest's environment so we
    can see what's up from the build log already. (We need to go through
    this indirection because our cmake.mk's :testing feature wants to go
    through the test target instead of calling ctest directly.)
    
    Changelog:      https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.5
    Security:       716d25a6-0fdc-11f1-bfdf-ff9355aecb00
    MFH:            2026Q1
---
 graphics/openexr-website-docs/Makefile |  2 +-
 graphics/openexr-website-docs/distinfo |  6 +++---
 graphics/openexr/Makefile              | 17 +++++++++++++++--
 graphics/openexr/distinfo              |  6 +++---
 graphics/openexr/pkg-plist             |  1 +
 5 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/graphics/openexr-website-docs/Makefile b/graphics/openexr-website-docs/Makefile
index 30fb0e33e45e..c0107dc64f54 100644
--- a/graphics/openexr-website-docs/Makefile
+++ b/graphics/openexr-website-docs/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=	openexr-website-docs
-PORTVERSION=	3.4.4
+PORTVERSION=	3.4.5
 PORTREVISION=	0
 MASTER_SITES=	https://github.com/AcademySoftwareFoundation/openexr/releases/download/v${PORTVERSION}/:DEFAULT \
 		https://raw.githubusercontent.com/AcademySoftwareFoundation/openexr-images/main/:website \
diff --git a/graphics/openexr-website-docs/distinfo b/graphics/openexr-website-docs/distinfo
index 65c4857d8fe6..b804f0a627b5 100644
--- a/graphics/openexr-website-docs/distinfo
+++ b/graphics/openexr-website-docs/distinfo
@@ -1,6 +1,6 @@
-TIMESTAMP = 1763594706
-SHA256 (openexr/openexr-3.4.4.tar.gz) = 91fc5670f13fe7d9d3b7ae0fe695e3cc813200839084eae6497459e7f650d876
-SIZE (openexr/openexr-3.4.4.tar.gz) = 25475873
+TIMESTAMP = 1771710011
+SHA256 (openexr/openexr-3.4.5.tar.gz) = 3e3b0c697acb7383ed476276e8ca3933d1e099249c080d3c91642515e6b5b84a
+SIZE (openexr/openexr-3.4.5.tar.gz) = 25476007
 SHA256 (openexr/TestImages/README.rst) = 3cbb0a9ab20868940de1b9bf582bdc5ff4244cc585c682d6e40b9befb8fd593c
 SIZE (openexr/TestImages/README.rst) = 2588
 SHA256 (openexr/TestImages/AllHalfValues.exr) = eede573a0b59b79f21de15ee9d3b7649d58d8f2a8e7787ea34f192db3b3c84a4
diff --git a/graphics/openexr/Makefile b/graphics/openexr/Makefile
index 24687ee3a404..29304517a8f3 100644
--- a/graphics/openexr/Makefile
+++ b/graphics/openexr/Makefile
@@ -1,6 +1,6 @@
 PORTNAME?=	openexr
-PORTVERSION?=	3.4.4 # ALSO update openexr-website-docs! -- verify sigstore: make makesum verify-sigstore
-PORTREVISION?=	1
+PORTVERSION?=	3.4.5 # ALSO update openexr-website-docs! -- verify sigstore: make makesum verify-sigstore
+PORTREVISION?=	0
 CATEGORIES=	graphics devel
 .if !defined(MASTERDIR)
 MASTER_SITES=	https://raw.githubusercontent.com/AcademySoftwareFoundation/openexr-images/v1.0/:testimages \
@@ -63,6 +63,10 @@ CMAKE_TESTING_ON=	BUILD_TESTING \
 			OPENEXR_TEST_PYTHON \
 			OPENEXR_TEST_TOOLS
 
+TEST_ENV+=	CTEST_OUTPUT_ON_FAILURE=TRUE
+
+# OpenEXR mandates SSE2 on i386
+CFLAGS_i386+=	-msse2
 CPPFLAGS+=	-I.
 # must be linked with -l{thr|pthread} explicitly
 LDFLAGS+=	-lpthread
@@ -86,6 +90,15 @@ _DOCSRCDIR1=	${WRKSRC}
 _DOC_FILES1=	CHANGES.md CONTRIBUTING.md GOVERNANCE.md LICENSE.md SECURITY.md \
 		CODE_OF_CONDUCT.md CONTRIBUTORS.md README.md
 
+.include <bsd.port.options.mk>
+
+# use conditional i386-specific lines in main pkg-plist file:
+.if ${ARCH} != i386
+PLIST_SUB+=	i386="@comment "
+.else
+PLIST_SUB+=	i386=""
+.endif
+
 # too many reports about compilation failures, so
 # sanity check we are using the same C++ standard library
 _imath_libcxx=	${COMPILER_FEATURES:Mlib*c++}
diff --git a/graphics/openexr/distinfo b/graphics/openexr/distinfo
index 20c5eb7a95d3..55171e42eaa6 100644
--- a/graphics/openexr/distinfo
+++ b/graphics/openexr/distinfo
@@ -1,6 +1,6 @@
-TIMESTAMP = 1763592744
-SHA256 (openexr/openexr-3.4.4.tar.gz) = 91fc5670f13fe7d9d3b7ae0fe695e3cc813200839084eae6497459e7f650d876
-SIZE (openexr/openexr-3.4.4.tar.gz) = 25475873
+TIMESTAMP = 1771709759
+SHA256 (openexr/openexr-3.4.5.tar.gz) = 3e3b0c697acb7383ed476276e8ca3933d1e099249c080d3c91642515e6b5b84a
+SIZE (openexr/openexr-3.4.5.tar.gz) = 25476007
 SHA256 (openexr/Beachball/multipart.0001.exr) = 0cd032069fbaa14a2766861fef9893ea66a6494ff64650725d3b26a500df774b
 SIZE (openexr/Beachball/multipart.0001.exr) = 2894260
 SHA256 (openexr/Beachball/singlepart.0001.exr) = 29719942ed3c095a8f8f111fc139fc4c28f446007f5bfce00177cae585b1a87a
diff --git a/graphics/openexr/pkg-plist b/graphics/openexr/pkg-plist
index 384776b20ffd..f9e0765d9c50 100644
--- a/graphics/openexr/pkg-plist
+++ b/graphics/openexr/pkg-plist
@@ -1,3 +1,4 @@
+%%i386%%@preexec clang </dev/null -m32 -E - -march=native -### 2>&1 | tr ' ' $'\n' | grep -q +sse2 || { echo >&2 "This port requires a CPU with SSE2 instruction set extension." ; exit 1; }
 bin/exr2aces
 bin/exrenvmap
 bin/exrheader

home | help

---

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?699b9dcd.3c5c5.737478a6>

Legal Notices | © 1995-2026 The FreeBSD Project. All rights reserved.

Contact