Cherry-pick PR and release notes for v2.5.6 (#1017)

* Fixed regression in Imath::succf() and Imath::predf() when negative values are given (#1013)

Courtesy Christian Aguilera <christian.aguilera@foundry.com>

The issue was introduced in OpenEXR 2.4.0 as part of
c8a7f6a#diff-f09c17d3ab2fe5564e547c8461f1a43a6fe1109ebaf663a8463d1a9643c20ee0,
where the type of a member of a union was changed from signed to
unsigned, breaking comparison against > 0 a few lines below.

Since OpenEXR 2.4.0, Imath::predf(-2) returns -1.9999998807907104
instead of -2.000000238418579.

Test coverage has been added for this regression.

Fixes #999 (for the 2.4 line).

Signed-off-by: Cary Phillips <cary@ilm.com>

* Release notes for v2.5.6 and updates to SECURITY.md

Signed-off-by: Cary Phillips <cary@ilm.com>

* Bump version for v2.5.6

Signed-off-by: Cary Phillips <cary@ilm.com>

* Change v2.5.6 release date to May 17, and clean up URL's

Signed-off-by: Cary Phillips <cary@ilm.com>

IlmBase/Imath/ImathFun.cpp

@@ -54,7 +54,7 @@ succf (float f)
 
         u.i = 0x00000001;
     }
-    else if (u.i > 0)
+    else if (u.f > 0)
     {
         // Positive float, normalized or denormalized.
         // Incrementing the largest positive float
@@ -89,7 +89,7 @@ predf (float f)
 
         u.i = 0x80000001;
     }
-    else if (u.i > 0)
+    else if (u.f > 0)
     {
         // Positive float, normalized or denormalized.
 

IlmBase/ImathTest/testFun.cpp

@@ -38,6 +38,9 @@
 
 #include <testFun.h>
 #include "ImathFun.h"
+#if __cplusplus >= 202002L
+#    include <bit>
+#endif
 #include <iostream>
 #include <assert.h>
 #include <stdio.h>
@@ -51,9 +54,24 @@ using namespace std;
     typedef long long unsigned int Int64;
 #endif
 
+#if __cplusplus < 202002L
+    template <typename To, typename From>
+    static inline To
+    bit_cast (From from)
+    {
+        static_assert (sizeof (From) == sizeof (To), "Type sizes do not match");
+        union
+        {
+            From f;
+            To   t;
+        } u;
+        u.f = from;
+        return u.t;
+    }
+#endif
 
 void
-testf (float f)
+testf (float f, bool changeExpected = true)
 {
     printf ("\n");
 
@@ -67,11 +85,25 @@ testf (float f)
     printf ("pf %.9g\n", pf);
     printf ("spf %.9g\n", spf);
     printf ("psf %.9g\n", psf);
+
+    fflush (stdout);
+
+    if (changeExpected)
+    {
+        assert (pf < f);
+        assert (f < sf);
+    }
+    else
+    {
+        // No bit change expected if input was inf or NaN
+        assert (bit_cast<unsigned> (pf) == bit_cast<unsigned> (f));
+        assert (bit_cast<unsigned> (sf) == bit_cast<unsigned> (f));
+    }
 }
 
 
 void
-testd (double d)
+testd (double d, bool changeExpected = true)
 {
     printf ("\n");
 
@@ -85,6 +117,20 @@ testd (double d)
     printf ("pd %.18lg\n", pd);
     printf ("spd %.18lg\n", spd);
     printf ("psd %.18lg\n", psd);
+
+    fflush (stdout);
+
+    if (changeExpected)
+    {
+        assert (pd < d);
+        assert (d < sd);
+    }
+    else
+    {
+        // No bit change expected if input was inf or NaN
+        assert (bit_cast<Int64> (pd) == bit_cast<Int64> (d));
+        assert (bit_cast<Int64> (sd) == bit_cast<Int64> (d));
+    }
 }
 
 
@@ -188,9 +234,11 @@ testFun ()
 
     union {float f; int i;} u;
     u.i = 0x7f800000; //  inf
-    testf (u.f);
+    testf (u.f, false);
+    u.i = 0xff800000; // -inf
+    testf (u.f, false);
     u.i = 0x7f800001; //  nan
-    testf (u.f);
+    testf (u.f, false);
     u.i = 0x7f7fffff; //  FLT_MAX
     testf (u.f);
     u.i = 0xff7fffff; // -FLT_MAX
@@ -206,9 +254,11 @@ testFun ()
 
     union {double d; Int64 i;} v;
     v.i = 0x7ff0000000000000ULL; //  inf
-    testd (v.d);
+    testd (v.d, false);
+    v.i = 0xfff0000000000000ULL; // -inf
+    testd (v.d, false);
     v.i = 0x7ff0000000000001ULL; //  NAN
-    testd (v.d);
+    testd (v.d, false);
     v.i = 0x7fefffffffffffffULL; //  FLT_MAX
     testd (v.d);
     v.i = 0xffefffffffffffffULL; // -FLT_MAX

IlmBase/configure.ac

@@ -4,11 +4,11 @@ dnl Copyright Contributors to the OpenEXR Project.
 dnl
 
 dnl Process this file with autoconf to produce a configure script.
-AC_INIT(IlmBase, 2.5.5)
+AC_INIT(IlmBase, 2.5.6)
 
 AC_SUBST(ILMBASE_VERSION_MAJOR, 2)
 AC_SUBST(ILMBASE_VERSION_MINOR, 5)
-AC_SUBST(ILMBASE_VERSION_PATCH, 5)
+AC_SUBST(ILMBASE_VERSION_PATCH, 6)
 
 AC_SUBST(ILMBASE_VERSION, ${ILMBASE_VERSION_MAJOR}.${ILMBASE_VERSION_MINOR}.${ILMBASE_VERSION_PATCH})
 AC_SUBST(ILMBASE_VERSION_API, ${ILMBASE_VERSION_MAJOR}_${ILMBASE_VERSION_MINOR})
@@ -22,7 +22,7 @@ AM_MAINTAINER_MODE
 
 
 LIBTOOL_CURRENT=25
-LIBTOOL_REVISION=4
+LIBTOOL_REVISION=5
 LIBTOOL_AGE=0
 LIBTOOL_VERSION=$LIBTOOL_CURRENT:$LIBTOOL_REVISION:$LIBTOOL_AGE
 AC_SUBST(LIBTOOL_VERSION)

OpenEXR/configure.ac

@@ -5,12 +5,12 @@ dnl
 
 dnl Process this file with autoconf to produce a configure script.
 
-AC_INIT(OpenEXR, 2.5.5)
+AC_INIT(OpenEXR, 2.5.6)
 AC_CONFIG_MACRO_DIR([m4])
 
 AC_SUBST(OPENEXR_VERSION_MAJOR, 2)
 AC_SUBST(OPENEXR_VERSION_MINOR, 5)
-AC_SUBST(OPENEXR_VERSION_PATCH, 5)
+AC_SUBST(OPENEXR_VERSION_PATCH, 6)
 
 AC_SUBST(OPENEXR_VERSION, ${OPENEXR_VERSION_MAJOR}.${OPENEXR_VERSION_MINOR}.${OPENEXR_VERSION_PATCH})
 AC_SUBST(OPENEXR_VERSION_API, ${OPENEXR_VERSION_MAJOR}_${OPENEXR_VERSION_MINOR})
@@ -24,7 +24,7 @@ AM_MAINTAINER_MODE
 
 
 LIBTOOL_CURRENT=25
-LIBTOOL_REVISION=4
+LIBTOOL_REVISION=5
 LIBTOOL_AGE=0
 LIBTOOL_VERSION=$LIBTOOL_CURRENT:$LIBTOOL_REVISION:$LIBTOOL_AGE
 AC_SUBST(LIBTOOL_VERSION)

OpenEXR_Viewers/configure.ac

@@ -4,8 +4,8 @@ dnl Copyright Contributors to the OpenEXR Project.
 dnl
 
 dnl Process this file with autoconf to produce a configure script.
-AC_INIT(OpenEXR_Viewers, 2.5.1)
-AC_SUBST(OPENEXR_VIEWERS_VERSION, 2.5.1)
+AC_INIT(OpenEXR_Viewers, 2.5.6)
+AC_SUBST(OPENEXR_VIEWERS_VERSION, 2.5.6)
 AC_CANONICAL_HOST
 AC_CONFIG_SRCDIR(playexr/main.cpp)
 AM_CONFIG_HEADER(config/OpenEXR_ViewersConfig.h)
@@ -14,7 +14,7 @@ AM_MAINTAINER_MODE
 
 
 LIBTOOL_CURRENT=25
-LIBTOOL_REVISION=0
+LIBTOOL_REVISION=1
 LIBTOOL_AGE=0
 LIBTOOL_VERSION=$LIBTOOL_CURRENT:$LIBTOOL_REVISION:$LIBTOOL_AGE
 AC_SUBST(LIBTOOL_VERSION)

PyIlmBase/configure.ac

@@ -4,8 +4,8 @@ dnl Copyright Contributors to the OpenEXR Project.
 dnl
 
 dnl Process this file with autoconf to produce a configure script.
-AC_INIT(PyIlmBase, 2.5.5)
-AC_SUBST(PYILMBASE_VERSION, 2.5.4)
+AC_INIT(PyIlmBase, 2.5.6)
+AC_SUBST(PYILMBASE_VERSION, 2.5.6)
 AC_CANONICAL_HOST
 AC_CONFIG_SRCDIR(PyIex/iexmodule.cpp)
 AC_CONFIG_HEADERS([config/PyIlmBaseConfig.h])
@@ -17,7 +17,7 @@ AC_DISABLE_STATIC
 
 
 LIBTOOL_CURRENT=25
-LIBTOOL_REVISION=4
+LIBTOOL_REVISION=5
 LIBTOOL_AGE=0
 LIBTOOL_VERSION=$LIBTOOL_CURRENT:$LIBTOOL_REVISION:$LIBTOOL_AGE
 AC_SUBST(LIBTOOL_VERSION)

SECURITY.md

@@ -16,6 +16,13 @@ post patches as quickly as possible.
 
 These vulnerabilities are present in the given versions:
 
+* [CVE-2021-20296](https://nvd.nist.gov/vuln/detail/CVE-2021-20296) 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.5.3 
+* [CVE-2021-3479](https://nvd.nist.gov/vuln/detail/CVE-2021-3479) 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.5.3 
+* [CVE-2021-3478](https://nvd.nist.gov/vuln/detail/CVE-2021-3478) 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.5.3 
+* [CVE-2021-3477](https://nvd.nist.gov/vuln/detail/CVE-2021-3477) 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.5.3 
+* [CVE-2021-3476](https://nvd.nist.gov/vuln/detail/CVE-2021-3476) 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.5.3 
+* [CVE-2021-3475](https://nvd.nist.gov/vuln/detail/CVE-2021-3475) 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.5.3 
+* [CVE-2021-3474](https://nvd.nist.gov/vuln/detail/CVE-2021-3474) 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.5.3 
 * [CVE-2020-16589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16589) 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0
 * [CVE-2020-16588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16588) 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0
 * [CVE-2020-16587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16587) 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0