./graphics/openexr, High dynamic-range (HDR) image file format library and tools

[ Image CVSweb ] [ Image Homepage ] [ Image RSS ] [ Image Required by ] [ Image Add to tracker ]

Branch: CURRENT, Version: 3.4.9, Package name: openexr-3.4.9, Maintainer: adam

OpenEXR is a high dynamic-range (HDR) image file format developed by
Industrial Light & Magic for use in computer imaging applications.

OpenEXR is used by ILM on all motion pictures currently in production.
The first movies to employ OpenEXR were Harry Potter and the Sorcerers Stone,
Men in Black II, Gangs of New York, and Signs. Since then, OpenEXR has become
ILM's main image file format.

OpenEXR's features include:
* Higher dynamic range and color precision than existing 8- and 10-bit image
file formats.
* Support for 16-bit floating-point, 32-bit floating-point, and 32-bit integer
pixels. The 16-bit floating-point format, called "half", is compatible with
the half data type in NVIDIA's Cg graphics language and is supported
natively on their new GeForce FX and Quadro FX 3D graphics solutions.
* Multiple lossless image compression algorithms. Some of the included codecs
can achieve 2:1 lossless compression ratios on images with film grain.
* Extensibility. New compression codecs and image types can easily be added by
extending the C++ classes included in the OpenEXR software distribution.
New image attributes (strings, vectors, integers, etc.) can be added to
OpenEXR image headers without affecting backward compatibility with existing
OpenEXR applications.


Required to run:
[graphics/ilmbase]

Required to build:
[pkgtools/cwrappers] [lang/gcc6]

Master sites:

Filesize: 25129.093 KB

Version history: (Expand)

CVS history: (Expand)


   2026-04-05 13:30:45 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
openexr: update to 3.4.9.

## Version 3.4.9 (April  3, 2026)

Patch release that addresses several security vulnerabilities.

This release also fixes a build issue where the library symlinks would
get installed in the incorrect location when overriding the cached
install prefix path.

This release addresses the following CVEs:
* [CVE-2026-34589]
* [CVE-2026-34588]
* [CVE-2026-34380]
* [CVE-2026-34379]
* [CVE-2026-34378]
   2026-03-29 19:31:34 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
openexr: update to 3.4.8.

## Version 3.4.8 (March 26, 2026)

Patch release with several bug/build fixes:

- Fix an integer-overflow bug reading malformed files compressed with
  B44A/B44B
- Fix a buffer-overrun bug reading malformed files compressed with PXR24
- Fix a bug compressing half data with ZIPS/ZIP data when the
  compressed size equals packed size
- Single part files no longer get assigned a part name when writing
  via the python module
- Fix a build failure on FreeBSD involving `threads.h`

This also eliminates several compiler warnings, particularly about the
deprecated `isOptimizationEnabled()` API and deprecates standard
attributes.
   2026-03-26 15:32:16 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
openexr: update to 3.4.7.

## Version 3.4.7 (March 15, 2026)

Patch release bug/build fixes:

* Fix an integer overflow decoding very wide htj2k images
* Fix build failure with glibc 2.43
* Fix Windows symbol visibility warnings
   2026-03-09 17:39:15 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
openexr: update to 3.4.6.

## Version 3.4.6 (March 1, 2026)

Patch release with several bug fixes, enhancements, and build improvements.

* :bug: A limit of ``UINT_MAX`` deep samples per pixel is now
  enforced, which prevents an integer overflow when using the
  `CompositeDeepScanLine` API to combine multiple deep parts.

* :bug: `IlmThread` now builds properl with glibc 2.43.

* :wrench: In `IlmThreadPool`, replace deprecated `std::atomic_load /
  std::atomic_exchange` overloads for `std::shared_ptr` with the C++20
  `std::atomic<std::shared_ptr<T>>` interface when available.

* :bug: The ``ZIP`` and ``ZIPS`` Compressor objects had incorrect
  compression types set, although the ill effects were miminal as the
  value is seldom used.

* :bug: Enable SSE2 on 32-bit x86 builds to fix test failures

Build improvements:

* :hammer_and_wrench: OpenEXR now ships with an internal "vendored" \ 
copy of the
  ``OpenJPH`` library. At configuration time, if CMake finds an
  external installation of ``OpenJPH``, it will use it, but if that
  fails, or the CMake configuration option
  ``OPENEXR_FORCE_INTERNAL_OPENJPH`` is set, it will use the internal
  copy. For OpenEXR v3.4.6, the vendored version of OpenJPH is 0.26.3.

* :hammer_and_wrench: A new CMake build option `DOPENEXR_FORCE_EMBEDDED_CORE`
  builds the `OpenEXRCore` library statically and links it into the
  `OpenEXR` library with symbols hidden, making it possible to link
  multiple versions of OpenEXR into the same executable. The `OpenEXR`
  library has namespaces for this situation, but the `OpenEXRCore`
  library is written in C with no configurable namespace. See [Linking
  Multiple OpenEXR Versions in the
  \ 
Executable](https://openexr.com/en/latest/install.html#linking-multiple-openexr-versions-in-the-executable)
  for details.

* :hammer_and_wrench: Fix build failure with ``-march=sandybridge``

Python:

* :snake: :sparkles: Add python support for Opaque Attributes

* :rocket: Python module I/O operations now release the GIL,
  preventing blocking.

Tools:

* :sparkles: Add sanity check for correct arguments to exrstdattr, to
  catch mistakes such as ``exrstdattr input.exr output.exr -comment
  hello`` which would formerly write to a file called ``hello`` but
  now fails with a usage error.

Also, this release bumps the vendered version of `libdeflate` to 1.25.
   2026-02-22 12:01:52 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
openexr: update to 3.4.5.

## Version 3.4.5 (February 21, 2026)

Patch release that fixes an incorrect size check in
`istream_nonparallel_read` that could lead to a buffer overflow on
invalid input data.
   2025-11-24 10:19:12 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
openexr: update to 3.4.4.

## Version 3.4.4 (November 19, 2025)

Patch release with an optimization to reduce the size of the library.

B44 and DWA compression tables are now initialized at first use rather
than being hard-coded in the source code and compiled binary. This
reduces the library size at a slight performance cost. Initialization
takes under a millisecond, but the size of libOpenEXRCore.so is
reduced from 890K to 360K.

This also fixes a build issue with `ILMTHREAD_THREADING_ENABLED` which
inadvertently enabled threading when it should have been disabed.

This also fixes a bug where importing the python module from a parent
directory would fail.
   2025-11-16 22:20:17 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
openexr: update to 3.4.3.

## Version 3.4.3 (November 4, 2025)

Patch release that addresses several bugs, primarily involving
properly rejecting corrupt input data.

Specifically:

* Buffer overflow in PyOpenEXR_old's `channels()` and `channel()` in
  legacy python, reported by Joshua Rogers (GitHub: MegaManSec).
* Use after free in PyObject_StealAttrString in legacy python, reported
  by Joshua Rogers (GitHub: MegaManSec).
* Use of Uninitialized Memory in openexr, reported by Aldo Ristori
  (GitHub: Kaldreic).
* Heap-based Buffer Overflow Remote Code Execution Vulnerability,
  reported by Trend Micro Zero Day Initiative.

Also:

* OSS-fuzz [456158449](https://issues.oss-fuzz.com/issues/456158449)
Heap-buffer-overflow in `generic_unpack`
* OSS-fuzz [447429458](https://issues.oss-fuzz.com/issues/447429458)
Heap-buffer-overflow in `DwaCompressor_uncompress`
* OSS-fuzz [439237843](https://issues.oss-fuzz.com/issues/439237843)
Heap-buffer-overflow in `internal_exr_undo_ht`
* OSS-fuzz [436037111](https://issues.oss-fuzz.com/issues/436037111)
Heap-buffer-overflow in `generic_unpack`
* OSS-fuzz [435779241](https://issues.oss-fuzz.com/issues/435779241)
Heap-buffer-overflow in `generic_unpack`
* OSS-fuzz [420744464](https://issues.oss-fuzz.com/issues/420744464)
Abrt in `__cxxabiv1::failed_throw`

Other fixes:
* Fix a bug with re-reading a scanline file with a different set of
  channels.
* Only populate `CMAKE_DEBUG_POSTFIX` with `_d` if it is undefined,
  which makes it possible to set `CMAKE_DEBUG_POSTFIX=""`.

This version also bumps the auto-fetched version of OpenJPH to
0.24.5. OpenJPH 0.24.5 addresses these OSS-Fuzz issues:

* OSS-fuzz [456837230](https://issues.oss-fuzz.com/issues/456837230)
Crash in `ojph::local::param_cod::~param_cod`
* OSS-fuzz [456248580](https://issues.oss-fuzz.com/issues/456248580)
Null-dereference READ in `ojph::local::param_cod::~param_cod`
* OSS-fuzz [455374208](https://issues.oss-fuzz.com/issues/455374208)
Floating-point-exception in `ojph::local::tile::pre_alloc`
* OSS-fuzz [444963190](https://issues.oss-fuzz.com/issues/444963190)
Index-out-of-bounds in `ojph::local::param_qcd::read_qcc`
* OSS-fuzz [444889300](https://issues.oss-fuzz.com/issues/444889300)
Heap-buffer-overflow in `ojph::mem_infile::read`
* OSS-fuzz [444878558](https://issues.oss-fuzz.com/issues/444878558)
Segv on unknown address in `ojph::local::param_qcd::~param_qcd`
* OSS-fuzz [444878557](https://issues.oss-fuzz.com/issues/444878557)
Null-dereference READ in `ojph::local::param_qcd::~param_qcd`

### Merged Pull Requests:

* [2168](https://github.com/AcademySoftwareFoundation/openexr/pull/2168)
 Fix improper use of `Py_DECREF` in legacy python module
* [2166](https://github.com/AcademySoftwareFoundation/openexr/pull/2166)
Only define `CMAKE_DEBUG_POSTFIX` if it is not already defined
* [2164](https://github.com/AcademySoftwareFoundation/openexr/pull/2164)
check storage_mode when computing chunk sizes
* [2163](https://github.com/AcademySoftwareFoundation/openexr/pull/2163)
Check for image size overflow in legacy python module
* [2162](https://github.com/AcademySoftwareFoundation/openexr/pull/2162)
verify packed/unpacked size with uncompressed data
* [2161](https://github.com/AcademySoftwareFoundation/openexr/pull/2161)
ImfCheckFile: handle partial deep tiles
* [2160](https://github.com/AcademySoftwareFoundation/openexr/pull/2160)
Fix issues with negative coordinates and sampling != 0
* [2159](https://github.com/AcademySoftwareFoundation/openexr/pull/2159)
Fix memset in `exr_read_chunk` when nread is negative
* [2156](https://github.com/AcademySoftwareFoundation/openexr/pull/2156)
Fix handling of corrupt RLE data
* [2150](https://github.com/AcademySoftwareFoundation/openexr/pull/2150)
Fix bug with re-reading scanline file with a different set of channels
   2025-10-19 20:22:09 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
openexr: update to 3.4.2.

## Version 3.4.2 (October 15, 2025)

Patch release that fixes a Windows build issue introduced in v3.4.1.

This version also bumps the auto-fetched Imath version to v3.2.2,
which resolves a build problem with newer versions of cmake, involving
duplicate library aliases.

No change in functionality.

### Merged Pull Requests:

* Update Bazel dependencies
* handle CMake CREATE_LINK failures for openjph headers