[Bug 221058] graphics/luminance: Update to 2.5.1

Fri Sep 15 05:01:24 UTC 2017

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221058

--- Comment #12 from goffredo at gmail.com ---
I modified the Makefile, and got this error:

"
Error: /usr/local/bin/luminance-hdr is linked to
/usr/local/lib/libIlmImf-2_2.so.22 from graphics/OpenEXR but it is not declared
as a dependency
Warning: you need LIB_DEPENDS+=libIlmImf-2_2.so:graphics/OpenEXR
"

It installs e works fine.

But, when I add libIlmImf-2_2.so:graphics/OpenEXR in LIB_DEPENDS I get this
error:

"
===>   luminance-hdr-qt5-2.5.1 depends on shared library: libIlmImf-2_2.so -
not found
===>  OpenEXR-2.2.0_7 has known vulnerabilities:
OpenEXR-2.2.0_7 is vulnerable:
OpenEXR -- multiple remote code execution and denial of service vulnerabilities
CVE: CVE-2017-9116
CVE: CVE-2017-9115
CVE: CVE-2017-9114
CVE: CVE-2017-9113
CVE: CVE-2017-9112
CVE: CVE-2017-9111
CVE: CVE-2017-9110
WWW:
https://vuxml.FreeBSD.org/freebsd/803879e9-4195-11e7-9b08-080027ef73ec.html

1 problem(s) in the installed packages found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update
available.
=> If you wish to ignore this vulnerability rebuild with 'make
DISABLE_VULNERABILITIES=yes'
*** Error code 1

Stop.
make[3]: stopped in /usr/ports/graphics/OpenEXR
*** Error code 1

Stop.
make[2]: stopped in /usr/ports/graphics/OpenEXR
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/graphics/luminance-qt5
*** Error code 1

Stop.
make: stopped in /usr/ports/graphics/luminance-qt5
"

I know, there is this security issue in OpenEXR. And they know
(https://github.com/openexr/openexr/issues/232). I sent this security issue
message to then.

But I have it installed:

"
root:SUPER[1068] pkg info | grep -i openexr
OpenEXR-2.2.0_7                High dynamic-range (HDR) image file format
"

-- 
You are receiving this mail because:
You are on the CC list for the bug.