v3.1.4

Patch release that addresses various issues:

• Several bug fixes to properly reject invalid input upon read
• A check to enable SSE2 when building with Visual Studio
• A check to fix building with VisualStudio on ARM64
• Update the automatically-downloaded version of Imath to v3.1.4
• Miscellaneous documentation improvements

This addresses one public security vulnerability:

• CVE-2021-45942 Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute

See CHANGES.md for more details.

v3.1.3

Patch release with a change to default zip compression level:

• Default zip compression level is now 4 (instead of 6), which in our tests improves compression times by 2x with only a tiny drop in compression ratio.
• setDefaultZipCompression() and setDefaultDwaCompression() now set default compression levels for writing.
• The Header now has zipCompressionLevel() and dwaCompressionLevel() to get/set the levels used for writing.

Also, various bug fixes, build improvements, and documentation updates. In particular:

• Fixes a build failure with Imath prior to v3.1
• Fixes a bug in detecting invalid chromaticity values

v3.1.2

Patch release with various bug fixes, build improvements, and documentation updates. In particular:

• Fixes a test failure on arm7
• Proper handling of pthread with glibc 2.34+
• miscellaneous fixes for handling of invalid input by the new OpenEXRCore library

With this version, the OpenEXR technical documentation formerly
distributed exclusively as pdf's is now published online at
https://openexr.readthedocs.io, with the document source now
maintained as .rst files in the repo's docs subfolder.

• OSS-fuzz 39196 Stack-buffer-overflow in dispatch_print_error
• OSS-fuzz 39198 Direct-leak in exr_attr_chlist_add_with_length
• OSS-fuzz 39206 Direct-leak in extract_attr_string_vector
• OSS-fuzz 39212 Heap-use-after-free in dispatch_print_error
• OSS-fuzz 39205 Timeout in openexr_exrcheck_fuzzer
• OSS-fuzz 38912 Integer-overflow in Imf_3_1::bytesPerDeepLineTable
• OSS-fuzz 39084 Divide-by-zero in Imf_3_1::RGBtoXYZ

v3.1.1

Patch release that fixes build failures on various systems, introduces CMake CMAKE_CROSSCOMPILING_EMULATOR support, and fixes a few other minor issues.

See CHANGES.md for more details.

v3.1.0

Minor release with significant new features:

The 3.1 release of OpenEXR introduces a new library, OpenEXRCore, which is the result of a significant re-thinking of how OpenEXR manages file I/O and provides access to image data. It begins to address long-standing scalability issues with multithreaded image reading and writing.

The OpenEXRCore library provides thread-safe, non-blocking access to files, which was not possible with the current API, where the framebuffer management is separate from read requests. It is written entirely in C and provides a new C-language API alongside the existing C++ API. This new low-level API allows applications to do custom unpacking of EXR data, such as on the GPU, while still benefiting from efficient I/O, file validation, and other semantics. It provides efficient direct access to EXR files in texturing applications. This C library also introduces an easier path to implementing OpenEXR bindings in other languages, such as Rust.

The 3.1 release represents a technology preview for upcoming releases. The initial release is incremental; the existing API and underlying behavior has not changed. The new API is available now for performance validation testing, and then in future OpenEXR releases, the C++ API will migrate to use the new core in stages. It is not the intention to entirely deprecate the C++ API, nor must all applications re-implement EXR I/O in terms of the C library. The C API does not, and will not, provide the rich set of utility classes that exist in the C++ layer. The 3.1 release of the OpenEXRCore library simply offers new functionality for specialty applications seeking the highest possible performance. In the future, the ABI will evolve, but the API will remain consistent, or only have additions.

See the release notes and the technical documentation for more details.

v3.0.5

Patch release that fixes problems with library symlinks and pkg-config, as well as miscellaneous bugs/security issues.

• 1064 Use CMAKE_INSTALL_FULL_LIBDIR/INCLUDEDIR in pkgconfig for 3.*
• 1051 Fix non-versioned library symlinks in debug build.
• 1050 Use CMAKE__POSTFIX for .pc file lib suffix.
• 1045 The vtable for TiledRgbaInputFile was not properly tagged as export
• 1038 fix/extend part number validation in MultiPart methods
• 1037 verify data size in deepscanlines with NO_COMPRESSION
• 1036 detect buffer overflows in RleUncompress
• The Imath auto-build version defaults to Imath v3.0.5.

v2.5.7

Patch release of 2.5 with security and build fixes:

• OSS-fuzz 28051 Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
• OSS-fuzz 28155 Crash in Imf_2_5::PtrIStream::read
• Fix broken symlink and pkg-config lib suffix for cmake debug builds

v3.0.4

Patch release that corrects a problem with the release version numbers in v3.0.2/v3.0.3, and with the referenced Imath release.

v3.0.3

Patch release that fixes a regression in v3.0.2 that prevented headers from being installed properly.

v3.0.2

Patch release with miscellaneous bug/build fixes, including:

• Fix TimeCode.frame max value
• Don't impose C++14 on downstream projects
• Restore fix to macOS universal 2 build lost from #854

Specific OSS-fuzz issues:

• OSS-fuzz 33741 Integer-overflow in Imf_3_0::getScanlineChunkOffsetTableSize
• OSS-fuzz 32620 Out-of-memory in openexr_exrcheck_fuzzer