stable

blender-3.1.2-3.fc36 and usd-22.03-8.fc36

FEDORA-2022-c87bba6546 created by music 11 months ago for Fedora 36

Security fix for CVE-2022-28041 affecting usd via its dependency on the header-only stb_image library.


Do not package pxrConfig.cmake with usd, since it is not usable with a monolithic library build.

  • Move bundled library virtual Provides from usd to usd-libs
  • Do not use jemalloc in usd

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2022-c87bba6546

This update has been submitted for testing by music.

11 months ago

This update's test gating status has been changed to 'ignored'.

11 months ago

music edited this update.

11 months ago

This update has been pushed to testing.

11 months ago

music edited this update.

11 months ago
User Icon music commented & provided feedback 11 months ago

So, this update is ABI-compatible with the existing blender package, but it would cause it to FTBFS until cmake(pxr) is changed to usd-devel.

Note that blender has its own CMake scripts for finding usd, which it was always using instead of the ones installed with usd-devel. However, this update no longer provides cmake(pxr) since it does not install CMake scripts.

Although rebuilding Blender is not strictly necessary (just pushing a commit to the branch in dist-git could be enough to prevent an FTBFS bug from being filed), I’ll nevertheless rebuild Blender and add it to this update.

music edited this update.

New build(s):

  • blender-3.1.2-3.fc36

Karma has been reset.

11 months ago

This update has been submitted for testing by music.

11 months ago

This update has been pushed to testing.

11 months ago

This update has been submitted for stable by bodhi.

11 months ago

music edited this update.

New build(s):

  • usd-22.03-8.fc36

Removed build(s):

  • usd-22.03-7.fc36

Karma has been reset.

11 months ago

This update has been submitted for testing by music.

11 months ago
User Icon music commented & provided feedback 11 months ago

Replaced the usd build in this update with one that contains the fix for fix for CVE-2022-28041. Changed update type from bugfix to security.

This update has been pushed to testing.

11 months ago

This update has been submitted for stable by bodhi.

11 months ago

This update has been pushed to stable.

10 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
11 months ago
in testing
11 months ago
in stable
10 months ago
modified
11 months ago
BZ#2055414 usd-devel is missing pxrTargets.cmake
0
0
BZ#2077054 Rebuild usd with updated stb_image-{devel,static} for CVE-2022-28041
0
0

Automated Test Results