Security fix for CVE-2022-28041 affecting usd via its dependency on the header-only stb_image library.


Do not package pxrConfig.cmake with usd, since it is not usable with a monolithic library build.

  • Move bundled library virtual Provides from usd to usd-libs
  • Do not use jemalloc in usd

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2022-c87bba6546

This update has been submitted for testing by music.

4 months ago

This update's test gating status has been changed to 'ignored'.

4 months ago

music edited this update.

4 months ago

This update has been pushed to testing.

4 months ago

music edited this update.

4 months ago
User Icon music commented & provided feedback 4 months ago

So, this update is ABI-compatible with the existing blender package, but it would cause it to FTBFS until cmake(pxr) is changed to usd-devel.

Note that blender has its own CMake scripts for finding usd, which it was always using instead of the ones installed with usd-devel. However, this update no longer provides cmake(pxr) since it does not install CMake scripts.

Although rebuilding Blender is not strictly necessary (just pushing a commit to the branch in dist-git could be enough to prevent an FTBFS bug from being filed), I’ll nevertheless rebuild Blender and add it to this update.

music edited this update.

New build(s):

  • blender-3.1.2-3.fc36

Karma has been reset.

4 months ago

This update has been submitted for testing by music.

4 months ago

This update has been pushed to testing.

4 months ago

This update has been submitted for stable by bodhi.

4 months ago

music edited this update.

New build(s):

  • usd-22.03-8.fc36

Removed build(s):

  • usd-22.03-7.fc36

Karma has been reset.

4 months ago

This update has been submitted for testing by music.

4 months ago
User Icon music commented & provided feedback 4 months ago

Replaced the usd build in this update with one that contains the fix for fix for CVE-2022-28041. Changed update type from bugfix to security.

This update has been pushed to testing.

4 months ago

This update has been submitted for stable by bodhi.

4 months ago

This update has been pushed to stable.

3 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
4 months ago
in testing
4 months ago
in stable
3 months ago
modified
4 months ago
BZ#2055414 usd-devel is missing pxrTargets.cmake
0
0
BZ#2077054 Rebuild usd with updated stb_image-{devel,static} for CVE-2022-28041
0
0

Automated Test Results