Add CI test to validate "cmake --install .. --prefix <path>#2333
Merged
Conversation
With this change, when `configure_install_prefix` is provideed, the CI configures and builds with one install prefix but then overrides that in the install step with an explicit `--prefix <path>`. This validates that the custom prefix takes precedence over the cache. This is done for the matrix builds that test with various settings off, so it's sure to catch both with and without the overriding prefix. The `--install` option is only available in cmake 3.15+, but the OpenEXR supported version of cmake is still 3.14 (so that's what the CI uses), so the CI uses 3.15 for these builds. Signed-off-by: Cary Phillips <cary@ilm.com>
cary-ilm
merged commit Apr 10, 2026
44bf865
into
AcademySoftwareFoundation:main
37 of 38 checks passed
cary-ilm
added a commit
that referenced
this pull request
Apr 15, 2026
With this change, when `configure_install_prefix` is provideed, the CI configures and builds with one install prefix but then overrides that in the install step with an explicit `--prefix <path>`. This validates that the custom prefix takes precedence over the cache. This is done for the matrix builds that test with various settings off, so it's sure to catch both with and without the overriding prefix. The `--install` option is only available in cmake 3.15+, but the OpenEXR supported version of cmake is still 3.14 (so that's what the CI uses), so the CI uses 3.15 for these builds. Signed-off-by: Cary Phillips <cary@ilm.com>
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Apr 19, 2026
## Version 3.4.10 (April 16, 2026) Patch release that addresses the following security vulnerabilities: * [CVE-2026-39886](https://www.cve.org/CVERecord?id=CVE-2026-39886) HTJ2K Signed Integer Overflow in `ht_undo_impl()` * [CVE-2026-40244](https://www.cve.org/CVERecord?id=CVE-2026-40244) Integer overflow in DWA `setupChannelData` `planarUncRle` pointer arithmetic (missed variant of CVE-2026-34589) * [CVE-2026-40250](https://www.cve.org/CVERecord?id=CVE-2026-40250) Integer overflow in DWA decoder `outBufferEnd` pointer arithmetic (missed variant of CVE-2026-34589) ### Merged Pull Requests * [2346](AcademySoftwareFoundation/openexr#2346) Fix integer overflow in internal_dwa_compressor.h * [2345](AcademySoftwareFoundation/openexr#2345) Fix HTJ2K bytes-per-line integer overflow in internal_ht.cpp * [2340](AcademySoftwareFoundation/openexr#2340) Fix 3.4.9 cve list formatting * [2339](AcademySoftwareFoundation/openexr#2339) fix link formatting typo * [2337](AcademySoftwareFoundation/openexr#2337) notes and news for v3.4.9, v3.3.9, v3.2.7 * [2334](AcademySoftwareFoundation/openexr#2334) Add CVE-2026-34589,34588,34545,34544,34543,34380,34379,34378 to SECURITY.md * [2316](AcademySoftwareFoundation/openexr#2316) Fix Pinned-Dependencies Scorecard alert in website workflow ### Merged Workflow Pull Requests * [2360](AcademySoftwareFoundation/openexr#2360) Bump actions/cache from 5.0.4 to 5.0.5 * [2354](AcademySoftwareFoundation/openexr#2354) Bump actions/upload-artifact from 7.0.0 to 7.0.1 * [2343](AcademySoftwareFoundation/openexr#2343) Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 * [2341](AcademySoftwareFoundation/openexr#2341) Bump jmertic/slack-release-notifier from 32206e01ee0b0f66865d2be13bb3c62e474b5ce0 to 9d7d3a84563d2ebc8f7b2271be6c9568fedd7f3a * [2338](AcademySoftwareFoundation/openexr#2338) Fix CodeQL SARIF upload ref for pull_request workflows * [2336](AcademySoftwareFoundation/openexr#2336) Bump pypa/cibuildwheel from 3.4.0 to 3.4.1 * [2333](AcademySoftwareFoundation/openexr#2333) Add CI test to validate "cmake --install .. --prefix <path>
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
May 13, 2026
## Version 3.4.10 (April 16, 2026) Patch release that addresses the following security vulnerabilities: * [CVE-2026-39886](https://www.cve.org/CVERecord?id=CVE-2026-39886) HTJ2K Signed Integer Overflow in `ht_undo_impl()` * [CVE-2026-40244](https://www.cve.org/CVERecord?id=CVE-2026-40244) Integer overflow in DWA `setupChannelData` `planarUncRle` pointer arithmetic (missed variant of CVE-2026-34589) * [CVE-2026-40250](https://www.cve.org/CVERecord?id=CVE-2026-40250) Integer overflow in DWA decoder `outBufferEnd` pointer arithmetic (missed variant of CVE-2026-34589) ### Merged Pull Requests * [2346](AcademySoftwareFoundation/openexr#2346) Fix integer overflow in internal_dwa_compressor.h * [2345](AcademySoftwareFoundation/openexr#2345) Fix HTJ2K bytes-per-line integer overflow in internal_ht.cpp * [2340](AcademySoftwareFoundation/openexr#2340) Fix 3.4.9 cve list formatting * [2339](AcademySoftwareFoundation/openexr#2339) fix link formatting typo * [2337](AcademySoftwareFoundation/openexr#2337) notes and news for v3.4.9, v3.3.9, v3.2.7 * [2334](AcademySoftwareFoundation/openexr#2334) Add CVE-2026-34589,34588,34545,34544,34543,34380,34379,34378 to SECURITY.md * [2316](AcademySoftwareFoundation/openexr#2316) Fix Pinned-Dependencies Scorecard alert in website workflow ### Merged Workflow Pull Requests * [2360](AcademySoftwareFoundation/openexr#2360) Bump actions/cache from 5.0.4 to 5.0.5 * [2354](AcademySoftwareFoundation/openexr#2354) Bump actions/upload-artifact from 7.0.0 to 7.0.1 * [2343](AcademySoftwareFoundation/openexr#2343) Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 * [2341](AcademySoftwareFoundation/openexr#2341) Bump jmertic/slack-release-notifier from 32206e01ee0b0f66865d2be13bb3c62e474b5ce0 to 9d7d3a84563d2ebc8f7b2271be6c9568fedd7f3a * [2338](AcademySoftwareFoundation/openexr#2338) Fix CodeQL SARIF upload ref for pull_request workflows * [2336](AcademySoftwareFoundation/openexr#2336) Bump pypa/cibuildwheel from 3.4.0 to 3.4.1 * [2333](AcademySoftwareFoundation/openexr#2333) Add CI test to validate "cmake --install .. --prefix <path>
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
May 21, 2026
## Version 3.4.10 (April 16, 2026) Patch release that addresses the following security vulnerabilities: * [CVE-2026-39886](https://www.cve.org/CVERecord?id=CVE-2026-39886) HTJ2K Signed Integer Overflow in `ht_undo_impl()` * [CVE-2026-40244](https://www.cve.org/CVERecord?id=CVE-2026-40244) Integer overflow in DWA `setupChannelData` `planarUncRle` pointer arithmetic (missed variant of CVE-2026-34589) * [CVE-2026-40250](https://www.cve.org/CVERecord?id=CVE-2026-40250) Integer overflow in DWA decoder `outBufferEnd` pointer arithmetic (missed variant of CVE-2026-34589) ### Merged Pull Requests * [2346](AcademySoftwareFoundation/openexr#2346) Fix integer overflow in internal_dwa_compressor.h * [2345](AcademySoftwareFoundation/openexr#2345) Fix HTJ2K bytes-per-line integer overflow in internal_ht.cpp * [2340](AcademySoftwareFoundation/openexr#2340) Fix 3.4.9 cve list formatting * [2339](AcademySoftwareFoundation/openexr#2339) fix link formatting typo * [2337](AcademySoftwareFoundation/openexr#2337) notes and news for v3.4.9, v3.3.9, v3.2.7 * [2334](AcademySoftwareFoundation/openexr#2334) Add CVE-2026-34589,34588,34545,34544,34543,34380,34379,34378 to SECURITY.md * [2316](AcademySoftwareFoundation/openexr#2316) Fix Pinned-Dependencies Scorecard alert in website workflow ### Merged Workflow Pull Requests * [2360](AcademySoftwareFoundation/openexr#2360) Bump actions/cache from 5.0.4 to 5.0.5 * [2354](AcademySoftwareFoundation/openexr#2354) Bump actions/upload-artifact from 7.0.0 to 7.0.1 * [2343](AcademySoftwareFoundation/openexr#2343) Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 * [2341](AcademySoftwareFoundation/openexr#2341) Bump jmertic/slack-release-notifier from 32206e01ee0b0f66865d2be13bb3c62e474b5ce0 to 9d7d3a84563d2ebc8f7b2271be6c9568fedd7f3a * [2338](AcademySoftwareFoundation/openexr#2338) Fix CodeQL SARIF upload ref for pull_request workflows * [2336](AcademySoftwareFoundation/openexr#2336) Bump pypa/cibuildwheel from 3.4.0 to 3.4.1 * [2333](AcademySoftwareFoundation/openexr#2333) Add CI test to validate "cmake --install .. --prefix <path>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This adds CI validation for the fix in #2326. The CI checks will fail until that PR is merged.
With this change, when
configure_install_prefixis provideed, the CI configures and builds with one install prefix but then overrides that in the install step with an explicit--prefix <path>. This validates that the custom prefix takes precedence over the cache.This is done for the matrix builds that test with various settings off, so it's sure to catch both with and without the overriding prefix.
The
--installoption is only available in cmake 3.15+, but the OpenEXR supported version of cmake is still 3.14 (so that's what the CI uses), so the CI uses 3.15 for these builds.