Skip to content

Add CI test to validate "cmake --install .. --prefix <path>#2333

Merged
cary-ilm merged 3 commits into
AcademySoftwareFoundation:mainfrom
cary-ilm:prefix-ci.2
Apr 10, 2026
Merged

Add CI test to validate "cmake --install .. --prefix <path>#2333
cary-ilm merged 3 commits into
AcademySoftwareFoundation:mainfrom
cary-ilm:prefix-ci.2

Conversation

@cary-ilm

@cary-ilm cary-ilm commented Apr 1, 2026

Copy link
Copy Markdown
Member

This adds CI validation for the fix in #2326. The CI checks will fail until that PR is merged.

With this change, when configure_install_prefix is provideed, the CI configures and builds with one install prefix but then overrides that in the install step with an explicit --prefix <path>. This validates that the custom prefix takes precedence over the cache.

This is done for the matrix builds that test with various settings off, so it's sure to catch both with and without the overriding prefix.

The --install option is only available in cmake 3.15+, but the OpenEXR supported version of cmake is still 3.14 (so that's what the CI uses), so the CI uses 3.15 for these builds.

With this change, when `configure_install_prefix` is provideed, the CI
configures and builds with one install prefix but then overrides that
in the install step with an explicit `--prefix <path>`. This validates
that the custom prefix takes precedence over the cache.

This is done for the matrix builds that test with various settings
off, so it's sure to catch both with and without the overriding
prefix.

The `--install` option is only available in cmake 3.15+, but the
OpenEXR supported version of cmake is still 3.14 (so that's what the
CI uses), so the CI uses 3.15 for these builds.

Signed-off-by: Cary Phillips <cary@ilm.com>
@cary-ilm
cary-ilm merged commit 44bf865 into AcademySoftwareFoundation:main Apr 10, 2026
37 of 38 checks passed
cary-ilm added a commit that referenced this pull request Apr 15, 2026
With this change, when `configure_install_prefix` is provideed, the CI
configures and builds with one install prefix but then overrides that
in the install step with an explicit `--prefix <path>`. This validates
that the custom prefix takes precedence over the cache.

This is done for the matrix builds that test with various settings
off, so it's sure to catch both with and without the overriding
prefix.

The `--install` option is only available in cmake 3.15+, but the
OpenEXR supported version of cmake is still 3.14 (so that's what the
CI uses), so the CI uses 3.15 for these builds.

Signed-off-by: Cary Phillips <cary@ilm.com>
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Apr 19, 2026
## Version 3.4.10 (April 16, 2026)

Patch release that addresses the following security vulnerabilities:

* [CVE-2026-39886](https://www.cve.org/CVERecord?id=CVE-2026-39886) HTJ2K Signed Integer Overflow in `ht_undo_impl()`
* [CVE-2026-40244](https://www.cve.org/CVERecord?id=CVE-2026-40244) Integer overflow in DWA `setupChannelData` `planarUncRle` pointer arithmetic (missed variant of CVE-2026-34589)
* [CVE-2026-40250](https://www.cve.org/CVERecord?id=CVE-2026-40250) Integer overflow in DWA decoder `outBufferEnd` pointer arithmetic (missed variant of CVE-2026-34589)

### Merged Pull Requests

* [2346](AcademySoftwareFoundation/openexr#2346)
Fix integer overflow in internal_dwa_compressor.h
* [2345](AcademySoftwareFoundation/openexr#2345)
Fix HTJ2K bytes-per-line integer overflow in internal_ht.cpp
* [2340](AcademySoftwareFoundation/openexr#2340)
Fix 3.4.9 cve list formatting
* [2339](AcademySoftwareFoundation/openexr#2339)
fix link formatting typo
* [2337](AcademySoftwareFoundation/openexr#2337)
notes and news for v3.4.9, v3.3.9, v3.2.7
* [2334](AcademySoftwareFoundation/openexr#2334)
Add CVE-2026-34589,34588,34545,34544,34543,34380,34379,34378 to SECURITY.md
* [2316](AcademySoftwareFoundation/openexr#2316)
Fix Pinned-Dependencies Scorecard alert in website workflow

### Merged Workflow Pull Requests

* [2360](AcademySoftwareFoundation/openexr#2360)
Bump actions/cache from 5.0.4 to 5.0.5
* [2354](AcademySoftwareFoundation/openexr#2354)
Bump actions/upload-artifact from 7.0.0 to 7.0.1
* [2343](AcademySoftwareFoundation/openexr#2343)
Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0
* [2341](AcademySoftwareFoundation/openexr#2341)
Bump jmertic/slack-release-notifier from 32206e01ee0b0f66865d2be13bb3c62e474b5ce0 to 9d7d3a84563d2ebc8f7b2271be6c9568fedd7f3a
* [2338](AcademySoftwareFoundation/openexr#2338)
Fix CodeQL SARIF upload ref for pull_request workflows
* [2336](AcademySoftwareFoundation/openexr#2336)
Bump pypa/cibuildwheel from 3.4.0 to 3.4.1
* [2333](AcademySoftwareFoundation/openexr#2333)
Add CI test to validate "cmake --install .. --prefix <path>
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request May 13, 2026
## Version 3.4.10 (April 16, 2026)

Patch release that addresses the following security vulnerabilities:

* [CVE-2026-39886](https://www.cve.org/CVERecord?id=CVE-2026-39886) HTJ2K Signed Integer Overflow in `ht_undo_impl()`
* [CVE-2026-40244](https://www.cve.org/CVERecord?id=CVE-2026-40244) Integer overflow in DWA `setupChannelData` `planarUncRle` pointer arithmetic (missed variant of CVE-2026-34589)
* [CVE-2026-40250](https://www.cve.org/CVERecord?id=CVE-2026-40250) Integer overflow in DWA decoder `outBufferEnd` pointer arithmetic (missed variant of CVE-2026-34589)

### Merged Pull Requests

* [2346](AcademySoftwareFoundation/openexr#2346)
Fix integer overflow in internal_dwa_compressor.h
* [2345](AcademySoftwareFoundation/openexr#2345)
Fix HTJ2K bytes-per-line integer overflow in internal_ht.cpp
* [2340](AcademySoftwareFoundation/openexr#2340)
Fix 3.4.9 cve list formatting
* [2339](AcademySoftwareFoundation/openexr#2339)
fix link formatting typo
* [2337](AcademySoftwareFoundation/openexr#2337)
notes and news for v3.4.9, v3.3.9, v3.2.7
* [2334](AcademySoftwareFoundation/openexr#2334)
Add CVE-2026-34589,34588,34545,34544,34543,34380,34379,34378 to SECURITY.md
* [2316](AcademySoftwareFoundation/openexr#2316)
Fix Pinned-Dependencies Scorecard alert in website workflow

### Merged Workflow Pull Requests

* [2360](AcademySoftwareFoundation/openexr#2360)
Bump actions/cache from 5.0.4 to 5.0.5
* [2354](AcademySoftwareFoundation/openexr#2354)
Bump actions/upload-artifact from 7.0.0 to 7.0.1
* [2343](AcademySoftwareFoundation/openexr#2343)
Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0
* [2341](AcademySoftwareFoundation/openexr#2341)
Bump jmertic/slack-release-notifier from 32206e01ee0b0f66865d2be13bb3c62e474b5ce0 to 9d7d3a84563d2ebc8f7b2271be6c9568fedd7f3a
* [2338](AcademySoftwareFoundation/openexr#2338)
Fix CodeQL SARIF upload ref for pull_request workflows
* [2336](AcademySoftwareFoundation/openexr#2336)
Bump pypa/cibuildwheel from 3.4.0 to 3.4.1
* [2333](AcademySoftwareFoundation/openexr#2333)
Add CI test to validate "cmake --install .. --prefix <path>
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request May 21, 2026
## Version 3.4.10 (April 16, 2026)

Patch release that addresses the following security vulnerabilities:

* [CVE-2026-39886](https://www.cve.org/CVERecord?id=CVE-2026-39886) HTJ2K Signed Integer Overflow in `ht_undo_impl()`
* [CVE-2026-40244](https://www.cve.org/CVERecord?id=CVE-2026-40244) Integer overflow in DWA `setupChannelData` `planarUncRle` pointer arithmetic (missed variant of CVE-2026-34589)
* [CVE-2026-40250](https://www.cve.org/CVERecord?id=CVE-2026-40250) Integer overflow in DWA decoder `outBufferEnd` pointer arithmetic (missed variant of CVE-2026-34589)

### Merged Pull Requests

* [2346](AcademySoftwareFoundation/openexr#2346)
Fix integer overflow in internal_dwa_compressor.h
* [2345](AcademySoftwareFoundation/openexr#2345)
Fix HTJ2K bytes-per-line integer overflow in internal_ht.cpp
* [2340](AcademySoftwareFoundation/openexr#2340)
Fix 3.4.9 cve list formatting
* [2339](AcademySoftwareFoundation/openexr#2339)
fix link formatting typo
* [2337](AcademySoftwareFoundation/openexr#2337)
notes and news for v3.4.9, v3.3.9, v3.2.7
* [2334](AcademySoftwareFoundation/openexr#2334)
Add CVE-2026-34589,34588,34545,34544,34543,34380,34379,34378 to SECURITY.md
* [2316](AcademySoftwareFoundation/openexr#2316)
Fix Pinned-Dependencies Scorecard alert in website workflow

### Merged Workflow Pull Requests

* [2360](AcademySoftwareFoundation/openexr#2360)
Bump actions/cache from 5.0.4 to 5.0.5
* [2354](AcademySoftwareFoundation/openexr#2354)
Bump actions/upload-artifact from 7.0.0 to 7.0.1
* [2343](AcademySoftwareFoundation/openexr#2343)
Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0
* [2341](AcademySoftwareFoundation/openexr#2341)
Bump jmertic/slack-release-notifier from 32206e01ee0b0f66865d2be13bb3c62e474b5ce0 to 9d7d3a84563d2ebc8f7b2271be6c9568fedd7f3a
* [2338](AcademySoftwareFoundation/openexr#2338)
Fix CodeQL SARIF upload ref for pull_request workflows
* [2336](AcademySoftwareFoundation/openexr#2336)
Bump pypa/cibuildwheel from 3.4.0 to 3.4.1
* [2333](AcademySoftwareFoundation/openexr#2333)
Add CI test to validate "cmake --install .. --prefix <path>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant