Sync from SUSE:SLFO:Main tiff revision 9088f9711895990e8ff1d0a7b6ad84e3

2024-05-04 01:23:41 +02:00 · 2024-05-04 01:23:41 +02:00 · e905965528
commit e905965528
10 changed files with 2382 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/README.SUSE
+++ b/README.SUSE
@ -0,0 +1,2 @@
+The documentation for tiff programs and library is in package tiff
+in directory /usr/share/doc/packages/tiff.
--- a/baselibs.conf
+++ b/baselibs.conf
@ -0,0 +1,6 @@
+libtiff6
+  obsoletes "libtiff-<targettype> <= <version>"
+  provides "libtiff-<targettype> = <version>"
+libtiff-devel
+ requires -libtiff-<targettype>
+ requires "libtiff6-<targettype> = <version>"
--- a/tiff-4.0.3-seek.patch
+++ b/tiff-4.0.3-seek.patch
@ -0,0 +1,13 @@
+Index: tiff-4.6.0/libtiff/tiffiop.h
+===================================================================
+--- tiff-4.6.0.orig/libtiff/tiffiop.h
+++ tiff-4.6.0/libtiff/tiffiop.h
+@@ -256,7 +256,7 @@ struct TIFFOpenOptions
+ #define TIFFWriteFile(tif, buf, size)                                          \
+     ((*(tif)->tif_writeproc)((tif)->tif_clientdata, (buf), (size)))
+ #define TIFFSeekFile(tif, off, whence)                                         \
+-    ((*(tif)->tif_seekproc)((tif)->tif_clientdata, (off), (whence)))
+  	((tif)->tif_seekproc?((*(tif)->tif_seekproc)((tif)->tif_clientdata,(toff_t)(off),whence)):0)
+ #define TIFFCloseFile(tif) ((*(tif)->tif_closeproc)((tif)->tif_clientdata))
+ #define TIFFGetFileSize(tif) ((*(tif)->tif_sizeproc)((tif)->tif_clientdata))
+ #define TIFFMapFileContents(tif, paddr, psize)                                 \
--- a/tiff-4.6.0.tar.xz
+++ b/tiff-4.6.0.tar.xz
--- a/tiff-4.6.0.tar.xz.sig
+++ b/tiff-4.6.0.tar.xz.sig
--- a/tiff-CVE-2023-52356.patch
+++ b/tiff-CVE-2023-52356.patch
@ -0,0 +1,33 @@
+Index: tiff-4.6.0/libtiff/tif_getimage.c
+===================================================================
+--- tiff-4.6.0.orig/libtiff/tif_getimage.c
+++ tiff-4.6.0/libtiff/tif_getimage.c
+@@ -3224,6 +3224,13 @@ int TIFFReadRGBAStripExt(TIFF *tif, uint
+     if (TIFFRGBAImageOK(tif, emsg) &&
+         TIFFRGBAImageBegin(&img, tif, stop_on_error, emsg))
+     {
+		if (row >= img.height)
+        {
+            TIFFErrorExtR(tif, TIFFFileName(tif),
+                          "Invalid row passed to TIFFReadRGBAStrip().");
+            TIFFRGBAImageEnd(&img);
+            return (0);
+        }
+ 
+         img.row_offset = row;
+         img.col_offset = 0;
+@@ -3301,6 +3308,14 @@ int TIFFReadRGBATileExt(TIFF *tif, uint3
+         return (0);
+     }
+ 
+	if (col >= img.width || row >= img.height)
+    {
+        TIFFErrorExtR(tif, TIFFFileName(tif),
+                      "Invalid row/col passed to TIFFReadRGBATile().");
+        TIFFRGBAImageEnd(&img);
+        return (0);
+    }
+
+     /*
+      * The TIFFRGBAImageGet() function doesn't allow us to get off the
+      * edge of the image, even to fill an otherwise valid tile.  So we
--- a/tiff.changes
+++ b/tiff.changes
--- a/tiff.keyring
+++ b/tiff.keyring
@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFWDB10BCADeJcYKb4zsG2fs3MWGf996ZS4KIiOBRNQtQwCI5+h3K8m1qDur
+qyRZ50tB/ODJwJNqdKGdGyrIvGDynsS9JsZMJ2PVoI9IK+X/vQiokx9lJCuDXTtw
+1THmA85lyl1blLe3j6tA74MSXDiT3nVk375djTz+zOGxa/Ueg49tM+DjltYpkVsG
+TCc29/QJ4rZmto0Lj8iU+9S7S8H/2/54qUn7vFzfzsTkI8fiLM0deCzONzE7j9Ho
+vj/8dSHmB5GOGtLf2kMHbgDhHfs61UN4FawugnilCfrxVzi5EmmEByP8Zp6h/or5
+QrTCFrVEW+zRXDGsqicN01rK22/JvyUbpyNABEBAAG0KUV2ZW4gUm91YXVsdCA8
+ZXZlbi5yb3VhdWx0QHNwYXRpYWx5cy5jb20+iQE4BBMBAgAiBQJVgwddAhsDBgsJ
+CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAz67/Eez3YfZphB/9H/fWUakZqzlqi
+NhZbev0um5GUYBERB7cp8JqmILF6TzCvievmR8q0zJb3vyc+8Kjti/n5CyziWDtH
+XqibyhsoAFoOHhyMjQVj/hFR6oCWxF6fASkzpUSoDAHtVpFXqaLrbI1B2Fb9JpTs
+VrHz0HVaW30E7eybmi7oYjV4T1bO22D/aH80zx3i6cLnoGqMCHmKrwNOK7A95mKj
+k9s9GRbamR/3ef8BDF3xikDe8nSxICVc3WJbMHcGjHU6p8C/RzCvWqfHDtTuiWcG
+feqaA1LmBKtpIHwG1uigM8+MJT+S+NYljTLqbz0FsORbUQ1QqXuqrfNoBqAEbLxg
+esSGPx7UuQENBFWDB10BCADwo42Jwl14Tq3xhPM+1BSOfy3Aw6wTXsWzxoDABs+8
+42WhD53vn7MnOSz2VX4cTvw4ioi+N3NB2zaHGNTrwyV3DExh0d8ZNq53IXoMYfot
+Uv/lZ6QHJB+kIYe+twOjkKCYj4jt1m7aEDZ3Ra4aoZbYWfFbQNZ0tnUKFVUBWcWQ
+jyCWC84BdXkbxcmsr2njocqyu0lfjXpVcCBcTCcgf/LHy79asm4jgB0XpE+e8ri8
+kEadj7x7x4rrhJfa9t3oJ3AZ3rmo5zzFdbJtNKhCmwCoHrvRNWOPn6u5E7YYW9kB
+xgzUUhh1g2F9RMbh3CZjICi9HtbWK3slWGYTaMt4lg/ZABEBAAGJAR8EGAECAAkF
+AlWDB10CGwwACgkQM+u/xHs92H2a0wf/XV0XjqMWufAIKkvL6CmrZrCixWmPOiC1
+q8894h+gR5JpKD9h0gLJhtk4tLMy+pDmNSxPXsoRYHneJIqHl1M72Q7vEhTKIVXn
+h9A306ZjCHTTNSQ3npNG1wpO0LyLDmn+Zvd1JBoFyCzsTPZ+TbUYvVJT0CeFbJBe
+1JzoO1Mi2fOtA91GuYtstWLNccDbv2b5s+JSbAf3ix3+qiUpA5fglWFljCYPxzkA
+eU8AReBpuirD0ZQ1Z7GJDJs2zHKZu5BqCTf5gpVLUHCXd3F46CZ4IaVrOGhNP1Ki
+KemC/dPHz7Ku7HN0tqmmmu12nvUACBckNsVebCefOFrkGtdryHQ1Zw==
+=4/vP
+-----END PGP PUBLIC KEY BLOCK-----
--- a/tiff.spec
+++ b/tiff.spec
@ -0,0 +1,125 @@
+#
+# spec file for package tiff
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define asan_build 0
+%define debug_build 0
+Name:           tiff
+Version:        4.6.0
+Release:        0
+Summary:        Tools for Converting from and to the Tagged Image File Format
+License:        HPND
+Group:          Productivity/Graphics/Convertors
+URL:            https://libtiff.gitlab.io/libtiff/
+Source:         https://download.osgeo.org/libtiff/tiff-%{version}.tar.xz
+Source1:        https://download.osgeo.org/libtiff/tiff-%{version}.tar.xz.sig
+Source2:        README.SUSE
+Source3:        baselibs.conf
+Source99:       tiff.keyring
+Patch0:         tiff-4.0.3-seek.patch
+Patch1:         tiff-CVE-2023-52356.patch
+BuildRequires:  gcc-c++
+BuildRequires:  libjbig-devel
+BuildRequires:  libjpeg-devel
+BuildRequires:  libtool
+BuildRequires:  lzma-devel
+BuildRequires:  pkgconfig
+BuildRequires:  pkgconfig(libzstd)
+BuildRequires:  pkgconfig(zlib)
+
+%description
+This package contains the library and support programs for the TIFF
+image format.
+
+%package -n libtiff6
+Summary:        The Tiff Library (with JPEG and compression support)
+Group:          System/Libraries
+Provides:       libtiff = %{version}
+
+%description -n libtiff6
+This package includes the tiff libraries. To link a program with
+libtiff, you will have to add -ljpeg and -lz to include the necessary
+libjpeg and libz in the linking process.
+
+%package -n libtiff-devel
+Summary:        Development Tools for Programs which will use the libtiff Library
+Group:          Development/Libraries/C and C++
+Requires:       glibc-devel
+Requires:       libstdc++-devel
+Requires:       libtiff6 = %{version}
+
+%description -n libtiff-devel
+This package contains the header files and static libraries for
+developing programs which will manipulate TIFF format image files using
+the libtiff library.
+
+%prep
+%autosetup -p1
+
+%build
+CFLAGS="%{optflags} -fPIE"
+%if %{debug_build}
+CFLAGS="$CFLAGS -O0"
+%endif
+%configure --disable-static
+%if %{asan_build}
+find -name Makefile | xargs sed -i 's/\(^CFLAGS.*\)/\1 -fsanitize=address/'
+%endif
+%make_build LDFLAGS="-pie"
+
+%install
+mkdir -p %{buildroot}/{%{_mandir}/{man1,man3},usr/{bin,lib,include}}
+%make_install
+for f in `find %{buildroot}/%{_mandir} -type f -print ` ; do
+  if [ `wc -l <$f` -eq 1 ] && grep -q "^\.so " $f ; then
+    linkto=`sed -e "s|^\.so ||" $f`
+    [ -f "`dirname $f`/$linkto" ] && ln -sf "$linkto" $f
+  fi
+done
+
+cp %{SOURCE2} .
+rm -rf %{buildroot}%{_datadir}/doc/tiff*
+find %{buildroot} -type f -name "*.la" -delete -print
+
+%check
+%if %{asan_build}
+# ASAN needs /proc to be mounted
+exit 0
+%endif
+for i in tools test; do
+	(cd $i && make %{?_smp_mflags} check)
+done
+
+%ldconfig_scriptlets -n libtiff6
+
+%files
+%{_bindir}/*
+%doc README.md VERSION ChangeLog TODO RELEASE-DATE
+%{_mandir}/man1/*
+
+%files -n libtiff6
+%license LICENSE.md
+%doc README.md README.SUSE
+%{_libdir}/*.so.*
+
+%files -n libtiff-devel
+%{_includedir}/*
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/*.pc
+%{_mandir}/man3/*
+
+%changelog