commit e905965528a295064e2fc93c30c7a2dd91291320e654a81abd3458eaea741b53 Author: Adrian Schröter Date: Sat May 4 01:23:41 2024 +0200 Sync from SUSE:SLFO:Main tiff revision 9088f9711895990e8ff1d0a7b6ad84e3 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..0a2ccb1 --- /dev/null +++ b/README.SUSE @@ -0,0 +1,2 @@ +The documentation for tiff programs and library is in package tiff +in directory /usr/share/doc/packages/tiff. \ No newline at end of file diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..6b0fc0c --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,6 @@ +libtiff6 + obsoletes "libtiff- <= " + provides "libtiff- = " +libtiff-devel + requires -libtiff- + requires "libtiff6- = " diff --git a/tiff-4.0.3-seek.patch b/tiff-4.0.3-seek.patch new file mode 100644 index 0000000..eea122a --- /dev/null +++ b/tiff-4.0.3-seek.patch @@ -0,0 +1,13 @@ +Index: tiff-4.6.0/libtiff/tiffiop.h +=================================================================== +--- tiff-4.6.0.orig/libtiff/tiffiop.h ++++ tiff-4.6.0/libtiff/tiffiop.h +@@ -256,7 +256,7 @@ struct TIFFOpenOptions + #define TIFFWriteFile(tif, buf, size) \ + ((*(tif)->tif_writeproc)((tif)->tif_clientdata, (buf), (size))) + #define TIFFSeekFile(tif, off, whence) \ +- ((*(tif)->tif_seekproc)((tif)->tif_clientdata, (off), (whence))) ++ ((tif)->tif_seekproc?((*(tif)->tif_seekproc)((tif)->tif_clientdata,(toff_t)(off),whence)):0) + #define TIFFCloseFile(tif) ((*(tif)->tif_closeproc)((tif)->tif_clientdata)) + #define TIFFGetFileSize(tif) ((*(tif)->tif_sizeproc)((tif)->tif_clientdata)) + #define TIFFMapFileContents(tif, paddr, psize) \ diff --git a/tiff-4.6.0.tar.xz b/tiff-4.6.0.tar.xz new file mode 100644 index 0000000..69e233d --- /dev/null +++ b/tiff-4.6.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e178649607d1e22b51cf361dd20a3753f244f022eefab1f2f218fc62ebaf87d2 +size 2124388 diff --git a/tiff-4.6.0.tar.xz.sig b/tiff-4.6.0.tar.xz.sig new file mode 100644 index 0000000..9f92591 Binary files /dev/null and b/tiff-4.6.0.tar.xz.sig differ diff --git a/tiff-CVE-2023-52356.patch b/tiff-CVE-2023-52356.patch new file mode 100644 index 0000000..dc5ba6f --- /dev/null +++ b/tiff-CVE-2023-52356.patch @@ -0,0 +1,33 @@ +Index: tiff-4.6.0/libtiff/tif_getimage.c +=================================================================== +--- tiff-4.6.0.orig/libtiff/tif_getimage.c ++++ tiff-4.6.0/libtiff/tif_getimage.c +@@ -3224,6 +3224,13 @@ int TIFFReadRGBAStripExt(TIFF *tif, uint + if (TIFFRGBAImageOK(tif, emsg) && + TIFFRGBAImageBegin(&img, tif, stop_on_error, emsg)) + { ++ if (row >= img.height) ++ { ++ TIFFErrorExtR(tif, TIFFFileName(tif), ++ "Invalid row passed to TIFFReadRGBAStrip()."); ++ TIFFRGBAImageEnd(&img); ++ return (0); ++ } + + img.row_offset = row; + img.col_offset = 0; +@@ -3301,6 +3308,14 @@ int TIFFReadRGBATileExt(TIFF *tif, uint3 + return (0); + } + ++ if (col >= img.width || row >= img.height) ++ { ++ TIFFErrorExtR(tif, TIFFFileName(tif), ++ "Invalid row/col passed to TIFFReadRGBATile()."); ++ TIFFRGBAImageEnd(&img); ++ return (0); ++ } ++ + /* + * The TIFFRGBAImageGet() function doesn't allow us to get off the + * edge of the image, even to fill an otherwise valid tile. So we diff --git a/tiff.changes b/tiff.changes new file mode 100644 index 0000000..ab0033b --- /dev/null +++ b/tiff.changes @@ -0,0 +1,2148 @@ +------------------------------------------------------------------- +Fri Jan 26 09:59:33 UTC 2024 - Michael Vetter + +- security update: + * CVE-2023-52356 [bsc#1219213] + Fix segfault in TIFFReadRGBATileExt() + + tiff-CVE-2023-52356.patch + +------------------------------------------------------------------- +Fri Sep 15 05:55:34 UTC 2023 - Paolo Stivanin + +- Update to version 4.6.0: + * API/ABI breaks: none + * WebP decoder: validate WebP blob width, height, band count against + TIFF parameters to avoid use of uninitialized variable, or decoding + corrupted content without explicit error (fixes issue #581, issue #582). + * WebP codec: turn exact mode when creating lossless files to avoid + altering R,G,B values in areas where alpha=0 + * Fix TransferFunction writing of only two transfer functions. + * TIFFReadDirectoryCheckOrder: avoid integer overflow. When it occurs, + it should be harmless in practice though + * tiffcp: remove -i option (ignore errors) + * This version removes a big number of utilities that have suffered from + lack of maintenance over the years and were the source of various + reported security issues: + + fax2ps + + fax2tiff + + pal2rgb + + ppm2tiff + + raw2tiff + + rgb2ycbcr + + thumbnail + + tiff2bw + + tiff2rgba + + tiffcmp + + tiffcrop + + tiffdither + + tiffgt + + tiffmedian + + tiff2ps + + tiff2pdf +- Remove no longer needed tiff-4.0.3-compress-warning.patch. +- CVE-2023-25435 [bsc#1212607] tiffcrop is removed + +------------------------------------------------------------------- +Tue Jun 20 07:16:56 UTC 2023 - Martin Pluskal + +- Update to version 4.5.1: + * Definition of tags reformatted (clang-format off) for better readability of tag comments in tiff.h and tif_dirinfo.c + * Do not install libtiff-4.pc when tiff-install is reset. + * Add versioninfo resource files for DLL and tools compiled with Windows MSVC and MINGW. + * Disable clang-formatting for tif_config.h.cmake.in and tiffconf.h.cmake.in because sensitive for CMake scripts. + * CMake: make WebP component name compatible with upstream ConfigWebP.cmake + * CMake: make Findliblzma with upstream CMake config file + * CMake: FindDeflate.cmake: fix several errors (issue #526). + * CMake: FindLERC.cmake: version string return added. + * CMake: export TiffConfig.cmake and TiffConfigVersion.cmake files + * CMake: fix export of INTERFACE_INCLUDE_DIRECTORIES + * Hardcode HOST_FILLORDER to FILLORDER_LSB2MSB and make 'H' flag of TIFFOpen() to warn and an alias of FILLORDER_MSB2LSB. tif_lerc.c: use WORDS_BIGENDIAN instead of HOST_BIGENDIAN. + * Optimize relative seeking within TIFFSetDirectory() by using the learned list of IFD offsets. + * Improve internal IFD offset and directory number map handling. + * Behavior of TIFFOpen() mode "r+" in the Windows implementation adjusted to that of Linux. + * TIFFDirectory td_fieldsset type changed from unsigned long, which can be 32 or 64 bits, to uint32_t (fixes issue #484). + * tif_ojpeg.c: checking for division by zero (fixes issue #554). + * LZWDecode(): avoid crash when trying to read again from a strip whith a missing end-of-information marker (fixes issue #548). + * Fixed runtime error: applying zero offset to null pointer in countInkNamesString(). + * Fixing crash in TIFFUnlinkDirectory() when called with directory number zero ("TIFFUnlinkDirectory(0)") as well as fixing incorrect behaviour when unlinking the first directory. + * tif_luv: check and correct for NaN data in uv_encode() (issue #530). + * TIFFClose() avoid NULL pointer dereferencing (issue #515). + * tif_hash_set.c: include tif_hash_set.h after tif_config.h to let a chance for GDAL symbol renaming trick. + * Fax3: fix failure to decode some fax3 number_of_images and add test for Fax3 decoding issues (issue #513). + * TIFFSetDirectory() and TIFFWriteDirectorySec() avoid harmless unsigned-integer-overflow (due to gdal oss-fuzz #54311 and #54343). + * tif_ojpeg.c: fix issue #554 by checking for division by zero in OJPEGWriteHeaderInfo(). + * LZWDecode(): avoid crash when trying to read again from a strip whith a missing end-of-information marker (issue #548). +- Drop no longer needed patches: + * tiff-CVE-2023-0795,CVE-2023-0796,CVE-2023-0797,CVE-2023-0798,CVE-2023-0799.patch + * tiff-CVE-2022-48281.patch + * tiff-CVE-2023-0800,CVE-2023-0801,CVE-2023-0802,CVE-2023-0803,CVE-2023-0804.patch + +------------------------------------------------------------------- +Wed Feb 22 15:05:33 UTC 2023 - Michael Vetter + +- security update: + * CVE-2023-0795 [bsc#1208226] + * CVE-2023-0796 [bsc#1208227] + * CVE-2023-0797 [bsc#1208228] + * CVE-2023-0798 [bsc#1208229] + * CVE-2023-0799 [bsc#1208230] + + tiff-CVE-2023-0795,CVE-2023-0796,CVE-2023-0797,CVE-2023-0798,CVE-2023-0799.patch + * CVE-2023-0800 [bsc#1208231] + * CVE-2023-0801 [bsc#1208232] + * CVE-2023-0802 [bsc#1208233] + * CVE-2023-0803 [bsc#1208234] + * CVE-2023-0804 [bsc#1208236] + + tiff-CVE-2023-0800,CVE-2023-0801,CVE-2023-0802,CVE-2023-0803,CVE-2023-0804.patch + +------------------------------------------------------------------- +Thu Jan 26 07:41:55 UTC 2023 - Michael Vetter + +- security update: + * CVE-2022-48281 [bsc#1207413] + + tiff-CVE-2022-48281.patch + +------------------------------------------------------------------- +Wed Jan 4 08:48:13 UTC 2023 - Paolo Stivanin + +- Update to 4.5.0: + * tdir_t type updated to uint32_t. This type is now used for the return + value of TIFFCurrentDirectory() and TIFFNumberOfDirectories(), and as + the argument of TIFFSetDirectory() and TIFFUnlinkDirectory() + * Addition of an open option concept with the new functions TIFFOpenExt(), + TIFFOpenWExt(), TIFFFdOpenExt(), TIFFClientOpenExt(), TIFFOpenOptionsAlloc(), + TIFFOpenOptionsFree() + * Leveraging above mentioned open option concept, addition of a new capability + to limit the size of a single dynamic memory allocation done by the library + with TIFFOpenOptionsSetMaxSingleMemAlloc() + * Related to IFD-Loop detection refactoring, the number of IFDs that libtiff + can browse through has been extended from 65535 to 1048576. This value is + a build-time setting that can be configured with CMake's TIFF_MAX_DIR_COUNT + variable or autoconf's --with-max-dir-count option. + * Whole code base reformatting of .c/.h files using new .clang-format format + * Documentation changed from static HTML and man pages to + Restructured Text (rst). HTML and man pages are now build artifacts. + * SONAME version bumped to 6 due to changes in symbol versioning. + * autoconf/cmake: detect (not yet released) libjpeg-turbo 2.2 to take into + its capability of handling both 8-bit JPEG and 12-bit JPEG in a single build. + * autoconf/cmake: detect sphinx-build to build HTML and man pages + * CMakeLists.txt: fix warning with -Wdev + * CMake: correctly set default value of 'lzma' option when liblzma is detected + * CMake: Moved linking of CMath::CMath into CMath_LIBRARY check. + * Fix CMake build to be compatible with FetchContent. + * cmake: Correct duplicate definition of _CRT_SECURE_NO_WARNINGS + * cmake: Fixes for Visual Studio 2022. + * Adds Requires.private generation so that pkg-config can correctly find + the dependencies of libtiff. + * Fix dependency on libm on Android + * Fix build in tif_lzw.c + * CMake: Add options for disabling tools, tests, contrib and docs. + * tiffcrop: Fix memory allocation to require a larger buffer (CVE-2022-3570, CVE-2022-3598) + [bsc#1205422] + * tiffcrop: disable incompatibility of -Z, -X, -Y, -z options with any PAGE_MODE_x option + (CVE-2022-3627, CVE-2022-3597, CVE-2022-3626) + * tiffcrop: fix floating-point exception (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058) + * _TIFFCheckFieldIsValidForCodec(): return FALSE when passed a codec-specific tag + and the codec is not configured (CVE-2022-34526) + * Revised handling of TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value (CVE-2022-3599) + * tiffcrop: -S option mutually exclusive (CVE-2022-2519, CVE-2022-2520, CVE-2022-2521) +- Drop tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch +- Drop tiff-CVE-2022-34526.patch +- Drop tiff-CVE-2022-3599.patch +- Drop tiff-CVE-2022-3598.patch +- Drop tiff-CVE-2022-3970.patch +- Drop tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch +- Drop tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch + +------------------------------------------------------------------- +Mon Nov 14 11:54:03 UTC 2022 - Michael Vetter + +- security update: + * CVE-2022-3970 [bsc#1205392] + + tiff-CVE-2022-3970.patch + +------------------------------------------------------------------- +Sun Nov 13 20:42:25 UTC 2022 - Michael Vetter + +- security update: + * CVE-2022-3597 [bsc#1204641] + * CVE-2022-3626 [bsc#1204644] + * CVE-2022-3627 [bsc#1204645] + + tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch + * CVE-2022-3599 [bsc#1204643] + + tiff-CVE-2022-3599.patch + * CVE-2022-3598 [bsc#1204642] + + tiff-CVE-2022-3598.patch + +------------------------------------------------------------------- +Mon Oct 17 11:40:27 UTC 2022 - Michael Vetter + +- security update: + * CVE-2022-2519 [bsc#1202968] + * CVE-2022-2520 [bsc#1202973] + * CVE-2022-2521 [bsc#1202971] + + tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch + +------------------------------------------------------------------- +Mon Aug 1 12:06:01 UTC 2022 - Michael Vetter + +- security update: + * CVE-2022-34526 [bsc#1202026] + + tiff-CVE-2022-34526.patch + +------------------------------------------------------------------- +Wed Jul 6 07:55:09 UTC 2022 - Michael Vetter + +- security update + * CVE-2022-2056 [bsc#1201176] + * CVE-2022-2057 [bsc#1201175] + * CVE-2022-2058 [bsc#1201174] + + tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch + +------------------------------------------------------------------- +Sun May 29 20:32:14 UTC 2022 - Dirk Müller + +- update to 4.4.0: + * TIFFIsBigTiff() function added. + * Functions TIFFFieldSetGetSize() and TIFFieldSetGetCountSize() added. + * LZWDecode(): major speed improvements (~30% faster) + * Predictor 2 (horizontal differenciation): support 64-bit + * Support libjpeg 9d + * avoid hang in TIFFRewriteDirectory() if a classic file > 4 GB is attempted + to be created + * tif_jbig.c: fix crash when reading a file with multiple IFD in + memory-mapped mode and when bit reversal is needed + * TIFFFetchNormalTag(): avoid calling memcpy() with a null source pointer and + size of zero + * TIFFWriteDirectoryTagData(): turn assertion on data length into a runtime + check + * TIFFFetchStripThing(): avoid calling memcpy() with a null source pointer + and size of zero + * TIFFReadDirectory(): avoid calling memcpy() with a null source pointer and + size of zero + * TIFFYCbCrToRGBInit(): avoid Integer-overflow + * TIFFGetField(TIFFTAG_STRIPBYTECOUNTS/TIFFTAG_STRIPOFFSETS): return error if + returned pointer is NULL (fixes #342) + * OJPEG: avoid assertion when using TIFFReadScanline() + * TIFFReadDirectory: fix OJPEG hack + * LZW codec: fix support for strips/tiles > 2 GB on Windows + * TIFFAppendToStrip(): fix rewrite-in-place logic + * Fix TIFFRewriteDirectory discarding directories. + * TIFFReadCustomDirectory(): avoid crash when reading SubjectDistance tag on + a non EXIF directory + * Fix Segmentation fault printing GPS directory if Altitude tag is present + * tif_jpeg.c: do not emit progressive scans with mozjpeg. (#266) + * _TIFFRewriteField(): fix when writing a IFD with a single tile that is a + sparse one, on big endian hosts + * Fix all remaining uses of legacy Deflate compression id and warn on use. + * CVE-2022-22844 bsc#1194539 + * CVE-2022-2867 bsc#1202466 + * CVE-2022-2868 bsc#1202467 + * CVE-2022-2869 bsc#1202468 +- drop tiff-CVE-2022-0907.patch, tiff-CVE-2022-0561.patch, tiff-CVE-2022-0562.patch, + tiff-CVE-2022-0865.patch, tiff-CVE-2022-0909.patch, tiff-CVE-2022-0924.patch, + tiff-CVE-2022-0908.patch, tiff-CVE-2022-1056,CVE-2022-0891.patch: all upstream +- add signature validation, adds tiff.keyring + +------------------------------------------------------------------- +Mon May 9 10:50:34 UTC 2022 - Michael Vetter + +- security update: + * CVE-2022-0907 [bsc#1197070] + + tiff-CVE-2022-0907.patch + +------------------------------------------------------------------- +Mon May 9 10:42:53 UTC 2022 - Michael Vetter + +- security update + * CVE-2022-0561 [bsc#1195964] + * CVE-2022-34266 [bsc#1201723] [bsc#1201971] + + tiff-CVE-2022-0561.patch + * CVE-2022-0562 [bsc#1195965] + + tiff-CVE-2022-0562.patch + * CVE-2022-0865 [bsc#1197066] + + tiff-CVE-2022-0865.patch + * CVE-2022-0909 [bsc#1197072] + + tiff-CVE-2022-0909.patch + * CVE-2022-0924 [bsc#1197073] + + tiff-CVE-2022-0924.patch + * CVE-2022-0908 [bsc#1197074] + + tiff-CVE-2022-0908.patch + +------------------------------------------------------------------- +Fri May 6 09:08:09 UTC 2022 - Michael Vetter + +- security update + * CVE-2022-1056 [bsc#1197631] + * CVE-2022-0891 [bsc#1197068] + + tiff-CVE-2022-1056,CVE-2022-0891.patch + +------------------------------------------------------------------- +Wed May 4 08:39:39 UTC 2022 - Marcus Meissner + +- switch source url to https + +------------------------------------------------------------------- +Mon Apr 26 11:37:21 UTC 2021 - Paolo Stivanin + +- version update to 4.3.0 + * Build and usage of the library and its utilities requires a C99 + capable compiler. + * New optional codec for the LERC (Limited Error Raster Compression) + compression scheme. To have it available, configure libtiff against + the SDK available at https://github.com/esri/lerc + * Removal of unused, or now useless due to C99 availability, + functions in port/ + * tiffcmp: fix comparaison with pixels that are + fractional number of bytes + * tiff2ps: exit the loop in case of error + * tiff2pdf: check that tiff_datasize fits in a signed tsize_t + +------------------------------------------------------------------- +Mon Dec 28 16:02:16 UTC 2020 - pgajdos@suse.com + +- version update to 4.2.0 + Major changes: + * Optional support for using libdeflate is added. + * Many of the tools now support a memory usage limit. + See http://www.simplesystems.org/libtiff/v4.2.0.html for more. + * CVE-2020-35521 bsc#1182808 + * CVE-2020-35522 bsc#1182809 + * CVE-2020-35523 bsc#1182811 + * CVE-2020-35524 bsc#1182812 + +------------------------------------------------------------------- +Wed Apr 1 06:48:35 UTC 2020 - Martin Pluskal + +- Drop webp support as it would introduce build cycle + +------------------------------------------------------------------- +Mon Mar 30 15:25:24 UTC 2020 - Martin Pluskal + +- Enable zstd and webp support + +------------------------------------------------------------------- +Wed Nov 6 12:00:35 UTC 2019 - pgajdos@suse.com + +- version update to 4.1.0 + * fixes several CVEs mentioned below and more, + see ChangeLog + * CVE-2019-17546 bsc#1154365 + * CVE-2017-17095 bsc#1071031 + * CVE-2019-14973 bsc#1146608 + * CVE-2020-19131 bsc#1190312 +- deleted patches + - tiff-CVE-2018-12900.patch (upstreamed) + - tiff-CVE-2018-17000,19210.patch (upstreamed) + - tiff-CVE-2019-6128.patch (upstreamed) + - tiff-CVE-2019-7663.patch (upstreamed) + +------------------------------------------------------------------- +Tue Feb 12 15:36:02 UTC 2019 - mvetter@suse.com + +- security update + * CVE-2019-7663 [bsc#1125113] + + tiff-CVE-2019-7663.patch + +------------------------------------------------------------------- +Mon Feb 4 14:04:09 UTC 2019 - mvetter@suse.com + +- security update + * CVE-2019-6128 [bsc#1121626] + + tiff-CVE-2019-6128.patch + +------------------------------------------------------------------- +Wed Jan 30 12:47:58 UTC 2019 - Petr Gajdos + +- extend tiff-CVE-2018-19210.patch and rename it to + tiff-CVE-2018-17000,19210.patch [bsc#1108606c#11] + * solves CVE-2018-19210 [bsc#1115717] and CVE-2018-17000 [bsc#1108606] + +------------------------------------------------------------------- +Wed Jan 30 10:12:37 UTC 2019 - Petr Gajdos + +- amend tiff-CVE-2018-12900.patch: fix wrong error message + [bsc#1099257] + +------------------------------------------------------------------- +Mon Nov 19 13:56:48 UTC 2018 - Petr Gajdos + +- security update + * CVE-2018-19210 [bsc#1115717] + + tiff-CVE-2018-19210.patch + +------------------------------------------------------------------- +Tue Nov 13 10:20:45 UTC 2018 - Tomáš Chvátal + +- Support only SLE12+ and remove the no longer needed conditions + +------------------------------------------------------------------- +Tue Nov 13 08:18:54 UTC 2018 - Petr Gajdos + +- security update + * CVE-2018-12900 [bsc#1099257] + + tiff-CVE-2018-12900.patch + +------------------------------------------------------------------- +Mon Nov 12 11:37:11 UTC 2018 - Petr Gajdos + +- upddated to 4.0.10: + * fixes several CVEs mentioned below plus CVE-2018-18557 [bsc#1113094] + and CVE-2018-18661 [bsc#1113672] and more +- removed patches + * tiff-CVE-2017-11613,CVE-2018-16335,15209.patch + * tiff-CVE-2017-18013.patch + * tiff-CVE-2017-9935,CVE-2018-17795.patch + * tiff-CVE-2018-10779.patch + * tiff-CVE-2018-10963.patch + * tiff-CVE-2018-17100.patch + * tiff-CVE-2018-17101.patch + * tiff-CVE-2018-7456.patch + * tiff-CVE-2018-8905.patch + * tiff-4.0.9-bsc1081690-CVE-2018-5784.patch + +------------------------------------------------------------------- +Fri Oct 19 07:02:18 UTC 2018 - Petr Gajdos + +- security update + * CVE-2018-17795 [bsc#1110358] + % tiff-4.0.9-bsc1046077-CVE-2017-9935.patch renamed to + tiff-CVE-2017-9935,CVE-2018-17795.patch + * CVE-2018-16335 [bsc#1106853] + % tiff-CVE-2017-11613.patch renamed to + tiff-CVE-2017-11613,CVE-2018-16335,15209.patch +- add a possibility to build with ASAN + +------------------------------------------------------------------- +Wed Oct 17 11:29:07 UTC 2018 - Petr Gajdos + +- security update + * CVE-2018-17100 [bsc#1108637] + + tiff-CVE-2018-17100.patch + * CVE-2018-17101 [bsc#1108627] + + tiff-CVE-2018-17101.patch + +------------------------------------------------------------------- +Fri Aug 24 11:43:53 UTC 2018 - pgajdos@suse.com + +- remove pal2rgb tool [bsc#1071031] + +------------------------------------------------------------------- +Wed Aug 15 15:10:32 UTC 2018 - pgajdos@suse.com + +- security update + * CVE-2018-10779 [bsc#1092480] + + tiff-CVE-2018-10779.patch + +------------------------------------------------------------------- +Tue Jun 5 12:21:02 UTC 2018 - pgajdos@suse.com + +- security update + * CVE-2018-8905 [bsc#1086408] + + tiff-CVE-2018-8905.patch + +------------------------------------------------------------------- +Mon Jun 4 15:12:15 UTC 2018 - pgajdos@suse.com + +- security update + * CVE-2017-11613 [bsc#1082332] + + tiff-CVE-2017-11613.patch + +------------------------------------------------------------------- +Mon Jun 4 12:55:54 UTC 2018 - pgajdos@suse.com + +- security update + * CVE-2018-7456 [bsc#1082825] + + tiff-CVE-2018-7456.patch + +------------------------------------------------------------------- +Fri May 18 09:18:26 UTC 2018 - pgajdos@suse.com + +- security update + * CVE-2017-18013 [bsc#1074317] + + tiff-CVE-2017-18013.patch + +------------------------------------------------------------------- +Tue May 15 12:26:45 UTC 2018 - pgajdos@suse.com + +- security update + * CVE-2018-10963 [bsc#1092949] + + tiff-CVE-2018-10963.patch + +------------------------------------------------------------------- +Tue Feb 20 16:18:33 UTC 2018 - mvetter@suse.com + +- bsc#1081690: Add tiff-4.0.9-bsc1081690-CVE-2018-5784.patch + Fix uncontrolled resource consumption in TIFFSetDirectory + +------------------------------------------------------------------- +Fri Feb 16 14:05:39 UTC 2018 - mvetter@suse.com + +- bsc#1046077: Add tiff-4.0.9-bsc1046077-CVE-2017-9935.patch + Fix Heap-based buffer overflow in t2p_write_pdf + +------------------------------------------------------------------- +Thu Dec 21 13:03:18 UTC 2017 - dimstar@opensuse.org + +- Fix check section: + + Make sure to get back to the right directory after chdir to + 'tools', or we can't run the 2nd test suite. + + Fix typo: the tests are located in a directory called 'test', + not 'tests'. + +------------------------------------------------------------------- +Wed Nov 29 09:08:42 UTC 2017 - fstrba@suse.com + +- Upgrade to upstream release 4.0.9 + * Changes in the software configuration: + + test/Makefile.am: Add some tests for tiff2bw. + + .appveyor.yml, .travis.yml, build/travis-ci: apply patches + 0001-ci-Travis-script-improvements.patch and + 0002-ci-Invoke-helper-script-via-shell.patch by Roger Leigh + + .travis.yml, build/travis-ci: new files from + 0001-ci-Add-Travis-support-for-Linux-builds-with-Autoconf.patch + by Roger Leigh. This patch adds support for the Travis-CI + service. + + .appveyor.yml: new file from + 0002-ci-Add-AppVeyor-support.patch by Roger Leigh (sent to + mailing list on 2017-06-08) This patch adds a .appveyor.yml + file to the top-level. This allows one to opt in to having a + branch built on Windows with Cygwin, MinGW and MSVC + automatically when a branch is pushed to GitHub, GitLab, + BitBucket or any other supported git hosting service. + + CMakeLists.txt, test/CMakeLists.txt, + test/TiffTestCommon.cmake: apply patch + 0001-cmake-Improve-Cygwin-and-MingGW-test-support.patch from + Roger Leigh. This patch makes the CMake build system support + running the tests with MinGW or Cygwin. + + test/tiffcp-lzw-compat.sh, test/images/quad-lzw-compat.tiff: + new files to test old-style LZW decompression + + test/common.sh, Makefile.am, CMakeList.txt: updated with above + + test/Makefile.am: add missing reference to + images/quad-lzw-compat.tiff to fix "make distcheck". Patch by + Roger Leigh + + nmake.opt: support a DEBUG=1 option, so as to adjust OPTFLAGS + and use /MDd runtime in debug mode. + * Changes in libtiff: + + libtiff/tif_color.c: TIFFYCbCrToRGBInit(): stricter clamping + to avoid int32 overflow in TIFFYCbCrtoRGB(). Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1844 + + libtiff/tif_getimage.c: initYCbCrConversion(): stricter + validation for refBlackWhite coefficients values. To avoid + invalid float->int32 conversion (when refBlackWhite[0] == + 2147483648.f) Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907 + + libtiff/tif_dirinfo.c, tif_dirread.c: add + _TIFFCheckFieldIsValidForCodec(), and use it in + TIFFReadDirectory() so as to ignore fields whose tag is a + codec-specified tag but this codec is not enabled. This avoids + TIFFGetField() to behave differently depending on whether the + codec is enabled or not, and thus can avoid stack based buffer + overflows in a number of TIFF utilities such as tiffsplit, + tiffcmp, thumbnail, etc. Patch derived from + 0063-Handle-properly-CODEC-specific-tags.patch + (http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaël + Hertzog. + Fixes: http://bugzilla.maptools.org/show_bug.cgi?id=2580 + http://bugzilla.maptools.org/show_bug.cgi?id=2693 + http://bugzilla.maptools.org/show_bug.cgi?id=2625 + (CVE-2016-10095, bsc#1017690) + http://bugzilla.maptools.org/show_bug.cgi?id=2564 + (CVE-2015-7554, bsc#960341) + http://bugzilla.maptools.org/show_bug.cgi?id=2561 + (CVE-2016-5318, bsc#983436) + http://bugzilla.maptools.org/show_bug.cgi?id=2499 + (CVE-2014-8128, bsc#969783) + http://bugzilla.maptools.org/show_bug.cgi?id=2441 + http://bugzilla.maptools.org/show_bug.cgi?id=2433 + + libtiff/tif_swab.c: if DISABLE_CHECK_TIFFSWABMACROS is + defined, do not do the #ifdef TIFFSwabXXX checks. Make it + easier for GDAL to rename the symbols of its internal libtiff + copy. + + libtiff/tif_dirread.c: fix regression of libtiff 4.0.8 in + ChopUpSingleUncompressedStrip() regarding update of newly + single-strip uncompressed files whose bytecount is 0. Before + the change of 2016-12-03, the condition bytecount==0 used to + trigger an early exit/disabling of strip chop. Re-introduce + that in update mode. Otherwise this cause later incorrect + setting for the value of StripByCounts/StripOffsets. + (https://trac.osgeo.org/gdal/ticket/6924) + + libtiff/tif_dirread.c: TIFFFetchStripThing(): limit the + number of items read in StripOffsets/StripByteCounts tags to + the number of strips to avoid excessive memory allocation. + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2215 + + libtiff/tif_getimage.c: avoid many (harmless) unsigned int + overflows. + + libtiff/tif_fax3.c: avoid unsigned int overflow in + Fax3Encode2DRow(). Could potentially be a bug with huge rows. + + libtiff/tif_jpeg.c: avoid (harmless) unsigned int overflow on + tiled images. + + libtiff/tif_dirread.c: avoid unsigned int overflow in + EstimateStripByteCounts() and BYTECOUNTLOOKSBAD when file is + too short. + + libtiff/tif_predict.c: decorate legitimate functions where + unsigned int overflow occur with + TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW + + libtiff/tif_dirread.c: avoid unsigned int overflow in + EstimateStripByteCounts() + + libtiff/tiffiop.h: add TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW + macro to disable CLang warnings raised by + -fsanitize=undefined,unsigned-integer-overflow + + libtiff/tif_jpeg.c: add anti-denial of service measure to + avoid excessive CPU consumption on progressive JPEGs with a + huge number of scans. See + http://www.libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf + Note: only affects libtiff since 2014-12-29 where support of + non-baseline JPEG was added. + + libtiff/tif_jpeg.c: error out at decoding time if anticipated + libjpeg memory allocation is above 100 MB. libjpeg in case of + multiple scans, which is allowed even in baseline JPEG, if + components are spread over several scans and not + interleavedin a single one, needs to allocate memory (or + backing store) for the whole strip/tile. See + http://www.libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf + This limitation may be overriden by setting the + LIBTIFF_ALLOW_LARGE_LIBJPEG_MEM_ALLOC environment variable, or + recompiling libtiff with a custom value of + TIFF_LIBJPEG_LARGEST_MEM_ALLOC macro. + + libtiff/tif_jbig.c: fix memory leak in error code path of + JBIGDecode() + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706 + (CVE-2017-9936, bsc#1046073) + + libtiff/tif_dirread.c: in TIFFReadDirEntryFloat(), check that + a double value can fit in a float before casting. + + libtiff/tiffiop.h, libtiff/tif_jpeg.c, libtiff/tif_jpeg_12.c, + libtiff/tif_read.c: make TIFFReadScanline() works in + CHUNKY_STRIP_READ_SUPPORT mode with JPEG stream with multiple + scans. Also make configurable through a + LIBTIFF_JPEG_MAX_ALLOWED_SCAN_NUMBER environment variable the + maximum number of scans allowed. Defaults to 100. + + libtiff/tif_read.c: TIFFFillTile(): add limitation to the + number of bytes read in case td_stripbytecount[strip] is + bigger than reasonable, so as to avoid excessive memory + allocation (similarly to what was done for TIFFFileStrip() on + 2017-05-10) + + libtiff/tif_getimage.c: use + _TIFFReadEncodedStripAndAllocBuffer(). Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2708 and + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2433 + + libtiff/tif_read.c, tiffiop.h: add a + _TIFFReadEncodedStripAndAllocBuffer() function, variant of + TIFFReadEncodedStrip() that allocates the decoded buffer only + after a first successful TIFFFillStrip(). This avoids + excessive memory allocation on corrupted files. + + libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedXXXX() + functions associated with LONG8/SLONG8 data type, replace + assertion that the file is BigTIFF, by a non-fatal error. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712 + + libtiff/tif_read.c: TIFFStartTile(): set tif_rawcc to + tif_rawdataloaded when it is set. Similarly to + TIFFStartStrip(). This issue was revealed by the change of + 2017-06-30 in TIFFFileTile(), limiting the number of bytes + read. But it could probably have been hit too in + CHUNKY_STRIP_READ_SUPPORT mode previously. Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2454 + + libtiff/tif_error.c, tif_warning.c: correctly use va_list + when both an old-style and new-style warning/error handlers + are installed. Patch by Paavo Helde (sent on the mailing list) + + libtiff/tif_getimage.c: use _TIFFReadTileAndAllocBuffer(). + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2470 + + libtiff/tif_read.c, tiffiop.h: add a + _TIFFReadEncodedTileAndAllocBuffer() and + _TIFFReadTileAndAllocBuffer() variants of + TIFFReadEncodedTile() and TIFFReadTile() that allocates the + decoded buffer only after a first successful TIFFFillTile(). + This avoids excessive memory allocation on corrupted files. + + libtiff/tif_pixarlog.c: avoid excessive memory allocation on + decoding when RowsPerStrip tag is not defined (and thus + td_rowsperstrip == UINT_MAX) Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2554 + + libtiff/tif_lzw.c: fix 4.0.8 regression in the decoding of + old-style LZW compressed files. + + libtiff/tif_lzw.c: fix potential out-of-buffer read on 1-byte + LZW strips. Crashing issue only on memory mapped files, where + the strip offset is the last byte of the file, and the file + size is a multiple of one page size on the CPU architecture + (typically 4096) + + libtiff/tif_dir.c: avoid potential null pointer dereference + in _TIFFVGetField() on corrupted TIFFTAG_NUMBEROFINKS tag + instance. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2713 + + tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw" + mode on PlanarConfig=Contig input images. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2715 + + libtiff/tif_read.c: TIFFFillStrip() / TIFFFillTile(). + Complementary fix for + http://bugzilla.maptools.org/show_bug.cgi?id=2708 in the + isMapped() case, so as to avoid excessive memory allocation + when we need a temporary buffer but the file is truncated. + + libtiff/tif_read.c: in TIFFFetchStripThing(), only grow the + arrays that hold StripOffsets/StripByteCounts, when they are + smaller than the expected number of striles, up to 1 million + striles, and error out beyond. Can be tweaked by setting the + environment variable LIBTIFF_STRILE_ARRAY_MAX_RESIZE_COUNT. + This partially goes against a change added on 2002-12-17 to + accept those arrays of wrong sizes, but is needed to avoid + denial of services. Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2350 + + libtiff/tif_read.c: add protection against excessive memory + allocation attempts in TIFFReadDirEntryArray() on short files. + Effective for mmap'ed case. And non-mmap'ed case, but + restricted to 64bit builds. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2675 + (CVE-2017-12944, bsc#1054594) + + libtiff/tif_luv.c: LogLuvInitState(): avoid excessive memory + allocation when RowsPerStrip tag is missing. Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2683 + + libtiff/tif_getimage.c: gtTileContig() and gtTileSeparate(): + properly break from loops on error when stoponerr is set, + instead of going on iterating on row based loop. + + libtiff/tif_getimage.c: fix fromskew computation when + to-be-skipped pixel number is not a multiple of the horizontal + subsampling, and also in some other cases. Impact + putcontig8bitYCbCr44tile, putcontig8bitYCbCr42tile, + putcontig8bitYCbCr41tile, putcontig8bitYCbCr21tile and + putcontig8bitYCbCr12tile Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2637 and + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2691 + + libtiff/tif_luv.c: further reduce memory requirements for + temporary buffer when RowsPerStrip >= image_length in + LogLuvInitState() and LogL16InitState(). Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2700 + + libtiff/tif_dirwrite.c: replace assertion related to not + finding the SubIFD tag by runtime check (in + TIFFWriteDirectorySec()) Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2727 + + libtiff/tif_dirwrite.c: replace assertion to tag value not + fitting on uint32 when selecting the value of SubIFD tag by + runtime check (in TIFFWriteDirectoryTagSubifd()). Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2728 + + libtiff/tif_jpeg.c: accept reading the last strip of a JPEG + compressed file if the codestream height is larger than the + truncated height of the strip. Emit a warning in this + situation since this is non compliant. + + libtiff/tiffiop.h, tif_aux.c: redirect SeekOK() macro to a + _TIFFSeekoK() function that checks if the offset is not + bigger than INT64_MAX, so as to avoid a -1 error return code + of TIFFSeekFile() to match a required seek to UINT64_MAX/-1. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2726 + + libtiff/tif_dirread.c: add NULL check to avoid likely false + positive null-pointer dereference warning by CLang Static + Analyzer. + + libtiff/libtiff.def: add TIFFReadRGBAStripExt and + TIFFReadRGBATileExt Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2735 + + libtiff/tif_jpeg.c: add compatibility with libjpeg-turbo + 1.5.2 that honours max_memory_to_use > 0. Cf + https://github.com/libjpeg-turbo/libjpeg-turbo/issues/162 + + libtiff/tif_getimage.c: avoid floating point division by zero + in initCIELabConversion() Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3733 + * Changes in the tools: + + tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw" + mode on PlanarConfig=Contig input images. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2715 + + tools/tiffset.c: fix setting a single value for the + ExtraSamples tag (and other tags with variable number of + values). So 'tiffset -s ExtraSamples 1 X'. This only worked + when setting 2 or more values, but not just one. + + tools/fax2tiff.c (_FAX_Client_Data): Pass FAX_Client_Data as + the client data. This client data is not used at all at the + moment, but it makes the most sense. Issue that the value of + client_data.fd was passed where a pointer is expected. + + tools/tiff2pdf.c (t2p_sample_realize_palette): Fix possible + arithmetic overflow in bounds checking code and eliminate + comparison between signed and unsigned type. + + tools/tiff2bw.c (main): Free memory allocated in the tiff2bw + program. This is in response to the report associated with + CVE-2017-16232, bsc#1069213 but does not solve the extremely + high memory usage with the associated POC file. + +------------------------------------------------------------------- +Tue Jun 20 08:15:57 UTC 2017 - fstrba@suse.com + +- Upgrade to upstream release 4.0.8 + * libtiff/tif_getimage.c, libtiff/tif_open.c + + add parenthesis to fix cppcheck clarifyCalculation warnings + * libtiff/tif_predict.c, libtiff/tif_print.c + + fix printf unsigned vs signed formatting (cppcheck + invalidPrintfArgType_uint warnings) + * libtiff/tif_read.c, libtiff/tiffiop.h + + fix uint32 overflow in TIFFReadEncodedStrip() that caused an + integer division by zero. Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2596 + * libtiff/tif_pixarlog.c, libtiff/tif_luv.c + + fix heap-based buffer overflow on generation of PixarLog / LUV + compressed files, with ColorMap, TransferFunction attached and + nasty plays with bitspersample. The fix for LUV has not been + tested, but suffers from the same kind of issue of PixarLog. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2604 + * libtiff/tif_strip.c + + revert the change in TIFFNumberOfStrips() done for + http://bugzilla.maptools.org/show_bug.cgi?id=2587 / + CVE-2016-9273 since the above change is a better fix that + makes it unnecessary. + * libtiff/tif_dirread.c + + modify ChopUpSingleUncompressedStrip() to instanciate compute + ntrips as TIFFhowmany_32(td->td_imagelength, rowsperstrip), + instead of a logic based on the total size of data. Which is + faulty is the total size of data is not sufficient to fill the + whole image, and thus results in reading outside of the + StripByCounts/StripOffsets arrays when using + TIFFReadScanline(). Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2608. + * libtiff/tif_ojpeg.c + + make OJPEGDecode() early exit in case of failure in + OJPEGPreDecode(). This will avoid a divide by zero, and + potential other issues. Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2611 + * libtiff/tif_write.c + + fix misleading indentation as warned by GCC. + * libtiff/tif_fax3.h + + revert change done on 2016-01-09 that made Param member of + TIFFFaxTabEnt structure a uint16 to reduce size of the + binary. It happens that the Hylafax software uses the tables + that follow this typedef (TIFFFaxMainTable, TIFFFaxWhiteTable, + TIFFFaxBlackTable), although they are not in a public libtiff + header. Raised by Lee Howard. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2636 + * libtiff/tiffio.h, libtiff/tif_getimage.c + + add TIFFReadRGBAStripExt() and TIFFReadRGBATileExt() variants + of the functions without ext, with an extra argument to control + the stop_on_error behaviour. + * libtiff/tif_getimage.c + + fix potential memory leaks in error code path of + TIFFRGBAImageBegin(). + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2627 + * libtiff/tif_jpeg.c + + increase libjpeg max memory usable to 10 MB instead of libjpeg + 1MB default. This helps when creating files with "big" tile, + without using libjpeg temporary files. + Related to https://trac.osgeo.org/gdal/ticket/6757 + * libtiff/tif_jpeg.c + + avoid integer division by zero in JPEGSetupEncode() when + horizontal or vertical sampling is set to 0. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2653, + bsc#1033127, CVE-2017-7595 + * libtiff/tif_dirwrite.c + + in TIFFWriteDirectoryTagCheckedRational, replace assertion by + runtime check to error out if passed value is strictly + negative. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2535, + bsc#1038438, CVE-2016-10371 + * libtiff/tif_dirread.c + + avoid division by floating point 0 in + TIFFReadDirEntryCheckedRational() and + TIFFReadDirEntryCheckedSrational(), and return 0 in that case + (instead of infinity as before presumably) Apparently some + sanitizers do not like those divisions by zero. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2644, + bsc#1033118, CVE-2017-7598 + * libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c + + implement various clampings of double to other data types to + avoid undefined behaviour if the output range isn't big enough + to hold the input value. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2643 + http://bugzilla.maptools.org/show_bug.cgi?id=2642 + http://bugzilla.maptools.org/show_bug.cgi?id=2646 + http://bugzilla.maptools.org/show_bug.cgi?id=2647, + bsc#1033126, CVE-2017-7596, bsc#1033120, CVE-2017-7597, + bsc#1033113, CVE-2017-7599, bsc#1033112, CVE-2017-7600, + * libtiff/tif_jpeg.c + + validate BitsPerSample in JPEGSetupEncode() to avoid undefined + behaviour caused by invalid shift exponent. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648, + bsc#1033111, CVE-2017-7601 + * libtiff/tif_read.c + + avoid potential undefined behaviour on signed integer addition + in TIFFReadRawStrip1() in isMapped() case. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650, + bsc#1033109, CVE-2017-7602 + * libtiff/tif_getimage.c + + add explicit uint32 cast in putagreytile to avoid + UndefinedBehaviorSanitizer warning. Patch by Nicolas Pena. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2658, + bsc#1033131, CVE-2017-7592 + * libtiff/tif_read.c + + TIFFReadBufferSetup(): use _TIFFcalloc() to zero initialize + tif_rawdata. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651, + bsc#1033129, CVE-2017-7593 + * libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c + + add _TIFFcalloc() + * libtiff/tif_luv.c, tif_lzw.c, tif_packbits.c + + return 0 in Encode functions instead of -1 when + TIFFFlushData1() fails. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2130 + * libtiff/tif_ojpeg.c + + fix leak in OJPEGReadHeaderInfoSecTablesQTable, + OJPEGReadHeaderInfoSecTablesDcTable and + OJPEGReadHeaderInfoSecTablesAcTable when read fails. Patch by + Nicolas Pena. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659, + bsc#1033128, CVE-2017-7594 + * libtiff/tif_jpeg.c + + only run JPEGFixupTagsSubsampling() if the YCbCrSubsampling + tag is not explicitly present. This helps a bit to reduce the + I/O amount when the tag is present (especially on cloud hosted + files). + * libtiff/tif_lzw.c + + in LZWPostEncode(), increase, if necessary, the code bit-width + after flushing the remaining code and before emitting the EOI + code. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=1982 + * libtiff/tif_pixarlog.c + + fix memory leak in error code path of PixarLogSetupDecode(). + Patch by Nicolas Pena. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2665 + * libtiff/tif_fax3.c, tif_predict.c, tif_getimage.c + + fix GCC 7 -Wimplicit-fallthrough warnings. + * libtiff/tif_dirread.c + + fix memory leak in non DEFER_STRILE_LOAD mode (ie default) + when there is both a StripOffsets and TileOffsets tag, or a + StripByteCounts and TileByteCounts + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2689, + bsc#1042805, CVE-2017-9403) + * libtiff/tif_ojpeg.c + + fix potential memory leak in + OJPEGReadHeaderInfoSecTablesQTable, + OJPEGReadHeaderInfoSecTablesDcTable and + OJPEGReadHeaderInfoSecTablesAcTable + Patch by Nicolas Pena. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2670 + * libtiff/tif_fax3.c + + avoid crash in Fax3Close() on empty file. Patch by Alan + Coopersmith + complement by myself. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2673 + * libtiff/tif_read.c + + TIFFFillStrip(): add limitation to the number of bytes read + in case td_stripbytecount[strip] is bigger than reasonable, + so as to avoid excessive memory allocation. + * libtiff/tif_zip.c, tif_pixarlog.c, tif_predict.c + + fix memory leak when the underlying codec (ZIP, PixarLog) + succeeds its setupdecode() method, but PredictorSetup fails. + Credit to OSS-Fuzz (locally run, on GDAL) + * libtiff/tif_read.c + + TIFFFillStrip() and TIFFFillTile(): avoid excessive memory + allocation in case of shorten files. Only effective on 64 bit + builds and non-mapped cases. + Credit to OSS-Fuzz (locally run, on GDAL) + * libtiff/tif_read.c + + TIFFFillStripPartial() / TIFFSeek(), avoid potential integer + overflows with read_ahead in CHUNKY_STRIP_READ_SUPPORT mode. + Should especially occur on 32 bit platforms. + * libtiff/tif_read.c + + TIFFFillStripPartial() + + avoid excessive memory allocation in case of shorten files. + Only effective on 64 bit builds. + Credit to OSS-Fuzz (locally run, on GDAL) + * libtiff/tif_read.c + + update tif_rawcc in CHUNKY_STRIP_READ_SUPPORT mode with + tif_rawdataloaded when calling TIFFStartStrip() or + TIFFFillStripPartial(). This avoids reading beyond tif_rawdata + when bytecount > tif_rawdatasize. Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1545. + Credit to OSS-Fuzz + * libtiff/tif_color.c + + avoid potential int32 overflow in TIFFYCbCrToRGBInit() Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1533 + Credit to OSS-Fuzz + * libtiff/tif_pixarlog.c, tif_luv.c + + avoid potential int32 overflows in multiply_ms() and add_ms(). + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1558 + Credit to OSS-Fuzz + * libtiff/tif_packbits.c + + fix out-of-buffer read in PackBitsDecode() Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1563 + Credit to OSS-Fuzz + * libtiff/tif_luv.c + + LogL16InitState(): avoid excessive memory allocation when + RowsPerStrip tag is missing. + Credit to OSS-Fuzz (locally run, on GDAL) + * libtiff/tif_lzw.c + + update dec_bitsleft at beginning of LZWDecode(), and update + tif_rawcc at end of LZWDecode(). This is needed to properly + work with the latest chnges in tif_read.c in + CHUNKY_STRIP_READ_SUPPORT mode. + * libtiff/tif_pixarlog.c + + PixarLogDecode(): resync tif_rawcp with next_in and tif_rawcc + with avail_in at beginning and end of function, similarly to + what is done in LZWDecode(). Likely needed so that it works + properly with latest chnges in tif_read.c in + CHUNKY_STRIP_READ_SUPPORT mode. But untested... + * libtiff/tif_getimage.c + + initYCbCrConversion(): add basic validation of luma and + refBlackWhite coefficients (just check they are not NaN for + now), to avoid potential float to int overflows. Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1663 + Credit to OSS Fuzz + * libtiff/tif_read.c + + _TIFFVSetField(): fix outside range cast of double to float. + Credit to Google Autofuzz project + * libtiff/tif_getimage.c + + initYCbCrConversion(): check luma[1] is not zero to avoid + division by zero. Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665 + Credit to OSS Fuzz + * libtiff/tif_read.c + + _TIFFVSetField(): fix outside range cast of double to float. + Credit to Google Autofuzz project + * libtiff/tif_getimage.c + + initYCbCrConversion(): check luma[1] is not zero to avoid + division by zero. Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665 + Credit to OSS Fuzz + * libtiff/tif_getimage.c + + initYCbCrConversion(): stricter validation for refBlackWhite + coefficients values. To avoid invalid float->int32 conversion. + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1718 + Credit to OSS Fuzz + * tools/fax2tiff.c (main) + + Applied patch by Joerg Ahrens to fix passing client data for + Win32 builds using tif_win32.c (USE_WIN32_FILEIO defined) for + file I/O. Patch was provided via email on November 20, 2016. + * tools/tiffcp.c + + avoid uint32 underflow in cpDecodedStrips that can cause + various issues, such as buffer overflows in the library. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2598 + * tools/tiffcrop.c + + fix readContigStripsIntoBuffer() in -i (ignore) mode so that + the output buffer is correctly incremented to avoid write + outside bounds. Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2620 + * tools/tiffcrop.c + + add 3 extra bytes at end of strip buffer in + readSeparateStripsIntoBuffer() to avoid read outside of heap + allocated buffer. Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2621 + * tools/tiffcrop.c + + fix integer division by zero when BitsPerSample is missing. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2619 + * tools/tiffinfo.c + + fix null pointer dereference in -r mode when the image has no + StripByteCount tag. Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2594 + * tools/tiffcp.c + + avoid potential division by zero is BitsPerSamples tag is + missing. Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2597 + * tools/tif_dir.c + + when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is called, limit + the return number of inks to SamplesPerPixel, so that code + that parses ink names doesn't go past the end of the buffer. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 + * tools/tiffcp.c + + avoid potential division by zero is BitsPerSamples tag is + missing. Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2607 + * tools/tiffcp.c + + fix uint32 underflow/overflow that can cause heap-based buffer + overflow. Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2610 + * tools/tiffcp.c + + replace assert( (bps % 8) == 0 ) by a non assert check. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2605 + * tools/tiff2ps.c + + fix 2 heap-based buffer overflows (in PSDataBW and + PSDataColorContig). Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2633 and + http://bugzilla.maptools.org/show_bug.cgi?id=2634. + * tools/tiff2pdf.c + + prevent heap-based buffer overflow in -j mode on a paletted + image. Note: this fix errors out before the overflow happens. + There could probably be a better fix. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2635 + * tools/tiff2pdf.c + + fix wrong usage of memcpy() that can trigger unspecified behaviour. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2638 + * tools/tiff2pdf.c + + avoid potential invalid memory read in t2p_writeproc. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2639 + * tools/tiff2pdf.c + + avoid potential heap-based overflow in t2p_readwrite_pdf_image_tile(). + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2640 + * tools/tiffcrop.c + + remove extraneous TIFFClose() in error code path, that caused + double free. + Related to http://bugzilla.maptools.org/show_bug.cgi?id=2535 + * tools/tiffcp.c + + error out cleanly in cpContig2SeparateByRow and + cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap + based overflow. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and + http://bugzilla.maptools.org/show_bug.cgi?id=2657 + * tools/raw2tiff.c + + avoid integer division by zero. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2631 + * tools/tiff2ps.c + + call TIFFClose() in error code paths. + * tools/fax2tiff.c + + emit appropriate message if the input file is empty. Patch by + Alan Coopersmith. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2672 + * tools/tiff2bw.c + + close TIFF handle in error code path. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2677 + * Other issues fixed: + + bsc#1042804, CVE-2017-9404 + * CVE-2016-10092, CVE-2016-10093, CVE-2016-10094 [bsc#1017693] +- Removed patches: + * tiff-4.0.7-CVE-2015-7554.patch + * tiff-4.0.7-CVE-2017-5225.patch + * tiff-4.0.7-TIFFTAG_FAXRECVPARAMS.patch + * tiff-CVE-2016-10266.patch + * tiff-CVE-2016-10267.patch + * tiff-CVE-2016-10268.patch + * tiff-CVE-2016-10269.patch + * tiff-CVE-2016-10270.patch + * tiff-CVE-2016-10271.patch + * tiff-CVE-2016-10272.patch + + Fixed upstream + +------------------------------------------------------------------- +Wed Mar 29 07:55:02 UTC 2017 - fstrba@suse.com + +- Added patches: + * tiff-CVE-2016-10266.patch + + Upstream fix for CVE-2016-10266, LibTIFF 4.0.7 allows remote + attackers to cause a denial of service (divide-by-zero error + and application crash) via a crafted TIFF image (bsc#1031263) + * tiff-CVE-2016-10267.patch + + Upstream fix for CVE-2016-10267, LibTIFF 4.0.7 allows remote + attackers to cause a denial of service (divide-by-zero error + and application crash) via a crafted TIFF image (bsc#1031262) + * tiff-CVE-2016-10268.patch + + Upstream fix for CVE-2016-10268, LibTIFF 4.0.7 allows remote + attackers to cause a denial of service (divide-by-zero error + and application crash) via a crafted TIFF image (bsc#1031255) + * tiff-CVE-2016-10269.patch + + Upstream fix for CVE-2016-10269, LibTIFF 4.0.7 allows remote + attackers to cause a denial of service (heap-based buffer + over-read) or possibly have unspecified other impact via a + crafted TIFF image (bsc#1031254) + * tiff-CVE-2016-10270.patch + + Upstream fix for CVE-2016-10270, LibTIFF 4.0.7 allows remote + attackers to cause a denial of service (heap-based buffer + over-read) or possibly have unspecified other impact via a + crafted TIFF image (bsc#1031250) + * tiff-CVE-2016-10271.patch + + Upstream fix for CVE-2016-10271, LibTIFF 4.0.7 allows remote + attackers to cause a denial of service (heap-based buffer + over-read and buffer overflow) or possibly have unspecified + other impact via a crafted TIFF image (bsc#1031249) + * tiff-CVE-2016-10272.patch + + Upstream fix for CVE-2016-10272, LibTIFF 4.0.7 allows remote + attackers to cause a denial of service (heap-based buffer + overflow) or possibly have unspecified other impact via a + crafted TIFF image (bsc#1031247) + +------------------------------------------------------------------- +Thu Feb 2 13:40:16 UTC 2017 - fstrba@suse.com + +- Added patch: + * tiff-4.0.7-TIFFTAG_FAXRECVPARAMS.patch + - Fix a regression introduced in 4.0.7 (bsc#1022103) + - http://bugzilla.maptools.org/show_bug.cgi?id=2636 + +------------------------------------------------------------------- +Fri Jan 13 10:03:25 UTC 2017 - fstrba@suse.com + +- Added patch: + * tiff-4.0.7-CVE-2017-5225.patch + - Upstream fix for CVE-2017-5225, bsc#1019611: heap buffer + overflow in tools/tiffcp via a crafted BitsPerSample value + +------------------------------------------------------------------- +Mon Dec 19 10:09:38 UTC 2016 - jengelh@inai.de + +- Drop --with-pic, this is only for static libs (which are not built) +- Update descriptions + +------------------------------------------------------------------- +Mon Dec 19 10:03:58 UTC 2016 - idonmez@suse.com + +- Update homepage + +------------------------------------------------------------------- +Tue Nov 29 08:45:11 UTC 2016 - fstrba@suse.com + +- Upgrade to upstream release 4.0.7 + * libtiff/tif_aux.c + + Fix crash in TIFFVGetFieldDefaulted() when requesting + Predictor tag and that the zip/lzw codec is not configured. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2591 + * libtiff/tif_compress.c + + Make TIFFNoDecode() return 0 to indicate an error and make + upper level read routines treat it accordingly. (linked to the + test case of http://bugzilla.maptools.org/show_bug.cgi?id=2517) + * libtiff/tif_dir.c + + Discard values of SMinSampleValue and SMaxSampleValue when + they have been read and the value of SamplesPerPixel is + changed afterwards (like when reading a OJPEG compressed image + with a missing SamplesPerPixel tag, and whose photometric is + RGB or YCbCr, forcing SamplesPerPixel being 3). Otherwise when + rewriting the directory (for example with tiffset, we will + expect 3 values whereas the array had been allocated with just + one), thus causing a out of bound read access. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2500 + (CVE-2014-8127, bsc#914890, duplicate: CVE-2016-3658, bsc#974840) + * libtiff/tif_dirread.c + + In TIFFFetchNormalTag(), do not dereference NULL pointer when + values of tags with TIFF_SETGET_C16_ASCII/TIFF_SETGET_C32_ASCII + access are 0-byte arrays. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2593 (regression + introduced by previous fix done on 2016-11-11 for + CVE-2016-9297, bsc#1010161). Assigned as CVE-2016-9448, + bsc#1011103 + + In TIFFFetchNormalTag(), make sure that values of tags with + TIFF_SETGET_C16_ASCII/TIFF_SETGET_C32_ASCII access are null + terminated, to avoid potential read outside buffer in + _TIFFPrintField(). Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2590 + (CVE-2016-9297, bsc#1010161) + + Initialize doubledata at line 3693 to NULL to please MSVC 2013 + + Prevent reading ColorMap or TransferFunction if + BitsPerPixel > 24, so as to avoid huge memory allocation and + file read attempts + + Reject images with OJPEG compression that have no + TileOffsets/StripOffsets tag, when OJPEG compression is + disabled. Prevent null pointer dereference in + TIFFReadRawStrip1() and other functions that expect + td_stripbytecount to be non NULL. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2585 + + When compiled with DEFER_STRILE_LOAD, fix regression, when + reading a one-strip file without a StripByteCounts tag. + + Workaround false positive warning of Clang Static Analyzer + about null pointer dereference in TIFFCheckDirOffset(). + * libtiff/tif_dirwrite.c + + Avoid null pointer dereference on td_stripoffset when writing + directory, if FIELD_STRIPOFFSETS was artificially set for a + hack case in OJPEG case. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2500 + (CVE-2014-8127, bsc#914890, duplicate: CVE-2016-3658, + bsc#974840) + + Fix truncation to 32 bit of file offsets in TIFFLinkDirectory() + and TIFFWriteDirectorySec() when aligning directory offsets on + an even offset (affects BigTIFF). + * libtiff/tif_dumpmode.c + + DumpModeEncode() should return 0 in case of failure so that + the above mentionned functions detect the error. + * libtiff/tif_fax3.c + + remove dead assignment in Fax3PutEOLgdal(). + * libtiff/tif_fax3.h + + make Param member of TIFFFaxTabEnt structure a uint16 to + reduce size of the binary. + * libtiff/tif_getimage.c + + Fix out-of-bound reads in TIFFRGBAImage interface in case of + unsupported values of SamplesPerPixel/ExtraSamples for + LogLUV/CIELab. Add explicit call to TIFFRGBAImageOK() in + TIFFRGBAImageBegin(). Fix CVE-2015-8665 and CVE-2015-8683. + + Fix some benign warnings which appear in 64-bit compilation + under Microsoft Visual Studio of the form "Arithmetic + overflow: 32-bit value is shifted, then cast to 64-bit value. + Results might not be an expected value." + + TIFFRGBAImageOK: Reject attempts to read floating point images. + * libtiff/tif_luv.c + + Fix potential out-of-bound writes in decode functions in non + debug builds by replacing assert()s by regular if checks + (http://bugzilla.maptools.org/show_bug.cgi?id=2522). Fix + potential out-of-bound reads in case of short input data. + + Validate that for COMPRESSION_SGILOG and PHOTOMETRIC_LOGL, + there is only one sample per pixel. Avoid potential invalid + memory write on corrupted/unexpected images when using the + TIFFRGBAImageBegin() interface + * libtiff/tif_next.c + + Fix potential out-of-bound write in NeXTDecode() + (http://bugzilla.maptools.org/show_bug.cgi?id=2508) + * libtiff/tif_pixarlog.c + + Avoid zlib error messages to pass a NULL string to %s + formatter, which is undefined behaviour in sprintf(). + + Fix out-of-bounds write vulnerabilities in heap allocated + buffers. Reported as MSVR 35094. + + Fix potential buffer write overrun in PixarLogDecode() on + corrupted/unexpected images (CVE-2016-5875, bsc#987351) + + Fix write buffer overflow in PixarLogEncode if more input + samples are provided than expected by PixarLogSetupEncode. + Idea based on libtiff-CVE-2016-3990.patch from + libtiff-4.0.3-25.el7_2.src.rpm, but with different and simpler + check. (http://bugzilla.maptools.org/show_bug.cgi?id=2544, + bsc#975069) + * libtiff/tif_predict.c + + PredictorSetup: Enforce bits-per-sample requirements of + floating point predictor (3). Fixes CVE-2016-3622 "Divide By + Zero in the tiff2rgba tool." (bsc#974449) + * libtiff/tif_predict.h, libtiff/tif_predict.c + + Replace assertions by runtime checks to avoid assertions in + debug mode, or buffer overflows in release mode. Can happen + when dealing with unusual tile size like YCbCr with + subsampling. Reported as MSVR 35105. + * libtiff/tif_read.c + + Fix out-of-bounds read on memory-mapped files in + TIFFReadRawStrip1() and TIFFReadRawTile1() when stripoffset + is beyond tmsize_t max value + (bsc#990460, CVE-2016-6223) + + Make TIFFReadEncodedStrip() and TIFFReadEncodedTile() directly + use user provided buffer when no compression (and other + conditions) to save a memcpy(). + * libtiff/tif_strip.c + + Make TIFFNumberOfStrips() return the td->td_nstrips value when + it is non-zero, instead of recomputing it. This is needed in + TIFF_STRIPCHOP mode where td_nstrips is modified. Fixes a read + outsize of array in tiffsplit (or other utilities using + TIFFNumberOfStrips()). Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2587 + (CVE-2016-9273, bsc#1010163) + * libtiff/tif_write.c + + Fix issue in error code path of TIFFFlushData1() that didn't + reset the tif_rawcc and tif_rawcp members. I'm not completely + sure if that could happen in practice outside of the odd + behaviour of t2p_seekproc() of tiff2pdf). The report points + that a better fix could be to check the return value of + TIFFFlushData1() in places where it isn't done currently, but + it seems this patch is enough. Reported as MSVR 35095. + + Make TIFFWriteEncodedStrip() and TIFFWriteEncodedTile() + directly use user provided buffer when no compression to save + a memcpy(). + + TIFFWriteEncodedStrip() and TIFFWriteEncodedTile() should + return -1 in case of failure of tif_encodestrip() as documented + * tools/fax2tiff.D c + + Fix segfault when specifying -r without argument. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2572 + * tools/Makefile.am + + The libtiff tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, + sgisv, and ycbcr are completely removed from the distribution. + The libtiff tools rgb2ycbcr and thumbnail are only built in + the build tree for testing. Old files are put in new 'archive' + subdirectory of the source repository, but not in + distribution archives. These changes are made in order to + lessen the maintenance burden. + * tools/rgb2ycbcr.c + + Validate values of -v and -h parameters to avoid potential + divide by zero. Fixes CVE-2016-3623, bsc#974618 + (http://bugzilla.maptools.org/show_bug.cgi?id=2569) + * tools/tiff2bw.c + + Fix weight computation that could result of color value + overflow (no security implication). Fix + http://bugzilla.maptools.org/show_bug.cgi?id=2550. + * tools/tiff2pdf.c + + Avoid undefined behaviour related to overlapping of source and + destination buffer in memcpy() call in + t2p_sample_rgbaa_to_rgb() Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2577 + + Fix out-of-bounds write vulnerabilities in heap allocate buffer + in t2p_process_jpeg_strip(). Reported as MSVR 35098. + + Fix potential integer overflows on 32 bit builds in + t2p_read_tiff_size() Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2576 + + Fix read -largely- outsize of buffer in + t2p_readwrite_pdf_image_tile(), causing crash, when reading a + JPEG compressed image with TIFFTAG_JPEGTABLES length being one. + Reported as MSVR 35101. CVE-2016-9453, bsc#1011107 + + Fix write buffer overflow of 2 bytes on JPEG compressed images. + Reported as TALOS-CAN-0187, CVE-2016-5652, bsc#1007280. Also + prevents writing 2 extra uninitialized bytes to the file + stream. + * tools/tiff2rgba.c + + Fix integer overflow in size of allocated buffer, when -b mode + is enabled, that could result in out-of-bounds write. Based + initially on patch tiff-CVE-2016-3945.patch from + libtiff-4.0.3-25.el7_2.src.rpm, with correction for invalid + tests that rejected valid files. + (http://bugzilla.maptools.org/show_bug.cgi?id=2545, bsc#974614) + * tools/tiffcp.c + + Fix out-of-bounds write on tiled images with odd tile width vs + image width. Reported as MSVR 35103. (bsc#1011841, + CVE-2016-9538) + + Fix read of undefined variable in case of missing required + tags. Found on test case of MSVR 35100. + * tools/tiffcrop.c + + Avoid access outside of stack allocated array on a tiled + separate TIFF with more than 8 samples per pixel. + (CVE-2016-5321, CVE-2016-5323, + http://bugzilla.maptools.org/show_bug.cgi?id=2558, + http://bugzilla.maptools.org/show_bug.cgi?id=2559, bsc#984813, + bsc#984815) + + Fix memory leak in (recent) error code path. Fixes Coverity + 1394415. + + Fix multiple uint32 overflows in writeBufferToSeparateStrips(), + writeBufferToContigTiles() and writeBufferToSeparateTiles() + that could cause heap buffer overflows. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2592 + + Fix out-of-bound read of up to 3 bytes in + readContigTilesIntoBuffer(). Reported as MSVR 35092. + + Fix out-of-bounds write in loadImage(). From patch + libtiff-CVE-2016-3991.patch from + libtiff-4.0.3-25.el7_2.src.rpm + (http://bugzilla.maptools.org/show_bug.cgi?id=2543, bsc#975070) + + Fix read of undefined buffer in readContigStripsIntoBuffer() + due to uint16 overflow. Reported as MSVR 35100. (bsc#1011841, + CVE-2016-9538) + + Fix various out-of-bounds write vulnerabilities in heap or + stack allocated buffers. Reported as MSVR 35093, MSVR 35096 + and MSVR 35097. + + readContigTilesIntoBuffer: Fix signed/unsigned comparison + warning. + * tools/tiffdump.c + + Fix a few misaligned 64-bit reads warned by -fsanitize + + ReadDirectory: Remove uint32 cast to_TIFFmalloc() argument + which resulted in Coverity report. Added more mutiplication + overflow checks + * tools/tiffinfo.c + + Fix out-of-bound read on some tiled images. + (http://bugzilla.maptools.org/show_bug.cgi?id=2517) + + TIFFReadContigTileData: Fix signed/unsigned comparison warning. + + TIFFReadSeparateTileData: Fix signed/unsigned comparison + warning. +- Removed patches: + * tiff-4.0.4-uninitialized_mem_NeXTDecode.patch + * tiff-4.0.6-CVE-2015-8782.patch + * tiff-4.0.6-CVE-2016-3186.patch + * tiff-4.0.6-CVE-2016-3623.patch + * tiff-4.0.6-CVE-2016-3945.patch + * tiff-4.0.6-CVE-2016-3990.patch + * tiff-4.0.6-CVE-2016-3991.patch + * tiff-4.0.6-libtiff-tif_getimage.c-TIFFRGBAImageOK-Reject-attemp.patch + * tiff-4.0.6-libtiff-tif_luv.c-validate-that-for-COMPRESSION_SGIL.patch + * tiff-4.0.6-libtiff-tif_pixarlog.c-fix-potential-buffer-write-ov.patch + * tiff-4.0.6-libtiff-tif_read.c-make-TIFFReadEncodedStrip-and.patch + * tiff-4.0.6-tools-tiffcrop.c-fix-various-out-of-bounds-write-vul.patch + - Fixed in the upsteam release +- Changed patch: + * tiff-4.0.6-CVE-2015-7554.patch -> tiff-4.0.7-CVE-2015-7554.patch + - Rediffed to the changed context + +------------------------------------------------------------------- +Thu Oct 6 07:47:19 UTC 2016 - fstrba@suse.com + +- Added patches: + * tiff-4.0.6-tools-tiffcrop.c-fix-various-out-of-bounds-write-vul.patch + - Upstream fixes for MSVR 35093, MSVR 35094, MSVR 35095, + MSVR 35096, MSVR 35097, MSVR 35098. + * tiff-4.0.6-libtiff-tif_getimage.c-TIFFRGBAImageOK-Reject-attemp.patch + - Enforce bits-per-sample requirements of floating point + predictor. Fixes CVE-2016-3622 [bsc#974449] + +------------------------------------------------------------------- +Thu Sep 1 14:35:57 UTC 2016 - fstrba@suse.com + +- Added patches: + * tiff-4.0.6-CVE-2016-3623.patch + * tiff-4.0.6-CVE-2016-3945.patch + * tiff-4.0.6-CVE-2016-3990.patch + * tiff-4.0.6-CVE-2016-3991.patch + - Upstream commits to fix CVE-2016-3623 [bsc#974618], + CVE-2016-3945 [bsc#974614], CVE-2016-3990 [bsc#975069], + CVE-2016-3991 [bsc#975070] + +------------------------------------------------------------------- +Tue Jul 12 09:20:56 UTC 2016 - fstrba@suse.com + +- Added patches: + * tiff-4.0.6-libtiff-tif_luv.c-validate-that-for-COMPRESSION_SGIL.patch + * tiff-4.0.6-libtiff-tif_pixarlog.c-fix-potential-buffer-write-ov.patch + * tiff-4.0.6-libtiff-tif_read.c-make-TIFFReadEncodedStrip-and.patch + - Upstream commits to fix CVE-2016-5314 [bsc#984831], + CVE-2016-5316 [bsc#984837], CVE-2016-5317 [bsc#984842], + CVE-2016-5320 [bsc#984808] and CVE-2016-5875 [bsc#987351] + +------------------------------------------------------------------- +Wed Apr 6 13:56:19 UTC 2016 - fstrba@suse.com + +- Added patch: + * tiff-4.0.6-CVE-2016-3186.patch + - fix CVE-2016-3186: buffer overflow in gif2tiff [bsc#973340] + +------------------------------------------------------------------- +Mon Feb 1 08:01:19 UTC 2016 - fstrba@suse.com + +- Added patch: + * tiff-4.0.6-CVE-2015-8782.patch + - fix CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: Out-of-bounds + writes for invalid images (upstream bug #2522) [bsc#964225] + +------------------------------------------------------------------- +Wed Jan 13 17:03:31 UTC 2016 - fstrba@suse.com + +- Added patch: + * tiff-4.0.6-CVE-2015-7554.patch + - fix CVE-2015-7554: Out-of-bounds Write in the thumbnail and + tiffcmp tools (upsteam bug #2499) [bsc#960341] + +------------------------------------------------------------------- +Mon Jan 11 13:53:42 UTC 2016 - kstreitova@suse.com + +- Added patch: + * tiff-4.0.4-uninitialized_mem_NeXTDecode.patch + - fix uninitialized memory in NeXTDecode (upstream bug #2508) + [bsc#942690] + +------------------------------------------------------------------- +Tue Dec 8 15:55:30 UTC 2015 - p.drouand@gmail.com + +- Update to version 4.0.6 + * Supports CMake 2.8.9 and later. + * Add missing file which wasn't being distributed, causing unit + tests to fail. + * Make shared/static library building configurable. + * CMake reads all version information directly from configure.ac + to avoid duplication of values. + * CMake builds are now included in 'distcheck' target. + * Autotools 'make distcheck' now tests the CMake-based build if + CMake is available. + * Fixes to avoid undefined behaviour of signed types (C standard + compliance). + * Fixes to avoid possible isses when casting to unsigned char. + * Fixes to avoid undefined behaviour with shifts. + * Fix generation of output with 16 bit or 32 bit integer, when + byte swapping is needed, in horizontal predictor (#2521). + * Fix decoding when there is a single pixel to decode + (unlikely case...) and byte swapping is involved. + * Add add explicit masking with 0xff before casting to uchar in + floating-point horizontal differencing and accumulation routines. + * Eliminate requirement for and use of 64-bit constant values. + * tiffgt : Silence glut API deprecation warnings on MacOS X. + * fax2ps : Detect failure to write to temporary file. +- Changes from version 4.0.5 + * Support for configure/build using CMake. + * Support for large (> 2GB) files under Microsoft Windows. + * Configuration and building using CMake is now supported under + Microsoft Windows and on Unix-type systems. + * Test for and use fseeko() if it is available. This allows supporting + large files on Unix-type systems with a 32-bit 'long' type and a + 64-bit 'off_t' type. + * tiffiop.h: Macros added to use 64-bit equivalents for all standard + I/O and POSIX APIs used by libtiff and its tools which are limited + to 2GB in Windows builds. Note that these 64-bit equivalents were + introduced by the CRT provided with Visual Studio 2005 and if the + necessary CRT is not installed on the target computer, the program + will not run. The wrapper macros will not be activated unless the + definition _MSC_VER is at least 1400 or __MSVCRT_VERSION__ is at + least 0x800. + * tif_unix.c: Updated to support large files under Microsoft Windows. + This makes tif_unix.c a completely viable candidate for use under + Windows (in spite of its name) if the CRT is modern enough. Please + note that tif_win32.c already supported large files, but only + 'tiffinfo' and 'tiffdump' made any provision to support large files + under Windows. + * _tiffReadProc() and _tiffWriteProc() are modified to chunk I/O to a + maximum size of 2GB for extremely large I/O requests. This surmounts + limitations in the Microsoft Windows read() and write() APIs (which + are limited to the range of a 32-bit 'int'), and may avoid poor + behavior with extremely large I/O requests on other systems. + * Updated to use I/O wrapper macros from tiffiop.h in order to + support large files under Microsoft Windows. + +------------------------------------------------------------------- +Tue Aug 4 08:17:35 UTC 2015 - kstreitova@suse.com + +- use spec-cleaner + +------------------------------------------------------------------- +Wed Jul 1 07:17:13 UTC 2015 - pgajdos@suse.com + +- update to 4.0.4 +D tiff-4.0.3-double-free.patch +D tiff-handle-TIFFTAG_CONSECUTIVEBADFAXLINES.patch +D tiff-4.0.3-CVE-2013-1961.patch +D erouault.2862.patch +D bfriesen.2805.patch +D tiff-4.0.3-CVE-2013-4232.patch +D tiff-4.0.3-CVE-2013-4244.patch +D erouault.2861.patch +D erouault.2857.patch +D erouault.2856.patch +D erouault.2859.patch +D tiff-4.0.3-CVE-2012-4564.patch +D tiff-4.0.3-tiff2pdf-colors.patch +D erouault.2876.patch +D erouault.2860.patch +D tiff-dither-malloc-check.patch +D tiff-4.0.3-CVE-2013-1960.patch +D erouault.2858.patch +D tiff-handle-TIFFTAG_PREDICTOR.patch +D tiff-4.0.3-CVE-2013-4231.patch +D tiff-4.0.3-CVE-2013-4243.patch +D erouault.2863.patch +D tiff-4.0.3-test-jpeg-turbo.patch + +------------------------------------------------------------------- +Thu Feb 26 13:58:54 UTC 2015 - pgajdos@suse.com + +- security update: CVE-2014-9655, CVE-2014-8127, CVE-2014-8128, + CVE-2014-8129, CVE-2014-8130, CVE-2015-1547 + bnc#914890, bnc#916925, bnc#916927 + + erouault.2856.patch + + erouault.2857.patch + + erouault.2858.patch + + erouault.2859.patch + + erouault.2860.patch + + erouault.2861.patch + + erouault.2862.patch + + erouault.2863.patch + + erouault.2876.patch + + bfriesen.2805.patch + + tiff-handle-TIFFTAG_CONSECUTIVEBADFAXLINES.patch + + tiff-handle-TIFFTAG_PREDICTOR.patch + + tiff-dither-malloc-check.patch + +------------------------------------------------------------------- +Mon Dec 22 19:58:43 UTC 2014 - meissner@suse.com + +- build with PIE + +------------------------------------------------------------------- +Wed Aug 21 12:57:57 UTC 2013 - pgajdos@suse.com + +- security update + * CVE-2013-4232.patch [bnc#834477] + * CVE-2013-4231.patch [bnc#834477] + * CVE-2013-4244.patch [bnc#834788] + * CVE-2013-4243.patch [bnc#834779] + +------------------------------------------------------------------- +Wed Jun 26 10:48:50 UTC 2013 - pgajdos@suse.com + +- tiff2pdf: introduced warning when the compression isn't lzw or + none [bnc#819142] +- tiff2pdf: fixed crash [bnc#821872] + +------------------------------------------------------------------- +Tue Apr 30 13:20:50 UTC 2013 - pgajdos@suse.com + +- security update + * CVE-2013-1961.patch [bnc#818117] + * CVE-2013-1960.patch [bnc#817573] + +------------------------------------------------------------------- +Fri Apr 5 10:23:51 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/SourceUrls + +------------------------------------------------------------------- +Mon Nov 5 09:27:59 UTC 2012 - pgajdos@suse.com + +- updated to 4.0.3: + * Add some TIFF/FX support in libtiff. + * Fix bug rewriting image tiles in a compressed file. + * Fix read past end of data buffer. + * etc., see ChangeLog +- removed upstreamed patches: + * bigendian.patch + * dont-fancy-upsampling.patch + * CVE-2012-3401.patch +- new patch: + * test-jpeg-turbo.patch + * CVE-2012-4564.patch [bnc#787892] + +------------------------------------------------------------------- +Mon Jul 23 09:52:50 UTC 2012 - pgajdos@suse.com + +- fixed CVE-2012-3401 [bnc#770816] + +------------------------------------------------------------------- +Thu Jun 28 10:16:29 UTC 2012 - meissner@suse.com + +- RGBA is packed in host order, use the right macros to unpack + and verify in raw_decode test. + +------------------------------------------------------------------- +Wed Jun 20 09:29:37 UTC 2012 - pgajdos@suse.com + +- updated to 4.0.2: [bnc#767852] [bnc#767854] + tif_getimage.c: added support for _SEPARATED CMYK images. + tif_getimage.c: Added support for greyscale + alpha. + Added TIFFCreateCustomDirectory() and TIFFCreateEXIFDirectory() functions. + tif_print.c: Lots of fixes around printing corrupt or hostile input. + Improve handling of corrupt ycbcrsubsampling values. + tif_unix.c: use strerror to get meaningful error messages. + tif_jpeg.c: fix serious bugs in JPEGDecodeRaw(). + tif_jpeg.c: Fix size overflow (zdi-can-1221,CVE-2012-1173). + tiff2pdf: Defend against integer overflows while calculating required + buffer sizes (CVE-2012-2113). + +------------------------------------------------------------------- +Tue Apr 10 17:37:25 UTC 2012 - brian@aljex.com + +- Fix building on older targets from SUSE 10.0 to current. +- Add jbig support + +------------------------------------------------------------------- +Thu Mar 29 09:51:49 UTC 2012 - idonmez@suse.com + +- Add lzma support +- Implement %check +- Drop visibility patch because it breaks compilation + +------------------------------------------------------------------- +Wed Mar 28 18:06:34 UTC 2012 - i@marguerite.su + +- change package name libtiff4 to libtiff5. + library number is 5 actually. + +------------------------------------------------------------------- +Wed Mar 28 17:29:16 UTC 2012 - i@marguerite.su + +- Update to 4.0.1 + * configure.ac + - Add libtiff private dependency on -llzma for pkg-config + - Add support for using library symbol versioning on + ELF systems with the GNU linker. + * libtiff/tif_win32.c: Eliminate some minor 64-bit warnings in + tif_win32.c + * libtiff/tif_jpeg.c: Extra caution for case where sp is NULL. + * libtiff/tif_dir.c, libtiff/tif_dirread.c: Extra caution around + assumption tag fetching is always successful. + * libtiff/tiffio.h: Use double-underbar syntax in GCC printf + attribute specification to lessen the risk of accidental macro + substitution. + * Update automake used to 1.11.3. + +------------------------------------------------------------------- +Wed Mar 28 12:12:23 UTC 2012 - cfarrell@suse.com + +- license update: HPND + tiff license most akin to spdx recognised + http://www.spdx.org/licenses/HPND + +------------------------------------------------------------------- +Tue Jan 10 01:21:45 UTC 2012 - crrodriguez@opensuse.org + +- remove libjpeg-devel and zlib-devel from libtiff-devel + requires as they are _not_ required to use the library. + Now, this _will_ break packages with wrong buildrequires + for good. + +------------------------------------------------------------------- +Tue Jan 10 00:55:53 UTC 2012 - crrodriguez@opensuse.org + +- Hide private symbols using gcc visibility, this has been + applied only to functions that the source code clearly states + that are internal to the library. +- Run spec cleaner + +------------------------------------------------------------------- +Wed Nov 23 09:31:16 UTC 2011 - coolo@suse.com + +- add libtool as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Fri Aug 5 21:09:33 UTC 2011 - crrodriguez@opensuse.org + +- Do not use -fno-strict-aliasing, no longer needed + and will probably slow down the code. +- Fix self-obsoletion warning + +------------------------------------------------------------------- +Thu Apr 14 14:02:12 CEST 2011 - pgajdos@suse.cz + +- updated to 3.9.5: + * fixed integer overflow CVE-2010-4665 + * fixed buffer overflow in ojpeg decoder + * upstreamed: + - oob-read.patch + - CVE-2011-0192.patch + - getimage-64bit.patch + - CVE-2011-1167.patch + - scanlinesize.patch + +------------------------------------------------------------------- +Thu Mar 31 21:49:49 CEST 2011 - pgajdos@suse.cz + +- fixed regression caused by previous update [bnc#682871] + * modified CVE-2011-0192.patch +- fixed buffer overflow in thunder decoder [bnc#683337] + * added CVE-2011-1167.patch + +------------------------------------------------------------------- +Thu Feb 17 15:40:54 CET 2011 - pgajdos@suse.cz + +- fixed buffer overflow [bnc#672510] + * CVE-2011-0192.patch + +------------------------------------------------------------------- +Mon Sep 6 14:56:09 CEST 2010 - pgajdos@suse.cz + +- fixed "Possibly exploitable memory corruption issue in libtiff" + (see http://bugzilla.maptools.org/show_bug.cgi?id=2228) + [bnc#624215] + * scanlinesize.patch +- fixed crash while using libjpeg7 and higher + * dont-fancy-upsampling.patch + +------------------------------------------------------------------- +Mon Jul 12 16:36:48 CEST 2010 - pgajdos@suse.cz + +- updated to 3.9.4: fixes CVE-2010-2065 -- obsoletes + * integer-overflow.patch + * NULL-deref.patch +- fixes CVE-2010-2067 + +------------------------------------------------------------------- +Wed Jun 23 10:32:01 CEST 2010 - pgajdos@suse.cz + +- fixed CVE-2010-2065 + * integer-overflow.patch + * NULL-deref.patch +- fixed out of bounds read + * oob-read.patch +- fixed CVE-2010-2233 + * getimage-64bit.patch +- [bnc#612879] + +------------------------------------------------------------------- +Mon Apr 26 15:07:09 CEST 2010 - pgajdos@suse.cz + +- fixed tiff2pdf output [bnc#599475] + +------------------------------------------------------------------- +Fri Mar 26 08:49:41 UTC 2010 - pgajdos@suse.cz + +- fixed typo + +------------------------------------------------------------------- +Tue Mar 16 13:37:23 CET 2010 - pgajdos@suse.cz + +- updated to 3.9.2: fixed many CVE's and obsoletes almost all + our patches (see ChangeLog for details) + +------------------------------------------------------------------- +Tue Dec 15 19:38:18 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source +- enable parallel building + +------------------------------------------------------------------- +Thu Aug 6 14:02:07 CEST 2009 - pgajdos@suse.cz + +- fixed integer overflows [bnc#519796] + * CVE-2009-2347.patch + +------------------------------------------------------------------- +Thu Jul 2 16:33:02 CEST 2009 - nadvornik@suse.cz + +- fixed lzw overflow CVE-2009-2285 [bnc#518698] + +------------------------------------------------------------------- +Wed Feb 4 15:49:04 CET 2009 - nadvornik@suse.cz + +- fixed an endless loop on invalid images + (bnc#444079) CVE-2008-1586 + +------------------------------------------------------------------- +Tue Jan 13 16:19:37 CET 2009 - olh@suse.de + +- obsolete old libtiff-64bit on ppc64 (bnc#437293) + +------------------------------------------------------------------- +Wed Jan 7 12:34:56 CET 2009 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Sun Sep 7 11:24:56 CEST 2008 - schwab@suse.de + +- Fix conflicting options. + +------------------------------------------------------------------- +Tue Aug 19 17:45:10 CEST 2008 - nadvornik@suse.cz + +- fixed buffer overflows in LZW code (CVE-2008-2327) [bnc#414946] + +------------------------------------------------------------------- +Sun May 18 10:37:18 CEST 2008 - coolo@suse.de + +- fix rename of xxbit packages + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Fri Jul 27 15:58:49 CEST 2007 - ro@suse.de + +- add provides and obsoletes for libtiff to libtiff3 package + +------------------------------------------------------------------- +Thu Jul 19 15:01:40 CEST 2007 - nadvornik@suse.cz + +- renamed libtiff to libtiff3 +- do not package static libraries +- added zlib-devel to BuildRequires + +------------------------------------------------------------------- +Mon Jun 12 13:40:43 CEST 2006 - nadvornik@suse.cz + +- fixed a typo in the previous change [#179051] + +------------------------------------------------------------------- +Fri Jun 2 17:17:55 CEST 2006 - nadvornik@suse.cz + +- fixed buffer overflow in tiffsplit (CVE-2006-2656) [#179051] +- fixed buffer overflow in tiff2pdf [#179587] + +------------------------------------------------------------------- +Wed Apr 12 11:01:27 CEST 2006 - nadvornik@suse.cz + +- updated to 3.8.2 [#165237] + * bugfix release + * fixed several segfaults caused by incorrect tiff data + +------------------------------------------------------------------- +Tue Feb 7 15:09:45 CET 2006 - nadvornik@suse.cz + +- fixed crash on certain tiff images CVE-2006-0405 [#145757] + +------------------------------------------------------------------- +Wed Jan 25 21:31:02 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Thu Jan 12 16:32:23 CET 2006 - nadvornik@suse.cz + +- compile with -fstack-protector + +------------------------------------------------------------------- +Tue Jan 3 15:01:35 CET 2006 - nadvornik@suse.cz + +- updated to 3.8.0: + * Read-only support for custom directories (e.g. EXIF directory) + * Preliminary support for MS MDI format + +------------------------------------------------------------------- +Mon Oct 10 15:13:48 CEST 2005 - nadvornik@suse.cz + +- built with -fno-strict-aliasing + +------------------------------------------------------------------- +Fri Jul 15 15:35:41 CEST 2005 - nadvornik@suse.cz + +- updated to 3.7.3 + +------------------------------------------------------------------- +Tue May 24 17:13:51 CEST 2005 - nadvornik@suse.cz + +- updated to 3.7.2 +- fixed 64bit bug in ppm2tiff [#85440] +- fixed buffer overflow in BitsPerSample [#82787] + +------------------------------------------------------------------- +Thu Feb 17 13:38:57 CET 2005 - nadvornik@suse.cz + +- fixed reading of alpha channel + +------------------------------------------------------------------- +Sun Jan 16 20:05:53 CET 2005 - ro@suse.de + +- added c++ to neededforbuild + +------------------------------------------------------------------- +Fri Jan 7 15:41:40 CET 2005 - nadvornik@suse.cz + +- use typedef int int32 on all architectures + +------------------------------------------------------------------- +Wed Jan 05 15:42:09 CET 2005 - nadvornik@suse.cz + +- disabled c++ API as it would add a dependency on c++ libraries + +------------------------------------------------------------------- +Mon Jan 03 17:50:47 CET 2005 - nadvornik@suse.cz + +- updated to 3.7.1: bugfix release + +------------------------------------------------------------------- +Wed Dec 15 21:04:47 CET 2004 - nadvornik@suse.cz + +- added README.SUSE pointing to the documentation [#48601] +- moved man3 to devel subpackage + +------------------------------------------------------------------- +Fri Oct 22 18:38:53 CEST 2004 - nadvornik@suse.cz + +- updated to 3.7.0 - security fixes are included in mainstream + +------------------------------------------------------------------- +Wed Oct 20 09:59:41 CEST 2004 - meissner@suse.de + +- Initialize ycbcrsubsampling to be not 0 in case + of bad tiffs to avoid denial of service by divison/0. + +------------------------------------------------------------------- +Tue Oct 12 15:20:16 CEST 2004 - nadvornik@suse.cz + +- do not call TIFFTileSize with uninitialized values [#44635] + +------------------------------------------------------------------- +Thu Oct 07 18:44:29 CEST 2004 - pmladek@suse.cz + +- fixed much more buffer overflows (the older tiff-alt-bound-CheckMalloc.patch + is included in the new libtiff-3.6.1-alt-bound.patch now) [#44635] + +------------------------------------------------------------------- +Thu Sep 30 18:33:05 CEST 2004 - nadvornik@suse.cz + +- fixed more buffer overflows [#44635] + +------------------------------------------------------------------- +Tue Sep 21 17:47:00 CEST 2004 - nadvornik@suse.cz + +- fixed multiple buffer overflows - CAN-2004-0803 [#44635] +- disabled old jpeg support because of security problems [#45116] + +------------------------------------------------------------------- +Tue Aug 31 16:23:04 CEST 2004 - nadvornik@suse.cz + +- added LZW support + +------------------------------------------------------------------- +Wed Aug 25 13:39:39 CEST 2004 - kukuk@suse.de + +- Create -devel subpackage +- Add libjpeg-devel to neededforbuild +- Avoid /bin/sh in PreRequires + +------------------------------------------------------------------- +Fri Jul 2 16:10:10 CEST 2004 - max@suse.de + +- port.h is needed as well. + +------------------------------------------------------------------- +Thu May 6 17:08:54 CEST 2004 - max@suse.de + +- Install private headers (tif_dir.h, tiffiop.h). + +------------------------------------------------------------------- +Tue Apr 27 16:42:03 CEST 2004 - nadvornik@suse.cz + +- fixed tif_fax3 from cvs [#39515] + +------------------------------------------------------------------- +Mon Feb 09 12:27:05 CET 2004 - nadvornik@suse.cz + +- updated to 3.6.1 +- fixed dangerous compiler warnings + +------------------------------------------------------------------- +Sat Jan 10 20:14:17 CET 2004 - adrian@suse.de + +- add %defattr and %run_ldconfig + +------------------------------------------------------------------- +Wed May 21 01:06:35 CEST 2003 - ro@suse.de + +- remove cvs subdirs + +------------------------------------------------------------------- +Sat Jul 27 14:15:49 CEST 2002 - kukuk@suse.de + +- Provide libtiff-devel in libtiff [Bug #17260] + +------------------------------------------------------------------- +Fri Jul 26 21:37:50 CEST 2002 - adrian@suse.de + +- fix neededforbuild + +------------------------------------------------------------------- +Wed Jul 3 13:41:23 CEST 2002 - nadvornik@suse.cz + +- fixed segfault in fax2tiff [bug #16818] +- fixed size of int32 on 64bit architectures + +------------------------------------------------------------------- +Wed Jun 26 01:25:38 CEST 2002 - ro@suse.de + +- fixed directory permissions + +------------------------------------------------------------------- +Wed Jun 19 12:35:20 CEST 2002 - nadvornik@suse.cz + +- compiled with OJPEG_SUPPORT [bug #16408] + +------------------------------------------------------------------- +Thu Apr 18 23:05:34 CEST 2002 - kukuk@suse.de + +- Fix to compile on lib64 architectures + +------------------------------------------------------------------- +Wed Feb 6 14:48:39 CET 2002 - coolo@suse.de + +- use %_libdir + +------------------------------------------------------------------- +Thu Jan 24 11:53:02 CET 2002 - okir@suse.de + +- Fixed a tempfile race in fax2ps + +------------------------------------------------------------------- +Tue Dec 11 12:24:47 CET 2001 - nadvornik@suse.cz + +- updated to 3.5.7: bugfix release + +------------------------------------------------------------------- +Wed May 9 22:09:18 CEST 2001 - mfabian@suse.de + +- bzip2 sources + +------------------------------------------------------------------- +Thu Mar 15 19:11:58 CET 2001 - schwab@suse.de + +- Fix for ia64. + +------------------------------------------------------------------- +Fri May 26 16:16:59 CEST 2000 - bubnikv@suse.cz + +- sorted + +------------------------------------------------------------------- +Thu May 25 10:55:25 CEST 2000 - schwab@suse.de + +- Fix dso configure check for ia64. + +------------------------------------------------------------------- +Thu May 11 09:41:12 CEST 2000 - nadvornik@suse.cz + +- update to 3.5.5 +- added BuildRoot + +------------------------------------------------------------------- +Tue Jan 25 17:12:06 CET 2000 - ro@suse.de + +- manpages to /usr/share using macro + +------------------------------------------------------------------- +Mon Jan 3 15:10:55 CET 2000 - schwab@suse.de + +- Update to 3.5.4 (Y2K fix) + +------------------------------------------------------------------- +Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de + +- ran old prepare_spec on spec file to switch to new prepare_spec. + +------------------------------------------------------------------- +Wed Jan 13 18:07:04 MET 1999 - ro@suse.de + +- respect systems where libc is libc.so.6.1 (alpha) + +------------------------------------------------------------------- +Wed Nov 25 17:56:05 MET 1998 - ro@suse.de + +- update to 3.4 (final) named 3.4.final for rpm +- moved from /usr/X11R6 to /usr + +------------------------------------------------------------------- +Wed Jul 29 19:01:00 MEST 1998 - werner@suse.de + +- Link shared libs explicit with -lc + +------------------------------------------------------------------- +Tue May 12 18:22:27 MEST 1998 - ro@suse.de + +- extracted package from libgr / build from own sources + diff --git a/tiff.keyring b/tiff.keyring new file mode 100644 index 0000000..99aa836 --- /dev/null +++ b/tiff.keyring @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBFWDB10BCADeJcYKb4zsG2fs3MWGf996ZS4KIiOBRNQtQwCI5+h3K8m1qDur +qyRZ50tB/ODJwJNqdKGdGyrIvGDynsS9JsZMJ2PVoI9IK+X/vQiokx9lJCuDXTtw +1THmA85lyl1blLe3j6tA74MSXDiT3nVk375djTz+zOGxa/Ueg49tM+DjltYpkVsG +TCc29/QJ4rZmto0Lj8iU+9S7S8H/2/54qUn7vFzfzsTkI8fiLM0deCzONzE7j9Ho +vj/8dSHmB5GOGtLf2kMHbgDhHfs61UN4FawugnilCfrxVzi5EmmEByP8Zp6h/or5 ++QrTCFrVEW+zRXDGsqicN01rK22/JvyUbpyNABEBAAG0KUV2ZW4gUm91YXVsdCA8 +ZXZlbi5yb3VhdWx0QHNwYXRpYWx5cy5jb20+iQE4BBMBAgAiBQJVgwddAhsDBgsJ +CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAz67/Eez3YfZphB/9H/fWUakZqzlqi +NhZbev0um5GUYBERB7cp8JqmILF6TzCvievmR8q0zJb3vyc+8Kjti/n5CyziWDtH +XqibyhsoAFoOHhyMjQVj/hFR6oCWxF6fASkzpUSoDAHtVpFXqaLrbI1B2Fb9JpTs +VrHz0HVaW30E7eybmi7oYjV4T1bO22D/aH80zx3i6cLnoGqMCHmKrwNOK7A95mKj +k9s9GRbamR/3ef8BDF3xikDe8nSxICVc3WJbMHcGjHU6p8C/RzCvWqfHDtTuiWcG +feqaA1LmBKtpIHwG1uigM8+MJT+S+NYljTLqbz0FsORbUQ1QqXuqrfNoBqAEbLxg +esSGPx7UuQENBFWDB10BCADwo42Jwl14Tq3xhPM+1BSOfy3Aw6wTXsWzxoDABs+8 +42WhD53vn7MnOSz2VX4cTvw4ioi+N3NB2zaHGNTrwyV3DExh0d8ZNq53IXoMYfot +Uv/lZ6QHJB+kIYe+twOjkKCYj4jt1m7aEDZ3Ra4aoZbYWfFbQNZ0tnUKFVUBWcWQ +jyCWC84BdXkbxcmsr2njocqyu0lfjXpVcCBcTCcgf/LHy79asm4jgB0XpE+e8ri8 +kEadj7x7x4rrhJfa9t3oJ3AZ3rmo5zzFdbJtNKhCmwCoHrvRNWOPn6u5E7YYW9kB +xgzUUhh1g2F9RMbh3CZjICi9HtbWK3slWGYTaMt4lg/ZABEBAAGJAR8EGAECAAkF +AlWDB10CGwwACgkQM+u/xHs92H2a0wf/XV0XjqMWufAIKkvL6CmrZrCixWmPOiC1 +q8894h+gR5JpKD9h0gLJhtk4tLMy+pDmNSxPXsoRYHneJIqHl1M72Q7vEhTKIVXn +h9A306ZjCHTTNSQ3npNG1wpO0LyLDmn+Zvd1JBoFyCzsTPZ+TbUYvVJT0CeFbJBe +1JzoO1Mi2fOtA91GuYtstWLNccDbv2b5s+JSbAf3ix3+qiUpA5fglWFljCYPxzkA +eU8AReBpuirD0ZQ1Z7GJDJs2zHKZu5BqCTf5gpVLUHCXd3F46CZ4IaVrOGhNP1Ki +KemC/dPHz7Ku7HN0tqmmmu12nvUACBckNsVebCefOFrkGtdryHQ1Zw== +=4/vP +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tiff.spec b/tiff.spec new file mode 100644 index 0000000..df26871 --- /dev/null +++ b/tiff.spec @@ -0,0 +1,125 @@ +# +# spec file for package tiff +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define asan_build 0 +%define debug_build 0 +Name: tiff +Version: 4.6.0 +Release: 0 +Summary: Tools for Converting from and to the Tagged Image File Format +License: HPND +Group: Productivity/Graphics/Convertors +URL: https://libtiff.gitlab.io/libtiff/ +Source: https://download.osgeo.org/libtiff/tiff-%{version}.tar.xz +Source1: https://download.osgeo.org/libtiff/tiff-%{version}.tar.xz.sig +Source2: README.SUSE +Source3: baselibs.conf +Source99: tiff.keyring +Patch0: tiff-4.0.3-seek.patch +Patch1: tiff-CVE-2023-52356.patch +BuildRequires: gcc-c++ +BuildRequires: libjbig-devel +BuildRequires: libjpeg-devel +BuildRequires: libtool +BuildRequires: lzma-devel +BuildRequires: pkgconfig +BuildRequires: pkgconfig(libzstd) +BuildRequires: pkgconfig(zlib) + +%description +This package contains the library and support programs for the TIFF +image format. + +%package -n libtiff6 +Summary: The Tiff Library (with JPEG and compression support) +Group: System/Libraries +Provides: libtiff = %{version} + +%description -n libtiff6 +This package includes the tiff libraries. To link a program with +libtiff, you will have to add -ljpeg and -lz to include the necessary +libjpeg and libz in the linking process. + +%package -n libtiff-devel +Summary: Development Tools for Programs which will use the libtiff Library +Group: Development/Libraries/C and C++ +Requires: glibc-devel +Requires: libstdc++-devel +Requires: libtiff6 = %{version} + +%description -n libtiff-devel +This package contains the header files and static libraries for +developing programs which will manipulate TIFF format image files using +the libtiff library. + +%prep +%autosetup -p1 + +%build +CFLAGS="%{optflags} -fPIE" +%if %{debug_build} +CFLAGS="$CFLAGS -O0" +%endif +%configure --disable-static +%if %{asan_build} +find -name Makefile | xargs sed -i 's/\(^CFLAGS.*\)/\1 -fsanitize=address/' +%endif +%make_build LDFLAGS="-pie" + +%install +mkdir -p %{buildroot}/{%{_mandir}/{man1,man3},usr/{bin,lib,include}} +%make_install +for f in `find %{buildroot}/%{_mandir} -type f -print ` ; do + if [ `wc -l <$f` -eq 1 ] && grep -q "^\.so " $f ; then + linkto=`sed -e "s|^\.so ||" $f` + [ -f "`dirname $f`/$linkto" ] && ln -sf "$linkto" $f + fi +done + +cp %{SOURCE2} . +rm -rf %{buildroot}%{_datadir}/doc/tiff* +find %{buildroot} -type f -name "*.la" -delete -print + +%check +%if %{asan_build} +# ASAN needs /proc to be mounted +exit 0 +%endif +for i in tools test; do + (cd $i && make %{?_smp_mflags} check) +done + +%ldconfig_scriptlets -n libtiff6 + +%files +%{_bindir}/* +%doc README.md VERSION ChangeLog TODO RELEASE-DATE +%{_mandir}/man1/* + +%files -n libtiff6 +%license LICENSE.md +%doc README.md README.SUSE +%{_libdir}/*.so.* + +%files -n libtiff-devel +%{_includedir}/* +%{_libdir}/*.so +%{_libdir}/pkgconfig/*.pc +%{_mandir}/man3/* + +%changelog