From 7068726bc8b59763e85929f4cb1a312833055124389aebe27a85ccfce2052d05 Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Fri, 15 Sep 2023 07:08:05 +0000 Subject: [PATCH] Accepting request 1111454 from home:polslinux:branches:graphics - Update to version 4.6.0: * API/ABI breaks: none * WebP decoder: validate WebP blob width, height, band count against TIFF parameters to avoid use of uninitialized variable, or decoding corrupted content without explicit error (fixes issue #581, issue #582). * WebP codec: turn exact mode when creating lossless files to avoid altering R,G,B values in areas where alpha=0 * Fix TransferFunction writing of only two transfer functions. * TIFFReadDirectoryCheckOrder: avoid integer overflow. When it occurs, it should be harmless in practice though * tiffcp: remove -i option (ignore errors) * This version removes a big number of utilities that have suffered from lack of maintenance over the years and were the source of various reported security issues: + fax2ps + fax2tiff + pal2rgb + ppm2tiff + raw2tiff + rgb2ycbcr + thumbnail + tiff2bw + tiff2rgba + tiffcmp + tiffcrop + tiffdither + tiffgt + tiffmedian + tiff2ps + tiff2pdf OBS-URL: https://build.opensuse.org/request/show/1111454 OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=172 --- tiff-4.0.3-compress-warning.patch | 18 --------------- tiff-4.0.3-seek.patch | 8 ++++--- tiff-4.5.1.tar.xz | 3 --- tiff-4.5.1.tar.xz.sig | Bin 310 -> 0 bytes tiff-4.6.0.tar.xz | 3 +++ tiff-4.6.0.tar.xz.sig | Bin 0 -> 310 bytes tiff.changes | 35 ++++++++++++++++++++++++++++++ tiff.spec | 9 +------- 8 files changed, 44 insertions(+), 32 deletions(-) delete mode 100644 tiff-4.0.3-compress-warning.patch delete mode 100644 tiff-4.5.1.tar.xz delete mode 100644 tiff-4.5.1.tar.xz.sig create mode 100644 tiff-4.6.0.tar.xz create mode 100644 tiff-4.6.0.tar.xz.sig diff --git a/tiff-4.0.3-compress-warning.patch b/tiff-4.0.3-compress-warning.patch deleted file mode 100644 index abfa3f4..0000000 --- a/tiff-4.0.3-compress-warning.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- tiff-4.5.0/tools/tiff2pdf.c.orig 2023-01-04 09:52:13.665734351 +0100 -+++ tiff-4.5.0/tools/tiff2pdf.c 2023-01-04 09:53:13.922053942 +0100 -@@ -1435,6 +1435,15 @@ - t2p->t2p_error = T2P_ERR_ERROR; - return; - } -+ if(t2p->tiff_compression != COMPRESSION_LZW && -+ t2p->tiff_compression != COMPRESSION_NONE){ -+ TIFFWarning( -+ TIFF2PDF_MODULE, -+ "%s is not compressed with LZW or NONE.\n" -+ "tiff2pdf result may be incorrect in that case.\n" -+ "Consider to use tiffcp(1) to change compress algorithm first.", -+ TIFFFileName(input) ); -+ } - if (TIFFIsCODECConfigured(t2p->tiff_compression) == 0) - { - TIFFError(TIFF2PDF_MODULE, diff --git a/tiff-4.0.3-seek.patch b/tiff-4.0.3-seek.patch index 747afe1..eea122a 100644 --- a/tiff-4.0.3-seek.patch +++ b/tiff-4.0.3-seek.patch @@ -1,6 +1,8 @@ ---- tiff-4.5.0/libtiff/tiffiop.h.orig 2023-01-04 09:58:24.947703675 +0100 -+++ tiff-4.5.0/libtiff/tiffiop.h 2023-01-04 09:57:09.507303516 +0100 -@@ -257,7 +257,7 @@ +Index: tiff-4.6.0/libtiff/tiffiop.h +=================================================================== +--- tiff-4.6.0.orig/libtiff/tiffiop.h ++++ tiff-4.6.0/libtiff/tiffiop.h +@@ -256,7 +256,7 @@ struct TIFFOpenOptions #define TIFFWriteFile(tif, buf, size) \ ((*(tif)->tif_writeproc)((tif)->tif_clientdata, (buf), (size))) #define TIFFSeekFile(tif, off, whence) \ diff --git a/tiff-4.5.1.tar.xz b/tiff-4.5.1.tar.xz deleted file mode 100644 index c077212..0000000 --- a/tiff-4.5.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3c080867114c26edab3129644a63b708028a90514b7fe3126e38e11d24f9f88a -size 2228040 diff --git a/tiff-4.5.1.tar.xz.sig b/tiff-4.5.1.tar.xz.sig deleted file mode 100644 index 74ca0652c0c6327ac462e3326d9cc5a1feef9d3ce26b443d7417e0a4f40cdea5..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SW*e79j+&`h9`!xaMP-7mJrO>%YW%J=lE(0%U~Wj{ph@5Hst) z#Ctv1eWi&A0L2eI?=T`Xrg^BY@2Eb&<|((AlT*AJrW=Ug@uS)P|6Y8Z1~ra9)H|%k zi&F@w@4!M`N#5oglrytFON2eXHtV(3F-*H{2Dbs^5YNu-$+QUYg464go{RN$M8D>g z4kU7x(vHC$lx IrQB{tq<$-yoB#j- diff --git a/tiff-4.6.0.tar.xz b/tiff-4.6.0.tar.xz new file mode 100644 index 0000000..69e233d --- /dev/null +++ b/tiff-4.6.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e178649607d1e22b51cf361dd20a3753f244f022eefab1f2f218fc62ebaf87d2 +size 2124388 diff --git a/tiff-4.6.0.tar.xz.sig b/tiff-4.6.0.tar.xz.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..9f925911418fd91e15d87ddc19bb4af0f30c1bfa3d010283ae8bc51c5640a8b9 GIT binary patch literal 310 zcmV-60m=S}0W$;u0SW*e79j+&`h9`!xaMP-7mJrO>%YW%J=lE(0%ZE;RR9VJ5Hst) z#Ctv1eWTn5|7LdGtfW-szWu$C1e&{qDeq(du(!}%I2GPo2s=8 zumKrpMy?)hqCzadMk*0=-DCIWPY|#SS9}F%yOA(rbsZ+t9=ZIqt(Ff!M Iz^Jt8oC7YF5C8xG literal 0 HcmV?d00001 diff --git a/tiff.changes b/tiff.changes index 3c3d549..c8e0278 100644 --- a/tiff.changes +++ b/tiff.changes @@ -1,3 +1,38 @@ +------------------------------------------------------------------- +Fri Sep 15 05:55:34 UTC 2023 - Paolo Stivanin + +- Update to version 4.6.0: + * API/ABI breaks: none + * WebP decoder: validate WebP blob width, height, band count against + TIFF parameters to avoid use of uninitialized variable, or decoding + corrupted content without explicit error (fixes issue #581, issue #582). + * WebP codec: turn exact mode when creating lossless files to avoid + altering R,G,B values in areas where alpha=0 + * Fix TransferFunction writing of only two transfer functions. + * TIFFReadDirectoryCheckOrder: avoid integer overflow. When it occurs, + it should be harmless in practice though + * tiffcp: remove -i option (ignore errors) + * This version removes a big number of utilities that have suffered from + lack of maintenance over the years and were the source of various + reported security issues: + + fax2ps + + fax2tiff + + pal2rgb + + ppm2tiff + + raw2tiff + + rgb2ycbcr + + thumbnail + + tiff2bw + + tiff2rgba + + tiffcmp + + tiffcrop + + tiffdither + + tiffgt + + tiffmedian + + tiff2ps + + tiff2pdf +- Remove no longer needed tiff-4.0.3-compress-warning.patch. + ------------------------------------------------------------------- Tue Jun 20 07:16:56 UTC 2023 - Martin Pluskal diff --git a/tiff.spec b/tiff.spec index db171d6..d65b345 100644 --- a/tiff.spec +++ b/tiff.spec @@ -19,7 +19,7 @@ %define asan_build 0 %define debug_build 0 Name: tiff -Version: 4.5.1 +Version: 4.6.0 Release: 0 Summary: Tools for Converting from and to the Tagged Image File Format License: HPND @@ -31,8 +31,6 @@ Source2: README.SUSE Source3: baselibs.conf Source99: tiff.keyring Patch0: tiff-4.0.3-seek.patch -# http://bugzilla.maptools.org/show_bug.cgi?id=2442 -Patch1: tiff-4.0.3-compress-warning.patch BuildRequires: gcc-c++ BuildRequires: libjbig-devel BuildRequires: libjpeg-devel @@ -95,11 +93,6 @@ done cp %{SOURCE2} . rm -rf %{buildroot}%{_datadir}/doc/tiff* find %{buildroot} -type f -name "*.la" -delete -print -# remove pal2rgb, bsc#1071031 -for tool in pal2rgb; do - rm %{buildroot}%{_bindir}/$tool - rm %{buildroot}%{_mandir}/man1/$tool.1 -done %check %if %{asan_build}