pool/tiff
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1201738 from graphics

Browse Source 
- Update to 4.7.0:
  * This version restores in the default build the availability of
    the tools that had been dropped in v4.6.0
    See https://libtiff.gitlab.io/libtiff/rfcs/rfc2_restoring_needed_tools.html#rfc2-restoring-needed-tools
  * Software configuration changes:
    + autoconf build: configure.ac: avoid -Werror passed to CFLAGS to interfere with feature detection
    + autoconf build: fix error when running make clean (fixes issue #630)
    + autoconf build: back off the minimum required automake version to 1.11
    + autoconf.ac: fix detection of windows.h for mingw (fixes issue #605)
    + libtiff-4.pc: Fix Requires.private missing Lerc. It provides a .pc file
      starting from version 4 (in autoconf builds, we assume that liblerc is at least version 4)
    + CMake: Fix TIFF_INCLUDE_DIRS
    + CMake: MinGW compilers don't need a .def file for shared library
    + CMake: move libdeflate and Lerc to Requires.private
    + CMake: enable resource compilation on all Windows.
  * Library changes:
    + Add TIFFOpenOptionsSetMaxCumulatedMemAlloc(). This function complements
      TIFFOpenOptionsSetMaxSingleMemAlloc() to define the maximum cumulated memory
      allocations in byte, for a given TIFF handle, that libtiff internal memory
      allocation functions are allowed. 
    + TIFFWriteDirectory(): Avoid overwriting following data if an IFD is enlarged.
    + TIFFXYZToRGB: avoid integer overflow (fixes issue #644)
    + uv_decode() and uv_encode(): avoid potential out-of-bounds array index (fixes issue #645)
    + Fix cases where tif_curdir is set incorrectly. Fix cases where the current directory number (tif_curdir)
      is set inconsistently or incorrectly, depending on the previous history.
    + TIFFRead[Scanline/EncodedStrip/EncodeTile]: 0-initialize output buffer if setupdecode fails ;
      most codecs: zero-initialize (not-yet-written parts of) output buffer if failure (fixes issue #375)
    + OJPEG: reset subsampling_convert_state=0 in OJPEGPreDecode (fixes issue #183)
    + ThunderRLE: fix failure when decoding last run. Bug seen with GhostPDL
    + LERC codec: deal with issues with multi-band PlanarConfig=Contig and NaN values

OBS-URL: https://build.opensuse.org/request/show/1201738
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tiff?expand=0&rev=97
This commit is contained in:
Ana Guerrero 2024-09-19 19:16:44 +00:00 committed by Git OBS Bridge
commit ad0e3f2bd3
8 changed files with 119 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
tiff-4.6.0.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

BIN
tiff-4.6.0.tar.xz.sig
View File

Binary file not shown.

3
tiff-4.7.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:273a0a73b1f0bed640afee4a5df0337357ced5b53d3d5d1c405b936501f71017
size 2286220

BIN
tiff-4.7.0.tar.xz.sig Normal file
View File

Binary file not shown.

33
tiff-CVE-2023-52356.patch
View File

@ -1,33 +0,0 @@
Index: tiff-4.6.0/libtiff/tif_getimage.c
===================================================================
--- tiff-4.6.0.orig/libtiff/tif_getimage.c
+++ tiff-4.6.0/libtiff/tif_getimage.c
@@ -3224,6 +3224,13 @@ int TIFFReadRGBAStripExt(TIFF *tif, uint
if (TIFFRGBAImageOK(tif, emsg) &&
TIFFRGBAImageBegin(&img, tif, stop_on_error, emsg))
{
+ if (row >= img.height)
+ {
+ TIFFErrorExtR(tif, TIFFFileName(tif),
+ "Invalid row passed to TIFFReadRGBAStrip().");
+ TIFFRGBAImageEnd(&img);
+ return (0);
+ }
img.row_offset = row;
img.col_offset = 0;
@@ -3301,6 +3308,14 @@ int TIFFReadRGBATileExt(TIFF *tif, uint3
return (0);
}
+ if (col >= img.width || row >= img.height)
+ {
+ TIFFErrorExtR(tif, TIFFFileName(tif),
+ "Invalid row/col passed to TIFFReadRGBATile().");
+ TIFFRGBAImageEnd(&img);
+ return (0);
+ }
+
/*
* The TIFFRGBAImageGet() function doesn't allow us to get off the
* edge of the image, even to fill an otherwise valid tile. So we

49
tiff-CVE-2024-7006.patch
View File

@ -1,49 +0,0 @@
Upstream:
3705f82b6483c7906cf08cd6b9dcdcd59c61d779
Index: tiff-4.6.0/libtiff/tif_dirinfo.c
===================================================================
--- tiff-4.6.0.orig/libtiff/tif_dirinfo.c
+++ tiff-4.6.0/libtiff/tif_dirinfo.c
@@ -887,7 +887,7 @@ const TIFFField *_TIFFFindOrRegisterFiel
if (fld == NULL)
{
fld = _TIFFCreateAnonField(tif, tag, dt);
- if (!_TIFFMergeFields(tif, fld, 1))
+ if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
return NULL;
}
Index: tiff-4.6.0/libtiff/tif_dirread.c
===================================================================
--- tiff-4.6.0.orig/libtiff/tif_dirread.c
+++ tiff-4.6.0/libtiff/tif_dirread.c
@@ -4260,11 +4260,9 @@ int TIFFReadDirectory(TIFF *tif)
dp->tdir_tag, dp->tdir_tag);
/* the following knowingly leaks the
anonymous field structure */
- if (!_TIFFMergeFields(
- tif,
- _TIFFCreateAnonField(tif, dp->tdir_tag,
- (TIFFDataType)dp->tdir_type),
- 1))
+ const TIFFField *fld = _TIFFCreateAnonField(
+ tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
+ if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
{
TIFFWarningExtR(
tif, module,
@@ -5138,11 +5136,9 @@ int TIFFReadCustomDirectory(TIFF *tif, t
"Unknown field with tag %" PRIu16 " (0x%" PRIx16
") encountered",
dp->tdir_tag, dp->tdir_tag);
- if (!_TIFFMergeFields(
- tif,
- _TIFFCreateAnonField(tif, dp->tdir_tag,
- (TIFFDataType)dp->tdir_type),
- 1))
+ const TIFFField *fld = _TIFFCreateAnonField(
+ tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
+ if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
{
TIFFWarningExtR(tif, module,
"Registering anonymous field with tag %" PRIu16

114
tiff.changes
View File

@ -1,3 +1,117 @@
-------------------------------------------------------------------
Wed Sep 18 08:02:11 UTC 2024 - Michael Vetter <mvetter@suse.com>
- Update to 4.7.0:
* This version restores in the default build the availability of
the tools that had been dropped in v4.6.0
See https://libtiff.gitlab.io/libtiff/rfcs/rfc2_restoring_needed_tools.html#rfc2-restoring-needed-tools
* Software configuration changes:
+ autoconf build: configure.ac: avoid -Werror passed to CFLAGS to interfere with feature detection
+ autoconf build: fix error when running make clean (fixes issue #630)
+ autoconf build: back off the minimum required automake version to 1.11
+ autoconf.ac: fix detection of windows.h for mingw (fixes issue #605)
+ libtiff-4.pc: Fix Requires.private missing Lerc. It provides a .pc file
starting from version 4 (in autoconf builds, we assume that liblerc is at least version 4)
+ CMake: Fix TIFF_INCLUDE_DIRS
+ CMake: MinGW compilers don't need a .def file for shared library
+ CMake: move libdeflate and Lerc to Requires.private
+ CMake: enable resource compilation on all Windows.
* Library changes:
+ Add TIFFOpenOptionsSetMaxCumulatedMemAlloc(). This function complements
TIFFOpenOptionsSetMaxSingleMemAlloc() to define the maximum cumulated memory
allocations in byte, for a given TIFF handle, that libtiff internal memory
allocation functions are allowed.
+ TIFFWriteDirectory(): Avoid overwriting following data if an IFD is enlarged.
+ TIFFXYZToRGB: avoid integer overflow (fixes issue #644)
+ uv_decode() and uv_encode(): avoid potential out-of-bounds array index (fixes issue #645)
+ Fix cases where tif_curdir is set incorrectly. Fix cases where the current directory number (tif_curdir)
is set inconsistently or incorrectly, depending on the previous history.
+ TIFFRead[Scanline/EncodedStrip/EncodeTile]: 0-initialize output buffer if setupdecode fails ;
most codecs: zero-initialize (not-yet-written parts of) output buffer if failure (fixes issue #375)
+ OJPEG: reset subsampling_convert_state=0 in OJPEGPreDecode (fixes issue #183)
+ ThunderRLE: fix failure when decoding last run. Bug seen with GhostPDL
+ LERC codec: deal with issues with multi-band PlanarConfig=Contig and NaN values
+ tif_fax3.c: error out after a number of times end-of-file has been reached (fixes issue #583)
+ LZW: avoid warning about misaligned address with UBSAN (fixes issue #616)
+ TIFFReadRGBAStrip/TIFFReadRGBATile: add more validation of col/row (fixes issue #622, CVE-2023-52356)
+ tif_dirread.c: only issue TIFFGetFileSize() for large enough RAM requests
+ Avoid FPEs (division by zero) in tif_getimage.c.
+ Avoiding FPE (division by zero) for TIFFhowmany_32() and TIFFhowmany_64() macros by checking for
denominator not zero before macros are executed. (fixes issue #628)
+ Add non-zero check before division in TIFFComputeStrip()
+ Fix wrong return of TIFFIsBigTIFF() in case byte-swapping is active
+ Setting the TIFFFieldInfo field set_field_type should consider field_writecount not field_readcount
+ Avoid memory leaks when using TIFFCreateDirectory() by releasing the allocated memory in the tif-structure.
+ For non-terminated ASCII arrays, the buffer is first enlarged before a NULL is set at the end to
avoid deleting the last character. (fixes issue #579)
+ Check return value of _TIFFCreateAnonField(). (fixes issue #624, CVE-2024-7006)
+ Prevent some out-of-memory attacks (https://gitlab.com/libtiff/libtiff/-/issues/614#note_1602683857)
+ Ensure absolute seeking is forced independent of TIFFReadDirectory success. (fixes issue #618)
+ tif_dirinfo.c: re-enable TIFFTAG_EP_CFAREPEATPATTERNDIM and TIFFTAG_EP_CFAPATTERN tags (fixes issue #608)
+ Fix warnings with GCC 14
+ tif_dir.c: Log source file, line number, and input tif for directory count error (fixes issue #627)
+ Last usage of get_field_type of TIFFField structure at TIFFWriteDirectorySec() changed to using set_field_type.
+ tif_jpeg.c/tif_ojpeg.c: remove likely ifdef tricks related to old compilers or unusual setups
+ Remove _TIFFUInt64ToFloat() and _TIFFUInt64ToDouble()
+ Remove support for _MSC_VER < 1500.
+ Use #ifdef _WIN32 to test for Windows, and tiffio.h: remove definition of __WIN32__
* Documentation:
+ Amend manpages for changes in current directory index behaviour
+ Note on using TIFFFlush() before TIFFClose() to check that the data has been successfully written to the file. (fixes issue #506)
+ Update TIFF documentation about TIFFOpenOptions.rst and TIFFOpenOptionsSetMaxSingleMemAlloc() usage and some other small fixes (relates to CVE-2024-7006)
* Re-added tools:
+ fax2ps
+ fax2tiff
+ pal2rgb
+ ppm2tiff
+ raw2tiff
+ rgb2ycbcr (not installed)
+ thumbnail (not installed)
+ tiff2bw
+ tiff2rgba
+ tiffcmp
+ tiffcrop
+ tiffdither
+ tiffgt
+ tiffmedian
+ tiff2ps
+ tiff2pdf
* New/improved functionality:
+ tiff2rgba: Add background gradient option for alpha compositing
+ tiffcp: -i flag restored
* Bug fixes for tools:
+ tiffcrop: address Coverity scan issues 1605444, 1605445, and 16054
+ tiffcrop: Apply "Fix heap-buffer-overflow in function extractImageSection"
+ tiffcrop: fix buffer overflows, use after free (fixes issue #542, issue #550, issue #552)
+ tiff2pdf: address Coverity scan issues
+ tiff2pdf: fix inconsistent PLANARCONFIG value for the input and output TIFF
+ tiff2pdf: fix issue with JPEG restart-interval marker when converting from JPEG-compressed files (fixes issue #539)
+ tiff2pdf: red and blue were being swapped for RGBA decoding (fixes issue #253)
+ tiff2pdf: fixes issue #596
+ thumbnail: address Coverity scan issues
+ tiffcp: Add check for limitMalloc return to fix Coverity 1603334
+ tiffcp: preserve TIFFTAG_REFERENCEBLACKWHITE when doing YCbCr JPEG -> YCbCr JPEG
+ tiffcp: replace PHOTOMETRIC_YCBCR with PHOTOMETRIC_RGB when outputing to compression != JPEG (refs issue #571)
+ tiffcp: do not copy tags YCBCRCOEFFICIENTS, YCBCRSUBSAMPLING, YCBCRPOSITIONING, REFERENCEBLACKWHITE. Only set YCBCRSUBSAMPLING when generating YCbCr JPEG
+ tiffcp: Check also codec of input image, not only from output image (fixes issue #606)
+ Add some basic sanity checks for tiffcp and tiffcrop RGB->YCbCr JPEG conversions.
+ fax2ps and fax2tiff: memory leak fixes (fixes issue #476)
+ tiffmedian: memory leak fixes (fixes issue #599)
+ fax2tiff: fix EOFB interpretation (fixes issue #191)
+ fax2tiff: fix issue with unreasonable width input (fixes issue #249)
+ tiffcp and tiffcrop: fixes issue #228
+ tiff2rgba: fixes issue #469
+ tiffdither: fixes issue #473
+ tiffdump: fix wrong printf formatter in error message (Coverity 1472932)
+ tiffset: avoid false positive Coverity Scan warning on 64-bit builds (Coverity 1518997)
+ tifcp/tiffset: use correct format specifiers
* Changes to contributed and unsupported tools
+ contrib/addtiffo: validate return of TIFFWriteEncodedXXXX() calls (Coverity 1024680)
- Remove patches contained in upstream:
* tiff-CVE-2023-52356.patch
* tiff-CVE-2024-7006.patch
- Tools are not built for now due to test failure: `FAIL: tiffcp-32bpp-None-jpeg.sh`
-------------------------------------------------------------------
Mon Aug 19 06:30:27 UTC 2024 - Michael Vetter <mvetter@suse.com>

5
tiff.spec
View File

@ -19,7 +19,7 @@
%define asan_build 0
%define debug_build 0
Name: tiff
Version: 4.6.0
Version: 4.7.0
Release: 0
Summary: Tools for Converting from and to the Tagged Image File Format
License: HPND
@ -31,8 +31,6 @@ Source2: README.SUSE
Source3: baselibs.conf
Source99: tiff.keyring
Patch0: tiff-4.0.3-seek.patch
Patch1: tiff-CVE-2023-52356.patch
Patch2: tiff-CVE-2024-7006.patch
BuildRequires: gcc-c++
BuildRequires: libjbig-devel
BuildRequires: libjpeg-devel
@ -76,6 +74,7 @@ CFLAGS="%{optflags} -fPIE"
%if %{debug_build}
CFLAGS="$CFLAGS -O0"
%endif
# tools are not enabled for now due to test failure `FAIL: tiffcp-32bpp-None-jpeg.sh`
%configure --disable-static
%if %{asan_build}
find -name Makefile | xargs sed -i 's/\(^CFLAGS.*\)/\1 -fsanitize=address/'