OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=105

tiff.changes

@@ -63,19 +63,22 @@ Tue Jun 20 08:15:57 UTC 2017 - fstrba@suse.com
   * libtiff/tif_jpeg.c
     + avoid integer division by zero in JPEGSetupEncode() when
       horizontal or vertical sampling is set to 0.
-      Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2653
+      Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2653,
+      bsc#1033127, CVE-2017-7595
   * libtiff/tif_dirwrite.c
     + in TIFFWriteDirectoryTagCheckedRational, replace assertion by
       runtime check to error out if passed value is strictly
       negative.
-      Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2535
+      Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2535,
+      bsc#1038438, CVE-2016-10371
   * libtiff/tif_dirread.c
     + avoid division by floating point 0 in
       TIFFReadDirEntryCheckedRational() and
       TIFFReadDirEntryCheckedSrational(), and return 0 in that case
       (instead of infinity as before presumably) Apparently some
       sanitizers do not like those divisions by zero.
-      Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2644
+      Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2644,
+      bsc#1033118, CVE-2017-7598
   * libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c
     + implement various clampings of double to other data types to
       avoid undefined behaviour if the output range isn't big enough
@@ -83,23 +86,29 @@ Tue Jun 20 08:15:57 UTC 2017 - fstrba@suse.com
       Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2643
       http://bugzilla.maptools.org/show_bug.cgi?id=2642
       http://bugzilla.maptools.org/show_bug.cgi?id=2646
-      http://bugzilla.maptools.org/show_bug.cgi?id=2647
+      http://bugzilla.maptools.org/show_bug.cgi?id=2647,
+      bsc#1033126, CVE-2017-7596, bsc#1033120, CVE-2017-7597,
+      bsc#1033113, CVE-2017-7599, bsc#1033112, CVE-2017-7600,
   * libtiff/tif_jpeg.c
     + validate BitsPerSample in JPEGSetupEncode() to avoid undefined
       behaviour caused by invalid shift exponent.
-      Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
+      Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648,
+      bsc#1033111, CVE-2017-7601
   * libtiff/tif_read.c
     + avoid potential undefined behaviour on signed integer addition
       in TIFFReadRawStrip1() in isMapped() case.
-      Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650
+      Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650,
+      bsc#1033109, CVE-2017-7602
   * libtiff/tif_getimage.c
     + add explicit uint32 cast in putagreytile to avoid
       UndefinedBehaviorSanitizer warning. Patch by Nicolas Pena.
-      Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2658
+      Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2658,
+      bsc#1033131, CVE-2017-7592
   * libtiff/tif_read.c
     + TIFFReadBufferSetup(): use _TIFFcalloc() to zero initialize
       tif_rawdata.
-      Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651
+      Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651,
+      bsc#1033129, CVE-2017-7593
   * libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c
     + add _TIFFcalloc()
   * libtiff/tif_luv.c, tif_lzw.c, tif_packbits.c
@@ -111,7 +120,8 @@ Tue Jun 20 08:15:57 UTC 2017 - fstrba@suse.com
       OJPEGReadHeaderInfoSecTablesDcTable and
       OJPEGReadHeaderInfoSecTablesAcTable when read fails. Patch by
       Nicolas Pena.
-      Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
+      Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659,
+      bsc#1033128, CVE-2017-7594
   * libtiff/tif_jpeg.c
     + only run JPEGFixupTagsSubsampling() if the YCbCrSubsampling
       tag is not explicitly present. This helps a bit to reduce the
@@ -131,7 +141,8 @@ Tue Jun 20 08:15:57 UTC 2017 - fstrba@suse.com
     + fix memory leak in non DEFER_STRILE_LOAD mode (ie default)
       when there is both a StripOffsets and TileOffsets tag, or a
       StripByteCounts and TileByteCounts
-      Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2689
+      Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2689,
+      bsc#1042805, CVE-2017-9403)
   * libtiff/tif_ojpeg.c
     + fix potential memory leak in
       OJPEGReadHeaderInfoSecTablesQTable,
@@ -316,6 +327,8 @@ Tue Jun 20 08:15:57 UTC 2017 - fstrba@suse.com
   * tools/tiff2bw.c
     + close TIFF handle in error code path.
       Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2677
+  * Other issues fixed:
+    + bsc#1042804, CVE-2017-9404
 - Removed patches:
   * tiff-4.0.7-CVE-2015-7554.patch
   * tiff-4.0.7-CVE-2017-5225.patch
@@ -580,7 +593,8 @@ Tue Nov 29 08:45:11 UTC 2016 - fstrba@suse.com
       (http://bugzilla.maptools.org/show_bug.cgi?id=2545, bsc#974614)
   * tools/tiffcp.c
     + Fix out-of-bounds write on tiled images with odd tile width vs
-      image width. Reported as MSVR 35103.
+      image width. Reported as MSVR 35103. (bsc#1011841,
+      CVE-2016-9538)
     + Fix read of undefined variable in case of missing required
       tags. Found on test case of MSVR 35100.
   * tools/tiffcrop.c
@@ -603,7 +617,8 @@ Tue Nov 29 08:45:11 UTC 2016 - fstrba@suse.com
       libtiff-4.0.3-25.el7_2.src.rpm
       (http://bugzilla.maptools.org/show_bug.cgi?id=2543, bsc#975070)
     + Fix read of undefined buffer in readContigStripsIntoBuffer()
-      due to uint16 overflow. Reported as MSVR 35100.
+      due to uint16 overflow. Reported as MSVR 35100. (bsc#1011841,
+      CVE-2016-9538)
     + Fix various out-of-bounds write vulnerabilities in heap or
       stack allocated buffers. Reported as MSVR 35093, MSVR 35096
       and MSVR 35097.