------------------------------------------------------------------- Tue Aug 4 08:17:35 UTC 2015 - kstreitova@suse.com - use spec-cleaner ------------------------------------------------------------------- Wed Jul 1 07:17:13 UTC 2015 - pgajdos@suse.com - update to 4.0.4 D tiff-4.0.3-double-free.patch D tiff-handle-TIFFTAG_CONSECUTIVEBADFAXLINES.patch D tiff-4.0.3-CVE-2013-1961.patch D erouault.2862.patch D bfriesen.2805.patch D tiff-4.0.3-CVE-2013-4232.patch D tiff-4.0.3-CVE-2013-4244.patch D erouault.2861.patch D erouault.2857.patch D erouault.2856.patch D erouault.2859.patch D tiff-4.0.3-CVE-2012-4564.patch D tiff-4.0.3-tiff2pdf-colors.patch D erouault.2876.patch D erouault.2860.patch D tiff-dither-malloc-check.patch D tiff-4.0.3-CVE-2013-1960.patch D erouault.2858.patch D tiff-handle-TIFFTAG_PREDICTOR.patch D tiff-4.0.3-CVE-2013-4231.patch D tiff-4.0.3-CVE-2013-4243.patch D erouault.2863.patch D tiff-4.0.3-test-jpeg-turbo.patch ------------------------------------------------------------------- Thu Feb 26 13:58:54 UTC 2015 - pgajdos@suse.com - security update: CVE-2014-9655, CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2015-1547 bnc#914890, bnc#916925, bnc#916927 + erouault.2856.patch + erouault.2857.patch + erouault.2858.patch + erouault.2859.patch + erouault.2860.patch + erouault.2861.patch + erouault.2862.patch + erouault.2863.patch + erouault.2876.patch + bfriesen.2805.patch + tiff-handle-TIFFTAG_CONSECUTIVEBADFAXLINES.patch + tiff-handle-TIFFTAG_PREDICTOR.patch + tiff-dither-malloc-check.patch ------------------------------------------------------------------- Mon Dec 22 19:58:43 UTC 2014 - meissner@suse.com - build with PIE ------------------------------------------------------------------- Wed Aug 21 12:57:57 UTC 2013 - pgajdos@suse.com - security update * CVE-2013-4232.patch [bnc#834477] * CVE-2013-4231.patch [bnc#834477] * CVE-2013-4244.patch [bnc#834788] * CVE-2013-4243.patch [bnc#834779] ------------------------------------------------------------------- Wed Jun 26 10:48:50 UTC 2013 - pgajdos@suse.com - tiff2pdf: introduced warning when the compression isn't lzw or none [bnc#819142] - tiff2pdf: fixed crash [bnc#821872] ------------------------------------------------------------------- Tue Apr 30 13:20:50 UTC 2013 - pgajdos@suse.com - security update * CVE-2013-1961.patch [bnc#818117] * CVE-2013-1960.patch [bnc#817573] ------------------------------------------------------------------- Fri Apr 5 10:23:51 UTC 2013 - idonmez@suse.com - Add Source URL, see https://en.opensuse.org/SourceUrls ------------------------------------------------------------------- Mon Nov 5 09:27:59 UTC 2012 - pgajdos@suse.com - updated to 4.0.3: * Add some TIFF/FX support in libtiff. * Fix bug rewriting image tiles in a compressed file. * Fix read past end of data buffer. * etc., see ChangeLog - removed upstreamed patches: * bigendian.patch * dont-fancy-upsampling.patch * CVE-2012-3401.patch - new patch: * test-jpeg-turbo.patch * CVE-2012-4564.patch [bnc#787892] ------------------------------------------------------------------- Mon Jul 23 09:52:50 UTC 2012 - pgajdos@suse.com - fixed CVE-2012-3401 [bnc#770816] ------------------------------------------------------------------- Thu Jun 28 10:16:29 UTC 2012 - meissner@suse.com - RGBA is packed in host order, use the right macros to unpack and verify in raw_decode test. ------------------------------------------------------------------- Wed Jun 20 09:29:37 UTC 2012 - pgajdos@suse.com - updated to 4.0.2: [bnc#767852] [bnc#767854] tif_getimage.c: added support for _SEPARATED CMYK images. tif_getimage.c: Added support for greyscale + alpha. Added TIFFCreateCustomDirectory() and TIFFCreateEXIFDirectory() functions. tif_print.c: Lots of fixes around printing corrupt or hostile input. Improve handling of corrupt ycbcrsubsampling values. tif_unix.c: use strerror to get meaningful error messages. tif_jpeg.c: fix serious bugs in JPEGDecodeRaw(). tif_jpeg.c: Fix size overflow (zdi-can-1221,CVE-2012-1173). tiff2pdf: Defend against integer overflows while calculating required buffer sizes (CVE-2012-2113). ------------------------------------------------------------------- Tue Apr 10 17:37:25 UTC 2012 - brian@aljex.com - Fix building on older targets from SUSE 10.0 to current. - Add jbig support ------------------------------------------------------------------- Thu Mar 29 09:51:49 UTC 2012 - idonmez@suse.com - Add lzma support - Implement %check - Drop visibility patch because it breaks compilation ------------------------------------------------------------------- Wed Mar 28 18:06:34 UTC 2012 - i@marguerite.su - change package name libtiff4 to libtiff5. library number is 5 actually. ------------------------------------------------------------------- Wed Mar 28 17:29:16 UTC 2012 - i@marguerite.su - Update to 4.0.1 * configure.ac - Add libtiff private dependency on -llzma for pkg-config - Add support for using library symbol versioning on ELF systems with the GNU linker. * libtiff/tif_win32.c: Eliminate some minor 64-bit warnings in tif_win32.c * libtiff/tif_jpeg.c: Extra caution for case where sp is NULL. * libtiff/tif_dir.c, libtiff/tif_dirread.c: Extra caution around assumption tag fetching is always successful. * libtiff/tiffio.h: Use double-underbar syntax in GCC printf attribute specification to lessen the risk of accidental macro substitution. * Update automake used to 1.11.3. ------------------------------------------------------------------- Wed Mar 28 12:12:23 UTC 2012 - cfarrell@suse.com - license update: HPND tiff license most akin to spdx recognised http://www.spdx.org/licenses/HPND ------------------------------------------------------------------- Tue Jan 10 01:21:45 UTC 2012 - crrodriguez@opensuse.org - remove libjpeg-devel and zlib-devel from libtiff-devel requires as they are _not_ required to use the library. Now, this _will_ break packages with wrong buildrequires for good. ------------------------------------------------------------------- Tue Jan 10 00:55:53 UTC 2012 - crrodriguez@opensuse.org - Hide private symbols using gcc visibility, this has been applied only to functions that the source code clearly states that are internal to the library. - Run spec cleaner ------------------------------------------------------------------- Wed Nov 23 09:31:16 UTC 2011 - coolo@suse.com - add libtool as buildrequire to avoid implicit dependency ------------------------------------------------------------------- Fri Aug 5 21:09:33 UTC 2011 - crrodriguez@opensuse.org - Do not use -fno-strict-aliasing, no longer needed and will probably slow down the code. - Fix self-obsoletion warning ------------------------------------------------------------------- Thu Apr 14 14:02:12 CEST 2011 - pgajdos@suse.cz - updated to 3.9.5: * fixed integer overflow CVE-2010-4665 * fixed buffer overflow in ojpeg decoder * upstreamed: - oob-read.patch - CVE-2011-0192.patch - getimage-64bit.patch - CVE-2011-1167.patch - scanlinesize.patch ------------------------------------------------------------------- Thu Mar 31 21:49:49 CEST 2011 - pgajdos@suse.cz - fixed regression caused by previous update [bnc#682871] * modified CVE-2011-0192.patch - fixed buffer overflow in thunder decoder [bnc#683337] * added CVE-2011-1167.patch ------------------------------------------------------------------- Thu Feb 17 15:40:54 CET 2011 - pgajdos@suse.cz - fixed buffer overflow [bnc#672510] * CVE-2011-0192.patch ------------------------------------------------------------------- Mon Sep 6 14:56:09 CEST 2010 - pgajdos@suse.cz - fixed "Possibly exploitable memory corruption issue in libtiff" (see http://bugzilla.maptools.org/show_bug.cgi?id=2228) [bnc#624215] * scanlinesize.patch - fixed crash while using libjpeg7 and higher * dont-fancy-upsampling.patch ------------------------------------------------------------------- Mon Jul 12 16:36:48 CEST 2010 - pgajdos@suse.cz - updated to 3.9.4: fixes CVE-2010-2065 -- obsoletes * integer-overflow.patch * NULL-deref.patch - fixes CVE-2010-2067 ------------------------------------------------------------------- Wed Jun 23 10:32:01 CEST 2010 - pgajdos@suse.cz - fixed CVE-2010-2065 * integer-overflow.patch * NULL-deref.patch - fixed out of bounds read * oob-read.patch - fixed CVE-2010-2233 * getimage-64bit.patch - [bnc#612879] ------------------------------------------------------------------- Mon Apr 26 15:07:09 CEST 2010 - pgajdos@suse.cz - fixed tiff2pdf output [bnc#599475] ------------------------------------------------------------------- Fri Mar 26 08:49:41 UTC 2010 - pgajdos@suse.cz - fixed typo ------------------------------------------------------------------- Tue Mar 16 13:37:23 CET 2010 - pgajdos@suse.cz - updated to 3.9.2: fixed many CVE's and obsoletes almost all our patches (see ChangeLog for details) ------------------------------------------------------------------- Tue Dec 15 19:38:18 CET 2009 - jengelh@medozas.de - add baselibs.conf as a source - enable parallel building ------------------------------------------------------------------- Thu Aug 6 14:02:07 CEST 2009 - pgajdos@suse.cz - fixed integer overflows [bnc#519796] * CVE-2009-2347.patch ------------------------------------------------------------------- Thu Jul 2 16:33:02 CEST 2009 - nadvornik@suse.cz - fixed lzw overflow CVE-2009-2285 [bnc#518698] ------------------------------------------------------------------- Wed Feb 4 15:49:04 CET 2009 - nadvornik@suse.cz - fixed an endless loop on invalid images (bnc#444079) CVE-2008-1586 ------------------------------------------------------------------- Tue Jan 13 16:19:37 CET 2009 - olh@suse.de - obsolete old libtiff-64bit on ppc64 (bnc#437293) ------------------------------------------------------------------- Wed Jan 7 12:34:56 CET 2009 - olh@suse.de - obsolete old -XXbit packages (bnc#437293) ------------------------------------------------------------------- Sun Sep 7 11:24:56 CEST 2008 - schwab@suse.de - Fix conflicting options. ------------------------------------------------------------------- Tue Aug 19 17:45:10 CEST 2008 - nadvornik@suse.cz - fixed buffer overflows in LZW code (CVE-2008-2327) [bnc#414946] ------------------------------------------------------------------- Sun May 18 10:37:18 CEST 2008 - coolo@suse.de - fix rename of xxbit packages ------------------------------------------------------------------- Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support ------------------------------------------------------------------- Fri Jul 27 15:58:49 CEST 2007 - ro@suse.de - add provides and obsoletes for libtiff to libtiff3 package ------------------------------------------------------------------- Thu Jul 19 15:01:40 CEST 2007 - nadvornik@suse.cz - renamed libtiff to libtiff3 - do not package static libraries - added zlib-devel to BuildRequires ------------------------------------------------------------------- Mon Jun 12 13:40:43 CEST 2006 - nadvornik@suse.cz - fixed a typo in the previous change [#179051] ------------------------------------------------------------------- Fri Jun 2 17:17:55 CEST 2006 - nadvornik@suse.cz - fixed buffer overflow in tiffsplit (CVE-2006-2656) [#179051] - fixed buffer overflow in tiff2pdf [#179587] ------------------------------------------------------------------- Wed Apr 12 11:01:27 CEST 2006 - nadvornik@suse.cz - updated to 3.8.2 [#165237] * bugfix release * fixed several segfaults caused by incorrect tiff data ------------------------------------------------------------------- Tue Feb 7 15:09:45 CET 2006 - nadvornik@suse.cz - fixed crash on certain tiff images CVE-2006-0405 [#145757] ------------------------------------------------------------------- Wed Jan 25 21:31:02 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Thu Jan 12 16:32:23 CET 2006 - nadvornik@suse.cz - compile with -fstack-protector ------------------------------------------------------------------- Tue Jan 3 15:01:35 CET 2006 - nadvornik@suse.cz - updated to 3.8.0: * Read-only support for custom directories (e.g. EXIF directory) * Preliminary support for MS MDI format ------------------------------------------------------------------- Mon Oct 10 15:13:48 CEST 2005 - nadvornik@suse.cz - built with -fno-strict-aliasing ------------------------------------------------------------------- Fri Jul 15 15:35:41 CEST 2005 - nadvornik@suse.cz - updated to 3.7.3 ------------------------------------------------------------------- Tue May 24 17:13:51 CEST 2005 - nadvornik@suse.cz - updated to 3.7.2 - fixed 64bit bug in ppm2tiff [#85440] - fixed buffer overflow in BitsPerSample [#82787] ------------------------------------------------------------------- Thu Feb 17 13:38:57 CET 2005 - nadvornik@suse.cz - fixed reading of alpha channel ------------------------------------------------------------------- Sun Jan 16 20:05:53 CET 2005 - ro@suse.de - added c++ to neededforbuild ------------------------------------------------------------------- Fri Jan 7 15:41:40 CET 2005 - nadvornik@suse.cz - use typedef int int32 on all architectures ------------------------------------------------------------------- Wed Jan 05 15:42:09 CET 2005 - nadvornik@suse.cz - disabled c++ API as it would add a dependency on c++ libraries ------------------------------------------------------------------- Mon Jan 03 17:50:47 CET 2005 - nadvornik@suse.cz - updated to 3.7.1: bugfix release ------------------------------------------------------------------- Wed Dec 15 21:04:47 CET 2004 - nadvornik@suse.cz - added README.SUSE pointing to the documentation [#48601] - moved man3 to devel subpackage ------------------------------------------------------------------- Fri Oct 22 18:38:53 CEST 2004 - nadvornik@suse.cz - updated to 3.7.0 - security fixes are included in mainstream ------------------------------------------------------------------- Wed Oct 20 09:59:41 CEST 2004 - meissner@suse.de - Initialize ycbcrsubsampling to be not 0 in case of bad tiffs to avoid denial of service by divison/0. ------------------------------------------------------------------- Tue Oct 12 15:20:16 CEST 2004 - nadvornik@suse.cz - do not call TIFFTileSize with uninitialized values [#44635] ------------------------------------------------------------------- Thu Oct 07 18:44:29 CEST 2004 - pmladek@suse.cz - fixed much more buffer overflows (the older tiff-alt-bound-CheckMalloc.patch is included in the new libtiff-3.6.1-alt-bound.patch now) [#44635] ------------------------------------------------------------------- Thu Sep 30 18:33:05 CEST 2004 - nadvornik@suse.cz - fixed more buffer overflows [#44635] ------------------------------------------------------------------- Tue Sep 21 17:47:00 CEST 2004 - nadvornik@suse.cz - fixed multiple buffer overflows - CAN-2004-0803 [#44635] - disabled old jpeg support because of security problems [#45116] ------------------------------------------------------------------- Tue Aug 31 16:23:04 CEST 2004 - nadvornik@suse.cz - added LZW support ------------------------------------------------------------------- Wed Aug 25 13:39:39 CEST 2004 - kukuk@suse.de - Create -devel subpackage - Add libjpeg-devel to neededforbuild - Avoid /bin/sh in PreRequires ------------------------------------------------------------------- Fri Jul 2 16:10:10 CEST 2004 - max@suse.de - port.h is needed as well. ------------------------------------------------------------------- Thu May 6 17:08:54 CEST 2004 - max@suse.de - Install private headers (tif_dir.h, tiffiop.h). ------------------------------------------------------------------- Tue Apr 27 16:42:03 CEST 2004 - nadvornik@suse.cz - fixed tif_fax3 from cvs [#39515] ------------------------------------------------------------------- Mon Feb 09 12:27:05 CET 2004 - nadvornik@suse.cz - updated to 3.6.1 - fixed dangerous compiler warnings ------------------------------------------------------------------- Sat Jan 10 20:14:17 CET 2004 - adrian@suse.de - add %defattr and %run_ldconfig ------------------------------------------------------------------- Wed May 21 01:06:35 CEST 2003 - ro@suse.de - remove cvs subdirs ------------------------------------------------------------------- Sat Jul 27 14:15:49 CEST 2002 - kukuk@suse.de - Provide libtiff-devel in libtiff [Bug #17260] ------------------------------------------------------------------- Fri Jul 26 21:37:50 CEST 2002 - adrian@suse.de - fix neededforbuild ------------------------------------------------------------------- Wed Jul 3 13:41:23 CEST 2002 - nadvornik@suse.cz - fixed segfault in fax2tiff [bug #16818] - fixed size of int32 on 64bit architectures ------------------------------------------------------------------- Wed Jun 26 01:25:38 CEST 2002 - ro@suse.de - fixed directory permissions ------------------------------------------------------------------- Wed Jun 19 12:35:20 CEST 2002 - nadvornik@suse.cz - compiled with OJPEG_SUPPORT [bug #16408] ------------------------------------------------------------------- Thu Apr 18 23:05:34 CEST 2002 - kukuk@suse.de - Fix to compile on lib64 architectures ------------------------------------------------------------------- Wed Feb 6 14:48:39 CET 2002 - coolo@suse.de - use %_libdir ------------------------------------------------------------------- Thu Jan 24 11:53:02 CET 2002 - okir@suse.de - Fixed a tempfile race in fax2ps ------------------------------------------------------------------- Tue Dec 11 12:24:47 CET 2001 - nadvornik@suse.cz - updated to 3.5.7: bugfix release ------------------------------------------------------------------- Wed May 9 22:09:18 CEST 2001 - mfabian@suse.de - bzip2 sources ------------------------------------------------------------------- Thu Mar 15 19:11:58 CET 2001 - schwab@suse.de - Fix for ia64. ------------------------------------------------------------------- Fri May 26 16:16:59 CEST 2000 - bubnikv@suse.cz - sorted ------------------------------------------------------------------- Thu May 25 10:55:25 CEST 2000 - schwab@suse.de - Fix dso configure check for ia64. ------------------------------------------------------------------- Thu May 11 09:41:12 CEST 2000 - nadvornik@suse.cz - update to 3.5.5 - added BuildRoot ------------------------------------------------------------------- Tue Jan 25 17:12:06 CET 2000 - ro@suse.de - manpages to /usr/share using macro ------------------------------------------------------------------- Mon Jan 3 15:10:55 CET 2000 - schwab@suse.de - Update to 3.5.4 (Y2K fix) ------------------------------------------------------------------- Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de - ran old prepare_spec on spec file to switch to new prepare_spec. ------------------------------------------------------------------- Wed Jan 13 18:07:04 MET 1999 - ro@suse.de - respect systems where libc is libc.so.6.1 (alpha) ------------------------------------------------------------------- Wed Nov 25 17:56:05 MET 1998 - ro@suse.de - update to 3.4 (final) named 3.4.final for rpm - moved from /usr/X11R6 to /usr ------------------------------------------------------------------- Wed Jul 29 19:01:00 MEST 1998 - werner@suse.de - Link shared libs explicit with -lc ------------------------------------------------------------------- Tue May 12 18:22:27 MEST 1998 - ro@suse.de - extracted package from libgr / build from own sources