Hello community, here is the log from the commit of package tiff for openSUSE:Factory checked in at 2012-11-12 07:07:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tiff (Old) and /work/SRC/openSUSE:Factory/.tiff.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tiff", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/tiff/tiff.changes 2012-07-24 17:21:07.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.tiff.new/tiff.changes 2012-11-12 07:07:22.000000000 +0100 @@ -1,0 +2,16 @@ +Mon Nov 5 09:27:59 UTC 2012 - [email protected] + +- updated to 4.0.3: + * Add some TIFF/FX support in libtiff. + * Fix bug rewriting image tiles in a compressed file. + * Fix read past end of data buffer. + * etc., see ChangeLog +- removed upstreamed patches: + * bigendian.patch + * dont-fancy-upsampling.patch + * CVE-2012-3401.patch +- new patch: + * test-jpeg-turbo.patch + * CVE-2012-4564.patch [bnc#787892] + +------------------------------------------------------------------- Old: ---- tiff-4.0.2-CVE-2012-3401.patch tiff-4.0.2-dont-fancy-upsampling.patch tiff-4.0.2-seek.patch tiff-4.0.2-tiff2pdf-colors.patch tiff-4.0.2.tar.bz2 tiff-bigendian.patch New: ---- tiff-4.0.3-CVE-2012-4564.patch tiff-4.0.3-seek.patch tiff-4.0.3-test-jpeg-turbo.patch tiff-4.0.3-tiff2pdf-colors.patch tiff-4.0.3.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tiff.spec ++++++ --- /var/tmp/diff_new_pack.NYZZc9/_old 2012-11-12 07:07:23.000000000 +0100 +++ /var/tmp/diff_new_pack.NYZZc9/_new 2012-11-12 07:07:23.000000000 +0100 @@ -37,7 +37,7 @@ %if 0%{?suse_version} > 1210 BuildRequires: libjbig-devel %endif -Version: 4.0.2 +Version: 4.0.3 Release: 0 Summary: Tools for Converting from and to the Tiff Format License: HPND @@ -46,11 +46,10 @@ Source: tiff-%{version}.tar.bz2 Source2: README.SUSE Source3: baselibs.conf -Patch2: tiff-%{version}-seek.patch -Patch3: tiff-%{version}-tiff2pdf-colors.patch -Patch9: tiff-%{version}-dont-fancy-upsampling.patch -Patch10: tiff-bigendian.patch -Patch11: tiff-%{version}-CVE-2012-3401.patch +Patch0: tiff-%{version}-test-jpeg-turbo.patch +Patch1: tiff-%{version}-seek.patch +Patch2: tiff-%{version}-tiff2pdf-colors.patch +Patch3: tiff-%{version}-CVE-2012-4564.patch # FYI: this issue is solved another way # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1 # Patch9: tiff-%{version}-lzw-CVE-2009-2285.patch @@ -94,11 +93,10 @@ %prep %setup -q +%patch0 -p1 +%patch1 -p1 %patch2 -p1 -%patch3 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 +%patch3 %build %configure --disable-static --with-pic ++++++ tiff-4.0.2-CVE-2012-3401.patch -> tiff-4.0.3-CVE-2012-4564.patch ++++++ --- /work/SRC/openSUSE:Factory/tiff/tiff-4.0.2-CVE-2012-3401.patch 2012-07-24 17:21:07.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.tiff.new/tiff-4.0.3-CVE-2012-4564.patch 2012-11-12 07:07:22.000000000 +0100 @@ -1,12 +1,34 @@ -Index: tools/tiff2pdf.c +https://bugzilla.redhat.com/attachment.cgi?id=635949&action=diff +Index: tools/ppm2tiff.c =================================================================== ---- tools/tiff2pdf.c.orig -+++ tools/tiff2pdf.c -@@ -1066,6 +1066,7 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* - "Can't set directory %u of input file %s", - i, - TIFFFileName(input)); -+ t2p->t2p_error = T2P_ERR_ERROR; - return; - } - if(TIFFGetField(input, TIFFTAG_PAGENUMBER, &pagen, &paged)){ +RCS file: /cvs/maptools/cvsroot/libtiff/tools/ppm2tiff.c,v +--- tools/ppm2tiff.c 10 Apr 2010 19:22:34 -0000 1.16 ++++ tools/ppm2tiff.c 31 Oct 2012 06:25:13 -0000 +@@ -89,6 +89,7 @@ + int c; + extern int optind; + extern char* optarg; ++ tmsize_t scanline_size; + + if (argc < 2) { + fprintf(stderr, "%s: Too few arguments\n", argv[0]); +@@ -237,8 +238,16 @@ + } + if (TIFFScanlineSize(out) > linebytes) + buf = (unsigned char *)_TIFFmalloc(linebytes); +- else +- buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out)); ++ else { ++ scanline_size = TIFFScanlineSize(out); ++ if (scanline_size != 0) ++ buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out)); ++ else { ++ fprintf(stderr, "%s: scanline size overflow\n",infile); ++ (void) TIFFClose(out); ++ exit(-2); ++ } ++ } + if (resolution > 0) { + TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution); + TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution); + ++++++ tiff-4.0.2-seek.patch -> tiff-4.0.3-seek.patch ++++++ ++++++ tiff-4.0.3-test-jpeg-turbo.patch ++++++ >From ChangeLog: * test/raw_decode.c (main): Test fixes to work with IJG JPEG 7+. IJG JPEG 7+ uses a different upsampling algorithm which produces different numeric results. this seems not apply for libjpeg-turbo. Sent to [email protected] on 2012-11-05. Index: tiff-4.0.3/test/raw_decode.c =================================================================== --- tiff-4.0.3.orig/test/raw_decode.c +++ tiff-4.0.3/test/raw_decode.c @@ -191,7 +191,7 @@ main(int argc, char **argv) return 1; } -#if JPEG_LIB_VERSION >= 70 +#if JPEG_LIB_VERSION >= 70 && !defined(LIBJPEG_TURBO_VERSION) pixel_status |= check_rgb_pixel( 0, 18, 0, 41, buffer ); pixel_status |= check_rgb_pixel( 64, 0, 0, 0, buffer ); pixel_status |= check_rgb_pixel( 512, 5, 34, 196, buffer ); @@ -224,7 +224,7 @@ main(int argc, char **argv) * accomplish it from the YCbCr subsampled buffer ourselves in which * case the results may be subtly different but similar. */ -#if JPEG_LIB_VERSION >= 70 +#if JPEG_LIB_VERSION >= 70 && !defined(LIBJPEG_TURBO_VERSION) pixel_status |= check_rgba_pixel( 0, 18, 0, 41, 255, rgba_buffer ); pixel_status |= check_rgba_pixel( 64, 0, 0, 0, 255, rgba_buffer ); pixel_status |= check_rgba_pixel( 512, 5, 34, 196, 255, rgba_buffer ); ++++++ tiff-4.0.2-tiff2pdf-colors.patch -> tiff-4.0.3-tiff2pdf-colors.patch ++++++ ++++++ tiff-4.0.2.tar.bz2 -> tiff-4.0.3.tar.bz2 ++++++ ++++ 10179 lines of diff (skipped) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
