Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package netpbm for openSUSE:Factory checked in at 2024-02-06 16:32:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/netpbm (Old) and /work/SRC/openSUSE:Factory/.netpbm.new.1815 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "netpbm" Tue Feb 6 16:32:28 2024 rev:81 rq:1144005 version:11.5.2 Changes: -------- --- /work/SRC/openSUSE:Factory/netpbm/netpbm.changes 2024-02-02 15:45:19.604468254 +0100 +++ /work/SRC/openSUSE:Factory/.netpbm.new.1815/netpbm.changes 2024-02-06 16:32:34.206737681 +0100 @@ -1,0 +2,7 @@ +Fri Feb 2 14:11:02 UTC 2024 - [email protected] + +- added patches + fix CVE-2017-5849 [bsc#1022790], CVE-2017-5849 [bsc#1022791] + + netpbm-use-byrow-when-needed.patch + +------------------------------------------------------------------- New: ---- netpbm-use-byrow-when-needed.patch BETA DEBUG BEGIN: New: fix CVE-2017-5849 [bsc#1022790], CVE-2017-5849 [bsc#1022791] + netpbm-use-byrow-when-needed.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ netpbm.spec ++++++ --- /var/tmp/diff_new_pack.yhPHhZ/_old 2024-02-06 16:32:37.778867719 +0100 +++ /var/tmp/diff_new_pack.yhPHhZ/_new 2024-02-06 16:32:37.778867719 +0100 @@ -42,6 +42,8 @@ Patch5: makeman-py3.patch # bsc#1144255 disable jpeg2k support due to removal of jasper Patch8: netpbm-disable-jasper.patch +# CVE-2017-5849 [bsc#1022790], CVE-2017-5849 [bsc#1022791] +Patch9: netpbm-use-byrow-when-needed.patch BuildRequires: flex BuildRequires: libjpeg-devel BuildRequires: libpng-devel ++++++ netpbm-use-byrow-when-needed.patch ++++++ Index: netpbm-11.5.2/converter/other/tifftopnm.c =================================================================== --- netpbm-11.5.2.orig/converter/other/tifftopnm.c +++ netpbm-11.5.2/converter/other/tifftopnm.c @@ -1393,7 +1393,7 @@ convertRasterByRows(pnmOut * const -static void +static int warnBrokenTiffLibrary(TIFF * const tiffP) { /* TIFF library bug: @@ -1423,6 +1423,7 @@ warnBrokenTiffLibrary(TIFF * const tiffP unsigned short tiffOrientation; int fldPresent; + int broken = false; fldPresent = TIFFGetField(tiffP, TIFFTAG_ORIENTATION, &tiffOrientation); if (fldPresent) { switch (tiffOrientation) { @@ -1432,10 +1433,12 @@ warnBrokenTiffLibrary(TIFF * const tiffP case ORIENTATION_LEFTBOT: pm_message("WARNING: This TIFF image has an orientation that " "most TIFF libraries convert incorrectly. " - "Use -byrow to circumvent."); + "Using -byrow to circumvent."); + broken = true; break; } } + return broken; } @@ -1562,8 +1565,6 @@ convertRasterInMemory(pnmOut * if (verbose) pm_message("Converting in memory ..."); - warnBrokenTiffLibrary(tif); - ok = TIFFRGBAImageOK(tif, emsg); if (!ok) { pm_message("%s", emsg); @@ -1662,7 +1663,7 @@ convertImage(TIFF * const ti xelval maxval; xel colormap[MAXCOLORS]; unsigned short fillorder; - bool flipOk, noflipOk; + bool flipOk, noflipOk, byrow; pnmOut pnmOut; readDirectory(tifP, cmdline.headerdump, &tiffDir); @@ -1674,15 +1675,21 @@ convertImage(TIFF * const ti pm_message("writing %s file", pnm_formattypenm(format)); + byrow = cmdline.byrow; + if (warnBrokenTiffLibrary(tifP)) { + /* force byrow true: http://bugzilla.maptools.org/show_bug.cgi?id=2654#c9 */ + byrow = true; + } + pnmOut_init(imageoutFileP, alphaFileP, tiffDir.width, tiffDir.height, tiffDir.orientation, maxval, format, maxval, - cmdline.byrow, cmdline.orientraw, + byrow, cmdline.orientraw, cmdline.verbose, &flipOk, &noflipOk, &pnmOut); convertRaster(&pnmOut, tifP, tiffDir, maxval, - fillorder, colormap, cmdline.byrow, flipOk, noflipOk, + fillorder, colormap, byrow, flipOk, noflipOk, cmdline.verbose); pnmOut_term(&pnmOut, cmdline.verbose);
