Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package tiff for openSUSE:Factory checked in
at 2022-10-18 12:44:32
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tiff (Old)
and /work/SRC/openSUSE:Factory/.tiff.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tiff"
Tue Oct 18 12:44:32 2022 rev:86 rq:1012108 version:4.4.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/tiff/tiff.changes 2022-08-02
22:08:45.569697694 +0200
+++ /work/SRC/openSUSE:Factory/.tiff.new.2275/tiff.changes 2022-10-18
12:44:49.221699212 +0200
@@ -1,0 +2,9 @@
+Mon Oct 17 11:40:27 UTC 2022 - Michael Vetter <mvet...@suse.com>
+
+- security update:
+ * CVE-2022-2519 [bsc#1202968]
+ * CVE-2022-2520 [bsc#1202973]
+ * CVE-2022-2521 [bsc#1202971]
+ + tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch
+
+-------------------------------------------------------------------
New:
----
tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tiff.spec ++++++
--- /var/tmp/diff_new_pack.7WVEZX/_old 2022-10-18 12:44:49.829700596 +0200
+++ /var/tmp/diff_new_pack.7WVEZX/_new 2022-10-18 12:44:49.833700605 +0200
@@ -35,6 +35,7 @@
Patch1: tiff-4.0.3-compress-warning.patch
Patch2: tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch
Patch3: tiff-CVE-2022-34526.patch
+Patch4: tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch
BuildRequires: gcc-c++
BuildRequires: libjbig-devel
BuildRequires: libjpeg-devel
@@ -76,6 +77,7 @@
%patch1 -p1
%patch2 -p1
%patch3 -p1
+%patch4 -p1
%build
CFLAGS="%{optflags} -fPIE"
++++++ tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch ++++++
Index: tiff-4.4.0/tools/tiffcrop.c
===================================================================
--- tiff-4.4.0.orig/tools/tiffcrop.c
+++ tiff-4.4.0/tools/tiffcrop.c
@@ -108,7 +108,7 @@
* lower level, scanline level routines. Debug reports a
limited set
* of messages to monitor progress without enabling dump logs.
*
- * Note: The (-X|-Y), -Z and -z options are mutually exclusive.
+ * Note: The (-X|-Y), -Z, -z and -S options are mutually exclusive.
* In no case should the options be applied to a given selection
successively.
*/
@@ -173,12 +173,12 @@ static char tiffcrop_rev_date[] = "02-
#define ROTATECW_270 32
#define ROTATE_ANY (ROTATECW_90 | ROTATECW_180 | ROTATECW_270)
-#define CROP_NONE 0
-#define CROP_MARGINS 1
-#define CROP_WIDTH 2
-#define CROP_LENGTH 4
-#define CROP_ZONES 8
-#define CROP_REGIONS 16
+#define CROP_NONE 0 /* "-S" -> Page_MODE_ROWSCOLS and
page->rows/->cols != 0 */
+#define CROP_MARGINS 1 /* "-m" */
+#define CROP_WIDTH 2 /* "-X" */
+#define CROP_LENGTH 4 /* "-Y" */
+#define CROP_ZONES 8 /* "-Z" */
+#define CROP_REGIONS 16 /* "-z" */
#define CROP_ROTATE 32
#define CROP_MIRROR 64
#define CROP_INVERT 128
@@ -316,7 +316,7 @@ struct crop_mask {
#define PAGE_MODE_RESOLUTION 1
#define PAGE_MODE_PAPERSIZE 2
#define PAGE_MODE_MARGINS 4
-#define PAGE_MODE_ROWSCOLS 8
+#define PAGE_MODE_ROWSCOLS 8 /* for -S option */
#define INVERT_DATA_ONLY 10
#define INVERT_DATA_AND_TAG 11
@@ -781,7 +781,7 @@ static const char usage_info[] =
" The four debug/dump options are independent, though it makes
little sense to\n"
" specify a dump file without specifying a detail level.\n"
"\n"
-"Note: The (-X|-Y), -Z and -z options are mutually exclusive.\n"
+"Note: The (-X|-Y), -Z, -z and -S options are mutually exclusive.\n"
" In no case should the options be applied to a given selection
successively.\n"
"\n"
;
@@ -2131,13 +2131,14 @@ void process_command_opts (int argc, ch
/*NOTREACHED*/
}
}
- /*-- Check for not allowed combinations (e.g. -X, -Y and -Z and -z are
mutually exclusive) --*/
- char XY, Z, R;
- XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode &
CROP_LENGTH));
- Z = (crop_data->crop_mode & CROP_ZONES);
- R = (crop_data->crop_mode & CROP_REGIONS);
- if ((XY && Z) || (XY && R) || (Z && R)) {
- TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z and -z
are mutually exclusive.->Exit");
+ /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are
mutually exclusive) --*/
+ char XY, Z, R, S;
+ XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode &
CROP_LENGTH)) ? 1 : 0;
+ Z = (crop_data->crop_mode & CROP_ZONES) ? 1 : 0;
+ R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0;
+ S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0;
+ if (XY + Z + R + S > 1) {
+ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and
-S are mutually exclusive.->Exit");
exit(EXIT_FAILURE);
}
} /* end process_command_opts */
