Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tiff for openSUSE:Factory checked in at 2023-01-11 14:32:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tiff (Old) and /work/SRC/openSUSE:Factory/.tiff.new.32243 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tiff" Wed Jan 11 14:32:56 2023 rev:88 rq:1057209 version:4.5.0 Changes: -------- --- /work/SRC/openSUSE:Factory/tiff/tiff.changes 2022-11-15 13:21:04.128690285 +0100 +++ /work/SRC/openSUSE:Factory/.tiff.new.32243/tiff.changes 2023-01-11 14:33:01.284542137 +0100 @@ -1,0 +2,51 @@ +Wed Jan 4 08:48:13 UTC 2023 - Paolo Stivanin <i...@paolostivanin.com> + +- Update to 4.5.0: + * tdir_t type updated to uint32_t. This type is now used for the return + value of TIFFCurrentDirectory() and TIFFNumberOfDirectories(), and as + the argument of TIFFSetDirectory() and TIFFUnlinkDirectory() + * Addition of an open option concept with the new functions TIFFOpenExt(), + TIFFOpenWExt(), TIFFFdOpenExt(), TIFFClientOpenExt(), TIFFOpenOptionsAlloc(), + TIFFOpenOptionsFree() + * Leveraging above mentioned open option concept, addition of a new capability + to limit the size of a single dynamic memory allocation done by the library + with TIFFOpenOptionsSetMaxSingleMemAlloc() + * Related to IFD-Loop detection refactoring, the number of IFDs that libtiff + can browse through has been extended from 65535 to 1048576. This value is + a build-time setting that can be configured with CMake's TIFF_MAX_DIR_COUNT + variable or autoconf's --with-max-dir-count option. + * Whole code base reformatting of .c/.h files using new .clang-format format + * Documentation changed from static HTML and man pages to + Restructured Text (rst). HTML and man pages are now build artifacts. + * SONAME version bumped to 6 due to changes in symbol versioning. + * autoconf/cmake: detect (not yet released) libjpeg-turbo 2.2 to take into + its capability of handling both 8-bit JPEG and 12-bit JPEG in a single build. + * autoconf/cmake: detect sphinx-build to build HTML and man pages + * CMakeLists.txt: fix warning with -Wdev + * CMake: correctly set default value of 'lzma' option when liblzma is detected + * CMake: Moved linking of CMath::CMath into CMath_LIBRARY check. + * Fix CMake build to be compatible with FetchContent. + * cmake: Correct duplicate definition of _CRT_SECURE_NO_WARNINGS + * cmake: Fixes for Visual Studio 2022. + * Adds Requires.private generation so that pkg-config can correctly find + the dependencies of libtiff. + * Fix dependency on libm on Android + * Fix build in tif_lzw.c + * CMake: Add options for disabling tools, tests, contrib and docs. + * tiffcrop: Fix memory allocation to require a larger buffer (CVE-2022-3570, CVE-2022-3598) + * tiffcrop: disable incompatibility of -Z, -X, -Y, -z options with any PAGE_MODE_x option + (CVE-2022-3627, CVE-2022-3597, CVE-2022-3626) + * tiffcrop: fix floating-point exception (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058) + * _TIFFCheckFieldIsValidForCodec(): return FALSE when passed a codec-specific tag + and the codec is not configured (CVE-2022-34526) + * Revised handling of TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value (CVE-2022-3599) + * tiffcrop: -S option mutually exclusive (CVE-2022-2519, CVE-2022-2520, CVE-2022-2521) +- Drop tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch +- Drop tiff-CVE-2022-34526.patch +- Drop tiff-CVE-2022-3599.patch +- Drop tiff-CVE-2022-3598.patch +- Drop tiff-CVE-2022-3970.patch +- Drop tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch +- Drop tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch + +------------------------------------------------------------------- Old: ---- tiff-4.4.0.tar.xz tiff-4.4.0.tar.xz.sig tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch tiff-CVE-2022-34526.patch tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch tiff-CVE-2022-3598.patch tiff-CVE-2022-3599.patch tiff-CVE-2022-3970.patch New: ---- tiff-4.5.0.tar.xz tiff-4.5.0.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tiff.spec ++++++ --- /var/tmp/diff_new_pack.wP4v0F/_old 2023-01-11 14:33:02.312547844 +0100 +++ /var/tmp/diff_new_pack.wP4v0F/_new 2023-01-11 14:33:02.312547844 +0100 @@ -1,7 +1,7 @@ # # spec file for package tiff # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %define asan_build 0 %define debug_build 0 Name: tiff -Version: 4.4.0 +Version: 4.5.0 Release: 0 Summary: Tools for Converting from and to the Tagged Image File Format License: HPND @@ -33,13 +33,6 @@ Patch0: tiff-4.0.3-seek.patch # http://bugzilla.maptools.org/show_bug.cgi?id=2442 Patch1: tiff-4.0.3-compress-warning.patch -Patch2: tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch -Patch3: tiff-CVE-2022-34526.patch -Patch4: tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch -Patch5: tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch -Patch6: tiff-CVE-2022-3599.patch -Patch7: tiff-CVE-2022-3598.patch -Patch8: tiff-CVE-2022-3970.patch BuildRequires: gcc-c++ BuildRequires: libjbig-devel BuildRequires: libjpeg-devel @@ -53,12 +46,12 @@ This package contains the library and support programs for the TIFF image format. -%package -n libtiff5 +%package -n libtiff6 Summary: The Tiff Library (with JPEG and compression support) Group: System/Libraries Provides: libtiff = %{version} -%description -n libtiff5 +%description -n libtiff6 This package includes the tiff libraries. To link a program with libtiff, you will have to add -ljpeg and -lz to include the necessary libjpeg and libz in the linking process. @@ -68,7 +61,7 @@ Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: libstdc++-devel -Requires: libtiff5 = %{version} +Requires: libtiff6 = %{version} %description -n libtiff-devel This package contains the header files and static libraries for @@ -76,16 +69,7 @@ the libtiff library. %prep -%setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 +%autosetup -p1 %build CFLAGS="%{optflags} -fPIE" @@ -111,12 +95,10 @@ cp %{SOURCE2} . rm -rf %{buildroot}%{_datadir}/doc/tiff* find %{buildroot} -type f -name "*.la" -delete -print -find html -name "Makefile*" | xargs rm # remove pal2rgb, bsc#1071031 for tool in pal2rgb; do rm %{buildroot}%{_bindir}/$tool rm %{buildroot}%{_mandir}/man1/$tool.1 - rm html/man/$tool.1.html done %check @@ -128,17 +110,16 @@ (cd $i && make %{?_smp_mflags} check) done -%post -n libtiff5 -p /sbin/ldconfig -%postun -n libtiff5 -p /sbin/ldconfig +%post -n libtiff6 -p /sbin/ldconfig +%postun -n libtiff6 -p /sbin/ldconfig %files %{_bindir}/* -%doc html %doc README.md VERSION ChangeLog TODO RELEASE-DATE %{_mandir}/man1/* -%files -n libtiff5 -%license COPYRIGHT +%files -n libtiff6 +%license LICENSE.md %doc README.md README.SUSE %{_libdir}/*.so.* ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.wP4v0F/_old 2023-01-11 14:33:02.364548132 +0100 +++ /var/tmp/diff_new_pack.wP4v0F/_new 2023-01-11 14:33:02.368548155 +0100 @@ -1,7 +1,7 @@ -libtiff5 +libtiff6 obsoletes "libtiff-<targettype> <= <version>" provides "libtiff-<targettype> = <version>" libtiff-devel requires -libtiff-<targettype> - requires "libtiff5-<targettype> = <version>" + requires "libtiff6-<targettype> = <version>" ++++++ tiff-4.0.3-compress-warning.patch ++++++ --- /var/tmp/diff_new_pack.wP4v0F/_old 2023-01-11 14:33:02.380548221 +0100 +++ /var/tmp/diff_new_pack.wP4v0F/_new 2023-01-11 14:33:02.384548243 +0100 @@ -1,11 +1,9 @@ -Index: tiff-4.0.3/tools/tiff2pdf.c -=================================================================== ---- tiff-4.0.3.orig/tools/tiff2pdf.c -+++ tiff-4.0.3/tools/tiff2pdf.c -@@ -1264,6 +1264,15 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* - return; - - } +--- tiff-4.5.0/tools/tiff2pdf.c.orig 2023-01-04 09:52:13.665734351 +0100 ++++ tiff-4.5.0/tools/tiff2pdf.c 2023-01-04 09:53:13.922053942 +0100 +@@ -1435,6 +1435,15 @@ + t2p->t2p_error = T2P_ERR_ERROR; + return; + } + if(t2p->tiff_compression != COMPRESSION_LZW && + t2p->tiff_compression != COMPRESSION_NONE){ + TIFFWarning( @@ -15,7 +13,7 @@ + "Consider to use tiffcp(1) to change compress algorithm first.", + TIFFFileName(input) ); + } - if( TIFFIsCODECConfigured(t2p->tiff_compression) == 0){ - TIFFError( - TIFF2PDF_MODULE, + if (TIFFIsCODECConfigured(t2p->tiff_compression) == 0) + { + TIFFError(TIFF2PDF_MODULE, ++++++ tiff-4.0.3-seek.patch ++++++ --- /var/tmp/diff_new_pack.wP4v0F/_old 2023-01-11 14:33:02.396548310 +0100 +++ /var/tmp/diff_new_pack.wP4v0F/_new 2023-01-11 14:33:02.400548332 +0100 @@ -1,14 +1,12 @@ -Index: tiff-4.0.1/libtiff/tiffiop.h -=================================================================== ---- tiff-4.0.1.orig/libtiff/tiffiop.h -+++ tiff-4.0.1/libtiff/tiffiop.h -@@ -213,7 +213,7 @@ struct tiff { - #define TIFFWriteFile(tif, buf, size) \ - ((*(tif)->tif_writeproc)((tif)->tif_clientdata,(buf),(size))) - #define TIFFSeekFile(tif, off, whence) \ -- ((*(tif)->tif_seekproc)((tif)->tif_clientdata,(off),(whence))) -+ ((tif)->tif_seekproc?((*(tif)->tif_seekproc)((tif)->tif_clientdata,(toff_t)(off),whence)):0) - #define TIFFCloseFile(tif) \ - ((*(tif)->tif_closeproc)((tif)->tif_clientdata)) - #define TIFFGetFileSize(tif) \ +--- tiff-4.5.0/libtiff/tiffiop.h.orig 2023-01-04 09:58:24.947703675 +0100 ++++ tiff-4.5.0/libtiff/tiffiop.h 2023-01-04 09:57:09.507303516 +0100 +@@ -257,7 +257,7 @@ + #define TIFFWriteFile(tif, buf, size) \ + ((*(tif)->tif_writeproc)((tif)->tif_clientdata, (buf), (size))) + #define TIFFSeekFile(tif, off, whence) \ +- ((*(tif)->tif_seekproc)((tif)->tif_clientdata, (off), (whence))) ++ ((tif)->tif_seekproc?((*(tif)->tif_seekproc)((tif)->tif_clientdata,(toff_t)(off),whence)):0) + #define TIFFCloseFile(tif) ((*(tif)->tif_closeproc)((tif)->tif_clientdata)) + #define TIFFGetFileSize(tif) ((*(tif)->tif_sizeproc)((tif)->tif_clientdata)) + #define TIFFMapFileContents(tif, paddr, psize) \ ++++++ tiff-4.4.0.tar.xz -> tiff-4.5.0.tar.xz ++++++ ++++ 340932 lines of diff (skipped)
