Your message dated Sat, 25 Jan 2020 19:02:38 +0000 with message-id <[email protected]> and subject line Bug#945402: fixed in tiff 4.1.0+git191117-2~deb10u1 has caused the Debian Bug report #945402, regarding regression in OJPEGReadHeaderInfo() parsing to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 945402: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945402 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Source: feh Severity: normal Dear Maintainer, Up to buster, feh was able to open (a preview of) the raw files generated by my camera (Canon EOS 1100D); after upgrading to bullseye it fails with the following error:: OJPEGDecodeRaw: Inconsistent number of MCU in codestream. feh WARNING: 20171230/141140-img_5195.cr2 - No Imlib2 loader for that file format However, after a number of attempts, reading the manpage I noticed that there is a better way to show raw files in feh, by using dcraw. I think that having dcraw available in the Suggests of the package would have helped me find this option much earlier, as that's the first thing I checked, to see if I was missing some optional dependency. I'm not sure if it's worth adding to the Recommends instead, as enabling the use of dcraw is not automatic anyway (it requires the option --conversion-timeout X with non-negative X, in case somebody finds this report while having the same issue.) Thanks for your work on feh -- System Information: Debian Release: bullseye/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.2.0-3-amd64 (SMP w/2 CPU cores) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), LANGUAGE=en_IE:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- no debconf information
--- End Message ---
--- Begin Message ---Source: tiff Source-Version: 4.1.0+git191117-2~deb10u1 We believe that the bug you reported is fixed in the latest version of tiff, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated tiff package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 12 Jan 2020 17:28:54 +0000 Source: tiff Architecture: source Version: 4.1.0+git191117-2~deb10u1 Distribution: buster-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <[email protected]> Changed-By: Laszlo Boszormenyi (GCS) <[email protected]> Closes: 934780 945402 Changes: tiff (4.1.0+git191117-2~deb10u1) buster-security; urgency=high . * Security backport for Buster. * Relax Standards-Version to 4.3.0 . . tiff (4.1.0+git191117-2) unstable; urgency=medium . * Backport upstream fix for rowsperstrip parse regression in OJPEGReadHeaderInfo() (closes: #945402). . tiff (4.1.0+git191117-1) unstable; urgency=medium . * Git snapshot, fixing the following issues: - missing TIFFClose in rgb2ycbcr tool, - missing checks on TIFFGetField in tiffcrop tool, - broken sanity check in OJPEG, - missing generated .sh files for tests. . tiff (4.1.0-1) unstable; urgency=medium . * New upstream release. * Update Standards-Version to 4.4.1 . . tiff (4.0.10+git191003-1) unstable; urgency=high . * Git snapshot, fixing the following security issue: - TIFFReadAndRealloc(): avoid too large memory allocation attempts. . tiff (4.0.10+git190903-1) unstable; urgency=high . * Git snapshot, fixing the following security issues: - setByteArray(): avoid potential signed integer overflow, - EstimateStripByteCounts(): avoid several unsigned integer overflows, - tif_ojpeg: avoid two unsigned integer overflows, - OJPEGWriteHeaderInfo(): avoid unsigned integer overflow on strile dimensions close to UINT32_MAX, - _TIFFPartialReadStripArray(): avoid unsigned integer overflow, - JPEG: avoid use of uninitialized memory on corrupted files, - TIFFFetchDirectory(): fix invalid cast from uint64 to tmsize_t, - allocChoppedUpStripArrays(): avoid unsigned integer overflow, - tif_ojpeg: avoid use of uninitialized memory on edge/broken file, - ByteCountLooksBad and EstimateStripByteCounts: avoid unsigned integer overflows. . tiff (4.0.10+git190818-1) unstable; urgency=high . * Git snapshot, fixing the following security issues: - RGBA interface: fix integer overflow potentially causing write heap buffer overflow, - setByteArray(): avoid potential signed integer overflow. . tiff (4.0.10+git190814-1) unstable; urgency=high . * Git snapshot, fixing the following security issues: - TryChopUpUncompressedBigTiff(): avoid potential division by zero, - fix vulnerability introduced by defer strile loading, - fix vulnerability in 'D' (DeferStrileLoad) mode, - return infinite distance when denominator is zero, - OJPEG: avoid use of uninitialized memory on corrupted files, - OJPEG: fix integer division by zero on corrupted subsampling factors, - OJPEGReadBufferFill(): avoid very long processing time on corrupted files, - TIFFClientOpen(): fix memory leak if one of the required callbacks is not provided, - CVE-2019-14973, fix integer overflow in _TIFFCheckMalloc() and other implementation-defined behaviour (closes: #934780). * Update libtiff5 symbols. * Update Standards-Version to 4.4.0 . Checksums-Sha1: c09b8de32dc35900d3a1787aa6d72728e92732dd 2274 tiff_4.1.0+git191117-2~deb10u1.dsc 19d0d4f42a336cc73060a9c40c21ac45a23d4d41 1533524 tiff_4.1.0+git191117.orig.tar.xz c96a473c6259c8d96e10180c64853ba54a6ea143 19440 tiff_4.1.0+git191117-2~deb10u1.debian.tar.xz Checksums-Sha256: fc63d46d3fbc75c2f03b09b79f9297d701a2b08c968bc8b5826f9e71df5180c8 2274 tiff_4.1.0+git191117-2~deb10u1.dsc 67e1d045e994adb7144b0cca228d70dd6d520aaf8c75c342064bc0fd601e6e42 1533524 tiff_4.1.0+git191117.orig.tar.xz e9dcc77d338663f6be84efe32ae5d4ec9b48923c731aa939f37aa909e60d9f10 19440 tiff_4.1.0+git191117-2~deb10u1.debian.tar.xz Files: 8d6e86fd98221fa11826eba82a82105b 2274 libs optional tiff_4.1.0+git191117-2~deb10u1.dsc f51040d3436eedde9d3ba7d166754c3e 1533524 libs optional tiff_4.1.0+git191117.orig.tar.xz 09393b26fbbe0e1589b55b8332e405e2 19440 libs optional tiff_4.1.0+git191117-2~deb10u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAl4c+KcACgkQ3OMQ54ZM yL+q1w//Q35ff9l5/kP5eLZdfoXVenl6iPRjJZj4P2E5WRSL6UIla/mOrhhQuxd1 z7GaSEfUjRUOf4z+hA4cPZJJK3nPxCB0NxduEijGNtZLeSe++dm2+aTa6/8g9nlZ khlAW7qRtW08yeU5sJfCm5BNLZ7DdWnp7bcf9/txGmHqXNsCynabb0ikHnfJy6Yb 9+Mh+jZ7xhT6jiDcvYmqKO1kr6L7/21VqSWHY05IvXVFulBxZzLj2zl7cY3umyrg IzaYWeLn0vlVJmGujbLJuM/iPsLFaSlCUOCycq8LBIuPLuNjona+n29QotZ7sj6f 1dLe9/QdmCeo6nF01zvGCG6i5UaKZxpsVv4/Bdje0G7C34gNEaTgg16+hzPaKCVE NNdrKERzx2Xu8rWEPpUUtNCXEjR+I2vIPXgCd8CfqHQO/afMo4dh3ZtoDQjRMs6Z xdAohOkR80PTc5wjdIFXFX9Y2BGXHgUcl4UVtXewqTmQygVv735TqRcBDecMxDss 4KCSzv7PdWUG7m5gJFN2kRz40b+ZLfOwacaksvwlcsYgdu36lxqiPukIvXg6bc2k 6vsiiJrQt4fp1AANYVocdz2iuVsRKBOdq3u4BeI9iS3FLyjZnBzPEQGkL5csy7rd cTMk1I5Sbu8siuuUFV7nQeXaFosCl32x3pO40A4NbUG7ZNLfbVY= =QZAs -----END PGP SIGNATURE-----
--- End Message ---
