Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package tiff This is a very localized patch to the tiffcp utility (doesn't even affect the tiff library) to fix a potential crash, fixing RC bug #741451. The originated from upstream where it was based on a fix previously submitted by the original reporter. (include/attach the debdiff against the package in testing) unblock tiff/4.0.3-11 -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.14-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff -Nru tiff-4.0.3/debian/changelog tiff-4.0.3/debian/changelog --- tiff-4.0.3/debian/changelog 2014-06-29 17:32:44.000000000 -0400 +++ tiff-4.0.3/debian/changelog 2014-12-23 15:52:13.000000000 -0500 @@ -1,3 +1,10 @@ +tiff (4.0.3-11) unstable; urgency=medium + + * Don't crash on JPEG => non-JPEG conversion (Closes: #741451) + * Thanks Tomasz Buchert <tomasz.buch...@inria.fr> for preparing the fix! + + -- Jay Berkenbilt <q...@debian.org> Tue, 23 Dec 2014 15:51:40 -0500 + tiff (4.0.3-10) unstable; urgency=medium * Remove libtiff4-dev, completing the tiff transition. Packages that diff -Nru tiff-4.0.3/debian/patches/jpeg-colorspace.patch tiff-4.0.3/debian/patches/jpeg-colorspace.patch --- tiff-4.0.3/debian/patches/jpeg-colorspace.patch 1969-12-31 19:00:00.000000000 -0500 +++ tiff-4.0.3/debian/patches/jpeg-colorspace.patch 2014-12-23 15:52:13.000000000 -0500 @@ -0,0 +1,38 @@ +Description: fix for Debian bug #741451 + tiffcp crashes when converting JPEG-encoded TIFF to a different + encoding (like none or lzw). For example this will probably fail: + . + tiffcp -c none jpeg_encoded_file.tif output.tif + . + The reason is that when the input file contains JPEG data, + the tiffcp code forces conversion to RGB space. However, + the output normally inherits YCbCr subsampling parameters + from the input, which leads to a smaller working buffer + than necessary. The buffer is subsequently overrun inside + cpStripToTile() (called from writeBufferToContigTiles). + Note that the resulting TIFF file would be scrambled even + if tiffcp wouldn't crash, since the output file would contain + RGB data intepreted as subsampled YCbCr values. + . + This patch fixes the problem by forcing RGB space on the output + TIF if the input is JPEG-encoded and output is *not* JPEG-encoded. +Origin: upstream, http://bugzilla.maptools.org/show_bug.cgi?id=2480 +Author: Tomasz Buchert <tomasz.buch...@inria.fr> +Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2480 +Bug-Debian: http://bugs.debian.org/741451 + +--- a/tools/tiffcp.c ++++ b/tools/tiffcp.c +@@ -629,6 +629,12 @@ + TIFFSetField(out, TIFFTAG_PHOTOMETRIC, + samplesperpixel == 1 ? + PHOTOMETRIC_LOGL : PHOTOMETRIC_LOGLUV); ++ else if (input_compression == COMPRESSION_JPEG && ++ samplesperpixel == 3) { ++ /* RGB conversion was forced above ++ hence the output will be of the same type */ ++ TIFFSetField(out, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_RGB); ++ } + else + CopyTag(TIFFTAG_PHOTOMETRIC, 1, TIFF_SHORT); + if (fillorder != 0) diff -Nru tiff-4.0.3/debian/patches/series tiff-4.0.3/debian/patches/series --- tiff-4.0.3/debian/patches/series 2014-06-29 17:32:44.000000000 -0400 +++ tiff-4.0.3/debian/patches/series 2014-12-23 15:52:13.000000000 -0500 @@ -6,3 +6,4 @@ CVE-2013-4232.patch CVE-2013-4244.patch CVE-2013-4243.patch +jpeg-colorspace.patch
