Hello community, here is the log from the commit of package tiff for openSUSE:Factory checked in at 2017-06-28 10:34:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tiff (Old) and /work/SRC/openSUSE:Factory/.tiff.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tiff" Wed Jun 28 10:34:10 2017 rev:67 rq:505624 version:4.0.8 Changes: -------- --- /work/SRC/openSUSE:Factory/tiff/tiff.changes 2017-04-06 10:59:48.771404523 +0200 +++ /work/SRC/openSUSE:Factory/.tiff.new/tiff.changes 2017-06-28 10:34:12.601002336 +0200 @@ -1,0 +2,344 @@ +Tue Jun 20 08:15:57 UTC 2017 - [email protected] + +- Upgrade to upstream relaase 4.0.8 + * libtiff/tif_getimage.c, libtiff/tif_open.c + + add parenthesis to fix cppcheck clarifyCalculation warnings + * libtiff/tif_predict.c, libtiff/tif_print.c + + fix printf unsigned vs signed formatting (cppcheck + invalidPrintfArgType_uint warnings) + * libtiff/tif_read.c, libtiff/tiffiop.h + + fix uint32 overflow in TIFFReadEncodedStrip() that caused an + integer division by zero. Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2596 + * libtiff/tif_pixarlog.c, libtiff/tif_luv.c + + fix heap-based buffer overflow on generation of PixarLog / LUV + compressed files, with ColorMap, TransferFunction attached and + nasty plays with bitspersample. The fix for LUV has not been + tested, but suffers from the same kind of issue of PixarLog. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2604 + * libtiff/tif_strip.c + + revert the change in TIFFNumberOfStrips() done for + http://bugzilla.maptools.org/show_bug.cgi?id=2587 / + CVE-2016-9273 since the above change is a better fix that + makes it unnecessary. + * libtiff/tif_dirread.c + + modify ChopUpSingleUncompressedStrip() to instanciate compute + ntrips as TIFFhowmany_32(td->td_imagelength, rowsperstrip), + instead of a logic based on the total size of data. Which is + faulty is the total size of data is not sufficient to fill the + whole image, and thus results in reading outside of the + StripByCounts/StripOffsets arrays when using + TIFFReadScanline(). Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2608. + * libtiff/tif_ojpeg.c + + make OJPEGDecode() early exit in case of failure in + OJPEGPreDecode(). This will avoid a divide by zero, and + potential other issues. Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2611 + * libtiff/tif_write.c + + fix misleading indentation as warned by GCC. + * libtiff/tif_fax3.h + + revert change done on 2016-01-09 that made Param member of + TIFFFaxTabEnt structure a uint16 to reduce size of the + binary. It happens that the Hylafax software uses the tables + that follow this typedef (TIFFFaxMainTable, TIFFFaxWhiteTable, + TIFFFaxBlackTable), although they are not in a public libtiff + header. Raised by Lee Howard. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2636 + * libtiff/tiffio.h, libtiff/tif_getimage.c + + add TIFFReadRGBAStripExt() and TIFFReadRGBATileExt() variants + of the functions without ext, with an extra argument to control + the stop_on_error behaviour. + * libtiff/tif_getimage.c + + fix potential memory leaks in error code path of + TIFFRGBAImageBegin(). + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2627 + * libtiff/tif_jpeg.c + + increase libjpeg max memory usable to 10 MB instead of libjpeg + 1MB default. This helps when creating files with "big" tile, + without using libjpeg temporary files. + Related to https://trac.osgeo.org/gdal/ticket/6757 + * libtiff/tif_jpeg.c + + avoid integer division by zero in JPEGSetupEncode() when + horizontal or vertical sampling is set to 0. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2653, + bsc#1033127, CVE-2017-7595 + * libtiff/tif_dirwrite.c + + in TIFFWriteDirectoryTagCheckedRational, replace assertion by + runtime check to error out if passed value is strictly + negative. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2535, + bsc#1038438, CVE-2016-10371 + * libtiff/tif_dirread.c + + avoid division by floating point 0 in + TIFFReadDirEntryCheckedRational() and + TIFFReadDirEntryCheckedSrational(), and return 0 in that case + (instead of infinity as before presumably) Apparently some + sanitizers do not like those divisions by zero. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2644, + bsc#1033118, CVE-2017-7598 + * libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c + + implement various clampings of double to other data types to + avoid undefined behaviour if the output range isn't big enough + to hold the input value. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2643 + http://bugzilla.maptools.org/show_bug.cgi?id=2642 + http://bugzilla.maptools.org/show_bug.cgi?id=2646 + http://bugzilla.maptools.org/show_bug.cgi?id=2647, + bsc#1033126, CVE-2017-7596, bsc#1033120, CVE-2017-7597, + bsc#1033113, CVE-2017-7599, bsc#1033112, CVE-2017-7600, + * libtiff/tif_jpeg.c + + validate BitsPerSample in JPEGSetupEncode() to avoid undefined + behaviour caused by invalid shift exponent. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648, + bsc#1033111, CVE-2017-7601 + * libtiff/tif_read.c + + avoid potential undefined behaviour on signed integer addition + in TIFFReadRawStrip1() in isMapped() case. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650, + bsc#1033109, CVE-2017-7602 + * libtiff/tif_getimage.c + + add explicit uint32 cast in putagreytile to avoid + UndefinedBehaviorSanitizer warning. Patch by Nicolas Pena. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2658, + bsc#1033131, CVE-2017-7592 + * libtiff/tif_read.c + + TIFFReadBufferSetup(): use _TIFFcalloc() to zero initialize + tif_rawdata. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651, + bsc#1033129, CVE-2017-7593 + * libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c + + add _TIFFcalloc() + * libtiff/tif_luv.c, tif_lzw.c, tif_packbits.c + + return 0 in Encode functions instead of -1 when + TIFFFlushData1() fails. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2130 + * libtiff/tif_ojpeg.c + + fix leak in OJPEGReadHeaderInfoSecTablesQTable, + OJPEGReadHeaderInfoSecTablesDcTable and + OJPEGReadHeaderInfoSecTablesAcTable when read fails. Patch by + Nicolas Pena. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659, + bsc#1033128, CVE-2017-7594 + * libtiff/tif_jpeg.c + + only run JPEGFixupTagsSubsampling() if the YCbCrSubsampling + tag is not explicitly present. This helps a bit to reduce the + I/O amount when the tag is present (especially on cloud hosted + files). + * libtiff/tif_lzw.c + + in LZWPostEncode(), increase, if necessary, the code bit-width + after flushing the remaining code and before emitting the EOI + code. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=1982 + * libtiff/tif_pixarlog.c + + fix memory leak in error code path of PixarLogSetupDecode(). + Patch by Nicolas Pena. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2665 + * libtiff/tif_fax3.c, tif_predict.c, tif_getimage.c + + fix GCC 7 -Wimplicit-fallthrough warnings. + * libtiff/tif_dirread.c + + fix memory leak in non DEFER_STRILE_LOAD mode (ie default) + when there is both a StripOffsets and TileOffsets tag, or a + StripByteCounts and TileByteCounts + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2689, + bsc#1042805, CVE-2017-9403) + * libtiff/tif_ojpeg.c + + fix potential memory leak in + OJPEGReadHeaderInfoSecTablesQTable, + OJPEGReadHeaderInfoSecTablesDcTable and + OJPEGReadHeaderInfoSecTablesAcTable + Patch by Nicolas Pena. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2670 + * libtiff/tif_fax3.c + + avoid crash in Fax3Close() on empty file. Patch by Alan + Coopersmith + complement by myself. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2673 + * libtiff/tif_read.c + + TIFFFillStrip(): add limitation to the number of bytes read + in case td_stripbytecount[strip] is bigger than reasonable, + so as to avoid excessive memory allocation. + * libtiff/tif_zip.c, tif_pixarlog.c, tif_predict.c + + fix memory leak when the underlying codec (ZIP, PixarLog) + succeeds its setupdecode() method, but PredictorSetup fails. + Credit to OSS-Fuzz (locally run, on GDAL) + * libtiff/tif_read.c + + TIFFFillStrip() and TIFFFillTile(): avoid excessive memory + allocation in case of shorten files. Only effective on 64 bit + builds and non-mapped cases. + Credit to OSS-Fuzz (locally run, on GDAL) + * libtiff/tif_read.c + + TIFFFillStripPartial() / TIFFSeek(), avoid potential integer + overflows with read_ahead in CHUNKY_STRIP_READ_SUPPORT mode. + Should especially occur on 32 bit platforms. + * libtiff/tif_read.c + + TIFFFillStripPartial() + + avoid excessive memory allocation in case of shorten files. + Only effective on 64 bit builds. + Credit to OSS-Fuzz (locally run, on GDAL) + * libtiff/tif_read.c + + update tif_rawcc in CHUNKY_STRIP_READ_SUPPORT mode with + tif_rawdataloaded when calling TIFFStartStrip() or + TIFFFillStripPartial(). This avoids reading beyond tif_rawdata + when bytecount > tif_rawdatasize. Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1545. + Credit to OSS-Fuzz + * libtiff/tif_color.c + + avoid potential int32 overflow in TIFFYCbCrToRGBInit() Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1533 + Credit to OSS-Fuzz + * libtiff/tif_pixarlog.c, tif_luv.c + + avoid potential int32 overflows in multiply_ms() and add_ms(). + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1558 + Credit to OSS-Fuzz + * libtiff/tif_packbits.c + + fix out-of-buffer read in PackBitsDecode() Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1563 + Credit to OSS-Fuzz + * libtiff/tif_luv.c ++++ 158 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/tiff/tiff.changes ++++ and /work/SRC/openSUSE:Factory/.tiff.new/tiff.changes Old: ---- tiff-4.0.7-CVE-2015-7554.patch tiff-4.0.7-CVE-2017-5225.patch tiff-4.0.7-TIFFTAG_FAXRECVPARAMS.patch tiff-4.0.7.tar.gz tiff-CVE-2016-10266.patch tiff-CVE-2016-10267.patch tiff-CVE-2016-10268.patch tiff-CVE-2016-10269.patch tiff-CVE-2016-10270.patch tiff-CVE-2016-10271.patch tiff-CVE-2016-10272.patch New: ---- tiff-4.0.8.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tiff.spec ++++++ --- /var/tmp/diff_new_pack.vBl2RP/_old 2017-06-28 10:34:13.868822970 +0200 +++ /var/tmp/diff_new_pack.vBl2RP/_new 2017-06-28 10:34:13.872822404 +0200 @@ -17,7 +17,7 @@ Name: tiff -Version: 4.0.7 +Version: 4.0.8 Release: 0 Summary: Tools for Converting from and to the Tagged Image File Format License: HPND @@ -29,22 +29,6 @@ Patch0: tiff-4.0.3-seek.patch # http://bugzilla.maptools.org/show_bug.cgi?id=2442 Patch1: tiff-4.0.3-compress-warning.patch -# http://bugzilla.maptools.org/show_bug.cgi?id=2508 -Patch3: tiff-4.0.7-CVE-2015-7554.patch -# http://bugzilla.maptools.org/show_bug.cgi?id=2656 and -# http://bugzilla.maptools.org/show_bug.cgi?id=2657 -Patch4: tiff-4.0.7-CVE-2017-5225.patch -# http://http://bugzilla.maptools.org/show_bug.cgi?id=2636 -# bsc#1022103 -Patch5: tiff-4.0.7-TIFFTAG_FAXRECVPARAMS.patch - -Patch6: tiff-CVE-2016-10266.patch -Patch7: tiff-CVE-2016-10267.patch -Patch8: tiff-CVE-2016-10268.patch -Patch9: tiff-CVE-2016-10269.patch -Patch10: tiff-CVE-2016-10270.patch -Patch11: tiff-CVE-2016-10271.patch -Patch12: tiff-CVE-2016-10272.patch BuildRequires: gcc-c++ BuildRequires: libjpeg-devel @@ -69,11 +53,11 @@ %endif %description -This package contains the library and support programs for the Tagged -Image File Format (TIFF). +This package contains the library and support programs for the TIFF +image format. %package -n libtiff5 -Summary: The TIFF Library (with JPEG and compression support) +Summary: The Tiff Library (with JPEG and compression support) Group: System/Libraries Provides: libtiff = %{version} # bug437293 @@ -83,12 +67,12 @@ # %description -n libtiff5 -This package includes the TIFF libraries. To link a program with +This package includes the tiff libraries. To link a program with libtiff, you will have to add -ljpeg and -lz to include the necessary libjpeg and libz in the linking process. %package -n libtiff-devel -Summary: Development tools for programs which will use the TIFF library +Summary: Development Tools for Programs which will use the libtiff Library Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: libstdc++-devel @@ -108,16 +92,6 @@ %setup -q %patch0 -p1 %patch1 -p1 -%patch3 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 %build CFLAGS="%{optflags} -fPIE" ++++++ tiff-4.0.7.tar.gz -> tiff-4.0.8.tar.gz ++++++ ++++ 4383 lines of diff (skipped)
