Hello community, here is the log from the commit of package tiff for openSUSE:Factory checked in at 2017-12-15 13:59:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tiff (Old) and /work/SRC/openSUSE:Factory/.tiff.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tiff" Fri Dec 15 13:59:20 2017 rev:68 rq:556376 version:4.0.9 Changes: -------- --- /work/SRC/openSUSE:Factory/tiff/tiff.changes 2017-06-28 10:34:12.601002336 +0200 +++ /work/SRC/openSUSE:Factory/.tiff.new/tiff.changes 2017-12-15 13:59:24.573925116 +0100 @@ -1,0 +2,267 @@ +Wed Nov 29 09:08:42 UTC 2017 - fst...@suse.com + +- Upgrade to upstream release 4.0.9 + * Changes in the software configuration: + + test/Makefile.am: Add some tests for tiff2bw. + + .appveyor.yml, .travis.yml, build/travis-ci: apply patches + 0001-ci-Travis-script-improvements.patch and + 0002-ci-Invoke-helper-script-via-shell.patch by Roger Leigh + + .travis.yml, build/travis-ci: new files from + 0001-ci-Add-Travis-support-for-Linux-builds-with-Autoconf.patch + by Roger Leigh. This patch adds support for the Travis-CI + service. + + .appveyor.yml: new file from + 0002-ci-Add-AppVeyor-support.patch by Roger Leigh (sent to + mailing list on 2017-06-08) This patch adds a .appveyor.yml + file to the top-level. This allows one to opt in to having a + branch built on Windows with Cygwin, MinGW and MSVC + automatically when a branch is pushed to GitHub, GitLab, + BitBucket or any other supported git hosting service. + + CMakeLists.txt, test/CMakeLists.txt, + test/TiffTestCommon.cmake: apply patch + 0001-cmake-Improve-Cygwin-and-MingGW-test-support.patch from + Roger Leigh. This patch makes the CMake build system support + running the tests with MinGW or Cygwin. + + test/tiffcp-lzw-compat.sh, test/images/quad-lzw-compat.tiff: + new files to test old-style LZW decompression + + test/common.sh, Makefile.am, CMakeList.txt: updated with above + + test/Makefile.am: add missing reference to + images/quad-lzw-compat.tiff to fix "make distcheck". Patch by + Roger Leigh + + nmake.opt: support a DEBUG=1 option, so as to adjust OPTFLAGS + and use /MDd runtime in debug mode. + * Changes in libtiff: + + libtiff/tif_color.c: TIFFYCbCrToRGBInit(): stricter clamping + to avoid int32 overflow in TIFFYCbCrtoRGB(). Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1844 + + libtiff/tif_getimage.c: initYCbCrConversion(): stricter + validation for refBlackWhite coefficients values. To avoid + invalid float->int32 conversion (when refBlackWhite[0] == + 2147483648.f) Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907 + + libtiff/tif_dirinfo.c, tif_dirread.c: add + _TIFFCheckFieldIsValidForCodec(), and use it in + TIFFReadDirectory() so as to ignore fields whose tag is a + codec-specified tag but this codec is not enabled. This avoids + TIFFGetField() to behave differently depending on whether the + codec is enabled or not, and thus can avoid stack based buffer + overflows in a number of TIFF utilities such as tiffsplit, + tiffcmp, thumbnail, etc. Patch derived from + 0063-Handle-properly-CODEC-specific-tags.patch + (http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaƫl + Hertzog. + Fixes: http://bugzilla.maptools.org/show_bug.cgi?id=2580 + http://bugzilla.maptools.org/show_bug.cgi?id=2693 + http://bugzilla.maptools.org/show_bug.cgi?id=2625 + (CVE-2016-10095, bsc#1017690) + http://bugzilla.maptools.org/show_bug.cgi?id=2564 + (CVE-2015-7554, bsc#960341) + http://bugzilla.maptools.org/show_bug.cgi?id=2561 + (CVE-2016-5318, bsc#983436) + http://bugzilla.maptools.org/show_bug.cgi?id=2499 + (CVE-2014-8128, bsc#969783) + http://bugzilla.maptools.org/show_bug.cgi?id=2441 + http://bugzilla.maptools.org/show_bug.cgi?id=2433 + + libtiff/tif_swab.c: if DISABLE_CHECK_TIFFSWABMACROS is + defined, do not do the #ifdef TIFFSwabXXX checks. Make it + easier for GDAL to rename the symbols of its internal libtiff + copy. + + libtiff/tif_dirread.c: fix regression of libtiff 4.0.8 in + ChopUpSingleUncompressedStrip() regarding update of newly + single-strip uncompressed files whose bytecount is 0. Before + the change of 2016-12-03, the condition bytecount==0 used to + trigger an early exit/disabling of strip chop. Re-introduce + that in update mode. Otherwise this cause later incorrect + setting for the value of StripByCounts/StripOffsets. + (https://trac.osgeo.org/gdal/ticket/6924) + + libtiff/tif_dirread.c: TIFFFetchStripThing(): limit the + number of items read in StripOffsets/StripByteCounts tags to + the number of strips to avoid excessive memory allocation. + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2215 + + libtiff/tif_getimage.c: avoid many (harmless) unsigned int + overflows. + + libtiff/tif_fax3.c: avoid unsigned int overflow in + Fax3Encode2DRow(). Could potentially be a bug with huge rows. + + libtiff/tif_jpeg.c: avoid (harmless) unsigned int overflow on + tiled images. + + libtiff/tif_dirread.c: avoid unsigned int overflow in + EstimateStripByteCounts() and BYTECOUNTLOOKSBAD when file is + too short. + + libtiff/tif_predict.c: decorate legitimate functions where + unsigned int overflow occur with + TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW + + libtiff/tif_dirread.c: avoid unsigned int overflow in + EstimateStripByteCounts() + + libtiff/tiffiop.h: add TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW + macro to disable CLang warnings raised by + -fsanitize=undefined,unsigned-integer-overflow + + libtiff/tif_jpeg.c: add anti-denial of service measure to + avoid excessive CPU consumption on progressive JPEGs with a + huge number of scans. See + http://www.libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf + Note: only affects libtiff since 2014-12-29 where support of + non-baseline JPEG was added. + + libtiff/tif_jpeg.c: error out at decoding time if anticipated + libjpeg memory allocation is above 100 MB. libjpeg in case of + multiple scans, which is allowed even in baseline JPEG, if + components are spread over several scans and not + interleavedin a single one, needs to allocate memory (or + backing store) for the whole strip/tile. See + http://www.libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf + This limitation may be overriden by setting the + LIBTIFF_ALLOW_LARGE_LIBJPEG_MEM_ALLOC environment variable, or + recompiling libtiff with a custom value of + TIFF_LIBJPEG_LARGEST_MEM_ALLOC macro. + + libtiff/tif_jbig.c: fix memory leak in error code path of + JBIGDecode() + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706 + (CVE-2017-9936, bsc#1046073) + + libtiff/tif_dirread.c: in TIFFReadDirEntryFloat(), check that + a double value can fit in a float before casting. + + libtiff/tiffiop.h, libtiff/tif_jpeg.c, libtiff/tif_jpeg_12.c, + libtiff/tif_read.c: make TIFFReadScanline() works in + CHUNKY_STRIP_READ_SUPPORT mode with JPEG stream with multiple + scans. Also make configurable through a + LIBTIFF_JPEG_MAX_ALLOWED_SCAN_NUMBER environment variable the + maximum number of scans allowed. Defaults to 100. + + libtiff/tif_read.c: TIFFFillTile(): add limitation to the + number of bytes read in case td_stripbytecount[strip] is + bigger than reasonable, so as to avoid excessive memory + allocation (similarly to what was done for TIFFFileStrip() on + 2017-05-10) + + libtiff/tif_getimage.c: use + _TIFFReadEncodedStripAndAllocBuffer(). Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2708 and + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2433 + + libtiff/tif_read.c, tiffiop.h: add a + _TIFFReadEncodedStripAndAllocBuffer() function, variant of + TIFFReadEncodedStrip() that allocates the decoded buffer only + after a first successful TIFFFillStrip(). This avoids + excessive memory allocation on corrupted files. + + libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedXXXX() + functions associated with LONG8/SLONG8 data type, replace + assertion that the file is BigTIFF, by a non-fatal error. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712 + + libtiff/tif_read.c: TIFFStartTile(): set tif_rawcc to + tif_rawdataloaded when it is set. Similarly to + TIFFStartStrip(). This issue was revealed by the change of + 2017-06-30 in TIFFFileTile(), limiting the number of bytes + read. But it could probably have been hit too in + CHUNKY_STRIP_READ_SUPPORT mode previously. Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2454 + + libtiff/tif_error.c, tif_warning.c: correctly use va_list + when both an old-style and new-style warning/error handlers + are installed. Patch by Paavo Helde (sent on the mailing list) + + libtiff/tif_getimage.c: use _TIFFReadTileAndAllocBuffer(). + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2470 + + libtiff/tif_read.c, tiffiop.h: add a + _TIFFReadEncodedTileAndAllocBuffer() and + _TIFFReadTileAndAllocBuffer() variants of + TIFFReadEncodedTile() and TIFFReadTile() that allocates the + decoded buffer only after a first successful TIFFFillTile(). + This avoids excessive memory allocation on corrupted files. + + libtiff/tif_pixarlog.c: avoid excessive memory allocation on + decoding when RowsPerStrip tag is not defined (and thus + td_rowsperstrip == UINT_MAX) Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2554 + + libtiff/tif_lzw.c: fix 4.0.8 regression in the decoding of + old-style LZW compressed files. + + libtiff/tif_lzw.c: fix potential out-of-buffer read on 1-byte + LZW strips. Crashing issue only on memory mapped files, where + the strip offset is the last byte of the file, and the file + size is a multiple of one page size on the CPU architecture + (typically 4096) + + libtiff/tif_dir.c: avoid potential null pointer dereference + in _TIFFVGetField() on corrupted TIFFTAG_NUMBEROFINKS tag + instance. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2713 + + tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw" + mode on PlanarConfig=Contig input images. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2715 + + libtiff/tif_read.c: TIFFFillStrip() / TIFFFillTile(). + Complementary fix for + http://bugzilla.maptools.org/show_bug.cgi?id=2708 in the + isMapped() case, so as to avoid excessive memory allocation + when we need a temporary buffer but the file is truncated. + + libtiff/tif_read.c: in TIFFFetchStripThing(), only grow the + arrays that hold StripOffsets/StripByteCounts, when they are + smaller than the expected number of striles, up to 1 million + striles, and error out beyond. Can be tweaked by setting the + environment variable LIBTIFF_STRILE_ARRAY_MAX_RESIZE_COUNT. + This partially goes against a change added on 2002-12-17 to + accept those arrays of wrong sizes, but is needed to avoid + denial of services. Fixes + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2350 + + libtiff/tif_read.c: add protection against excessive memory + allocation attempts in TIFFReadDirEntryArray() on short files. + Effective for mmap'ed case. And non-mmap'ed case, but ++++ 73 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/tiff/tiff.changes ++++ and /work/SRC/openSUSE:Factory/.tiff.new/tiff.changes Old: ---- tiff-4.0.8.tar.gz New: ---- tiff-4.0.9.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tiff.spec ++++++ --- /var/tmp/diff_new_pack.NIeknS/_old 2017-12-15 13:59:25.305889781 +0100 +++ /var/tmp/diff_new_pack.NIeknS/_new 2017-12-15 13:59:25.309889587 +0100 @@ -17,7 +17,7 @@ Name: tiff -Version: 4.0.8 +Version: 4.0.9 Release: 0 Summary: Tools for Converting from and to the Tagged Image File Format License: HPND ++++++ tiff-4.0.8.tar.gz -> tiff-4.0.9.tar.gz ++++++ ++++ 4466 lines of diff (skipped)
