Bug#863459: unblock (pre-approval): tiff/4.0.8
Control: tags -1 -moreinfo Hi Ivo, On Sat, May 27, 2017 at 11:27 AM, Ivo De Deckerwrote: > On Sat, May 27, 2017 at 09:48:21AM +0200, László Böszörményi (GCS) wrote: >> Current version of tiff in the archive is 4.0.7 and the package >> already have 28 security patches that got attention (CVE id). Upstream >> released 4.0.8 which contains only security related changes[1] >> including memory leaks, division by zero, undefined behaviour, integer >> overflows and excessive memory allocation fixes. >> There are no major or software configuration changes[2]. > > Please go ahead and remove the moreinfo tag from this bug once the upload is > in unstable and the builds are done on all the relevant architectures. It is built, uploaded and installed on _all_ architectures, Ubuntu adopted it as-is as well. Thanks, Laszlo/GCS
Bug#863459: unblock (pre-approval): tiff/4.0.8
Control: tags -1 confirmed moreinfo Hi, On Sat, May 27, 2017 at 09:48:21AM +0200, László Böszörményi (GCS) wrote: > Current version of tiff in the archive is 4.0.7 and the package > already have 28 security patches that got attention (CVE id). Upstream > released 4.0.8 which contains only security related changes[1] > including memory leaks, division by zero, undefined behaviour, integer > overflows and excessive memory allocation fixes. > There are no major or software configuration changes[2]. Please go ahead and remove the moreinfo tag from this bug once the upload is in unstable and the builds are done on all the relevant architectures. Cheers, Ivo
Bug#863459: unblock (pre-approval): tiff/4.0.8
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, Current version of tiff in the archive is 4.0.7 and the package already have 28 security patches that got attention (CVE id). Upstream released 4.0.8 which contains only security related changes[1] including memory leaks, division by zero, undefined behaviour, integer overflows and excessive memory allocation fixes. There are no major or software configuration changes[2]. Diffstat between the versions: ChangeLog | 464 +- RELEASE-DATE |2 VERSION |2 configure | 24 +- configure.ac |6 html/Makefile.am |3 html/Makefile.in |3 html/index.html |4 html/man/CMakeLists.txt |2 html/man/Makefile.am |2 html/man/Makefile.in |2 html/man/rgb2ycbcr.1.html | 155 --- html/man/thumbnail.1.html | 148 -- html/v4.0.7.html |2 html/v4.0.8.html | 445 libtiff/tif_color.c | 40 ++- libtiff/tif_dir.c | 48 libtiff/tif_dirread.c | 62 -- libtiff/tif_dirwrite.c| 101 -- libtiff/tif_fax3.c| 71 +-- libtiff/tif_fax3.h|6 libtiff/tif_getimage.c| 95 ++--- libtiff/tif_jpeg.c| 29 ++ libtiff/tif_luv.c | 47 ++-- libtiff/tif_lzw.c | 33 ++- libtiff/tif_ojpeg.c | 25 ++ libtiff/tif_open.c|6 libtiff/tif_packbits.c| 12 - libtiff/tif_pixarlog.c| 60 - libtiff/tif_predict.c | 18 + libtiff/tif_print.c | 10 libtiff/tif_read.c| 344 +- libtiff/tif_strip.c | 11 - libtiff/tif_unix.c| 10 libtiff/tif_win32.c | 10 libtiff/tif_write.c | 32 +-- libtiff/tif_zip.c |8 libtiff/tiffio.h |5 libtiff/tiffiop.h |6 libtiff/tiffvers.h|4 man/CMakeLists.txt|2 man/Makefile.am |2 man/Makefile.in |2 man/rgb2ycbcr.1 | 99 - man/thumbnail.1 | 90 tools/fax2tiff.c |9 tools/raw2tiff.c | 10 tools/tiff2bw.c |9 tools/tiff2pdf.c | 31 +-- tools/tiff2ps.c | 15 + tools/tiffcp.c| 65 +- tools/tiffcrop.c | 23 +- tools/tiffinfo.c |4 53 files changed, 1920 insertions(+), 798 deletions(-) Tests done. 1) Using it on my Stretch/amd64 machine without problems, including gimp and firefox. 2) Built successfully on amd64 / arm64 / armel / i386 / mipsel. 3) Built some reverse dependencies with it: graphicsmagick and gimp. Proposed package is available[3]. Would be nice to upload it to Sid and target Stretch instead of backporting even more fixes as those get public exploits and/or CVE ids. Of course, I'm open for even more testing if that's required. Thanks for considering, Laszlo/GCS [1] http://libtiff.maptools.org/v4.0.8.html#libtiff [2] http://libtiff.maptools.org/v4.0.8.html#highlights [3] dget -x http://www.barcikacomp.hu/gcs/tiff_4.0.8-1.dsc