Changelog for
libtiff5-4.4.0-7.3.x86_64.rpm :
* Mon Nov 14 2022 Michael Vetter
- security update:
* CVE-2022-3970 [bsc#1205392] + tiff-CVE-2022-3970.patch
* Sun Nov 13 2022 Michael Vetter - security update:
* CVE-2022-3597 [bsc#1204641]
* CVE-2022-3626 [bsc#1204644]
* CVE-2022-3627 [bsc#1204645] + tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch
* CVE-2022-3599 [bsc#1204643] + tiff-CVE-2022-3599.patch
* CVE-2022-3598 [bsc#1204642] + tiff-CVE-2022-3598.patch
* Mon Oct 17 2022 Michael Vetter - security update:
* CVE-2022-2519 [bsc#1202968]
* CVE-2022-2520 [bsc#1202973]
* CVE-2022-2521 [bsc#1202971] + tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch
* Mon Aug 01 2022 Michael Vetter - security update:
* CVE-2022-34526 [bsc#1202026] + tiff-CVE-2022-34526.patch
* Wed Jul 06 2022 Michael Vetter - security update
* CVE-2022-2056 [bsc#1201176]
* CVE-2022-2057 [bsc#1201175]
* CVE-2022-2058 [bsc#1201174] + tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch
* Sun May 29 2022 Dirk Müller - update to 4.4.0:
* TIFFIsBigTiff() function added.
* Functions TIFFFieldSetGetSize() and TIFFieldSetGetCountSize() added.
* LZWDecode(): major speed improvements (~30% faster)
* Predictor 2 (horizontal differenciation): support 64-bit
* Support libjpeg 9d
* avoid hang in TIFFRewriteDirectory() if a classic file > 4 GB is attempted to be created
* tif_jbig.c: fix crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed
* TIFFFetchNormalTag(): avoid calling memcpy() with a null source pointer and size of zero
* TIFFWriteDirectoryTagData(): turn assertion on data length into a runtime check
* TIFFFetchStripThing(): avoid calling memcpy() with a null source pointer and size of zero
* TIFFReadDirectory(): avoid calling memcpy() with a null source pointer and size of zero
* TIFFYCbCrToRGBInit(): avoid Integer-overflow
* TIFFGetField(TIFFTAG_STRIPBYTECOUNTS/TIFFTAG_STRIPOFFSETS): return error if returned pointer is NULL (fixes #342)
* OJPEG: avoid assertion when using TIFFReadScanline()
* TIFFReadDirectory: fix OJPEG hack
* LZW codec: fix support for strips/tiles > 2 GB on Windows
* TIFFAppendToStrip(): fix rewrite-in-place logic
* Fix TIFFRewriteDirectory discarding directories.
* TIFFReadCustomDirectory(): avoid crash when reading SubjectDistance tag on a non EXIF directory
* Fix Segmentation fault printing GPS directory if Altitude tag is present
* tif_jpeg.c: do not emit progressive scans with mozjpeg. (#266)
* _TIFFRewriteField(): fix when writing a IFD with a single tile that is a sparse one, on big endian hosts
* Fix all remaining uses of legacy Deflate compression id and warn on use.- drop tiff-CVE-2022-0907.patch, tiff-CVE-2022-0561.patch, tiff-CVE-2022-0562.patch, tiff-CVE-2022-0865.patch, tiff-CVE-2022-0909.patch, tiff-CVE-2022-0924.patch, tiff-CVE-2022-0908.patch, tiff-CVE-2022-1056,CVE-2022-0891.patch: all upstream- add signature validation, adds tiff.keyring
* Mon May 09 2022 Michael Vetter - security update:
* CVE-2022-0907 [bsc#1197070] + tiff-CVE-2022-0907.patch
* Mon May 09 2022 Michael Vetter - security update
* CVE-2022-0561 [bsc#1195964] + tiff-CVE-2022-0561.patch
* CVE-2022-0562 [bsc#1195965] + tiff-CVE-2022-0562.patch
* CVE-2022-0865 [bsc#1197066] + tiff-CVE-2022-0865.patch
* CVE-2022-0909 [bsc#1197072] + tiff-CVE-2022-0909.patch
* CVE-2022-0924 [bsc#1197073] + tiff-CVE-2022-0924.patch
* CVE-2022-0908 [bsc#1197074] + tiff-CVE-2022-0908.patch
* Fri May 06 2022 Michael Vetter - security update
* CVE-2022-1056 [bsc#1197631]
* CVE-2022-0891 [bsc#1197068] + tiff-CVE-2022-1056,CVE-2022-0891.patch
* Wed May 04 2022 Marcus Meissner - switch source url to https
* Mon Apr 26 2021 Paolo Stivanin - version update to 4.3.0
* Build and usage of the library and its utilities requires a C99 capable compiler.
* New optional codec for the LERC (Limited Error Raster Compression) compression scheme. To have it available, configure libtiff against the SDK available at https://github.com/esri/lerc
* Removal of unused, or now useless due to C99 availability, functions in port/
* tiffcmp: fix comparaison with pixels that are fractional number of bytes
* tiff2ps: exit the loop in case of error
* tiff2pdf: check that tiff_datasize fits in a signed tsize_t
* Mon Dec 28 2020 pgajdosAATTsuse.com- version update to 4.2.0 Major changes:
* Optional support for using libdeflate is added.
* Many of the tools now support a memory usage limit. See http://www.simplesystems.org/libtiff/v4.2.0.html for more.
* Wed Apr 01 2020 Martin Pluskal - Drop webp support as it would introduce build cycle
* Mon Mar 30 2020 Martin Pluskal - Enable zstd and webp support
* Wed Nov 06 2019 pgajdosAATTsuse.com- version update to 4.1.0
* fixes several CVEs mentioned below and more, see ChangeLog- deleted patches - tiff-CVE-2018-12900.patch (upstreamed) - tiff-CVE-2018-17000,19210.patch (upstreamed) - tiff-CVE-2019-6128.patch (upstreamed) - tiff-CVE-2019-7663.patch (upstreamed)
* Tue Feb 12 2019 mvetterAATTsuse.com- security update
* CVE-2019-7663 [bsc#1125113] + tiff-CVE-2019-7663.patch
* Mon Feb 04 2019 mvetterAATTsuse.com- security update
* CVE-2019-6128 [bsc#1121626] + tiff-CVE-2019-6128.patch
* Wed Jan 30 2019 Petr Gajdos - extend tiff-CVE-2018-19210.patch and rename it to tiff-CVE-2018-17000,19210.patch [bsc#1108606c#11]
* solves CVE-2018-19210 [bsc#1115717] and CVE-2018-17000 [bsc#1108606]
* Wed Jan 30 2019 Petr Gajdos - amend tiff-CVE-2018-12900.patch: fix wrong error message [bsc#1099257]