|
|
 |
|
|
Changelog for tiff-4.5.0-5.2.x86_64.rpm :
* Wed Feb 22 2023 Michael Vetter - security update:
* CVE-2023-0795 [bsc#1208226]
* CVE-2023-0796 [bsc#1208227]
* CVE-2023-0797 [bsc#1208228]
* CVE-2023-0798 [bsc#1208229]
* CVE-2023-0799 [bsc#1208230] + tiff-CVE-2023-0795,CVE-2023-0796,CVE-2023-0797,CVE-2023-0798,CVE-2023-0799.patch
* CVE-2023-0800 [bsc#1208231]
* CVE-2023-0801 [bsc#1208232]
* CVE-2023-0802 [bsc#1208233]
* CVE-2023-0803 [bsc#1208234]
* CVE-2023-0804 [bsc#1208236] + tiff-CVE-2023-0800,CVE-2023-0801,CVE-2023-0802,CVE-2023-0803,CVE-2023-0804.patch
* Thu Jan 26 2023 Michael Vetter - security update:
* CVE-2022-48281 [bsc#1207413] + tiff-CVE-2022-48281.patch
* Wed Jan 04 2023 Paolo Stivanin - Update to 4.5.0:
* tdir_t type updated to uint32_t. This type is now used for the return value of TIFFCurrentDirectory() and TIFFNumberOfDirectories(), and as the argument of TIFFSetDirectory() and TIFFUnlinkDirectory()
* Addition of an open option concept with the new functions TIFFOpenExt(), TIFFOpenWExt(), TIFFFdOpenExt(), TIFFClientOpenExt(), TIFFOpenOptionsAlloc(), TIFFOpenOptionsFree()
* Leveraging above mentioned open option concept, addition of a new capability to limit the size of a single dynamic memory allocation done by the library with TIFFOpenOptionsSetMaxSingleMemAlloc()
* Related to IFD-Loop detection refactoring, the number of IFDs that libtiff can browse through has been extended from 65535 to 1048576. This value is a build-time setting that can be configured with CMake\'s TIFF_MAX_DIR_COUNT variable or autoconf\'s --with-max-dir-count option.
* Whole code base reformatting of .c/.h files using new .clang-format format
* Documentation changed from static HTML and man pages to Restructured Text (rst). HTML and man pages are now build artifacts.
* SONAME version bumped to 6 due to changes in symbol versioning.
* autoconf/cmake: detect (not yet released) libjpeg-turbo 2.2 to take into its capability of handling both 8-bit JPEG and 12-bit JPEG in a single build.
* autoconf/cmake: detect sphinx-build to build HTML and man pages
* CMakeLists.txt: fix warning with -Wdev
* CMake: correctly set default value of \'lzma\' option when liblzma is detected
* CMake: Moved linking of CMath::CMath into CMath_LIBRARY check.
* Fix CMake build to be compatible with FetchContent.
* cmake: Correct duplicate definition of _CRT_SECURE_NO_WARNINGS
* cmake: Fixes for Visual Studio 2022.
* Adds Requires.private generation so that pkg-config can correctly find the dependencies of libtiff.
* Fix dependency on libm on Android
* Fix build in tif_lzw.c
* CMake: Add options for disabling tools, tests, contrib and docs.
* tiffcrop: Fix memory allocation to require a larger buffer (CVE-2022-3570, CVE-2022-3598)
* tiffcrop: disable incompatibility of -Z, -X, -Y, -z options with any PAGE_MODE_x option (CVE-2022-3627, CVE-2022-3597, CVE-2022-3626)
* tiffcrop: fix floating-point exception (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)
* _TIFFCheckFieldIsValidForCodec(): return FALSE when passed a codec-specific tag and the codec is not configured (CVE-2022-34526)
* Revised handling of TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value (CVE-2022-3599)
* tiffcrop: -S option mutually exclusive (CVE-2022-2519, CVE-2022-2520, CVE-2022-2521)- Drop tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch- Drop tiff-CVE-2022-34526.patch- Drop tiff-CVE-2022-3599.patch- Drop tiff-CVE-2022-3598.patch- Drop tiff-CVE-2022-3970.patch- Drop tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch- Drop tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch
* Mon Nov 14 2022 Michael Vetter - security update:
* CVE-2022-3970 [bsc#1205392] + tiff-CVE-2022-3970.patch
* Sun Nov 13 2022 Michael Vetter - security update:
* CVE-2022-3597 [bsc#1204641]
* CVE-2022-3626 [bsc#1204644]
* CVE-2022-3627 [bsc#1204645] + tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch
* CVE-2022-3599 [bsc#1204643] + tiff-CVE-2022-3599.patch
* CVE-2022-3598 [bsc#1204642] + tiff-CVE-2022-3598.patch
* Mon Oct 17 2022 Michael Vetter - security update:
* CVE-2022-2519 [bsc#1202968]
* CVE-2022-2520 [bsc#1202973]
* CVE-2022-2521 [bsc#1202971] + tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch
* Mon Aug 01 2022 Michael Vetter - security update:
* CVE-2022-34526 [bsc#1202026] + tiff-CVE-2022-34526.patch
* Wed Jul 06 2022 Michael Vetter - security update
* CVE-2022-2056 [bsc#1201176]
* CVE-2022-2057 [bsc#1201175]
* CVE-2022-2058 [bsc#1201174] + tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch
* Sun May 29 2022 Dirk Müller - update to 4.4.0:
* TIFFIsBigTiff() function added.
* Functions TIFFFieldSetGetSize() and TIFFieldSetGetCountSize() added.
* LZWDecode(): major speed improvements (~30% faster)
* Predictor 2 (horizontal differenciation): support 64-bit
* Support libjpeg 9d
* avoid hang in TIFFRewriteDirectory() if a classic file > 4 GB is attempted to be created
* tif_jbig.c: fix crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed
* TIFFFetchNormalTag(): avoid calling memcpy() with a null source pointer and size of zero
* TIFFWriteDirectoryTagData(): turn assertion on data length into a runtime check
* TIFFFetchStripThing(): avoid calling memcpy() with a null source pointer and size of zero
* TIFFReadDirectory(): avoid calling memcpy() with a null source pointer and size of zero
* TIFFYCbCrToRGBInit(): avoid Integer-overflow
* TIFFGetField(TIFFTAG_STRIPBYTECOUNTS/TIFFTAG_STRIPOFFSETS): return error if returned pointer is NULL (fixes #342)
* OJPEG: avoid assertion when using TIFFReadScanline()
* TIFFReadDirectory: fix OJPEG hack
* LZW codec: fix support for strips/tiles > 2 GB on Windows
* TIFFAppendToStrip(): fix rewrite-in-place logic
* Fix TIFFRewriteDirectory discarding directories.
* TIFFReadCustomDirectory(): avoid crash when reading SubjectDistance tag on a non EXIF directory
* Fix Segmentation fault printing GPS directory if Altitude tag is present
* tif_jpeg.c: do not emit progressive scans with mozjpeg. (#266)
* _TIFFRewriteField(): fix when writing a IFD with a single tile that is a sparse one, on big endian hosts
* Fix all remaining uses of legacy Deflate compression id and warn on use.- drop tiff-CVE-2022-0907.patch, tiff-CVE-2022-0561.patch, tiff-CVE-2022-0562.patch, tiff-CVE-2022-0865.patch, tiff-CVE-2022-0909.patch, tiff-CVE-2022-0924.patch, tiff-CVE-2022-0908.patch, tiff-CVE-2022-1056,CVE-2022-0891.patch: all upstream- add signature validation, adds tiff.keyring
* Mon May 09 2022 Michael Vetter - security update:
* CVE-2022-0907 [bsc#1197070] + tiff-CVE-2022-0907.patch
* Mon May 09 2022 Michael Vetter - security update
* CVE-2022-0561 [bsc#1195964] + tiff-CVE-2022-0561.patch
* CVE-2022-0562 [bsc#1195965] + tiff-CVE-2022-0562.patch
* CVE-2022-0865 [bsc#1197066] + tiff-CVE-2022-0865.patch
* CVE-2022-0909 [bsc#1197072] + tiff-CVE-2022-0909.patch
* CVE-2022-0924 [bsc#1197073] + tiff-CVE-2022-0924.patch
* CVE-2022-0908 [bsc#1197074] + tiff-CVE-2022-0908.patch
* Fri May 06 2022 Michael Vetter - security update
* CVE-2022-1056 [bsc#1197631]
* CVE-2022-0891 [bsc#1197068] + tiff-CVE-2022-1056,CVE-2022-0891.patch
* Wed May 04 2022 Marcus Meissner - switch source url to https
* Mon Apr 26 2021 Paolo Stivanin - version update to 4.3.0
* Build and usage of the library and its utilities requires a C99 capable compiler.
* New optional codec for the LERC (Limited Error Raster Compression) compression scheme. To have it available, configure libtiff against the SDK available at https://github.com/esri/lerc
* Removal of unused, or now useless due to C99 availability, functions in port/
* tiffcmp: fix comparaison with pixels that are fractional number of bytes
* tiff2ps: exit the loop in case of error
* tiff2pdf: check that tiff_datasize fits in a signed tsize_t
* Mon Dec 28 2020 pgajdosAATTsuse.com- version update to 4.2.0 Major changes:
* Optional support for using libdeflate is added.
* Many of the tools now support a memory usage limit. See http://www.simplesystems.org/libtiff/v4.2.0.html for more.
* Wed Apr 01 2020 Martin Pluskal - Drop webp support as it would introduce build cycle
* Mon Mar 30 2020 Martin Pluskal - Enable zstd and webp support
|
|
|
