SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libtiff6-4.7.0-216.3.i586.rpm :

* Wed Sep 18 2024 Michael Vetter - Update to 4.7.0:
* This version restores in the default build the availability of the tools that had been dropped in v4.6.0 See https://libtiff.gitlab.io/libtiff/rfcs/rfc2_restoring_needed_tools.html#rfc2-restoring-needed-tools
* Software configuration changes: + autoconf build: configure.ac: avoid -Werror passed to CFLAGS to interfere with feature detection + autoconf build: fix error when running make clean (fixes issue #630) + autoconf build: back off the minimum required automake version to 1.11 + autoconf.ac: fix detection of windows.h for mingw (fixes issue #605) + libtiff-4.pc: Fix Requires.private missing Lerc. It provides a .pc file starting from version 4 (in autoconf builds, we assume that liblerc is at least version 4) + CMake: Fix TIFF_INCLUDE_DIRS + CMake: MinGW compilers don\'t need a .def file for shared library + CMake: move libdeflate and Lerc to Requires.private + CMake: enable resource compilation on all Windows.
* Library changes: + Add TIFFOpenOptionsSetMaxCumulatedMemAlloc(). This function complements TIFFOpenOptionsSetMaxSingleMemAlloc() to define the maximum cumulated memory allocations in byte, for a given TIFF handle, that libtiff internal memory allocation functions are allowed. + TIFFWriteDirectory(): Avoid overwriting following data if an IFD is enlarged. + TIFFXYZToRGB: avoid integer overflow (fixes issue #644) + uv_decode() and uv_encode(): avoid potential out-of-bounds array index (fixes issue #645) + Fix cases where tif_curdir is set incorrectly. Fix cases where the current directory number (tif_curdir) is set inconsistently or incorrectly, depending on the previous history. + TIFFRead[Scanline/EncodedStrip/EncodeTile]: 0-initialize output buffer if setupdecode fails ; most codecs: zero-initialize (not-yet-written parts of) output buffer if failure (fixes issue #375) + OJPEG: reset subsampling_convert_state=0 in OJPEGPreDecode (fixes issue #183) + ThunderRLE: fix failure when decoding last run. Bug seen with GhostPDL + LERC codec: deal with issues with multi-band PlanarConfig=Contig and NaN values + tif_fax3.c: error out after a number of times end-of-file has been reached (fixes issue #583) + LZW: avoid warning about misaligned address with UBSAN (fixes issue #616) + TIFFReadRGBAStrip/TIFFReadRGBATile: add more validation of col/row (fixes issue #622, CVE-2023-52356) + tif_dirread.c: only issue TIFFGetFileSize() for large enough RAM requests + Avoid FPEs (division by zero) in tif_getimage.c. + Avoiding FPE (division by zero) for TIFFhowmany_32() and TIFFhowmany_64() macros by checking for denominator not zero before macros are executed. (fixes issue #628) + Add non-zero check before division in TIFFComputeStrip() + Fix wrong return of TIFFIsBigTIFF() in case byte-swapping is active + Setting the TIFFFieldInfo field set_field_type should consider field_writecount not field_readcount + Avoid memory leaks when using TIFFCreateDirectory() by releasing the allocated memory in the tif-structure. + For non-terminated ASCII arrays, the buffer is first enlarged before a NULL is set at the end to avoid deleting the last character. (fixes issue #579) + Check return value of _TIFFCreateAnonField(). (fixes issue #624, CVE-2024-7006) + Prevent some out-of-memory attacks (https://gitlab.com/libtiff/libtiff/-/issues/614#note_1602683857) + Ensure absolute seeking is forced independent of TIFFReadDirectory success. (fixes issue #618) + tif_dirinfo.c: re-enable TIFFTAG_EP_CFAREPEATPATTERNDIM and TIFFTAG_EP_CFAPATTERN tags (fixes issue #608) + Fix warnings with GCC 14 + tif_dir.c: Log source file, line number, and input tif for directory count error (fixes issue #627) + Last usage of get_field_type of TIFFField structure at TIFFWriteDirectorySec() changed to using set_field_type. + tif_jpeg.c/tif_ojpeg.c: remove likely ifdef tricks related to old compilers or unusual setups + Remove _TIFFUInt64ToFloat() and _TIFFUInt64ToDouble() + Remove support for _MSC_VER < 1500. + Use #ifdef _WIN32 to test for Windows, and tiffio.h: remove definition of __WIN32__
* Documentation: + Amend manpages for changes in current directory index behaviour + Note on using TIFFFlush() before TIFFClose() to check that the data has been successfully written to the file. (fixes issue #506) + Update TIFF documentation about TIFFOpenOptions.rst and TIFFOpenOptionsSetMaxSingleMemAlloc() usage and some other small fixes (relates to CVE-2024-7006)
* Re-added tools: + fax2ps + fax2tiff + pal2rgb + ppm2tiff + raw2tiff + rgb2ycbcr (not installed) + thumbnail (not installed) + tiff2bw + tiff2rgba + tiffcmp + tiffcrop + tiffdither + tiffgt + tiffmedian + tiff2ps + tiff2pdf
* New/improved functionality: + tiff2rgba: Add background gradient option for alpha compositing + tiffcp: -i flag restored
* Bug fixes for tools: + tiffcrop: address Coverity scan issues 1605444, 1605445, and 16054 + tiffcrop: Apply \"Fix heap-buffer-overflow in function extractImageSection\" + tiffcrop: fix buffer overflows, use after free (fixes issue #542, issue #550, issue #552) + tiff2pdf: address Coverity scan issues + tiff2pdf: fix inconsistent PLANARCONFIG value for the input and output TIFF + tiff2pdf: fix issue with JPEG restart-interval marker when converting from JPEG-compressed files (fixes issue #539) + tiff2pdf: red and blue were being swapped for RGBA decoding (fixes issue #253) + tiff2pdf: fixes issue #596 + thumbnail: address Coverity scan issues + tiffcp: Add check for limitMalloc return to fix Coverity 1603334 + tiffcp: preserve TIFFTAG_REFERENCEBLACKWHITE when doing YCbCr JPEG -> YCbCr JPEG + tiffcp: replace PHOTOMETRIC_YCBCR with PHOTOMETRIC_RGB when outputing to compression != JPEG (refs issue #571) + tiffcp: do not copy tags YCBCRCOEFFICIENTS, YCBCRSUBSAMPLING, YCBCRPOSITIONING, REFERENCEBLACKWHITE. Only set YCBCRSUBSAMPLING when generating YCbCr JPEG + tiffcp: Check also codec of input image, not only from output image (fixes issue #606) + Add some basic sanity checks for tiffcp and tiffcrop RGB->YCbCr JPEG conversions. + fax2ps and fax2tiff: memory leak fixes (fixes issue #476) + tiffmedian: memory leak fixes (fixes issue #599) + fax2tiff: fix EOFB interpretation (fixes issue #191) + fax2tiff: fix issue with unreasonable width input (fixes issue #249) + tiffcp and tiffcrop: fixes issue #228 + tiff2rgba: fixes issue #469 + tiffdither: fixes issue #473 + tiffdump: fix wrong printf formatter in error message (Coverity 1472932) + tiffset: avoid false positive Coverity Scan warning on 64-bit builds (Coverity 1518997) + tifcp/tiffset: use correct format specifiers
* Changes to contributed and unsupported tools + contrib/addtiffo: validate return of TIFFWriteEncodedXXXX() calls (Coverity 1024680)- Remove patches contained in upstream:
* tiff-CVE-2023-52356.patch
* tiff-CVE-2024-7006.patch- Tools are not built for now due to test failure: `FAIL: tiffcp-32bpp-None-jpeg.sh`
* Mon Aug 19 2024 Michael Vetter - security update:
* CVE-2024-7006 [bsc#1228924] Fix pointer deref in tif_dirinfo.c + tiff-CVE-2024-7006.patch
* Fri Jan 26 2024 Michael Vetter - security update:
* CVE-2023-52356 [bsc#1219213] Fix segfault in TIFFReadRGBATileExt() + tiff-CVE-2023-52356.patch
* Fri Sep 15 2023 Paolo Stivanin - Update to version 4.6.0:
* API/ABI breaks: none
* WebP decoder: validate WebP blob width, height, band count against TIFF parameters to avoid use of uninitialized variable, or decoding corrupted content without explicit error (fixes issue #581, issue #582).
* WebP codec: turn exact mode when creating lossless files to avoid altering R,G,B values in areas where alpha=0
* Fix TransferFunction writing of only two transfer functions.
* TIFFReadDirectoryCheckOrder: avoid integer overflow. When it occurs, it should be harmless in practice though
* tiffcp: remove -i option (ignore errors)
* This version removes a big number of utilities that have suffered from lack of maintenance over the years and were the source of various reported security issues: + fax2ps + fax2tiff + pal2rgb + ppm2tiff + raw2tiff + rgb2ycbcr + thumbnail + tiff2bw + tiff2rgba + tiffcmp + tiffcrop + tiffdither + tiffgt + tiffmedian + tiff2ps + tiff2pdf- Remove no longer needed tiff-4.0.3-compress-warning.patch.- CVE-2023-25435 [bsc#1212607] tiffcrop is removed
* Tue Jun 20 2023 Martin Pluskal - Update to version 4.5.1:
* Definition of tags reformatted (clang-format off) for better readability of tag comments in tiff.h and tif_dirinfo.c
* Do not install libtiff-4.pc when tiff-install is reset.
* Add versioninfo resource files for DLL and tools compiled with Windows MSVC and MINGW.
* Disable clang-formatting for tif_config.h.cmake.in and tiffconf.h.cmake.in because sensitive for CMake scripts.
* CMake: make WebP component name compatible with upstream ConfigWebP.cmake
* CMake: make Findliblzma with upstream CMake config file
* CMake: FindDeflate.cmake: fix several errors (issue #526).
* CMake: FindLERC.cmake: version string return added.
* CMake: export TiffConfig.cmake and TiffConfigVersion.cmake files
* CMake: fix export of INTERFACE_INCLUDE_DIRECTORIES
* Hardcode HOST_FILLORDER to FILLORDER_LSB2MSB and make \'H\' flag of TIFFOpen() to warn and an alias of FILLORDER_MSB2LSB. tif_lerc.c: use WORDS_BIGENDIAN instead of HOST_BIGENDIAN.
* Optimize relative seeking within TIFFSetDirectory() by using the learned list of IFD offsets.
* Improve internal IFD offset and directory number map handling.
* Behavior of TIFFOpen() mode \"r+\" in the Windows implementation adjusted to that of Linux.
* TIFFDirectory td_fieldsset type changed from unsigned long, which can be 32 or 64 bits, to uint32_t (fixes issue #484).
* tif_ojpeg.c: checking for division by zero (fixes issue #554).
* LZWDecode(): avoid crash when trying to read again from a strip whith a missing end-of-information marker (fixes issue #548).
* Fixed runtime error: applying zero offset to null pointer in countInkNamesString().
* Fixing crash in TIFFUnlinkDirectory() when called with directory number zero (\"TIFFUnlinkDirectory(0)\") as well as fixing incorrect behaviour when unlinking the first directory.
* tif_luv: check and correct for NaN data in uv_encode() (issue #530).
* TIFFClose() avoid NULL pointer dereferencing (issue #515).
* tif_hash_set.c: include tif_hash_set.h after tif_config.h to let a chance for GDAL symbol renaming trick.
* Fax3: fix failure to decode some fax3 number_of_images and add test for Fax3 decoding issues (issue #513).
* TIFFSetDirectory() and TIFFWriteDirectorySec() avoid harmless unsigned-integer-overflow (due to gdal oss-fuzz #54311 and #54343).
* tif_ojpeg.c: fix issue #554 by checking for division by zero in OJPEGWriteHeaderInfo().
* LZWDecode(): avoid crash when trying to read again from a strip whith a missing end-of-information marker (issue #548).- Drop no longer needed patches:
* tiff-CVE-2023-0795,CVE-2023-0796,CVE-2023-0797,CVE-2023-0798,CVE-2023-0799.patch
* tiff-CVE-2022-48281.patch
* tiff-CVE-2023-0800,CVE-2023-0801,CVE-2023-0802,CVE-2023-0803,CVE-2023-0804.patch
* Wed Feb 22 2023 Michael Vetter - security update:
* CVE-2023-0795 [bsc#1208226]
* CVE-2023-0796 [bsc#1208227]
* CVE-2023-0797 [bsc#1208228]
* CVE-2023-0798 [bsc#1208229]
* CVE-2023-0799 [bsc#1208230] + tiff-CVE-2023-0795,CVE-2023-0796,CVE-2023-0797,CVE-2023-0798,CVE-2023-0799.patch
* CVE-2023-0800 [bsc#1208231]
* CVE-2023-0801 [bsc#1208232]
* CVE-2023-0802 [bsc#1208233]
* CVE-2023-0803 [bsc#1208234]
* CVE-2023-0804 [bsc#1208236] + tiff-CVE-2023-0800,CVE-2023-0801,CVE-2023-0802,CVE-2023-0803,CVE-2023-0804.patch
* Thu Jan 26 2023 Michael Vetter - security update:
* CVE-2022-48281 [bsc#1207413] + tiff-CVE-2022-48281.patch
* Wed Jan 04 2023 Paolo Stivanin - Update to 4.5.0:
* tdir_t type updated to uint32_t. This type is now used for the return value of TIFFCurrentDirectory() and TIFFNumberOfDirectories(), and as the argument of TIFFSetDirectory() and TIFFUnlinkDirectory()
* Addition of an open option concept with the new functions TIFFOpenExt(), TIFFOpenWExt(), TIFFFdOpenExt(), TIFFClientOpenExt(), TIFFOpenOptionsAlloc(), TIFFOpenOptionsFree()
* Leveraging above mentioned open option concept, addition of a new capability to limit the size of a single dynamic memory allocation done by the library with TIFFOpenOptionsSetMaxSingleMemAlloc()
* Related to IFD-Loop detection refactoring, the number of IFDs that libtiff can browse through has been extended from 65535 to 1048576. This value is a build-time setting that can be configured with CMake\'s TIFF_MAX_DIR_COUNT variable or autoconf\'s --with-max-dir-count option.
* Whole code base reformatting of .c/.h files using new .clang-format format
* Documentation changed from static HTML and man pages to Restructured Text (rst). HTML and man pages are now build artifacts.
* SONAME version bumped to 6 due to changes in symbol versioning.
* autoconf/cmake: detect (not yet released) libjpeg-turbo 2.2 to take into its capability of handling both 8-bit JPEG and 12-bit JPEG in a single build.
* autoconf/cmake: detect sphinx-build to build HTML and man pages
* CMakeLists.txt: fix warning with -Wdev
* CMake: correctly set default value of \'lzma\' option when liblzma is detected
* CMake: Moved linking of CMath::CMath into CMath_LIBRARY check.
* Fix CMake build to be compatible with FetchContent.
* cmake: Correct duplicate definition of _CRT_SECURE_NO_WARNINGS
* cmake: Fixes for Visual Studio 2022.
* Adds Requires.private generation so that pkg-config can correctly find the dependencies of libtiff.
* Fix dependency on libm on Android
* Fix build in tif_lzw.c
* CMake: Add options for disabling tools, tests, contrib and docs.
* tiffcrop: Fix memory allocation to require a larger buffer (CVE-2022-3570, CVE-2022-3598) [bsc#1205422]
* tiffcrop: disable incompatibility of -Z, -X, -Y, -z options with any PAGE_MODE_x option (CVE-2022-3627, CVE-2022-3597, CVE-2022-3626)
* tiffcrop: fix floating-point exception (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)
* _TIFFCheckFieldIsValidForCodec(): return FALSE when passed a codec-specific tag and the codec is not configured (CVE-2022-34526)
* Revised handling of TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value (CVE-2022-3599)
* tiffcrop: -S option mutually exclusive (CVE-2022-2519, CVE-2022-2520, CVE-2022-2521)- Drop tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch- Drop tiff-CVE-2022-34526.patch- Drop tiff-CVE-2022-3599.patch- Drop tiff-CVE-2022-3598.patch- Drop tiff-CVE-2022-3970.patch- Drop tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch- Drop tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch
* Mon Nov 14 2022 Michael Vetter - security update:
* CVE-2022-3970 [bsc#1205392] + tiff-CVE-2022-3970.patch
* Sun Nov 13 2022 Michael Vetter - security update:
* CVE-2022-3597 [bsc#1204641]
* CVE-2022-3626 [bsc#1204644]
* CVE-2022-3627 [bsc#1204645] + tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch
* CVE-2022-3599 [bsc#1204643] + tiff-CVE-2022-3599.patch
* CVE-2022-3598 [bsc#1204642] + tiff-CVE-2022-3598.patch
* Mon Oct 17 2022 Michael Vetter - security update:
* CVE-2022-2519 [bsc#1202968]
* CVE-2022-2520 [bsc#1202973]
* CVE-2022-2521 [bsc#1202971] + tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch
* Mon Aug 01 2022 Michael Vetter - security update:
* CVE-2022-34526 [bsc#1202026] + tiff-CVE-2022-34526.patch
* Wed Jul 06 2022 Michael Vetter - security update
* CVE-2022-2056 [bsc#1201176]
* CVE-2022-2057 [bsc#1201175]
* CVE-2022-2058 [bsc#1201174] + tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch
* Sun May 29 2022 Dirk Müller - update to 4.4.0:
* TIFFIsBigTiff() function added.
* Functions TIFFFieldSetGetSize() and TIFFieldSetGetCountSize() added.
* LZWDecode(): major speed improvements (~30% faster)
* Predictor 2 (horizontal differenciation): support 64-bit
* Support libjpeg 9d
* avoid hang in TIFFRewriteDirectory() if a classic file > 4 GB is attempted to be created
* tif_jbig.c: fix crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed
* TIFFFetchNormalTag(): avoid calling memcpy() with a null source pointer and size of zero
* TIFFWriteDirectoryTagData(): turn assertion on data length into a runtime check
* TIFFFetchStripThing(): avoid calling memcpy() with a null source pointer and size of zero
* TIFFReadDirectory(): avoid calling memcpy() with a null source pointer and size of zero
* TIFFYCbCrToRGBInit(): avoid Integer-overflow
* TIFFGetField(TIFFTAG_STRIPBYTECOUNTS/TIFFTAG_STRIPOFFSETS): return error if returned pointer is NULL (fixes #342)
* OJPEG: avoid assertion when using TIFFReadScanline()
* TIFFReadDirectory: fix OJPEG hack
* LZW codec: fix support for strips/tiles > 2 GB on Windows
* TIFFAppendToStrip(): fix rewrite-in-place logic
* Fix TIFFRewriteDirectory discarding directories.
* TIFFReadCustomDirectory(): avoid crash when reading SubjectDistance tag on a non EXIF directory
* Fix Segmentation fault printing GPS directory if Altitude tag is present
* tif_jpeg.c: do not emit progressive scans with mozjpeg. (#266)
* _TIFFRewriteField(): fix when writing a IFD with a single tile that is a sparse one, on big endian hosts
* Fix all remaining uses of legacy Deflate compression id and warn on use.
* CVE-2022-22844 bsc#1194539
* CVE-2022-2867 bsc#1202466
* CVE-2022-2868 bsc#1202467
* CVE-2022-2869 bsc#1202468- drop tiff-CVE-2022-0907.patch, tiff-CVE-2022-0561.patch, tiff-CVE-2022-0562.patch, tiff-CVE-2022-0865.patch, tiff-CVE-2022-0909.patch, tiff-CVE-2022-0924.patch, tiff-CVE-2022-0908.patch, tiff-CVE-2022-1056,CVE-2022-0891.patch: all upstream- add signature validation, adds tiff.keyring
* Mon May 09 2022 Michael Vetter - security update:
* CVE-2022-0907 [bsc#1197070] + tiff-CVE-2022-0907.patch
* Mon May 09 2022 Michael Vetter - security update
* CVE-2022-0561 [bsc#1195964]
* CVE-2022-34266 [bsc#1201723] [bsc#1201971] + tiff-CVE-2022-0561.patch
* CVE-2022-0562 [bsc#1195965] + tiff-CVE-2022-0562.patch
* CVE-2022-0865 [bsc#1197066] + tiff-CVE-2022-0865.patch
* CVE-2022-0909 [bsc#1197072] + tiff-CVE-2022-0909.patch
* CVE-2022-0924 [bsc#1197073] + tiff-CVE-2022-0924.patch
* CVE-2022-0908 [bsc#1197074] + tiff-CVE-2022-0908.patch
* Fri May 06 2022 Michael Vetter - security update
* CVE-2022-1056 [bsc#1197631]
* CVE-2022-0891 [bsc#1197068] + tiff-CVE-2022-1056,CVE-2022-0891.patch
* Wed May 04 2022 Marcus Meissner - switch source url to https
* Mon Apr 26 2021 Paolo Stivanin - version update to 4.3.0
* Build and usage of the library and its utilities requires a C99 capable compiler.
* New optional codec for the LERC (Limited Error Raster Compression) compression scheme. To have it available, configure libtiff against the SDK available at https://github.com/esri/lerc
* Removal of unused, or now useless due to C99 availability, functions in port/
* tiffcmp: fix comparaison with pixels that are fractional number of bytes
* tiff2ps: exit the loop in case of error
* tiff2pdf: check that tiff_datasize fits in a signed tsize_t
 
ICM