commit tiff.3578 for openSUSE:13.1:Update
Hello community,
here is the log from the commit of package tiff.3578 for openSUSE:13.1:Update checked in at 2015-03-09 10:52:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1:Update/tiff.3578 (Old)
and /work/SRC/openSUSE:13.1:Update/.tiff.3578.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tiff.3578"
Changes:
--------
New Changes file:
--- /dev/null 2015-02-28 12:43:00.252025756 +0100
+++ /work/SRC/openSUSE:13.1:Update/.tiff.3578.new/tiff.changes 2015-03-09 10:52:49.000000000 +0100
@@ -0,0 +1,573 @@
+-------------------------------------------------------------------
+Mon Feb 16 08:14:26 UTC 2015 - pgajdos@suse.com
+
+- security update: CVE-2014-9655, CVE-2014-8127, CVE-2014-8128,
+ CVE-2014-8129, CVE-2014-8130, CVE-2015-1547
+ bnc#914890, bnc#916925, bnc#916927
+ + erouault.2856.patch
+ + erouault.2857.patch
+ + erouault.2858.patch
+ + erouault.2859.patch
+ + erouault.2860.patch
+ + erouault.2861.patch
+ + erouault.2862.patch
+ + erouault.2863.patch
+ + erouault.2876.patch
+ + bfriesen.2805.patch
+ + tiff-handle-TIFFTAG_CONSECUTIVEBADFAXLINES.patch
+ + tiff-handle-TIFFTAG_PREDICTOR.patch
+ + tiff-dither-malloc-check.patch
+
+-------------------------------------------------------------------
+Wed Aug 21 12:57:57 UTC 2013 - pgajdos@suse.com
+
+- security update
+ * CVE-2013-4232.patch [bnc#834477]
+ * CVE-2013-4231.patch [bnc#834477]
+ * CVE-2013-4244.patch [bnc#834788]
+ * CVE-2013-4243.patch [bnc#834779]
+
+-------------------------------------------------------------------
+Wed Jun 26 10:48:50 UTC 2013 - pgajdos@suse.com
+
+- tiff2pdf: introduced warning when the compression isn't lzw or
+ none [bnc#819142]
+- tiff2pdf: fixed crash [bnc#821872]
+
+-------------------------------------------------------------------
+Tue Apr 30 13:20:50 UTC 2013 - pgajdos@suse.com
+
+- security update
+ * CVE-2013-1961.patch [bnc#818117]
+ * CVE-2013-1960.patch [bnc#817573]
+
+-------------------------------------------------------------------
+Fri Apr 5 10:23:51 UTC 2013 - idonmez@suse.com
+
+- Add Source URL, see https://en.opensuse.org/SourceUrls
+
+-------------------------------------------------------------------
+Mon Nov 5 09:27:59 UTC 2012 - pgajdos@suse.com
+
+- updated to 4.0.3:
+ * Add some TIFF/FX support in libtiff.
+ * Fix bug rewriting image tiles in a compressed file.
+ * Fix read past end of data buffer.
+ * etc., see ChangeLog
+- removed upstreamed patches:
+ * bigendian.patch
+ * dont-fancy-upsampling.patch
+ * CVE-2012-3401.patch
+- new patch:
+ * test-jpeg-turbo.patch
+ * CVE-2012-4564.patch [bnc#787892]
+
+-------------------------------------------------------------------
+Mon Jul 23 09:52:50 UTC 2012 - pgajdos@suse.com
+
+- fixed CVE-2012-3401 [bnc#770816]
+
+-------------------------------------------------------------------
+Thu Jun 28 10:16:29 UTC 2012 - meissner@suse.com
+
+- RGBA is packed in host order, use the right macros to unpack
+ and verify in raw_decode test.
+
+-------------------------------------------------------------------
+Wed Jun 20 09:29:37 UTC 2012 - pgajdos@suse.com
+
+- updated to 4.0.2: [bnc#767852] [bnc#767854]
+ tif_getimage.c: added support for _SEPARATED CMYK images.
+ tif_getimage.c: Added support for greyscale + alpha.
+ Added TIFFCreateCustomDirectory() and TIFFCreateEXIFDirectory() functions.
+ tif_print.c: Lots of fixes around printing corrupt or hostile input.
+ Improve handling of corrupt ycbcrsubsampling values.
+ tif_unix.c: use strerror to get meaningful error messages.
+ tif_jpeg.c: fix serious bugs in JPEGDecodeRaw().
+ tif_jpeg.c: Fix size overflow (zdi-can-1221,CVE-2012-1173).
+ tiff2pdf: Defend against integer overflows while calculating required
+ buffer sizes (CVE-2012-2113).
+
+-------------------------------------------------------------------
+Tue Apr 10 17:37:25 UTC 2012 - brian@aljex.com
+
+- Fix building on older targets from SUSE 10.0 to current.
+- Add jbig support
+
+-------------------------------------------------------------------
+Thu Mar 29 09:51:49 UTC 2012 - idonmez@suse.com
+
+- Add lzma support
+- Implement %check
+- Drop visibility patch because it breaks compilation
+
+-------------------------------------------------------------------
+Wed Mar 28 18:06:34 UTC 2012 - i@marguerite.su
+
+- change package name libtiff4 to libtiff5.
+ library number is 5 actually.
+
+-------------------------------------------------------------------
+Wed Mar 28 17:29:16 UTC 2012 - i@marguerite.su
+
+- Update to 4.0.1
+ * configure.ac
+ - Add libtiff private dependency on -llzma for pkg-config
+ - Add support for using library symbol versioning on
+ ELF systems with the GNU linker.
+ * libtiff/tif_win32.c: Eliminate some minor 64-bit warnings in
+ tif_win32.c
+ * libtiff/tif_jpeg.c: Extra caution for case where sp is NULL.
+ * libtiff/tif_dir.c, libtiff/tif_dirread.c: Extra caution around
+ assumption tag fetching is always successful.
+ * libtiff/tiffio.h: Use double-underbar syntax in GCC printf
+ attribute specification to lessen the risk of accidental macro
+ substitution.
+ * Update automake used to 1.11.3.
+
+-------------------------------------------------------------------
+Wed Mar 28 12:12:23 UTC 2012 - cfarrell@suse.com
+
+- license update: HPND
+ tiff license most akin to spdx recognised
+ http://www.spdx.org/licenses/HPND
+
+-------------------------------------------------------------------
+Tue Jan 10 01:21:45 UTC 2012 - crrodriguez@opensuse.org
+
+- remove libjpeg-devel and zlib-devel from libtiff-devel
+ requires as they are _not_ required to use the library.
+ Now, this _will_ break packages with wrong buildrequires
+ for good.
+
+-------------------------------------------------------------------
+Tue Jan 10 00:55:53 UTC 2012 - crrodriguez@opensuse.org
+
+- Hide private symbols using gcc visibility, this has been
+ applied only to functions that the source code clearly states
+ that are internal to the library.
+- Run spec cleaner
+
+-------------------------------------------------------------------
+Wed Nov 23 09:31:16 UTC 2011 - coolo@suse.com
+
+- add libtool as buildrequire to avoid implicit dependency
+
+-------------------------------------------------------------------
+Fri Aug 5 21:09:33 UTC 2011 - crrodriguez@opensuse.org
+
+- Do not use -fno-strict-aliasing, no longer needed
+ and will probably slow down the code.
+- Fix self-obsoletion warning
+
+-------------------------------------------------------------------
+Thu Apr 14 14:02:12 CEST 2011 - pgajdos@suse.cz
+
+- updated to 3.9.5:
+ * fixed integer overflow CVE-2010-4665
+ * fixed buffer overflow in ojpeg decoder
+ * upstreamed:
+ - oob-read.patch
+ - CVE-2011-0192.patch
+ - getimage-64bit.patch
+ - CVE-2011-1167.patch
+ - scanlinesize.patch
+
+-------------------------------------------------------------------
+Thu Mar 31 21:49:49 CEST 2011 - pgajdos@suse.cz
+
+- fixed regression caused by previous update [bnc#682871]
+ * modified CVE-2011-0192.patch
+- fixed buffer overflow in thunder decoder [bnc#683337]
+ * added CVE-2011-1167.patch
+
+-------------------------------------------------------------------
+Thu Feb 17 15:40:54 CET 2011 - pgajdos@suse.cz
+
+- fixed buffer overflow [bnc#672510]
+ * CVE-2011-0192.patch
+
+-------------------------------------------------------------------
+Mon Sep 6 14:56:09 CEST 2010 - pgajdos@suse.cz
+
+- fixed "Possibly exploitable memory corruption issue in libtiff"
+ (see http://bugzilla.maptools.org/show_bug.cgi?id=2228)
+ [bnc#624215]
+ * scanlinesize.patch
+- fixed crash while using libjpeg7 and higher
++++ 376 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:13.1:Update/.tiff.3578.new/tiff.changes
New:
----
README.SUSE
baselibs.conf
bfriesen.2805.patch
erouault.2856.patch
erouault.2857.patch
erouault.2858.patch
erouault.2859.patch
erouault.2860.patch
erouault.2861.patch
erouault.2862.patch
erouault.2863.patch
erouault.2876.patch
tiff-4.0.3-CVE-2012-4564.patch
tiff-4.0.3-CVE-2013-1960.patch
tiff-4.0.3-CVE-2013-1961.patch
tiff-4.0.3-CVE-2013-4231.patch
tiff-4.0.3-CVE-2013-4232.patch
tiff-4.0.3-CVE-2013-4243.patch
tiff-4.0.3-CVE-2013-4244.patch
tiff-4.0.3-compress-warning.patch
tiff-4.0.3-double-free.patch
tiff-4.0.3-seek.patch
tiff-4.0.3-test-jpeg-turbo.patch
tiff-4.0.3-tiff2pdf-colors.patch
tiff-4.0.3.tar.gz
tiff-dither-malloc-check.patch
tiff-handle-TIFFTAG_CONSECUTIVEBADFAXLINES.patch
tiff-handle-TIFFTAG_PREDICTOR.patch
tiff.changes
tiff.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tiff.spec ++++++
#
# spec file for package tiff
#
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: tiff
BuildRequires: gcc-c++
BuildRequires: libjpeg-devel
BuildRequires: libtool
%if 0%{?suse_version} > 1030
BuildRequires: lzma-devel
%endif
%if 0%{?suse_version} <= 1000
BuildRequires: pkgconfig
%endif
%if 0%{?suse_version} > 1000
BuildRequires: pkg-config
%endif
BuildRequires: zlib-devel
# bug437293
%ifarch ppc64
Obsoletes: tiff-64bit
%endif
%if 0%{?suse_version} > 1210
BuildRequires: libjbig-devel
%endif
Version: 4.0.3
Release: 0
Summary: Tools for Converting from and to the Tiff Format
License: HPND
Group: Productivity/Graphics/Convertors
Url: http://www.remotesensing.org/libtiff
Source: http://download.osgeo.org/libtiff/tiff-%{version}.tar.gz
Source2: README.SUSE
Source3: baselibs.conf
Patch0: tiff-%{version}-test-jpeg-turbo.patch
Patch1: tiff-%{version}-seek.patch
Patch2: tiff-%{version}-tiff2pdf-colors.patch
Patch3: tiff-%{version}-CVE-2012-4564.patch
Patch4: tiff-%{version}-CVE-2013-1961.patch
Patch5: tiff-%{version}-CVE-2013-1960.patch
# http://bugzilla.maptools.org/show_bug.cgi?id=2443
Patch6: tiff-%{version}-double-free.patch
# http://bugzilla.maptools.org/show_bug.cgi?id=2442
Patch7: tiff-%{version}-compress-warning.patch
Patch8: tiff-4.0.3-CVE-2013-4232.patch
Patch9: tiff-4.0.3-CVE-2013-4231.patch
Patch10: tiff-4.0.3-CVE-2013-4244.patch
Patch11: tiff-4.0.3-CVE-2013-4243.patch
Patch12: erouault.2856.patch
Patch13: erouault.2857.patch
Patch14: erouault.2858.patch
Patch15: erouault.2859.patch
Patch16: erouault.2860.patch
Patch17: erouault.2861.patch
Patch18: erouault.2862.patch
Patch19: erouault.2863.patch
Patch20: erouault.2876.patch
Patch21: bfriesen.2805.patch
Patch22: tiff-handle-TIFFTAG_CONSECUTIVEBADFAXLINES.patch
Patch23: tiff-handle-TIFFTAG_PREDICTOR.patch
Patch24: tiff-dither-malloc-check.patch
# FYI: this issue is solved another way
# http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1
# Patch9: tiff-%{version}-lzw-CVE-2009-2285.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
This package contains the library and support programs for the TIFF
image format.
%package -n libtiff5
Summary: The Tiff Library (with JPEG and compression support)
Group: System/Libraries
Provides: libtiff = %{version}
# bug437293
%ifarch ppc64
Obsoletes: libtiff-64bit
%endif
#
%description -n libtiff5
This package includes the tiff libraries. To link a program with
libtiff, you will have to add -ljpeg and -lz to include the necessary
libjpeg and libz in the linking process.
%package -n libtiff-devel
Summary: Development Tools for Programs which will use the libtiff Library
Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: libstdc++-devel
Requires: libtiff5 = %{version}
# bug437293
%ifarch ppc64
Obsoletes: tiff-devel-64bit
%endif
#
%description -n libtiff-devel
This package contains the header files and static libraries for
developing programs which will manipulate TIFF format image files using
the libtiff library.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3
%patch4
%patch5
%patch6
%patch7 -p1
%patch8
%patch9
%patch10
%patch11
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22
%patch23
%patch24
%build
%configure --disable-static --with-pic
make %{?_smp_mflags}
%install
mkdir -p %{buildroot}/{%{_mandir}/{man1,man3},usr/{bin,lib,include}}
%makeinstall
for f in `find %{buildroot}/%{_mandir} -type f -print ` ; do
if [ `wc -l <$f` -eq 1 ] && grep -q "^\.so " $f ; then
linkto=`sed -e "s|^\.so ||" $f`
[ -f "`dirname $f`/$linkto" ] && ln -sf "$linkto" $f
fi
done
cp %{SOURCE2} .
rm -rf %{buildroot}%{_datadir}/doc/tiff*
rm -f %{buildroot}/%{_libdir}/*.la
find html -name "Makefile*" | xargs rm
%check
cd test
make %{?_smp_mflags} check
%post -n libtiff5 -p /sbin/ldconfig
%postun -n libtiff5 -p /sbin/ldconfig
%files
%defattr(-,root,root)
%{_bindir}/*
%doc html
%doc README COPYRIGHT VERSION ChangeLog TODO RELEASE-DATE
%doc %{_mandir}/man1/*
%files -n libtiff5
%defattr(-,root,root)
%doc README COPYRIGHT README.SUSE
%{_libdir}/*.so.*
%files -n libtiff-devel
%defattr(-,root,root)
%{_includedir}/*
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc
%doc %{_mandir}/man3/*
%changelog
++++++ README.SUSE ++++++
The documentation for tiff programs and library is in package tiff
in directory /usr/share/doc/packages/tiff.++++++ baselibs.conf ++++++
libtiff5
obsoletes "libtiff-<targettype> <= <version>"
provides "libtiff-<targettype> = <version>"
libtiff-devel
requires -libtiff-<targettype>
requires "libtiff5-<targettype> = <version>"
++++++ bfriesen.2805.patch ++++++
---------------------
PatchSet 2805
Date: 2012/11/18 19:51:52
Author: bfriesen
Branch: HEAD
Tag: (none)
Log:
* libtiff/tif_{unix,vms,win32}.c (_TIFFmalloc): ANSI C does not
require malloc() to return NULL pointer if requested allocation
size is zero. Assure that _TIFFmalloc does.
Members:
ChangeLog:1.924->1.925
libtiff/tif_unix.c:1.23->1.24
libtiff/tif_vms.c:1.11->1.12
libtiff/tif_win32.c:1.39->1.40
Index: libtiff/libtiff/tif_unix.c
diff -u libtiff/libtiff/tif_unix.c:1.23 libtiff/libtiff/tif_unix.c:1.24
--- libtiff/libtiff/tif_unix.c:1.23 Fri Jun 1 16:40:59 2012
+++ libtiff/libtiff/tif_unix.c Sun Nov 18 12:51:52 2012
@@ -257,6 +257,9 @@
void*
_TIFFmalloc(tmsize_t s)
{
+ if (s == 0)
+ return ((void *) NULL);
+
return (malloc((size_t) s));
}
++++++ erouault.2856.patch ++++++
---------------------
PatchSet 2856
Date: 2014/12/21 17:15:31
Author: erouault
Branch: HEAD
Tag: (none)
Log:
Fix various crasher bugs on fuzzed images.
* libtiff/tif_dir.c: TIFFSetField(): refuse to set negative values for
TIFFTAG_XRESOLUTION and TIFFTAG_YRESOLUTION that cause asserts when writing
the directory
* libtiff/tif_dirread.c: TIFFReadDirectory(): refuse to read ColorMap or
TransferFunction if BitsPerSample has not yet been read, otherwise reading
it later will cause user code to crash if BitsPerSample > 1
* libtiff/tif_getimage.c: TIFFRGBAImageOK(): return FALSE if LOGLUV with
SamplesPerPixel != 3, or if CIELAB with SamplesPerPixel != 3 or BitsPerSample != 8
* libtiff/tif_next.c: in the "run mode", use tilewidth for tiled images
instead of imagewidth to avoid crash
* tools/bmp2tiff.c: fix crash due to int overflow related to input BMP dimensions
* tools/tiff2pdf.c: fix crash due to invalid tile count (should likely be checked by
libtiff too). Detect invalid settings of BitsPerSample/SamplesPerPixel for CIELAB / ITULAB
* tools/tiffcrop.c: fix crash due to invalid TileWidth/TileHeight
* tools/tiffdump.c: fix crash due to overflow of entry count.
Members:
ChangeLog:1.960->1.961
libtiff/tif_dir.c:1.117->1.118
libtiff/tif_dirread.c:1.180->1.181
libtiff/tif_getimage.c:1.82->1.83
libtiff/tif_next.c:1.13->1.14
tools/bmp2tiff.c:1.23->1.24
tools/tiff2pdf.c:1.77->1.78
tools/tiffcrop.c:1.23->1.24
tools/tiffdump.c:1.28->1.29
Index: libtiff/libtiff/tif_dir.c
diff -u libtiff/libtiff/tif_dir.c:1.117 libtiff/libtiff/tif_dir.c:1.118
--- libtiff/libtiff/tif_dir.c:1.117 Thu Nov 20 11:47:21 2014
+++ libtiff/libtiff/tif_dir.c Sun Dec 21 10:15:31 2014
@@ -160,6 +160,7 @@
TIFFDirectory* td = &tif->tif_dir;
int status = 1;
uint32 v32, i, v;
+ double dblval;
char* s;
const TIFFField *fip = TIFFFindField(tif, tag, TIFF_ANY);
uint32 standard_tag = tag;
@@ -284,10 +285,16 @@
setDoubleArrayOneValue(&td->td_smaxsamplevalue, va_arg(ap, double), td->td_samplesperpixel);
break;
case TIFFTAG_XRESOLUTION:
- td->td_xresolution = (float) va_arg(ap, double);
+ dblval = va_arg(ap, double);
+ if( dblval < 0 )
+ goto badvaluedouble;
+ td->td_xresolution = (float) dblval;
break;
case TIFFTAG_YRESOLUTION:
- td->td_yresolution = (float) va_arg(ap, double);
+ dblval = va_arg(ap, double);
+ if( dblval < 0 )
+ goto badvaluedouble;
+ td->td_yresolution = (float) dblval;
break;
case TIFFTAG_PLANARCONFIG:
v = (uint16) va_arg(ap, uint16_vap);
@@ -694,6 +701,16 @@
va_end(ap);
}
return (0);
+badvaluedouble:
+ {
+ const TIFFField* fip=TIFFFieldWithTag(tif,tag);
+ TIFFErrorExt(tif->tif_clientdata, module,
+ "%s: Bad value %f for \"%s\" tag",
+ tif->tif_name, dblval,
+ fip ? fip->field_name : "Unknown");
+ va_end(ap);
+ }
+ return (0);
}
/*
Index: libtiff/libtiff/tif_dirread.c
diff -u libtiff/libtiff/tif_dirread.c:1.180 libtiff/libtiff/tif_dirread.c:1.181
--- libtiff/libtiff/tif_dirread.c:1.180 Thu Nov 20 11:47:21 2014
+++ libtiff/libtiff/tif_dirread.c Sun Dec 21 10:15:31 2014
@@ -3430,6 +3430,8 @@
const TIFFField* fip;
uint32 fii=FAILED_FII;
toff_t nextdiroff;
+ int bitspersample_read = FALSE;
+
tif->tif_diroff=tif->tif_nextdiroff;
if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff))
return 0; /* last offset or bad offset (IFD looping) */
@@ -3706,6 +3708,8 @@
}
if (!TIFFSetField(tif,dp->tdir_tag,value))
goto bad;
+ if( dp->tdir_tag == TIFFTAG_BITSPERSAMPLE )
+ bitspersample_read = TRUE;
}
break;
case TIFFTAG_SMINSAMPLEVALUE:
@@ -3763,6 +3767,19 @@
uint32 countrequired;
uint32 incrementpersample;
uint16* value=NULL;
+ /* It would be dangerous to instanciate those tag values */
+ /* since if td_bitspersample has not yet been read (due to */
+ /* unordered tags), it could be read afterwards with a */
+ /* values greater than the default one (1), which may cause */
+ /* crashes in user code */
+ if( !bitspersample_read )
+ {
+ fip = TIFFFieldWithTag(tif,dp->tdir_tag);
+ TIFFWarningExt(tif->tif_clientdata,module,
+ "Ignoring %s since BitsPerSample tag not found",
+ fip ? fip->field_name : "unknown tagname");
+ continue;
+ }
countpersample=(1L<<tif->tif_dir.td_bitspersample);
if ((dp->tdir_tag==TIFFTAG_TRANSFERFUNCTION)&&(dp->tdir_count==(uint64)countpersample))
{
Index: libtiff/libtiff/tif_getimage.c
diff -u libtiff/libtiff/tif_getimage.c:1.82 libtiff/libtiff/tif_getimage.c:1.83
--- libtiff/libtiff/tif_getimage.c:1.82 Tue Jun 5 19:17:49 2012
+++ libtiff/libtiff/tif_getimage.c Sun Dec 21 10:15:31 2014
@@ -1,4 +1,4 @@
-/* $Id: tif_getimage.c,v 1.82 2012-06-06 00:17:49 fwarmerdam Exp $ */
+/* $Id: tif_getimage.c,v 1.83 2014-12-21 15:15:31 erouault Exp $ */
/*
* Copyright (c) 1991-1997 Sam Leffler
@@ -182,8 +182,23 @@
"Planarconfiguration", td->td_planarconfig);
return (0);
}
+ if( td->td_samplesperpixel != 3 )
+ {
+ sprintf(emsg,
+ "Sorry, can not handle image with %s=%d",
+ "Samples/pixel", td->td_samplesperpixel);
+ return 0;
+ }
break;
case PHOTOMETRIC_CIELAB:
+ if( td->td_samplesperpixel != 3 || td->td_bitspersample != 8 )
+ {
+ sprintf(emsg,
+ "Sorry, can not handle image with %s=%d and %s=%d",
+ "Samples/pixel", td->td_samplesperpixel,
+ "Bits/sample", td->td_bitspersample);
+ return 0;
+ }
break;
default:
sprintf(emsg, "Sorry, can not handle image with %s=%d",
Index: libtiff/libtiff/tif_next.c
diff -u libtiff/libtiff/tif_next.c:1.13 libtiff/libtiff/tif_next.c:1.14
--- libtiff/libtiff/tif_next.c:1.13 Wed Mar 10 13:56:48 2010
+++ libtiff/libtiff/tif_next.c Sun Dec 21 10:15:32 2014
@@ -102,6 +102,8 @@
default: {
uint32 npixels = 0, grey;
uint32 imagewidth = tif->tif_dir.td_imagewidth;
+ if( isTiled(tif) )
+ imagewidth = tif->tif_dir.td_tilewidth;
/*
* The scanline is composed of a sequence of constant
Index: libtiff/tools/bmp2tiff.c
diff -u libtiff/tools/bmp2tiff.c:1.23 libtiff/tools/bmp2tiff.c:1.24
--- libtiff/tools/bmp2tiff.c:1.23 Wed Mar 10 13:56:49 2010
+++ libtiff/tools/bmp2tiff.c Sun Dec 21 10:15:32 2014
@@ -403,6 +403,13 @@
width = info_hdr.iWidth;
length = (info_hdr.iHeight > 0) ? info_hdr.iHeight : -info_hdr.iHeight;
+ if( width <= 0 || length <= 0 )
+ {
+ TIFFError(infilename,
+ "Invalid dimensions of BMP file" );
+ close(fd);
+ return -1;
+ }
switch (info_hdr.iBitCount)
{
@@ -593,6 +600,14 @@
compr_size = file_hdr.iSize - file_hdr.iOffBits;
uncompr_size = width * length;
+ /* Detect int overflow */
+ if( uncompr_size / width != length )
+ {
+ TIFFError(infilename,
+ "Invalid dimensions of BMP file" );
+ close(fd);
+ return -1;
+ }
comprbuf = (unsigned char *) _TIFFmalloc( compr_size );
if (!comprbuf) {
TIFFError(infilename,
Index: libtiff/tools/tiff2pdf.c
diff -u libtiff/tools/tiff2pdf.c:1.77 libtiff/tools/tiff2pdf.c:1.78
--- libtiff/tools/tiff2pdf.c:1.77 Tue Dec 9 21:53:30 2014
+++ libtiff/tools/tiff2pdf.c Sun Dec 21 10:15:32 2014
@@ -1167,6 +1167,15 @@
if( (TIFFGetField(input, TIFFTAG_PLANARCONFIG, &xuint16) != 0)
&& (xuint16 == PLANARCONFIG_SEPARATE ) ){
TIFFGetField(input, TIFFTAG_SAMPLESPERPIXEL, &xuint16);
+ if( (t2p->tiff_tiles[i].tiles_tilecount % xuint16) != 0 )
+ {
+ TIFFError(
+ TIFF2PDF_MODULE,
+ "Invalid tile count, %s",
+ TIFFFileName(input));
+ t2p->t2p_error = T2P_ERR_ERROR;
+ return;
+ }
t2p->tiff_tiles[i].tiles_tilecount/= xuint16;
}
if( t2p->tiff_tiles[i].tiles_tilecount > 0){
@@ -1552,6 +1561,22 @@
#endif
break;
case PHOTOMETRIC_CIELAB:
+ if( t2p->tiff_samplesperpixel != 3){
+ TIFFError(
+ TIFF2PDF_MODULE,
+ "Unsupported samplesperpixel = %d for CIELAB",
+ t2p->tiff_samplesperpixel);
+ t2p->t2p_error = T2P_ERR_ERROR;
+ return;
+ }
+ if( t2p->tiff_bitspersample != 8){
+ TIFFError(
+ TIFF2PDF_MODULE,
+ "Invalid bitspersample = %d for CIELAB",
+ t2p->tiff_bitspersample);
+ t2p->t2p_error = T2P_ERR_ERROR;
+ return;
+ }
t2p->pdf_labrange[0]= -127;
t2p->pdf_labrange[1]= 127;
t2p->pdf_labrange[2]= -127;
@@ -1567,6 +1592,22 @@
t2p->pdf_colorspace=T2P_CS_LAB;
break;
case PHOTOMETRIC_ITULAB:
+ if( t2p->tiff_samplesperpixel != 3){
+ TIFFError(
+ TIFF2PDF_MODULE,
+ "Unsupported samplesperpixel = %d for ITULAB",
+ t2p->tiff_samplesperpixel);
+ t2p->t2p_error = T2P_ERR_ERROR;
+ return;
+ }
+ if( t2p->tiff_bitspersample != 8){
+ TIFFError(
+ TIFF2PDF_MODULE,
+ "Invalid bitspersample = %d for ITULAB",
+ t2p->tiff_bitspersample);
+ t2p->t2p_error = T2P_ERR_ERROR;
+ return;
+ }
t2p->pdf_labrange[0]=-85;
t2p->pdf_labrange[1]=85;
t2p->pdf_labrange[2]=-75;
Index: libtiff/tools/tiffcrop.c
diff -u libtiff/tools/tiffcrop.c:1.23 libtiff/tools/tiffcrop.c:1.24
--- libtiff/tools/tiffcrop.c:1.23 Sun Dec 7 17:33:06 2014
+++ libtiff/tools/tiffcrop.c Sun Dec 21 10:15:32 2014
@@ -1205,9 +1205,10 @@
tsize_t tilesize = TIFFTileSize(out);
unsigned char *tilebuf = NULL;
- TIFFGetField(out, TIFFTAG_TILELENGTH, &tl);
- TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw);
- TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
+ if( !TIFFGetField(out, TIFFTAG_TILELENGTH, &tl) ||
+ !TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw) ||
+ !TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps) )
+ return 1;
tile_buffsize = tilesize;
if (tilesize < (tsize_t)(tl * tile_rowsize))
Index: libtiff/tools/tiffdump.c
diff -u libtiff/tools/tiffdump.c:1.28 libtiff/tools/tiffdump.c:1.29
--- libtiff/tools/tiffdump.c:1.28 Sat Dec 6 10:58:44 2014
+++ libtiff/tools/tiffdump.c Sun Dec 21 10:15:32 2014
@@ -374,6 +374,8 @@
void* datamem;
uint64 dataoffset;
int datatruncated;
+ int datasizeoverflow;
+
tag = *(uint16*)dp;
if (swabflag)
TIFFSwabShort(&tag);
@@ -412,13 +414,14 @@
else
typewidth = datawidth[type];
datasize = count*typewidth;
+ datasizeoverflow = (typewidth > 0 && datasize / typewidth != count);
datafits = 1;
datamem = dp;
dataoffset = 0;
datatruncated = 0;
if (!bigtiff)
{
- if (datasize>4)
+ if (datasizeoverflow || datasize>4)
{
uint32 dataoffset32;
datafits = 0;
@@ -432,7 +435,7 @@
}
else
{
- if (datasize>8)
+ if (datasizeoverflow || datasize>8)
{
datafits = 0;
datamem = NULL;
@@ -442,7 +445,7 @@
}
dp += sizeof(uint64);
}
- if (datasize>0x10000)
+ if (datasizeoverflow || datasize>0x10000)
{
datatruncated = 1;
count = 0x10000/typewidth;
++++++ erouault.2857.patch ++++++
---------------------
PatchSet 2857
Date: 2014/12/21 18:28:37
Author: erouault
Branch: HEAD
Tag: (none)
Log:
* tools/tiffcp.c: fix crash when converting YCbCr JPEG-compressed to none.
Based on patch by Tomasz Buchert (http://bugzilla.maptools.org/show_bug.cgi?id=2480)
Description: fix for Debian bug #741451
tiffcp crashes when converting JPEG-encoded TIFF to a different
encoding (like none or lzw). For example this will probably fail:
tiffcp -c none jpeg_encoded_file.tif output.tif
The reason is that when the input file contains JPEG data,
the tiffcp code forces conversion to RGB space. However,
the output normally inherits YCbCr subsampling parameters
from the input, which leads to a smaller working buffer
than necessary. The buffer is subsequently overrun inside
cpStripToTile() (called from writeBufferToContigTiles).
Note that the resulting TIFF file would be scrambled even
if tiffcp wouldn't crash, since the output file would contain
RGB data intepreted as subsampled YCbCr values.
This patch fixes the problem by forcing RGB space on the output
TIF if the input is JPEG-encoded and output is *not* JPEG-encoded.
Author: Tomasz Buchert
From ChangeLog:
* test/raw_decode.c (main): Test fixes to work with IJG JPEG 7+. IJG JPEG 7+ uses a different upsampling algorithm which produces different numeric results. this seems not apply for libjpeg-turbo. Sent to tiff@lists.maptools.org on 2012-11-05. Index: tiff-4.0.3/test/raw_decode.c =================================================================== --- tiff-4.0.3.orig/test/raw_decode.c +++ tiff-4.0.3/test/raw_decode.c @@ -191,7 +191,7 @@ main(int argc, char **argv) return 1; } -#if JPEG_LIB_VERSION >= 70 +#if JPEG_LIB_VERSION >= 70 && !defined(LIBJPEG_TURBO_VERSION) pixel_status |= check_rgb_pixel( 0, 18, 0, 41, buffer ); pixel_status |= check_rgb_pixel( 64, 0, 0, 0, buffer ); pixel_status |= check_rgb_pixel( 512, 5, 34, 196, buffer ); @@ -224,7 +224,7 @@ main(int argc, char **argv) * accomplish it from the YCbCr subsampled buffer ourselves in which * case the results may be subtly different but similar. */ -#if JPEG_LIB_VERSION >= 70 +#if JPEG_LIB_VERSION >= 70 && !defined(LIBJPEG_TURBO_VERSION) pixel_status |= check_rgba_pixel( 0, 18, 0, 41, 255, rgba_buffer ); pixel_status |= check_rgba_pixel( 64, 0, 0, 0, 255, rgba_buffer ); pixel_status |= check_rgba_pixel( 512, 5, 34, 196, 255, rgba_buffer ); ++++++ tiff-4.0.3-tiff2pdf-colors.patch ++++++ diff -urN tiff-4.0.1.orig/tools/tiff2pdf.c tiff-4.0.1/tools/tiff2pdf.c --- tiff-4.0.1.orig/tools/tiff2pdf.c 2012-03-29 01:03:15.656848587 +0800 +++ tiff-4.0.1/tools/tiff2pdf.c 2012-03-29 01:03:27.591699381 +0800 @@ -4991,7 +4991,7 @@ if(t2p->tiff_photometric != PHOTOMETRIC_YCBCR) { written += t2pWriteFile(output, (tdata_t) "/DecodeParms ", 13); - written += t2pWriteFile(output, (tdata_t) "<< /ColorTransform 0 >>\n", 24); + written += t2pWriteFile(output, (tdata_t) "<< /ColorTransform 1 >>\n", 24); } break; #endif ++++++ tiff-dither-malloc-check.patch ++++++ Index: tools/tiffdither.c =================================================================== --- tools/tiffdither.c.orig 2015-02-18 13:06:47.972867055 +0100 +++ tools/tiffdither.c 2015-02-18 13:12:03.759562692 +0100 @@ -77,6 +77,11 @@ outlinesize = TIFFScanlineSize(out); outline = (unsigned char *) _TIFFmalloc(outlinesize); + if (! (inputline && thisline && nextline && outline)) { + fprintf(stderr, "Out of memory.\n"); + return; + } + /* * Get first line */ ++++++ tiff-handle-TIFFTAG_CONSECUTIVEBADFAXLINES.patch ++++++ Index: libtiff/tif_dirinfo.c =================================================================== --- libtiff/tif_dirinfo.c.orig 2015-02-20 10:55:07.511497649 +0100 +++ libtiff/tif_dirinfo.c 2015-02-20 18:25:36.187965859 +0100 @@ -141,6 +141,7 @@ { TIFFTAG_FAXDCS, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_ASCII, TIFF_SETGET_ASCII, FIELD_CUSTOM, TRUE, FALSE, "FaxDcs", NULL }, { TIFFTAG_STONITS, 1, 1, TIFF_DOUBLE, 0, TIFF_SETGET_DOUBLE, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "StoNits", NULL }, { TIFFTAG_INTEROPERABILITYIFD, 1, 1, TIFF_IFD8, 0, TIFF_SETGET_UNDEFINED, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "InteroperabilityIFDOffset", NULL }, + { TIFFTAG_CONSECUTIVEBADFAXLINES, 1, 1, TIFF_LONG, 0, TIFF_SETGET_UINT32, TIFF_SETGET_UINT32, FIELD_CUSTOM, TRUE, FALSE, "ConsecutiveBadFaxLines", NULL }, /* begin DNG tags */ { TIFFTAG_DNGVERSION, 4, 4, TIFF_BYTE, 0, TIFF_SETGET_C0_UINT8, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DNGVersion", NULL }, { TIFFTAG_DNGBACKWARDVERSION, 4, 4, TIFF_BYTE, 0, TIFF_SETGET_C0_UINT8, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DNGBackwardVersion", NULL }, ++++++ tiff-handle-TIFFTAG_PREDICTOR.patch ++++++ Index: libtiff/tif_dirinfo.c =================================================================== --- libtiff/tif_dirinfo.c.orig 2015-02-20 18:38:55.798039584 +0100 +++ libtiff/tif_dirinfo.c 2015-02-20 18:58:50.474095885 +0100 @@ -142,6 +142,7 @@ { TIFFTAG_STONITS, 1, 1, TIFF_DOUBLE, 0, TIFF_SETGET_DOUBLE, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "StoNits", NULL }, { TIFFTAG_INTEROPERABILITYIFD, 1, 1, TIFF_IFD8, 0, TIFF_SETGET_UNDEFINED, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "InteroperabilityIFDOffset", NULL }, { TIFFTAG_CONSECUTIVEBADFAXLINES, 1, 1, TIFF_LONG, 0, TIFF_SETGET_UINT32, TIFF_SETGET_UINT32, FIELD_CUSTOM, TRUE, FALSE, "ConsecutiveBadFaxLines", NULL }, + { TIFFTAG_PREDICTOR, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UINT16, FIELD_CUSTOM, FALSE, FALSE, "Predictor", NULL }, /* begin DNG tags */ { TIFFTAG_DNGVERSION, 4, 4, TIFF_BYTE, 0, TIFF_SETGET_C0_UINT8, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DNGVersion", NULL }, { TIFFTAG_DNGBACKWARDVERSION, 4, 4, TIFF_BYTE, 0, TIFF_SETGET_C0_UINT8, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DNGBackwardVersion", NULL }, -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de