Revisions of tiff
Marco Strigl (mstrigl)
committed
(revision 2)
jsc#PED-6641 The following patches are dropped because the CVEs are fixed in version upgrades tiff-CVE-2018-18557.patch tiff-CVE-2018-18661.patch tiff-CVE-2019-14973.patch tiff-CVE-2019-17546.patch tiff-CVE-2020-19131.patch tiff-CVE-2020-35521,CVE-2020-35522.patch tiff-CVE-2020-35523.patch tiff-CVE-2020-35524.patch tiff-CVE-2022-0561,CVE-2022-34266.patch tiff-CVE-2022-22844.patch The CVE names are mentioned in the corrsponding version upgrades changelog. - Update to version 4.6.0: * API/ABI breaks: none * WebP decoder: validate WebP blob width, height, band count against TIFF parameters to avoid use of uninitialized variable, or decoding corrupted content without explicit error (fixes issue #581, issue #582). * WebP codec: turn exact mode when creating lossless files to avoid altering R,G,B values in areas where alpha=0 * Fix TransferFunction writing of only two transfer functions. * TIFFReadDirectoryCheckOrder: avoid integer overflow. When it occurs, it should be harmless in practice though * tiffcp: remove -i option (ignore errors) * This version removes a big number of utilities that have suffered from lack of maintenance over the years and were the source of various reported security issues: + fax2ps + fax2tiff + pal2rgb + ppm2tiff + raw2tiff + rgb2ycbcr + thumbnail + tiff2bw + tiff2rgba + tiffcmp + tiffcrop + tiffdither + tiffgt + tiffmedian + tiff2ps + tiff2pdf
Marco Strigl (mstrigl)
committed
(revision 1)
initialize package
Displaying all 2 revisions