File tiff.changes of Package tiff.943
-------------------------------------------------------------------
Wed Jul 1 07:17:13 UTC 2015 - pgajdos@suse.com
- update to 4.0.4
D tiff-4.0.3-double-free.patch
D tiff-handle-TIFFTAG_CONSECUTIVEBADFAXLINES.patch
D tiff-4.0.3-CVE-2013-1961.patch
D erouault.2862.patch
D bfriesen.2805.patch
D tiff-4.0.3-CVE-2013-4232.patch
D tiff-4.0.3-CVE-2013-4244.patch
D erouault.2861.patch
D erouault.2857.patch
D erouault.2856.patch
D erouault.2859.patch
D tiff-4.0.3-CVE-2012-4564.patch
D tiff-4.0.3-tiff2pdf-colors.patch
D erouault.2876.patch
D erouault.2860.patch
D tiff-dither-malloc-check.patch
D tiff-4.0.3-CVE-2013-1960.patch
D erouault.2858.patch
D tiff-handle-TIFFTAG_PREDICTOR.patch
D tiff-4.0.3-CVE-2013-4231.patch
D tiff-4.0.3-CVE-2013-4243.patch
D erouault.2863.patch
D tiff-4.0.3-test-jpeg-turbo.patch
-------------------------------------------------------------------
Thu Feb 26 13:58:54 UTC 2015 - pgajdos@suse.com
- security update: CVE-2014-9655, CVE-2014-8127, CVE-2014-8128,
CVE-2014-8129, CVE-2014-8130, CVE-2015-1547
bnc#914890, bnc#916925, bnc#916927
+ erouault.2856.patch
+ erouault.2857.patch
+ erouault.2858.patch
+ erouault.2859.patch
+ erouault.2860.patch
+ erouault.2861.patch
+ erouault.2862.patch
+ erouault.2863.patch
+ erouault.2876.patch
+ bfriesen.2805.patch
+ tiff-handle-TIFFTAG_CONSECUTIVEBADFAXLINES.patch
+ tiff-handle-TIFFTAG_PREDICTOR.patch
+ tiff-dither-malloc-check.patch
-------------------------------------------------------------------
Mon Dec 22 19:58:43 UTC 2014 - meissner@suse.com
- build with PIE
-------------------------------------------------------------------
Wed Aug 21 12:57:57 UTC 2013 - pgajdos@suse.com
- security update
* CVE-2013-4232.patch [bnc#834477]
* CVE-2013-4231.patch [bnc#834477]
* CVE-2013-4244.patch [bnc#834788]
* CVE-2013-4243.patch [bnc#834779]
-------------------------------------------------------------------
Wed Jun 26 10:48:50 UTC 2013 - pgajdos@suse.com
- tiff2pdf: introduced warning when the compression isn't lzw or
none [bnc#819142]
- tiff2pdf: fixed crash [bnc#821872]
-------------------------------------------------------------------
Tue Apr 30 13:20:50 UTC 2013 - pgajdos@suse.com
- security update
* CVE-2013-1961.patch [bnc#818117]
* CVE-2013-1960.patch [bnc#817573]
-------------------------------------------------------------------
Fri Apr 5 10:23:51 UTC 2013 - idonmez@suse.com
- Add Source URL, see https://en.opensuse.org/SourceUrls
-------------------------------------------------------------------
Mon Nov 5 09:27:59 UTC 2012 - pgajdos@suse.com
- updated to 4.0.3:
* Add some TIFF/FX support in libtiff.
* Fix bug rewriting image tiles in a compressed file.
* Fix read past end of data buffer.
* etc., see ChangeLog
- removed upstreamed patches:
* bigendian.patch
* dont-fancy-upsampling.patch
* CVE-2012-3401.patch
- new patch:
* test-jpeg-turbo.patch
* CVE-2012-4564.patch [bnc#787892]
-------------------------------------------------------------------
Mon Jul 23 09:52:50 UTC 2012 - pgajdos@suse.com
- fixed CVE-2012-3401 [bnc#770816]
-------------------------------------------------------------------
Thu Jun 28 10:16:29 UTC 2012 - meissner@suse.com
- RGBA is packed in host order, use the right macros to unpack
and verify in raw_decode test.
-------------------------------------------------------------------
Wed Jun 20 09:29:37 UTC 2012 - pgajdos@suse.com
- updated to 4.0.2: [bnc#767852] [bnc#767854]
tif_getimage.c: added support for _SEPARATED CMYK images.
tif_getimage.c: Added support for greyscale + alpha.
Added TIFFCreateCustomDirectory() and TIFFCreateEXIFDirectory() functions.
tif_print.c: Lots of fixes around printing corrupt or hostile input.
Improve handling of corrupt ycbcrsubsampling values.
tif_unix.c: use strerror to get meaningful error messages.
tif_jpeg.c: fix serious bugs in JPEGDecodeRaw().
tif_jpeg.c: Fix size overflow (zdi-can-1221,CVE-2012-1173).
tiff2pdf: Defend against integer overflows while calculating required
buffer sizes (CVE-2012-2113).
-------------------------------------------------------------------
Tue Apr 10 17:37:25 UTC 2012 - brian@aljex.com
- Fix building on older targets from SUSE 10.0 to current.
- Add jbig support
-------------------------------------------------------------------
Thu Mar 29 09:51:49 UTC 2012 - idonmez@suse.com
- Add lzma support
- Implement %check
- Drop visibility patch because it breaks compilation
-------------------------------------------------------------------
Wed Mar 28 18:06:34 UTC 2012 - i@marguerite.su
- change package name libtiff4 to libtiff5.
library number is 5 actually.
-------------------------------------------------------------------
Wed Mar 28 17:29:16 UTC 2012 - i@marguerite.su
- Update to 4.0.1
* configure.ac
- Add libtiff private dependency on -llzma for pkg-config
- Add support for using library symbol versioning on
ELF systems with the GNU linker.
* libtiff/tif_win32.c: Eliminate some minor 64-bit warnings in
tif_win32.c
* libtiff/tif_jpeg.c: Extra caution for case where sp is NULL.
* libtiff/tif_dir.c, libtiff/tif_dirread.c: Extra caution around
assumption tag fetching is always successful.
* libtiff/tiffio.h: Use double-underbar syntax in GCC printf
attribute specification to lessen the risk of accidental macro
substitution.
* Update automake used to 1.11.3.
-------------------------------------------------------------------
Wed Mar 28 12:12:23 UTC 2012 - cfarrell@suse.com
- license update: HPND
tiff license most akin to spdx recognised
http://www.spdx.org/licenses/HPND
-------------------------------------------------------------------
Tue Jan 10 01:21:45 UTC 2012 - crrodriguez@opensuse.org
- remove libjpeg-devel and zlib-devel from libtiff-devel
requires as they are _not_ required to use the library.
Now, this _will_ break packages with wrong buildrequires
for good.
-------------------------------------------------------------------
Tue Jan 10 00:55:53 UTC 2012 - crrodriguez@opensuse.org
- Hide private symbols using gcc visibility, this has been
applied only to functions that the source code clearly states
that are internal to the library.
- Run spec cleaner
-------------------------------------------------------------------
Wed Nov 23 09:31:16 UTC 2011 - coolo@suse.com
- add libtool as buildrequire to avoid implicit dependency
-------------------------------------------------------------------
Fri Aug 5 21:09:33 UTC 2011 - crrodriguez@opensuse.org
- Do not use -fno-strict-aliasing, no longer needed
and will probably slow down the code.
- Fix self-obsoletion warning
-------------------------------------------------------------------
Thu Apr 14 14:02:12 CEST 2011 - pgajdos@suse.cz
- updated to 3.9.5:
* fixed integer overflow CVE-2010-4665
* fixed buffer overflow in ojpeg decoder
* upstreamed:
- oob-read.patch
- CVE-2011-0192.patch
- getimage-64bit.patch
- CVE-2011-1167.patch
- scanlinesize.patch
-------------------------------------------------------------------
Thu Mar 31 21:49:49 CEST 2011 - pgajdos@suse.cz
- fixed regression caused by previous update [bnc#682871]
* modified CVE-2011-0192.patch
- fixed buffer overflow in thunder decoder [bnc#683337]
* added CVE-2011-1167.patch
-------------------------------------------------------------------
Thu Feb 17 15:40:54 CET 2011 - pgajdos@suse.cz
- fixed buffer overflow [bnc#672510]
* CVE-2011-0192.patch
-------------------------------------------------------------------
Mon Sep 6 14:56:09 CEST 2010 - pgajdos@suse.cz
- fixed "Possibly exploitable memory corruption issue in libtiff"
(see http://bugzilla.maptools.org/show_bug.cgi?id=2228)
[bnc#624215]
* scanlinesize.patch
- fixed crash while using libjpeg7 and higher
* dont-fancy-upsampling.patch
-------------------------------------------------------------------
Mon Jul 12 16:36:48 CEST 2010 - pgajdos@suse.cz
- updated to 3.9.4: fixes CVE-2010-2065 -- obsoletes
* integer-overflow.patch
* NULL-deref.patch
- fixes CVE-2010-2067
-------------------------------------------------------------------
Wed Jun 23 10:32:01 CEST 2010 - pgajdos@suse.cz
- fixed CVE-2010-2065
* integer-overflow.patch
* NULL-deref.patch
- fixed out of bounds read
* oob-read.patch
- fixed CVE-2010-2233
* getimage-64bit.patch
- [bnc#612879]
-------------------------------------------------------------------
Mon Apr 26 15:07:09 CEST 2010 - pgajdos@suse.cz
- fixed tiff2pdf output [bnc#599475]
-------------------------------------------------------------------
Fri Mar 26 08:49:41 UTC 2010 - pgajdos@suse.cz
- fixed typo
-------------------------------------------------------------------
Tue Mar 16 13:37:23 CET 2010 - pgajdos@suse.cz
- updated to 3.9.2: fixed many CVE's and obsoletes almost all
our patches (see ChangeLog for details)
-------------------------------------------------------------------
Tue Dec 15 19:38:18 CET 2009 - jengelh@medozas.de
- add baselibs.conf as a source
- enable parallel building
-------------------------------------------------------------------
Thu Aug 6 14:02:07 CEST 2009 - pgajdos@suse.cz
- fixed integer overflows [bnc#519796]
* CVE-2009-2347.patch
-------------------------------------------------------------------
Thu Jul 2 16:33:02 CEST 2009 - nadvornik@suse.cz
- fixed lzw overflow CVE-2009-2285 [bnc#518698]
-------------------------------------------------------------------
Wed Feb 4 15:49:04 CET 2009 - nadvornik@suse.cz
- fixed an endless loop on invalid images
(bnc#444079) CVE-2008-1586
-------------------------------------------------------------------
Tue Jan 13 16:19:37 CET 2009 - olh@suse.de
- obsolete old libtiff-64bit on ppc64 (bnc#437293)
-------------------------------------------------------------------
Wed Jan 7 12:34:56 CET 2009 - olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
-------------------------------------------------------------------
Sun Sep 7 11:24:56 CEST 2008 - schwab@suse.de
- Fix conflicting options.
-------------------------------------------------------------------
Tue Aug 19 17:45:10 CEST 2008 - nadvornik@suse.cz
- fixed buffer overflows in LZW code (CVE-2008-2327) [bnc#414946]
-------------------------------------------------------------------
Sun May 18 10:37:18 CEST 2008 - coolo@suse.de
- fix rename of xxbit packages
-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
-------------------------------------------------------------------
Fri Jul 27 15:58:49 CEST 2007 - ro@suse.de
- add provides and obsoletes for libtiff to libtiff3 package
-------------------------------------------------------------------
Thu Jul 19 15:01:40 CEST 2007 - nadvornik@suse.cz
- renamed libtiff to libtiff3
- do not package static libraries
- added zlib-devel to BuildRequires
-------------------------------------------------------------------
Mon Jun 12 13:40:43 CEST 2006 - nadvornik@suse.cz
- fixed a typo in the previous change [#179051]
-------------------------------------------------------------------
Fri Jun 2 17:17:55 CEST 2006 - nadvornik@suse.cz
- fixed buffer overflow in tiffsplit (CVE-2006-2656) [#179051]
- fixed buffer overflow in tiff2pdf [#179587]
-------------------------------------------------------------------
Wed Apr 12 11:01:27 CEST 2006 - nadvornik@suse.cz
- updated to 3.8.2 [#165237]
* bugfix release
* fixed several segfaults caused by incorrect tiff data
-------------------------------------------------------------------
Tue Feb 7 15:09:45 CET 2006 - nadvornik@suse.cz
- fixed crash on certain tiff images CVE-2006-0405 [#145757]
-------------------------------------------------------------------
Wed Jan 25 21:31:02 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Thu Jan 12 16:32:23 CET 2006 - nadvornik@suse.cz
- compile with -fstack-protector
-------------------------------------------------------------------
Tue Jan 3 15:01:35 CET 2006 - nadvornik@suse.cz
- updated to 3.8.0:
* Read-only support for custom directories (e.g. EXIF directory)
* Preliminary support for MS MDI format
-------------------------------------------------------------------
Mon Oct 10 15:13:48 CEST 2005 - nadvornik@suse.cz
- built with -fno-strict-aliasing
-------------------------------------------------------------------
Fri Jul 15 15:35:41 CEST 2005 - nadvornik@suse.cz
- updated to 3.7.3
-------------------------------------------------------------------
Tue May 24 17:13:51 CEST 2005 - nadvornik@suse.cz
- updated to 3.7.2
- fixed 64bit bug in ppm2tiff [#85440]
- fixed buffer overflow in BitsPerSample [#82787]
-------------------------------------------------------------------
Thu Feb 17 13:38:57 CET 2005 - nadvornik@suse.cz
- fixed reading of alpha channel
-------------------------------------------------------------------
Sun Jan 16 20:05:53 CET 2005 - ro@suse.de
- added c++ to neededforbuild
-------------------------------------------------------------------
Fri Jan 7 15:41:40 CET 2005 - nadvornik@suse.cz
- use typedef int int32 on all architectures
-------------------------------------------------------------------
Wed Jan 05 15:42:09 CET 2005 - nadvornik@suse.cz
- disabled c++ API as it would add a dependency on c++ libraries
-------------------------------------------------------------------
Mon Jan 03 17:50:47 CET 2005 - nadvornik@suse.cz
- updated to 3.7.1: bugfix release
-------------------------------------------------------------------
Wed Dec 15 21:04:47 CET 2004 - nadvornik@suse.cz
- added README.SUSE pointing to the documentation [#48601]
- moved man3 to devel subpackage
-------------------------------------------------------------------
Fri Oct 22 18:38:53 CEST 2004 - nadvornik@suse.cz
- updated to 3.7.0 - security fixes are included in mainstream
-------------------------------------------------------------------
Wed Oct 20 09:59:41 CEST 2004 - meissner@suse.de
- Initialize ycbcrsubsampling to be not 0 in case
of bad tiffs to avoid denial of service by divison/0.
-------------------------------------------------------------------
Tue Oct 12 15:20:16 CEST 2004 - nadvornik@suse.cz
- do not call TIFFTileSize with uninitialized values [#44635]
-------------------------------------------------------------------
Thu Oct 07 18:44:29 CEST 2004 - pmladek@suse.cz
- fixed much more buffer overflows (the older tiff-alt-bound-CheckMalloc.patch
is included in the new libtiff-3.6.1-alt-bound.patch now) [#44635]
-------------------------------------------------------------------
Thu Sep 30 18:33:05 CEST 2004 - nadvornik@suse.cz
- fixed more buffer overflows [#44635]
-------------------------------------------------------------------
Tue Sep 21 17:47:00 CEST 2004 - nadvornik@suse.cz
- fixed multiple buffer overflows - CAN-2004-0803 [#44635]
- disabled old jpeg support because of security problems [#45116]
-------------------------------------------------------------------
Tue Aug 31 16:23:04 CEST 2004 - nadvornik@suse.cz
- added LZW support
-------------------------------------------------------------------
Wed Aug 25 13:39:39 CEST 2004 - kukuk@suse.de
- Create -devel subpackage
- Add libjpeg-devel to neededforbuild
- Avoid /bin/sh in PreRequires
-------------------------------------------------------------------
Fri Jul 2 16:10:10 CEST 2004 - max@suse.de
- port.h is needed as well.
-------------------------------------------------------------------
Thu May 6 17:08:54 CEST 2004 - max@suse.de
- Install private headers (tif_dir.h, tiffiop.h).
-------------------------------------------------------------------
Tue Apr 27 16:42:03 CEST 2004 - nadvornik@suse.cz
- fixed tif_fax3 from cvs [#39515]
-------------------------------------------------------------------
Mon Feb 09 12:27:05 CET 2004 - nadvornik@suse.cz
- updated to 3.6.1
- fixed dangerous compiler warnings
-------------------------------------------------------------------
Sat Jan 10 20:14:17 CET 2004 - adrian@suse.de
- add %defattr and %run_ldconfig
-------------------------------------------------------------------
Wed May 21 01:06:35 CEST 2003 - ro@suse.de
- remove cvs subdirs
-------------------------------------------------------------------
Sat Jul 27 14:15:49 CEST 2002 - kukuk@suse.de
- Provide libtiff-devel in libtiff [Bug #17260]
-------------------------------------------------------------------
Fri Jul 26 21:37:50 CEST 2002 - adrian@suse.de
- fix neededforbuild
-------------------------------------------------------------------
Wed Jul 3 13:41:23 CEST 2002 - nadvornik@suse.cz
- fixed segfault in fax2tiff [bug #16818]
- fixed size of int32 on 64bit architectures
-------------------------------------------------------------------
Wed Jun 26 01:25:38 CEST 2002 - ro@suse.de
- fixed directory permissions
-------------------------------------------------------------------
Wed Jun 19 12:35:20 CEST 2002 - nadvornik@suse.cz
- compiled with OJPEG_SUPPORT [bug #16408]
-------------------------------------------------------------------
Thu Apr 18 23:05:34 CEST 2002 - kukuk@suse.de
- Fix to compile on lib64 architectures
-------------------------------------------------------------------
Wed Feb 6 14:48:39 CET 2002 - coolo@suse.de
- use %_libdir
-------------------------------------------------------------------
Thu Jan 24 11:53:02 CET 2002 - okir@suse.de
- Fixed a tempfile race in fax2ps
-------------------------------------------------------------------
Tue Dec 11 12:24:47 CET 2001 - nadvornik@suse.cz
- updated to 3.5.7: bugfix release
-------------------------------------------------------------------
Wed May 9 22:09:18 CEST 2001 - mfabian@suse.de
- bzip2 sources
-------------------------------------------------------------------
Thu Mar 15 19:11:58 CET 2001 - schwab@suse.de
- Fix for ia64.
-------------------------------------------------------------------
Fri May 26 16:16:59 CEST 2000 - bubnikv@suse.cz
- sorted
-------------------------------------------------------------------
Thu May 25 10:55:25 CEST 2000 - schwab@suse.de
- Fix dso configure check for ia64.
-------------------------------------------------------------------
Thu May 11 09:41:12 CEST 2000 - nadvornik@suse.cz
- update to 3.5.5
- added BuildRoot
-------------------------------------------------------------------
Tue Jan 25 17:12:06 CET 2000 - ro@suse.de
- manpages to /usr/share using macro
-------------------------------------------------------------------
Mon Jan 3 15:10:55 CET 2000 - schwab@suse.de
- Update to 3.5.4 (Y2K fix)
-------------------------------------------------------------------
Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de
- ran old prepare_spec on spec file to switch to new prepare_spec.
-------------------------------------------------------------------
Wed Jan 13 18:07:04 MET 1999 - ro@suse.de
- respect systems where libc is libc.so.6.1 (alpha)
-------------------------------------------------------------------
Wed Nov 25 17:56:05 MET 1998 - ro@suse.de
- update to 3.4 (final) named 3.4.final for rpm
- moved from /usr/X11R6 to /usr
-------------------------------------------------------------------
Wed Jul 29 19:01:00 MEST 1998 - werner@suse.de
- Link shared libs explicit with -lc
-------------------------------------------------------------------
Tue May 12 18:22:27 MEST 1998 - ro@suse.de
- extracted package from libgr / build from own sources
