ALT Linux repos
S: | 4.4.0-alt4 |
5.0: | 3.8.2-alt3 |
4.1: | 3.8.2-alt2.M41.4 |
4.0: | 3.8.2-alt2 |
+updates: | 3.8.2-alt2 |
3.0: | 3.7.2-alt5 |
Group :: System/Libraries
RPM: libtiff
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
7 june 2023 Vladimir D. Seleznev <vseleznv at altlinux.org> 4.4.0-alt4
- Built without libjbig support (closes: #46425).
- spec: fixed url (closes: #43644).
- Built with exported TIFFSetCompressionScheme and _TIFFgetMode syms (are
needed for tcl-img-1.4.14).
- Applied SUSE patches (fixed tiff-CVE-2022-2056, CVE-2022-2057, CVE-2022-2058,
CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-3597, CVE-2022-3598,
CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970 and
CVE-2022-34526) (closes #44499).
- Updated to v4.4.0.
- Dropped removed symbols from libtiff.sym.
- Rebuilt with libdeflate support.
- Updated to v4.3.0.
- Updated to v4.2.0 (fixed CVE-2020-35521, CVE-2020-35522, CVE-2020-35523 and
CVE-2020-35524).
- Updated to 4.1.0 (fixed CVE-2019-17546).
- Dropped tiff-CVE-2018-12900.patch.
- Updated to v4.0.10-93-g91480d3d.
- Updated to v4.0.10-57-gf9fc01c3 (ALT #36575, #34677).
- Applied SUSE patches:
+ tiff-4.0.3-seek.patch;
+ tiff-4.0.3-compress-warning.patch;
+ tiff-CVE-2018-12900.patch. - Built with support of:
+ libjbig;
+ libwebp;
+ libzstd. - Fixes:
+ CVE-2012-4564 Zero size buffer exploit in ppm2tiff;
+ CVE-2013-1960 Heap-based buffer overflow in the t2p_process_jpeg_strip();
+ CVE-2013-4232 Use-after-free vulnerability in the t2p_readwrite_pdf_image();
+ CVE-2013-4243 Heap-based buffer overflow in the readgifimage();
+ CVE-2013-4244 DoS or possible RCE via crafted GIF image;
+ CVE-2014-8127 Out-of-bounds read with malformed TIFF image in multiple tool;
+ CVE-2014-8129 Out-of-bounds read/write with malformed TIFF image in tiff2pdf;
+ CVE-2014-8130 Divide-by-zero error in _TIFFmalloc();
+ CVE-2014-9330 Integer overflow in tif_packbits.c in bmp2tif;
+ CVE-2015-8870 Integer overflow in tools/bmp2tiff.c (DoS or information leak);
+ CVE-2018-5360 Heap-based buffer overflow in the ReadTIFFImage().
- Updated to Release-v4-0-3.
- Updated to Release-v4-0-2-21-g8520941.
- Renamed: libtiff -> libtiff5, libtiffxx -> libtiffxx5.
- Updated to Release-v3-9-6-8-g0f67777
(fixes CVE-2012-2113 CVE-2012-2088 CVE-2012-3401).
- Fixed build with ld --no-copy-dt-needed-entries.
- Updated to Release-v3-9-6-1-gc8ae292 (fixes CVE-2012-1173).
- Packaged libtiffxx (closes #25913).
- Updated to Release-v3-9-5 (fixes CVE-2011-1167).
- Updated to Release-v3-9-4-52-ga97ddb9
(fixes CVE-2010-3087 CVE-2010-2595 CVE-2011-0192).
- Rebuilt for debuginfo.
- Rebuilt for soname set-versions.
- Updated to Release-v3-9-4-20-g52cc6cb.
- Exported 6 more symbols needed by libfaxserver.
- Updated to Release-v3-9-4-15-gc603c15 (closes: #22115).
- Merged patches from Debian and Fedora libtiff packages.
- Restricted list of global symbols exported by the library.
- tiff2rgba, rgb2ycbcr: Fixed potential integer overflows in
buffer size calculations (CVE-2009-2347; closes: #20774).
- Backported fix for buffer underflow bug in LZWDecodeCompat (closes: #20528).
- Removed obsolete %post_ldconfig/%postun_ldconfig calls.
- Applied patches from Drew Yao of Apple Product Security to fix
potential buffer underflow in the LZW decoder (CVE-2008-2327).
- Updated to 3.8.2.
- Imported patches from Debian and FC.
- Updated build dependencies.
- Updated to 3.7.4.
- Updated patches.
- Replaced my quick fix with upstream fix.
- Fixed one more potential heap overflow bug.
- Packaged tiffgt utility in separate subpackage (#6391).
- Backported fix for alpha channel handling in tiff2pdf.
- Updated to 3.7.2 release.
- Removed merged upstream patches.
- Fixed regression in TIFFRGBAImageBegin.
- Fixed potential crash in tiffdump(1).
- Updated to 3.7.1 release.
- Removed merged upstream patches.
- Check for invalid YCbCr subsampling.
- tiffset(1): minor fixes.
- Updated to 3.7.0 release.
- Updated to cvs snapshot 20041011.
- Fixed regression introduced in 3.6.1-alt4.
- Updated to cvs snapshot 20041010.
- Removed merged upstream patches.
- Updated to 3.7.0beta2.
- Reviewed patches again, since most of them are already applied.
- Fixed numerous problems related to memory management.
- Backported upstream fixes for several buffer overrun bugs,
reported by Chris Evans.
- Fixed issues which cause compilation warnings.
- 3.5.7 -> 3.6.1
- changed SONAME to reflect ABI changes (debian bug #236247)
- enabled LZW compression (libtiff-lzw-compression-kit-1.5)
- enforced strict dependencies between subpackages
- removed obsolete patches
- reworked build and install scriplets
- static library not packaged by default
- fix building in hasher
- fix fax2tiff crash
- Rebuild with gcc3
- 3.5.7
- patches from RedHat
- rebuild
- Fixed config and install.
- Split into libtiff, libtiff-utils and libtiff-devel.
- RE adaptions.
- 3.5.5
- Removed obsolete patch(check for libc6).
- Rewrittent some spec section to be more generic.
- Updated shlib patch.
- Removed LIBVER define.
- New group
- Enable SMP check/build
- Use good macro (old one may have bziped whole dirs)
- defattr
- bzip manpages
- Mandrake adaptions
- auto rebuild in the new build environment (release 6)
- build for glibc 2.1
- translations modified for de
- rebuilt against fixed jpeg libs (libjpeg-6b)
- translations modified for de, fr, tr
- new version to replace the one from libgr
- patched for glibc
- added shlib support