openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

File tiff.changes of Package tiff.943

-------------------------------------------------------------------
Wed Jul  1 07:17:13 UTC 2015 - pgajdos@suse.com

- update to 4.0.4
D    tiff-4.0.3-double-free.patch
D    tiff-handle-TIFFTAG_CONSECUTIVEBADFAXLINES.patch
D    tiff-4.0.3-CVE-2013-1961.patch
D    erouault.2862.patch
D    bfriesen.2805.patch
D    tiff-4.0.3-CVE-2013-4232.patch
D    tiff-4.0.3-CVE-2013-4244.patch
D    erouault.2861.patch
D    erouault.2857.patch
D    erouault.2856.patch
D    erouault.2859.patch
D    tiff-4.0.3-CVE-2012-4564.patch
D    tiff-4.0.3-tiff2pdf-colors.patch
D    erouault.2876.patch
D    erouault.2860.patch
D    tiff-dither-malloc-check.patch
D    tiff-4.0.3-CVE-2013-1960.patch
D    erouault.2858.patch
D    tiff-handle-TIFFTAG_PREDICTOR.patch
D    tiff-4.0.3-CVE-2013-4231.patch
D    tiff-4.0.3-CVE-2013-4243.patch
D    erouault.2863.patch
D    tiff-4.0.3-test-jpeg-turbo.patch

-------------------------------------------------------------------
Thu Feb 26 13:58:54 UTC 2015 - pgajdos@suse.com

- security update: CVE-2014-9655, CVE-2014-8127, CVE-2014-8128,
                   CVE-2014-8129, CVE-2014-8130, CVE-2015-1547
                   bnc#914890, bnc#916925, bnc#916927
   + erouault.2856.patch
   + erouault.2857.patch
   + erouault.2858.patch
   + erouault.2859.patch
   + erouault.2860.patch
   + erouault.2861.patch
   + erouault.2862.patch
   + erouault.2863.patch
   + erouault.2876.patch
   + bfriesen.2805.patch
   + tiff-handle-TIFFTAG_CONSECUTIVEBADFAXLINES.patch
   + tiff-handle-TIFFTAG_PREDICTOR.patch
   + tiff-dither-malloc-check.patch

-------------------------------------------------------------------
Mon Dec 22 19:58:43 UTC 2014 - meissner@suse.com

- build with PIE

-------------------------------------------------------------------
Wed Aug 21 12:57:57 UTC 2013 - pgajdos@suse.com

- security update
  * CVE-2013-4232.patch [bnc#834477]
  * CVE-2013-4231.patch [bnc#834477]
  * CVE-2013-4244.patch [bnc#834788]
  * CVE-2013-4243.patch [bnc#834779]

-------------------------------------------------------------------
Wed Jun 26 10:48:50 UTC 2013 - pgajdos@suse.com

- tiff2pdf: introduced warning when the compression isn't lzw or
  none [bnc#819142]
- tiff2pdf: fixed crash [bnc#821872]

-------------------------------------------------------------------
Tue Apr 30 13:20:50 UTC 2013 - pgajdos@suse.com

- security update
  * CVE-2013-1961.patch [bnc#818117]
  * CVE-2013-1960.patch [bnc#817573]

-------------------------------------------------------------------
Fri Apr  5 10:23:51 UTC 2013 - idonmez@suse.com

- Add Source URL, see https://en.opensuse.org/SourceUrls

-------------------------------------------------------------------
Mon Nov  5 09:27:59 UTC 2012 - pgajdos@suse.com

- updated to 4.0.3:
  * Add some TIFF/FX support in libtiff.
  * Fix bug rewriting image tiles in a compressed file.
  * Fix read past end of data buffer.
  * etc., see ChangeLog
- removed upstreamed patches:
  * bigendian.patch
  * dont-fancy-upsampling.patch
  * CVE-2012-3401.patch
- new patch:
  * test-jpeg-turbo.patch
  * CVE-2012-4564.patch [bnc#787892]

-------------------------------------------------------------------
Mon Jul 23 09:52:50 UTC 2012 - pgajdos@suse.com

-  fixed CVE-2012-3401 [bnc#770816]

-------------------------------------------------------------------
Thu Jun 28 10:16:29 UTC 2012 - meissner@suse.com

- RGBA is packed in host order, use the right macros to unpack
  and verify in raw_decode test.

-------------------------------------------------------------------
Wed Jun 20 09:29:37 UTC 2012 - pgajdos@suse.com

- updated to 4.0.2: [bnc#767852] [bnc#767854]
    tif_getimage.c: added support for _SEPARATED CMYK images.
    tif_getimage.c: Added support for greyscale + alpha.
    Added TIFFCreateCustomDirectory() and TIFFCreateEXIFDirectory() functions.
    tif_print.c: Lots of fixes around printing corrupt or hostile input.
    Improve handling of corrupt ycbcrsubsampling values.
    tif_unix.c: use strerror to get meaningful error messages.
    tif_jpeg.c: fix serious bugs in JPEGDecodeRaw().
    tif_jpeg.c: Fix size overflow (zdi-can-1221,CVE-2012-1173). 
    tiff2pdf: Defend against integer overflows while calculating required 
              buffer sizes (CVE-2012-2113).

-------------------------------------------------------------------
Tue Apr 10 17:37:25 UTC 2012 - brian@aljex.com

- Fix building on older targets from SUSE 10.0 to current.
- Add jbig support

-------------------------------------------------------------------
Thu Mar 29 09:51:49 UTC 2012 - idonmez@suse.com

- Add lzma support
- Implement %check
- Drop visibility patch because it breaks compilation

-------------------------------------------------------------------
Wed Mar 28 18:06:34 UTC 2012 - i@marguerite.su

- change package name libtiff4 to libtiff5.
  library number is 5 actually.

-------------------------------------------------------------------
Wed Mar 28 17:29:16 UTC 2012 - i@marguerite.su

- Update to 4.0.1
  * configure.ac
    - Add libtiff private dependency on -llzma for pkg-config
    - Add support for using library symbol versioning on
      ELF systems with the GNU linker.
  * libtiff/tif_win32.c: Eliminate some minor 64-bit warnings in
                         tif_win32.c
  * libtiff/tif_jpeg.c: Extra caution for case where sp is NULL.
  * libtiff/tif_dir.c, libtiff/tif_dirread.c: Extra caution around
    assumption tag fetching is always successful.
  * libtiff/tiffio.h: Use double-underbar syntax in GCC printf
    attribute specification to lessen the risk of accidental macro
    substitution.
  * Update automake used to 1.11.3.

-------------------------------------------------------------------
Wed Mar 28 12:12:23 UTC 2012 - cfarrell@suse.com

- license update: HPND
  tiff license most akin to spdx recognised
  http://www.spdx.org/licenses/HPND

-------------------------------------------------------------------
Tue Jan 10 01:21:45 UTC 2012 - crrodriguez@opensuse.org

- remove libjpeg-devel and zlib-devel from libtiff-devel
  requires as they are _not_ required to use the library.
  Now, this _will_ break packages with wrong buildrequires
  for good.

-------------------------------------------------------------------
Tue Jan 10 00:55:53 UTC 2012 - crrodriguez@opensuse.org

- Hide private symbols using gcc visibility, this has been
  applied only to functions that the source code clearly states
  that are internal to the library.
- Run spec cleaner

-------------------------------------------------------------------
Wed Nov 23 09:31:16 UTC 2011 - coolo@suse.com

- add libtool as buildrequire to avoid implicit dependency

-------------------------------------------------------------------
Fri Aug  5 21:09:33 UTC 2011 - crrodriguez@opensuse.org

- Do not use -fno-strict-aliasing, no longer needed 
  and will probably slow down the code.
- Fix self-obsoletion warning

-------------------------------------------------------------------
Thu Apr 14 14:02:12 CEST 2011 - pgajdos@suse.cz

- updated to 3.9.5:
  * fixed integer overflow CVE-2010-4665
  * fixed buffer overflow in ojpeg decoder
  * upstreamed:
    - oob-read.patch
    - CVE-2011-0192.patch
    - getimage-64bit.patch
    - CVE-2011-1167.patch
    - scanlinesize.patch

-------------------------------------------------------------------
Thu Mar 31 21:49:49 CEST 2011 - pgajdos@suse.cz

- fixed regression caused by previous update [bnc#682871]
  * modified CVE-2011-0192.patch
- fixed buffer overflow in thunder decoder [bnc#683337]
  * added CVE-2011-1167.patch

-------------------------------------------------------------------
Thu Feb 17 15:40:54 CET 2011 - pgajdos@suse.cz

- fixed buffer overflow [bnc#672510]
  * CVE-2011-0192.patch

-------------------------------------------------------------------
Mon Sep  6 14:56:09 CEST 2010 - pgajdos@suse.cz

- fixed "Possibly exploitable memory corruption issue in libtiff"
  (see http://bugzilla.maptools.org/show_bug.cgi?id=2228)
  [bnc#624215]
  * scanlinesize.patch
- fixed crash while using libjpeg7 and higher
  * dont-fancy-upsampling.patch

-------------------------------------------------------------------
Mon Jul 12 16:36:48 CEST 2010 - pgajdos@suse.cz

- updated to 3.9.4: fixes CVE-2010-2065 -- obsoletes
  * integer-overflow.patch
  * NULL-deref.patch
- fixes CVE-2010-2067

-------------------------------------------------------------------
Wed Jun 23 10:32:01 CEST 2010 - pgajdos@suse.cz

- fixed CVE-2010-2065
  * integer-overflow.patch
  * NULL-deref.patch
-  fixed out of bounds read
  * oob-read.patch
-  fixed CVE-2010-2233
  * getimage-64bit.patch
- [bnc#612879]

-------------------------------------------------------------------
Mon Apr 26 15:07:09 CEST 2010 - pgajdos@suse.cz

- fixed tiff2pdf output [bnc#599475]

-------------------------------------------------------------------
Fri Mar 26 08:49:41 UTC 2010 - pgajdos@suse.cz

- fixed typo

-------------------------------------------------------------------
Tue Mar 16 13:37:23 CET 2010 - pgajdos@suse.cz

- updated to 3.9.2: fixed many CVE's and obsoletes almost all
  our patches (see ChangeLog for details)

-------------------------------------------------------------------
Tue Dec 15 19:38:18 CET 2009 - jengelh@medozas.de

- add baselibs.conf as a source
- enable parallel building

-------------------------------------------------------------------
Thu Aug  6 14:02:07 CEST 2009 - pgajdos@suse.cz

- fixed integer overflows [bnc#519796]
  * CVE-2009-2347.patch

-------------------------------------------------------------------
Thu Jul  2 16:33:02 CEST 2009 - nadvornik@suse.cz

- fixed lzw overflow CVE-2009-2285 [bnc#518698]

-------------------------------------------------------------------
Wed Feb  4 15:49:04 CET 2009 - nadvornik@suse.cz

- fixed an endless loop on invalid images 
  (bnc#444079) CVE-2008-1586

-------------------------------------------------------------------
Tue Jan 13 16:19:37 CET 2009 - olh@suse.de

- obsolete old libtiff-64bit on ppc64 (bnc#437293)

-------------------------------------------------------------------
Wed Jan  7 12:34:56 CET 2009 - olh@suse.de

- obsolete old -XXbit packages (bnc#437293)

-------------------------------------------------------------------
Sun Sep  7 11:24:56 CEST 2008 - schwab@suse.de

- Fix conflicting options.

-------------------------------------------------------------------
Tue Aug 19 17:45:10 CEST 2008 - nadvornik@suse.cz

- fixed buffer overflows in LZW code (CVE-2008-2327) [bnc#414946]

-------------------------------------------------------------------
Sun May 18 10:37:18 CEST 2008 - coolo@suse.de

- fix rename of xxbit packages

-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de

- added baselibs.conf file to build xxbit packages
  for multilib support

-------------------------------------------------------------------
Fri Jul 27 15:58:49 CEST 2007 - ro@suse.de

- add provides and obsoletes for libtiff to libtiff3 package

-------------------------------------------------------------------
Thu Jul 19 15:01:40 CEST 2007 - nadvornik@suse.cz

- renamed libtiff to libtiff3
- do not package static libraries
- added zlib-devel to BuildRequires

-------------------------------------------------------------------
Mon Jun 12 13:40:43 CEST 2006 - nadvornik@suse.cz

- fixed a typo in the previous change [#179051]

-------------------------------------------------------------------
Fri Jun  2 17:17:55 CEST 2006 - nadvornik@suse.cz

- fixed buffer overflow in tiffsplit (CVE-2006-2656) [#179051]
- fixed buffer overflow in tiff2pdf [#179587]

-------------------------------------------------------------------
Wed Apr 12 11:01:27 CEST 2006 - nadvornik@suse.cz

- updated to 3.8.2 [#165237]
  * bugfix release
  * fixed several segfaults caused by incorrect tiff data

-------------------------------------------------------------------
Tue Feb  7 15:09:45 CET 2006 - nadvornik@suse.cz

- fixed crash on certain tiff images CVE-2006-0405 [#145757]

-------------------------------------------------------------------
Wed Jan 25 21:31:02 CET 2006 - mls@suse.de

- converted neededforbuild to BuildRequires

-------------------------------------------------------------------
Thu Jan 12 16:32:23 CET 2006 - nadvornik@suse.cz

- compile with -fstack-protector

-------------------------------------------------------------------
Tue Jan  3 15:01:35 CET 2006 - nadvornik@suse.cz

- updated to 3.8.0:
  * Read-only support for custom directories (e.g. EXIF directory)
  * Preliminary support for MS MDI format

-------------------------------------------------------------------
Mon Oct 10 15:13:48 CEST 2005 - nadvornik@suse.cz

- built with -fno-strict-aliasing

-------------------------------------------------------------------
Fri Jul 15 15:35:41 CEST 2005 - nadvornik@suse.cz

- updated to 3.7.3

-------------------------------------------------------------------
Tue May 24 17:13:51 CEST 2005 - nadvornik@suse.cz

- updated to 3.7.2
- fixed 64bit bug in ppm2tiff [#85440]
- fixed buffer overflow in BitsPerSample [#82787]

-------------------------------------------------------------------
Thu Feb 17 13:38:57 CET 2005 - nadvornik@suse.cz

- fixed reading of alpha channel

-------------------------------------------------------------------
Sun Jan 16 20:05:53 CET 2005 - ro@suse.de

- added c++ to neededforbuild

-------------------------------------------------------------------
Fri Jan  7 15:41:40 CET 2005 - nadvornik@suse.cz

- use typedef int int32 on all architectures

-------------------------------------------------------------------
Wed Jan 05 15:42:09 CET 2005 - nadvornik@suse.cz

- disabled c++ API as it would add a dependency on c++ libraries

-------------------------------------------------------------------
Mon Jan 03 17:50:47 CET 2005 - nadvornik@suse.cz

- updated to 3.7.1: bugfix release

-------------------------------------------------------------------
Wed Dec 15 21:04:47 CET 2004 - nadvornik@suse.cz

- added README.SUSE pointing to the documentation [#48601]
- moved man3 to devel subpackage

-------------------------------------------------------------------
Fri Oct 22 18:38:53 CEST 2004 - nadvornik@suse.cz

- updated to 3.7.0 - security fixes are included in mainstream

-------------------------------------------------------------------
Wed Oct 20 09:59:41 CEST 2004 - meissner@suse.de

- Initialize ycbcrsubsampling to be not 0 in case
  of bad tiffs to avoid denial of service by divison/0.

-------------------------------------------------------------------
Tue Oct 12 15:20:16 CEST 2004 - nadvornik@suse.cz

- do not call TIFFTileSize with uninitialized values [#44635]

-------------------------------------------------------------------
Thu Oct 07 18:44:29 CEST 2004 - pmladek@suse.cz

- fixed much more buffer overflows (the older tiff-alt-bound-CheckMalloc.patch
  is included in the new libtiff-3.6.1-alt-bound.patch now) [#44635]

-------------------------------------------------------------------
Thu Sep 30 18:33:05 CEST 2004 - nadvornik@suse.cz

- fixed more buffer overflows [#44635]

-------------------------------------------------------------------
Tue Sep 21 17:47:00 CEST 2004 - nadvornik@suse.cz

- fixed multiple buffer overflows - CAN-2004-0803 [#44635]
- disabled old jpeg support because of security problems [#45116]

-------------------------------------------------------------------
Tue Aug 31 16:23:04 CEST 2004 - nadvornik@suse.cz

- added LZW support

-------------------------------------------------------------------
Wed Aug 25 13:39:39 CEST 2004 - kukuk@suse.de

- Create -devel subpackage
- Add libjpeg-devel to neededforbuild
- Avoid /bin/sh in PreRequires

-------------------------------------------------------------------
Fri Jul  2 16:10:10 CEST 2004 - max@suse.de

- port.h is needed as well.

-------------------------------------------------------------------
Thu May  6 17:08:54 CEST 2004 - max@suse.de

- Install private headers (tif_dir.h, tiffiop.h).

-------------------------------------------------------------------
Tue Apr 27 16:42:03 CEST 2004 - nadvornik@suse.cz

- fixed tif_fax3 from cvs [#39515]

-------------------------------------------------------------------
Mon Feb 09 12:27:05 CET 2004 - nadvornik@suse.cz

- updated to 3.6.1
- fixed dangerous compiler warnings

-------------------------------------------------------------------
Sat Jan 10 20:14:17 CET 2004 - adrian@suse.de

- add %defattr and %run_ldconfig

-------------------------------------------------------------------
Wed May 21 01:06:35 CEST 2003 - ro@suse.de

- remove cvs subdirs

-------------------------------------------------------------------
Sat Jul 27 14:15:49 CEST 2002 - kukuk@suse.de

- Provide libtiff-devel in libtiff [Bug #17260]

-------------------------------------------------------------------
Fri Jul 26 21:37:50 CEST 2002 - adrian@suse.de

- fix neededforbuild

-------------------------------------------------------------------
Wed Jul  3 13:41:23 CEST 2002 - nadvornik@suse.cz

- fixed segfault in fax2tiff [bug #16818]
- fixed size of int32 on 64bit architectures

-------------------------------------------------------------------
Wed Jun 26 01:25:38 CEST 2002 - ro@suse.de

- fixed directory permissions

-------------------------------------------------------------------
Wed Jun 19 12:35:20 CEST 2002 - nadvornik@suse.cz

- compiled with OJPEG_SUPPORT [bug #16408]

-------------------------------------------------------------------
Thu Apr 18 23:05:34 CEST 2002 - kukuk@suse.de

- Fix to compile on lib64 architectures

-------------------------------------------------------------------
Wed Feb  6 14:48:39 CET 2002 - coolo@suse.de

- use %_libdir

-------------------------------------------------------------------
Thu Jan 24 11:53:02 CET 2002 - okir@suse.de

- Fixed a tempfile race in fax2ps

-------------------------------------------------------------------
Tue Dec 11 12:24:47 CET 2001 - nadvornik@suse.cz

- updated to 3.5.7: bugfix release

-------------------------------------------------------------------
Wed May  9 22:09:18 CEST 2001 - mfabian@suse.de

- bzip2 sources

-------------------------------------------------------------------
Thu Mar 15 19:11:58 CET 2001 - schwab@suse.de

- Fix for ia64.

-------------------------------------------------------------------
Fri May 26 16:16:59 CEST 2000 - bubnikv@suse.cz

- sorted

-------------------------------------------------------------------
Thu May 25 10:55:25 CEST 2000 - schwab@suse.de

- Fix dso configure check for ia64.

-------------------------------------------------------------------
Thu May 11 09:41:12 CEST 2000 - nadvornik@suse.cz

- update to 3.5.5
- added BuildRoot

-------------------------------------------------------------------
Tue Jan 25 17:12:06 CET 2000 - ro@suse.de

- manpages to /usr/share using macro

-------------------------------------------------------------------
Mon Jan  3 15:10:55 CET 2000 - schwab@suse.de

- Update to 3.5.4 (Y2K fix)

-------------------------------------------------------------------
Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de

- ran old prepare_spec on spec file to switch to new prepare_spec.

-------------------------------------------------------------------
Wed Jan 13 18:07:04 MET 1999 - ro@suse.de

- respect systems where libc is libc.so.6.1 (alpha)

-------------------------------------------------------------------
Wed Nov 25 17:56:05 MET 1998 - ro@suse.de

- update to 3.4 (final) named 3.4.final for rpm
- moved from /usr/X11R6 to /usr

-------------------------------------------------------------------
Wed Jul 29 19:01:00 MEST 1998 - werner@suse.de

- Link shared libs explicit with -lc

-------------------------------------------------------------------
Tue May 12 18:22:27 MEST 1998 - ro@suse.de

- extracted package from libgr / build from own sources

Places

File tiff.changes of Package tiff.943

Places