Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tiff for openSUSE:Factory checked in at 2025-09-20 22:03:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tiff (Old) and /work/SRC/openSUSE:Factory/.tiff.new.27445 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tiff" Sat Sep 20 22:03:48 2025 rev:106 rq:1305886 version:4.7.1 Changes: -------- --- /work/SRC/openSUSE:Factory/tiff/tiff.changes 2025-09-10 17:29:41.192132455 +0200 +++ /work/SRC/openSUSE:Factory/.tiff.new.27445/tiff.changes 2025-09-20 22:03:54.694246017 +0200 @@ -1,0 +2,130 @@ +Thu Sep 18 19:11:37 UTC 2025 - Michael Vetter <[email protected]> + +- Update to 4.7.1: + Software configuration changes: + * Define HAVE_JPEGTURBO_DUAL_MODE_8_12 and LERC_STATIC in tif_config.h. + * CMake: define WORDS_BIGENDIAN via tif_config.h + * doc/CMakeLists.txt: remove useless cmake_minimum_required() + * CMake: fix build with LLVM/Clang 17 (fixes issue #651) + * CMake: set CMP0074 new policy + * Set LINKER_LANGUAGE for C targets with C deps + * Export tiffxx cmake target (fixes issue #674) + * autogen.sh: Enable verbose wget. + * configure.ac: Syntax updates for Autoconf 2.71 + * autogen.sh: Re-implement based on autoreconf. Failure to update + config.guess/config.sub does not return error (fixes issue #672) + * CMake: fix CMake 4.0 warning when minimum required version is < 3.10. + * CMake: Add build option tiff-static (fixes issue #709) + Library changes: + * Add TIFFOpenOptionsSetWarnAboutUnknownTags() for explicit control + about emitting warnings for unknown tags. No longer emit warnings + about unknown tags by default + * tif_predict.c: speed-up decompression in some cases. + Bug fixes: + * tif_fax3: For fax group 3 data if no EOL is detected, reading is + retried without synchronisation for EOLs. (fixes issue #54) + * Updating TIFFMergeFieldInfo() with read_count=write_count=0 for + FIELD_IGNORE. Updating TIFFMergeFieldInfo() with read_count=write_count=0 for + FIELD_IGNORE. Improving handling when field_name = NULL. (fixes issue #532) + * tiff.h: add COMPRESSION_JXL_DNG_1_7=52546 as used for JPEGXL compression in + the DNG 1.7 specification + * TIFFWriteDirectorySec: Increment string length for ASCII tags for codec tags + defined with FIELD_xxx bits, as it is done for FIELD_CUSTOM tags. (fixes issue #648) + * Do not error out on a tag whose tag count value is zero, just issue a warning. + Fix parsing a private tag 0x80a6 (fixes issue #647) + * TIFFDefaultTransferFunction(): give up beyond td_bitspersample = 24 + Fixes https://github.com/OSGeo/gdal/issues/10875) + * tif_getimage.c: Remove unnecessary calls to TIFFRGBAImageOK() (fixes issue #175) + * Fix writing a Predictor=3 file with non-native endianness + * _TIFFVSetField(): fix potential use of unallocated memory (out-of-bounds + * read / nullptr dereference) in case of out-of-memory situation when dealing with + custom tags (fixes issue #663) + * tif_fax3.c: Error out for CCITT fax encoding if SamplesPerPixel is not equal 1 and + PlanarConfiguration = Contiguous (fixes issue #26) + * tif_fax3.c: error out after a number of times end-of-line or unexpected bad code + words have been reached. (fixes issue #670) + * Fix memory leak in TIFFSetupStrips() (fixes issue #665) + * tif_zip.c: Provide zlib allocation functions. Otherwise for zlib built with + -DZ_SOLO inflating will fail. + * Fix memory leak in _TIFFSetDefaultCompressionState. (fixes issue #676) + * tif_predict.c: Don’t overwrite input buffer of TIFFWriteScanline() if "prediction" + is enabled. Use extra working buffer in PredictorEncodeRow(). (fixes issue #5) + * tif_getimage.c: update some integer overflow checks (fixes issue #79) + * tif_getimage.c: Fix buffer underflow crash for less raster rows at + TIFFReadRGBAImageOriented() (fixes issue #704) + * TIFFReadRGBAImage(): several fixes to avoid buffer overflows. + * Correct passing arguments to TIFFCvtIEEEFloatToNative() and TIFFCvtIEEEDoubleToNative() + if HAVE_IEEEFP is not defined. (fixes issue #699) + * LZWDecode(): avoid nullptr dereference when trying to read again after EOI marker + has been found with remaining output bytes (fixes issue #698) + * TIFFSetSubDirectory(): check _TIFFCheckDirNumberAndOffset() return. + * TIFFUnlinkDirectory() and TIFFWriteDirectorySec(): clear tif_rawcp when clearing + tif_rawdata (fixes issue #711) + * JPEGEncodeRaw(): error out if a previous scanline failed to be written, to avoid + out-of-bounds access (fixes issue #714) + * tif_jpeg: Fix bug in JPEGDecodeRaw() if JPEG_LIB_MK1_OR_12BIT is defined for 8/12bit + dual mode, introduced in libjpeg-turbo 2.2, which was actually released as 3.0. + Fixes issue #717 + * add assert for TIFFReadCustomDirectory infoarray check. + * ppm2tiff: Fix bug in pack_words trailing bytes, where last two bytes of each line + were written wrongly. (fixes issue #467) + * fax2ps: fix regression of commit 28c38d648b64a66c3218778c4745225fe3e3a06d where + TIFFTAG_FAXFILLFUNC is being used rather than an output buffer (fixes issue #649) + * tiff2pdf: Check TIFFTAG_TILELENGTH and TIFFTAGTILEWIDTH (fixes issue #650) + * tiff2pdf: check h_samp and v_samp for range 1 to 4 to avoid division by zero. + Fixes issue #654 + * tiff2pdf: avoid null pointer dereference. (fixes issue #741) + * Improve non-secure integer overflow check (comparison of division result with + multiplicant) at compiler optimisation in tiffcp, rgb2ycbcr and tiff2rgba. + Fixes issue #546 + * tiff2rgba: fix some "a partial expression can generate an overflow before it is + assigned to a broader type" warnings. (fixes issue #682) + * tiffdither/tiffmedian: Don't skip the first line of the input image. (fixes issue #703) + * tiffdither: avoid out-of-bounds read identified in issue #733 + * tiffmedian: error out if TIFFReadScanline() fails (fixes issue #707) + * tiffmedian: close input file. (fixes issue #735) + * thumbail: avoid potential out of bounds access (fixes issue #715) + * tiffcrop: close open TIFF files and release allocated buffers before exiting in case + of error to avoid memory leaks. (fixes issue #716) + * tiffcrop: fix double-free and memory leak exposed by issue #721 + * tiffcrop: avoid buffer overflow. (fixes issue #740) + * tiffcrop: avoid nullptr dereference. (fixes issue #734) + * tiffdump: Fix coverity scan issue CID 1373365: Passing tainted expression *datamem + to PrintData, which uses it as a divisor or modulus. + * tiff2ps: check return of TIFFGetFiled() for TIFFTAG_STRIPBYTECOUNTS and + TIFFTAG_TILEBYTECOUNTS to avoid NULL pointer dereference. (fixes issue #718) + * tiffcmp: fix memory leak when second file cannot be opened. (fixes issue #718 and issue #729) + * tiffcp: fix setting compression level for lossless codecs. (fixes issue #730) + * raw2tiff: close input file before exit (fixes issue #742) + Tools changes: + * tiffinfo: add a -W switch to warn about unknown tags. + * tiffdither: process all pages in input TIFF file. + Documentation: + * TIFFRGBAImage.rst note added for incorrect saving of images with TIFF orientation + from 5 (LeftTop) to 8 (LeftBottom) in the raster. + * TIFFRGBAImage.rst note added about un-associated alpha handling (fixes issue #67) + * Update "Defining New TIFF Tags" description. (fixes issue #642) + * Fix return type of TIFFReadEncodedTile() + * Update the documentation to reflect deprecated typedefs. + * TIFFWriteDirectory.rst: Clarify TIFFSetWriteOffset() only sets offset for image + data and not for IFD data. + * Update documentation on re-entrancy and thread safety. + * Remove dead links to no more existing Awaresystems web-site. + * Updating BigTIFF specification and some miscelaneous editions. + * Replace some last links and remove last todos. + * Added hints for correct allocation of TIFFYCbCrtoRGB structure and its + associated buffers. (fixes issue #681) + * Added chapter to "Using the TIFF Library" with links to handling multi-page TIFF + and custom directories. (fixes issue #43) + * update TIFFOpen.rst with the return values of mapproc and unmapproc. (fixes issue #12) +- Drop upstreamed patches: + * tiff-4.7.0-test_directory.patch + * tiff-CVE-2025-8176.patch + * tiff-CVE-2025-8177.patch + * tiff-4.7.0-bsc1243503.patch + * tiff-CVE-2025-8534.patch + * tiff-CVE-2025-9165.patch + * tiff-CVE-2024-13978.patch + * tiff-CVE-2025-8961.patch + +------------------------------------------------------------------- Old: ---- tiff-4.7.0-bsc1243503.patch tiff-4.7.0-test_directory.patch tiff-4.7.0.tar.xz tiff-4.7.0.tar.xz.sig tiff-CVE-2024-13978.patch tiff-CVE-2025-8176.patch tiff-CVE-2025-8177.patch tiff-CVE-2025-8534.patch tiff-CVE-2025-8961.patch tiff-CVE-2025-9165.patch New: ---- tiff-4.7.1.tar.xz tiff-4.7.1.tar.xz.sig ----------(Old B)---------- Old: * tiff-CVE-2025-8177.patch * tiff-4.7.0-bsc1243503.patch * tiff-CVE-2025-8534.patch Old:- Drop upstreamed patches: * tiff-4.7.0-test_directory.patch * tiff-CVE-2025-8176.patch Old: * tiff-CVE-2025-9165.patch * tiff-CVE-2024-13978.patch * tiff-CVE-2025-8961.patch Old: * tiff-4.7.0-test_directory.patch * tiff-CVE-2025-8176.patch * tiff-CVE-2025-8177.patch Old: * tiff-CVE-2025-8176.patch * tiff-CVE-2025-8177.patch * tiff-4.7.0-bsc1243503.patch Old: * tiff-4.7.0-bsc1243503.patch * tiff-CVE-2025-8534.patch * tiff-CVE-2025-9165.patch Old: * tiff-CVE-2024-13978.patch * tiff-CVE-2025-8961.patch Old: * tiff-CVE-2025-8534.patch * tiff-CVE-2025-9165.patch * tiff-CVE-2024-13978.patch ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tiff.spec ++++++ --- /var/tmp/diff_new_pack.2y5mM6/_old 2025-09-20 22:03:55.474278736 +0200 +++ /var/tmp/diff_new_pack.2y5mM6/_new 2025-09-20 22:03:55.478278904 +0200 @@ -33,7 +33,7 @@ %else Name: tiff-%{build_flavor} %endif -Version: 4.7.0 +Version: 4.7.1 Release: 0 Summary: Tools for Converting from and to the Tagged Image File Format License: HPND @@ -44,15 +44,6 @@ Source3: baselibs.conf Source99: tiff.keyring Patch0: tiff-4.0.3-seek.patch -# PATCH-FIX-UPSTREAM tiff-4.7.0-test_directory.patch based on commit ea6f6bd7bccb bsc#1236834 -Patch1: tiff-4.7.0-test_directory.patch -Patch2: tiff-CVE-2025-8176.patch -Patch3: tiff-CVE-2025-8177.patch -Patch4: tiff-4.7.0-bsc1243503.patch -Patch5: tiff-CVE-2025-8534.patch -Patch6: tiff-CVE-2025-9165.patch -Patch7: tiff-CVE-2024-13978.patch -Patch8: tiff-CVE-2025-8961.patch %if %{with tiff_manpages} BuildRequires: python3-Sphinx %endif ++++++ tiff-4.7.0.tar.xz -> tiff-4.7.1.tar.xz ++++++ ++++ 28223 lines of diff (skipped)
