- Sat May 12 2018 ns80 <ns80> 4.0.9-1.5.mga5
(not released yet)
+ Revision: 1228658
- add upstream patch for CVE-2018-8905 (mga#23021)
- add upstream patch for CVE-2018-10963 (mga#23021)
- add upstream patch for CVE-2018-7456 (mga#22920)
- add upstream patches for CVE-2017-11613 and CVE-2018-5784 (mga#22799)
- new version 4.0.9
- update to latest CVS snapshot to fix CVE-2017-9936 and CVE-2017-10688 (mga#21195)
- new version 4.0.8 that fixes CVE-2016-1009[2-5], CVE-2017-5225, CVE-2016-1026[6-9], CVE-2016-1027[0-2], CVE-2017-759[2-9], CVE-2017-760[0-2], CVE-2016-3658, CVE-2016-9535 and CVE-2014-8128 (mga#20057)
- new version 4.0.7 (mga#19813)
- fix an out-of-bounds Write memcpy and less bound check in tiff2pdf (mga#19813)
- fix a regression introduced by the fix for CVE-2016-9297
- update to latest CVS commit to fix CVE-2016-9273 and CVE-2016-9297 (mga#19758)
- update to 2016-10-26 CVS commit to fix:
* an out-of-bound read of up to 3 bytes in readContigTilesIntoBuffer()
* an out-of-bound read on some tiled images
* CVE-2014-8127 (duplicate: CVE-2016-3658)
* segfault when specifying -r without argument (fax2tiff)
- update to 2016-10-09 CVS commit for CVE-2016-5652 and 3 other security issues (mga#17480)
- address a long list of CVEs (mga#17480):
* update to latest CVS commit for CVE-2015-8668, CVE-2016-3186 (gif2tiff
tool is not provided anymore), CVE-2016-3622, CVE-2016-3623, CVE-2016-3632,
CVE-2016-3945, CVE-2016-3990, CVE-2016-3991, CVE-2016-5314, CVE-2016-5315,
CVE-2016-5316, CVE-2016-5317, CVE-2016-5320, CVE-2016-5321, CVE-2016-5322,
CVE-2016-5323, CVE-2016-5875, CVE-2016-6223
* add a patch from Redhat for CVE-2015-7554 (partial solution, it seems)
- some programs are not provided anymore (package libtiff-progs): bmp2tiff,
gif2tiff, ras2tiff, rgb2ycbcr and thumbnail
+ luigiwalser
- add patches for CVE-2017-17095, CVE-2017-9935 and CVE-2017-18013 (mga#22120)
- add patch suggested upstream (maptools#2499)
- fixes remaining CVE-2014-8128 issue unfixed upstream
- sync with upstream cvs 20151227, fixes mga#15519, CVE-2015-8665, CVE-2015-8683
- 4.0.6
- 4.0.5
- 4.0.4 (final)
- remove opensuse patches (security issues they fixed and regressions they
caused were fixed upstream)