- Sat May 12 2018 ns80 <ns80> 4.0.9-1.5.mga6
(not released yet)
+ Revision: 1228657
- add upstream patch for CVE-2018-8905 (mga#23021)
- add upstream patch for CVE-2018-10963 (mga#23021)
- add upstream patch for CVE-2018-7456 (mga#22920)
- add upstream patches for CVE-2017-11613 and CVE-2018-5784 (mga#22799)
- add patches for CVE-2017-17095, CVE-2017-9935 and CVE-2017-18013 (mga#22120)
- new version 4.0.9 - Fri Jul 7 2017 ns80 <ns80> 4.0.8-3.mga6
+ Revision: 1109432
- update to latest CVS snapshot to fix CVE-2017-9936 and CVE-2017-10688 (mga#21195) - Fri Jun 2 2017 ns80 <ns80> 4.0.8-2.mga6
+ Revision: 1105783
- add upstream patches for bug fixes and an unfixed remaining portion of CVE-2014-8128 (mga#20057) - Mon May 22 2017 ns80 <ns80> 4.0.8-1.mga6
+ Revision: 1104031
- new version 4.0.8 - Thu May 18 2017 ns80 <ns80> 4.0.7-8.mga6
+ Revision: 1102972
- update to latest CVS snapshot to fix several security problems - Mon May 15 2017 ns80 <ns80> 4.0.7-7.mga6
+ Revision: 1101700
- update to latest CVS snapshot to fix several security problems - Thu May 11 2017 ns80 <ns80> 4.0.7-6.mga6
+ Revision: 1100239
- update to latest CVS snapshot to fix some problems related to memory management - Tue May 2 2017 ns80 <ns80> 4.0.7-5.mga6
+ Revision: 1098415
- update to latest CVS snapshot to fix some memory leaks - Fri Apr 28 2017 ns80 <ns80> 4.0.7-4.mga6
+ Revision: 1097876
- update to latest CVS snapshot that fixes some memory leaks and crashes - Wed Apr 5 2017 ns80 <ns80> 4.0.7-3.mga6
+ Revision: 1095955
- update to latest CVS snapshot to fix memory leaks - Fri Jan 27 2017 ns80 <ns80> 4.0.7-2.mga6
+ Revision: 1083570
- update to latest CVS snapshot for CVE-2016-1009[2-4], CVE-2017-5225 and other security bugs - Mon Nov 21 2016 ns80 <ns80> 4.0.7-1.mga6
+ Revision: 1068539
- new version 4.0.7 - Fri Nov 18 2016 ns80 <ns80> 4.0.6-11.mga6
+ Revision: 1068287
- fix an out-of-bounds Write memcpy and less bound check in tiff2pdf (mga#19813) - Fri Nov 18 2016 ns80 <ns80> 4.0.6-10.mga6
+ Revision: 1068153
- fix a regression introduced by the fix for CVE-2016-9297 - Mon Nov 14 2016 ns80 <ns80> 4.0.6-9.mga6
+ Revision: 1067194
- update to latest CVS commit to fix CVE-2016-9273 and CVE-2016-9297 (mga#19758) - Fri Nov 4 2016 ns80 <ns80> 4.0.6-8.mga6
+ Revision: 1065252
- update to 2016-10-31 CVS commit to fix potential buffer overflows - Mon Oct 31 2016 ns80 <ns80> 4.0.6-7.mga6
+ Revision: 1064268
- update to 2016-10-26 CVS commit to fix:
* an out-of-bound read on some tiled images
* CVE-2014-8127 (duplicate: CVE-2016-3658)
* segfault when specifying -r without argument (fax2tiff) - Fri Oct 21 2016 ns80 <ns80> 4.0.6-6.mga6
+ Revision: 1062886
- update to 2016-10-14 CVS commit to fix an out-of-bound read of up to 3 bytes in readContigTilesIntoBuffer() - Fri Oct 14 2016 ns80 <ns80> 4.0.6-5.mga6
+ Revision: 1060739
- update to 2016-10-09 CVS commit for CVE-2016-5652 and 3 other security issues - Wed Oct 5 2016 ns80 <ns80> 4.0.6-4.mga6
+ Revision: 1058902
- address a long list of CVEs (mga#17480):
* update to latest CVS commit for CVE-2015-8668, CVE-2016-3186 (gif2tiff
tool is not provided anymore), CVE-2016-3622, CVE-2016-3623, CVE-2016-3632,
CVE-2016-3945, CVE-2016-3990, CVE-2016-3991, CVE-2016-5314, CVE-2016-5315,
CVE-2016-5316, CVE-2016-5317, CVE-2016-5320, CVE-2016-5321, CVE-2016-5322,
CVE-2016-5323, CVE-2016-5875, CVE-2016-6223
* add a patch from Redhat for CVE-2015-7554 (partial solution, it seems)
- some programs are not provided anymore (package libtiff-progs): bmp2tiff,
gif2tiff, ras2tiff, rgb2ycbcr and thumbnail - Tue Jan 12 2016 luigiwalser <luigiwalser> 4.0.6-3.mga6
+ Revision: 922129
- add patch suggested upstream (maptools#2499)
- fixes remaining CVE-2014-8128 issue unfixed upstream - Tue Dec 29 2015 luigiwalser <luigiwalser> 4.0.6-2.mga6
+ Revision: 916815
- sync with upstream cvs 20151227, fixes mga#15519, CVE-2015-8665, CVE-2015-8683 - Thu Dec 24 2015 luigiwalser <luigiwalser> 4.0.6-1.mga6
+ Revision: 914393
- 4.0.6 - Fri Sep 4 2015 luigiwalser <luigiwalser> 4.0.5-1.mga6
+ Revision: 872826
- 4.0.5 - Thu Jul 9 2015 luigiwalser <luigiwalser> 4.0.4-1.mga6
+ Revision: 853121
- 4.0.4 (final)
- remove opensuse patches (security issues they fixed and regressions they
caused were fixed upstream)