%define major 5 %define libname %mklibname tiff %{major} %define develname %mklibname tiff -d %define staticdevelname %mklibname tiff -d -s Summary: A library of functions for manipulating TIFF format image files Name: libtiff Version: 4.2.0 %define subrel 16 Release: %mkrel 1 License: BSD-like Group: System/Libraries URL: http://www.simplesystems.org/%{name}/ Source0: https://download.osgeo.org/%{name}/tiff-%{version}.tar.gz #Source0: https://gitlab.com/#{name}/#{name}/-/archive/master/#{name}-master.tar.bz2 # # Security Patches # P100 -> ... # Patch100: libtiff-CVE-2014-8128.patch Patch101: libtiff-CVE-2015-7554.patch Patch102: libtiff-CVE-2018-12900.patch Patch103: libtiff-CVE-2018-19210.patch Patch104: libtiff-CVE-2022-22844.patch Patch105: libtiff-CVE-2022-0561.patch Patch106: libtiff-CVE-2022-0562.patch Patch107: 232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c.patch Patch108: 32ea0722ee68f503b7a3f9b2d557acb293fc8cde.patch Patch109: 88d79a45a31c74cba98c697892fed5f7db8b963a.patch Patch110: a1c933dabd0e1c54a412f3f84ae0aa58115c6067.patch Patch111: a95b799f65064e4ba2e2dfc206808f86faf93e85.patch Patch112: 40b00cfb32256d377608b4d4cd30fac338d0a0bc.patch Patch113: 87f580f39011109b3bb5f6eca13fac543a542798.patch Patch114: c1ae29f9ebacd29b7c3e0c7db671af7db3584bc2.patch Patch115: b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a.patch Patch116: libtiff-CVE-2022-2056_2057_2058.patch # CVE-2022-34526 Patch117: 275735d0354e39c0ac1dc3c0db2120d6f31d1990.patch Patch118: 07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c.patch Patch119: tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch Patch120: bd94a9b383d8755a27b5a1bc27660b8ad10b094c.patch Patch121: CVE-2022-3599.patch Patch122: CVE-2022-3626_3627.patch Patch123: 227500897dfb07fb7d27f7aa570050e62617e3be.patch Patch124: d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5.patch Patch125: CVE-2023-0795.patch Patch126: CVE-2023-0800.patch Patch127: CVE-2022-4645.patch Patch128: 0001-countInkNamesString-fix-UndefinedBehaviorSanitizer-a.patch Patch129: 0002-TIFFClose-avoid-NULL-pointer-dereferencing.-fix-515.patch Patch130: 0003-Consider-error-return-of-writeSelections.patch Patch131: 0004-tiffcrop-correctly-update-buffersize-after-rotateIma.patch Patch132: 0005-tiffcrop-Do-not-reuse-input-buffer-for-subsequent-im.patch Patch133: 0006-tif_luv-Check-and-correct-for-NaN-data-in-uv_encode.patch Patch134: 0007-tiffcp-fix-memory-corruption-overflow-on-hostile-ima.patch Patch135: 0008-raw2tiff-fix-integer-overflow-and-bypass-of-the-chec.patch BuildRequires: jbig-devel BuildRequires: pkgconfig(libjpeg) BuildRequires: pkgconfig(freeglut) BuildRequires: pkgconfig(zlib) BuildRequires: pkgconfig(liblzma) BuildRequires: pkgconfig(libzstd) BuildRequires: pkgconfig(libwebp) %description The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. %package progs Summary: Binaries needed to manipulate TIFF format image files Group: Graphics/Utilities Requires: %{libname} = %{version} Obsoletes: libtiff3-progs Provides: libtiff3-progs = %{version}-%{release} %description progs This package provides binaries needed to manipulate TIFF format image files. %package -n %{libname} Summary: A library of functions for manipulating TIFF format image files Group: System/Libraries Obsoletes: %{name} < %{version} Provides: %{name} = %{version}-%{release} %description -n %{libname} The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. %package -n %{develname} Summary: Development tools for programs which will use the libtiff library Group: Development/C Requires: %{libname} = %{version} Provides: %{name}-devel = %{version}-%{release} Provides: tiff-devel = %{version}-%{release} Obsoletes: %{mklibname tiff 3 -d} %description -n %{develname} This package contains the header files and .so libraries for developing programs which will manipulate TIFF format image files using the libtiff library. %package -n %{staticdevelname} Summary: Static libraries for programs which will use the libtiff library Group: Development/C Requires: %{develname} = %{version} Provides: %{name}-static-devel = %{version}-%{release} Provides: tiff-static-devel = %{version}-%{release} Obsoletes: %{mklibname tiff 3 -d -s} %description -n %{staticdevelname} This package contains the static libraries for developing programs which will manipulate TIFF format image files using the libtiff library. %prep %setup -q -n tiff-%{version} #setup -q -n #{name}-master %patch100 -p0 %patch101 -p1 %patch102 -p1 %patch103 -p1 %patch104 -p1 %patch105 -p1 %patch106 -p1 %patch107 -p1 %patch108 -p1 %patch109 -p1 %patch110 -p1 %patch111 -p1 %patch112 -p1 %patch113 -p1 %patch114 -p1 %patch115 -p1 %patch116 -p1 %patch117 -p1 %patch118 -p1 %patch119 -p1 %patch120 -p1 %patch121 -p1 %patch122 -p1 %patch123 -p1 %patch124 -p1 %patch125 -p1 %patch126 -p1 %patch127 -p1 %patch128 -p1 %patch129 -p1 %patch130 -p1 %patch131 -p1 %patch132 -p1 %patch133 -p1 %patch134 -p1 %patch135 -p1 %build ./autogen.sh %configure --enable-static --with-docdir=%{_datadir}/doc/%{develname} --enable-ld-version-script %make_build %check LD_LIBRARY_PATH=$PWD:$LD_LIBRARY_PATH make check %install %make_install rm -f %{buildroot}%{_libdir}/*.la # remove man pages for programs that are not provided anymore rm -f %{buildroot}%{_mandir}/man1/rgb2ycbcr.1* rm -f %{buildroot}%{_mandir}/man1/thumbnail.1* # multiarch policy %multiarch_includes %{buildroot}%{_includedir}/tiffconf.h %files progs %{_bindir}/* %{_mandir}/man1/* %files -n %{libname} %{_libdir}/*.so.%{major}{,.*} %files -n %{develname} %doc %{_datadir}/doc/%{develname} %{_includedir}/*.h* %{multiarch_includedir}/tiffconf.h %{_libdir}/*.so %{_libdir}/pkgconfig/*.pc %{_mandir}/man3/* %files -n %{staticdevelname} %{_libdir}/*.a %changelog * Tue Aug 29 2023 ns80 <ns80> 4.2.0-1.16.mga8 + Revision: 1980863 - port patches from Ubuntu for CVE-2023-2908, CVE-2023-3316, CVE-2023-3618, CVE-2023-25433, CVE-2023-2696[56], CVE-2023-3828[89] (mga#32117) - backport an upstream patch for CVE-2022-4645 (mga#31668) - add patches from Debian for CVE-2023-079[5-9] and CVE-2023-080[0-4] (mga#31585) - backport an upstream patch for CVE-2022-48281 (mga#31467) - rebuild for new jbigkit (mga#31189) - backport upstream patch for CVE-2022-3970 (mga#31188) - backport patches from Ubuntu for CVE-2022-3599, CVE-2022-362[67] (mga#31091) - backport patch for CVE-2022-3570 and CVE-2022-3598 (mga#30999) - add patch from openSUSE for CVE-2022-2519, CVE-2022-252[01] (mga#30999) - backport upstream patch for CVE-2022-286[7-9] (mga#30836) - backport patch from Fedora for CVE-2022-205[6-8] (mga#30640) - backport upstream patches for CVE-2022-135[45] and CVE-2022-162[23] (mga#30571) - add upstream patch for CVE-2022-0907 (mga#30228) - backport upstream patches for CVE-2022-0865, CVE-2022-0891, CVE-2022-090[89], CVE-2022-0924 (mga#30210) - backport patches from Fedora for CVE-2022-056[12] (mga#30108) - add patch from Fedora for CVE-2022-22844 (mga#29976) + neoclust <neoclust> - Add P117: Fixes CVE-2022-34526 (mga#30716) * Wed Dec 23 2020 ns80 <ns80> 4.2.0-1.mga8 + Revision: 1663077 - new version 4.2.0 * Mon Dec 14 2020 ns80 <ns80> 4.1.0-2.git20201212.1.mga8 + Revision: 1657052 - update to latest git snapshot * Wed Dec 09 2020 ns80 <ns80> 4.1.0-2.git20201208.1.mga8 + Revision: 1654868 - update ta latest git snaphot to fix an integer overflow and a regression when reading some TIFF files * Mon Nov 23 2020 ns80 <ns80> 4.1.0-2.git20201121.1.mga8 + Revision: 1648669 - update to latest git snapshot to fix a buffer overrun * Tue Nov 17 2020 ns80 <ns80> 4.1.0-2.git20201114.1.mga8 + Revision: 1646865 - update to latest git snapshot * Fri Nov 13 2020 ns80 <ns80> 4.1.0-2.git20201112.1.mga8 + Revision: 1644918 - update to latest git snapshot to fix several overflows * Mon Nov 02 2020 ns80 <ns80> 4.1.0-2.git20201026.1.mga8 + Revision: 1641623 - update to latest git snapshot * Wed Sep 30 2020 ns80 <ns80> 4.1.0-2.git20200926.1.mga8 + Revision: 1631256 - fix a buffer overflow * Fri Sep 25 2020 ns80 <ns80> 4.1.0-2.git20200922.1.mga8 + Revision: 1629976 - fix handling a buffer overflow * Tue Sep 15 2020 ns80 <ns80> 4.1.0-2.git20200911.1.mga8 + Revision: 1626715 - update to latest git snapshot * Tue Sep 08 2020 ns80 <ns80> 4.1.0-2.git20200907.1.mga8 + Revision: 1623526 - update to latest git snaphot to fix an out-of-bounds write + wally <wally> - drop unneeded gcc10 workarounds * Sat Jun 20 2020 ns80 <ns80> 4.1.0-2.git20200606.1.mga8 + Revision: 1598154 - update to latest git snapshot * Wed Jun 03 2020 ns80 <ns80> 4.1.0-2.git20200531.1.mga8 + Revision: 1589939 - update to latest git snapshot * Mon Apr 27 2020 ns80 <ns80> 4.1.0-2.git20200427.1.mga8 + Revision: 1572426 - update to latest git snapshot * Mon Apr 20 2020 ns80 <ns80> 4.1.0-2.git20200419.1.mga8 + Revision: 1569996 - update to latest git snapshot * Fri Apr 17 2020 ns80 <ns80> 4.1.0-2.git20200415.1.mga8 + Revision: 1568013 - update to latest git snapshot * Mon Apr 06 2020 ns80 <ns80> 4.1.0-2.git20200403.1.mga8 + Revision: 1565100 - update to latest git snapshot to fix several issues * Mon Mar 30 2020 ns80 <ns80> 4.1.0-2.git20200329.1.mga8 + Revision: 1562301 - fix "raw" copy of Deflate streams in tiff2pdf * Fri Mar 27 2020 ns80 <ns80> 4.1.0-2.git20200326.1.mga8 + Revision: 1561005 - update to latest git snapshot * Wed Mar 11 2020 ns80 <ns80> 4.1.0-2.git20200310.1.mga8 + Revision: 1555489 - update to latest git snapshot * Mon Mar 09 2020 ns80 <ns80> 4.1.0-2.git20200308.1.mga8 + Revision: 1555039 - update to latest git snapshot * Fri Mar 06 2020 ns80 <ns80> 4.1.0-2.git20200305.1.mga8 + Revision: 1554340 - update to latest git snapshot * Mon Mar 02 2020 ns80 <ns80> 4.1.0-2.git20200301.1.mga8 + Revision: 1552889 - update to latest git snapshot to fix a heap buffer overflow * Sat Feb 29 2020 ns80 <ns80> 4.1.0-2.git20200229.1.mga8 + Revision: 1552274 - update to latest git snapshot to fix a buffer overflow * Thu Feb 27 2020 ns80 <ns80> 4.1.0-2.git20200226.1.mga8 + Revision: 1550925 - update to latest git snapshot * Fri Feb 21 2020 umeabot <umeabot> 4.1.0-2.git20200209.2.mga8 + Revision: 1547792 - Mageia 8 Mass Rebuild * Mon Feb 10 2020 ns80 <ns80> 4.1.0-2.git20200209.1.mga8 + Revision: 1488391 - fix a heap buffer read overflow in tiff2ps * Mon Feb 03 2020 ns80 <ns80> 4.1.0-2.git20200201.1.mga8 + Revision: 1486572 - update to latest git snapshot * Tue Jan 28 2020 ns80 <ns80> 4.1.0-2.git20200127.1.mga8 + Revision: 1484293 - update to latest git snapshot + wally <wally> - replace deprecated %%configure2_5x * Tue Jan 14 2020 ns80 <ns80> 4.1.0-2.git20200112.1.mga8 + Revision: 1477862 - update to latest git snapshot to bring back support for non-conformant SLONG8 data type * Wed Nov 27 2019 ns80 <ns80> 4.1.0-2.git20191120.1.mga8 + Revision: 1463087 - update to latest git snapshot * Mon Nov 04 2019 ns80 <ns80> 4.1.0-1.mga8 + Revision: 1457539 - new version 4.1.0 * Thu Oct 24 2019 ns80 <ns80> 4.0.10-6.git20191023.1.mga8 + Revision: 1455612 - update to latest git snapshot * Tue Oct 15 2019 ns80 <ns80> 4.0.10-6.git20191003.1.mga8 + Revision: 1453656 - update to latest git snapshot * Wed Sep 18 2019 ns80 <ns80> 4.0.10-6.git20190917.1.mga8 + Revision: 1443511 - update to latest git snapshot to avoid too large memory allocation attempts * Fri Sep 06 2019 ns80 <ns80> 4.0.10-6.git20190903.1.mga8 + Revision: 1437759 - update to latest git snapshot to fix other integer overflows * Tue Sep 03 2019 ns80 <ns80> 4.0.10-6.git20190902.1.mga8 + Revision: 1436583 - update to latest git snapshot to avoid other integer overflows * Tue Aug 27 2019 ns80 <ns80> 4.0.10-6.git20190827.1.mga8 + Revision: 1434099 - update to latest git snapshot to avoid other integer overflows * Mon Aug 26 2019 ns80 <ns80> 4.0.10-6.git20190825.1.mga8 + Revision: 1432359 - update to latest git snapshot for several integer overflows * Wed Jul 10 2019 ns80 <ns80> 4.0.10-6.git20190709.1.mga8 + Revision: 1419855 - update to latest git snapshot * Thu Jul 04 2019 ns80 <ns80> 4.0.10-6.git20190629.1.mga8 + Revision: 1418380 - update to latest git snapshot * Thu May 09 2019 ns80 <ns80> 4.0.10-6.git20190508.1.mga7 + Revision: 1396937 - fix bug in fax2tiff * Tue May 07 2019 ns80 <ns80> 4.0.10-6.git20190506.1.mga7 + Revision: 1396612 - update to latest git snapshot * Fri Apr 26 2019 ns80 <ns80> 4.0.10-6.git20190425.1.mga7 + Revision: 1395555 - update to latest git snapshot for two heap buffer overflows * Mon Apr 15 2019 ns80 <ns80> 4.0.10-6.git20190411.1.mga7 + Revision: 1390648 - update to latest git snapshot * Mon Apr 08 2019 ns80 <ns80> 4.0.10-6.git20190408.1.mga7 + Revision: 1386814 - update to latest git snapshot to fix a heap buffer overflow in _TIFFmemcpy in tif_unix.c * Mon Mar 25 2019 ns80 <ns80> 4.0.10-6.git20190323.1.mga7 + Revision: 1380109 - update to latest git snapshot to avoid a potential division by zero * Mon Mar 04 2019 ns80 <ns80> 4.0.10-6.git20190228.1.mga7 + Revision: 1371384 - update to latest git snapshot * Wed Feb 20 2019 ns80 <ns80> 4.0.10-6.git20190219.1.mga7 + Revision: 1368816 - update to latest git snapshot * Mon Feb 04 2019 ns80 <ns80> 4.0.10-6.git20190202.1.mga7 + Revision: 1363044 - update to latest git snapshot to fix several security issues * Tue Jan 08 2019 ns80 <ns80> 4.0.10-5.mga7 + Revision: 1352337 - fix an error in tiff2ps * Wed Dec 26 2018 ns80 <ns80> 4.0.10-4.mga7 + Revision: 1345150 - add patches for CVE-2018-12900 and CVE-2018-19210 (mga#24053) * Mon Dec 10 2018 ns80 <ns80> 4.0.10-3.mga7 + Revision: 1339658 - add upstream patches for resource leaks and other bugs * Fri Nov 30 2018 ns80 <ns80> 4.0.10-2.mga7 + Revision: 1336852 - add upstream patches to fix a memory leak * Tue Nov 13 2018 ns80 <ns80> 4.0.10-1.mga7 + Revision: 1329741 - new version 4.0.10 * Mon Nov 05 2018 ns80 <ns80> 4.0.10-0.git20181104.1.mga7 + Revision: 1328477 - update to latest git snapshot (4.0.10 pre-release) * Wed Oct 31 2018 ns80 <ns80> 4.0.9-2.git20181030.1.mga7 + Revision: 1326921 - update to latest git snapshot for CVE-2018-18661 (mga#23788) * Thu Oct 18 2018 ns80 <ns80> 4.0.9-2.git20181018.1.mga7 + Revision: 1321980 - update to latest git snapshot * Mon Oct 15 2018 ns80 <ns80> 4.0.9-2.git20181014.1.mga7 + Revision: 1320432 - update to latest git snapshot to fix potential out-of-bounds write in JBIGDecode() * Mon Oct 08 2018 ns80 <ns80> 4.0.9-2.git20181005.1.mga7 + Revision: 1318675 - update to latest git snapshot and build with ZSTD and WEBP * Tue Sep 18 2018 ns80 <ns80> 4.0.9-2.git20180917.1.mga7 + Revision: 1260338 - update to latest git snapshot * Mon Aug 27 2018 ns80 <ns80> 4.0.9-2.git20180815.1.mga7 + Revision: 1254876 - update to latest git snapshot for issue related to CVE-2018-10779 * Sat May 12 2018 ns80 <ns80> 4.0.9-2.git20180512.2.mga7 + Revision: 1228656 - update to latest git snapshot for CVE-2018-8905 (mga#23021) * Sat May 12 2018 ns80 <ns80> 4.0.9-2.git20180512.1.mga7 + Revision: 1228576 - update to latest git snapshot for CVE-2018-10963 (mga#23021) * Tue Apr 17 2018 ns80 <ns80> 4.0.9-2.git20180417.1.mga7 + Revision: 1219615 - update to latest git snapshot for CVE-2018-7456 * Sat Mar 17 2018 ns80 <ns80> 4.0.9-2.git20180317.1.mga7 + Revision: 1210146 - update to latest git snapshot for a better fix for CVE-2017-11613 * Wed Mar 14 2018 ns80 <ns80> 4.0.9-2.git20180313.1.mga7 + Revision: 1209430 - update to latest git snapshot for CVE-2017-11613 and other issues * Mon Mar 12 2018 ns80 <ns80> 4.0.9-2.git20180310.1.mga7 + Revision: 1208434 - update to latest git snapshot * Tue Jan 30 2018 ns80 <ns80> 4.0.9-2.git20180127.1.mga7 + Revision: 1198123 - update to latest git snapshot for CVE-2017-17095 (mga#22120) * Tue Jan 02 2018 ns80 <ns80> 4.0.9-2.git20171231.1.mga7 + Revision: 1189355 - update to latest git snapshot for CVE-2017-9935, CVE-2017-18013 and other security issues * Wed Nov 22 2017 ns80 <ns80> 4.0.9-1.mga7 + Revision: 1178831 - new version 4.0.9 * Fri Nov 03 2017 wally <wally> 4.0.8-10.cvs20171102.1.mga7 + Revision: 1175692 - add snapshot date to release tag * Fri Nov 03 2017 ns80 <ns80> 4.0.8-9.mga7 + Revision: 1175660 - update to latest CVS snapshot for a partial response to CVE-2017-16232 * Mon Oct 30 2017 ns80 <ns80> 4.0.8-8.mga7 + Revision: 1174945 - update to latest CVS snapshot to fix several potential security issues * Fri Sep 15 2017 ns80 <ns80> 4.0.8-7.mga7 + Revision: 1154199 - update to latest CVS snapshot * Tue Sep 05 2017 ns80 <ns80> 4.0.8-6.mga7 + Revision: 1151347 - update to latest CVS snapshot * Thu Aug 24 2017 ns80 <ns80> 4.0.8-5.mga7 + Revision: 1147213 - update to latest CVS snapshot to fix two remotely exploitable crashes * Tue Aug 22 2017 ns80 <ns80> 4.0.8-4.mga7 + Revision: 1142893 - update to latest CVS snapshot * Fri Jul 07 2017 ns80 <ns80> 4.0.8-3.mga6 + Revision: 1109432 - update to latest CVS snapshot to fix CVE-2017-9936 and CVE-2017-10688 (mga#21195) * Fri Jun 02 2017 ns80 <ns80> 4.0.8-2.mga6 + Revision: 1105783 - add upstream patches for bug fixes and an unfixed remaining portion of CVE-2014-8128 (mga#20057) * Mon May 22 2017 ns80 <ns80> 4.0.8-1.mga6 + Revision: 1104031 - new version 4.0.8 * Thu May 18 2017 ns80 <ns80> 4.0.7-8.mga6 + Revision: 1102972 - update to latest CVS snapshot to fix several security problems * Mon May 15 2017 ns80 <ns80> 4.0.7-7.mga6 + Revision: 1101700 - update to latest CVS snapshot to fix several security problems * Thu May 11 2017 ns80 <ns80> 4.0.7-6.mga6 + Revision: 1100239 - update to latest CVS snapshot to fix some problems related to memory management * Tue May 02 2017 ns80 <ns80> 4.0.7-5.mga6 + Revision: 1098415 - update to latest CVS snapshot to fix some memory leaks * Fri Apr 28 2017 ns80 <ns80> 4.0.7-4.mga6 + Revision: 1097876 - update to latest CVS snapshot that fixes some memory leaks and crashes * Wed Apr 05 2017 ns80 <ns80> 4.0.7-3.mga6 + Revision: 1095955 - update to latest CVS snapshot to fix memory leaks * Fri Jan 27 2017 ns80 <ns80> 4.0.7-2.mga6 + Revision: 1083570 - update to latest CVS snapshot for CVE-2016-1009[2-4], CVE-2017-5225 and other security bugs * Mon Nov 21 2016 ns80 <ns80> 4.0.7-1.mga6 + Revision: 1068539 - new version 4.0.7 * Fri Nov 18 2016 ns80 <ns80> 4.0.6-11.mga6 + Revision: 1068287 - fix an out-of-bounds Write memcpy and less bound check in tiff2pdf (mga#19813) * Fri Nov 18 2016 ns80 <ns80> 4.0.6-10.mga6 + Revision: 1068153 - fix a regression introduced by the fix for CVE-2016-9297 * Mon Nov 14 2016 ns80 <ns80> 4.0.6-9.mga6 + Revision: 1067194 - update to latest CVS commit to fix CVE-2016-9273 and CVE-2016-9297 (mga#19758) * Fri Nov 04 2016 ns80 <ns80> 4.0.6-8.mga6 + Revision: 1065252 - update to 2016-10-31 CVS commit to fix potential buffer overflows * Mon Oct 31 2016 ns80 <ns80> 4.0.6-7.mga6 + Revision: 1064268 - update to 2016-10-26 CVS commit to fix: * an out-of-bound read on some tiled images * CVE-2014-8127 (duplicate: CVE-2016-3658) * segfault when specifying -r without argument (fax2tiff) * Fri Oct 21 2016 ns80 <ns80> 4.0.6-6.mga6 + Revision: 1062886 - update to 2016-10-14 CVS commit to fix an out-of-bound read of up to 3 bytes in readContigTilesIntoBuffer() * Fri Oct 14 2016 ns80 <ns80> 4.0.6-5.mga6 + Revision: 1060739 - update to 2016-10-09 CVS commit for CVE-2016-5652 and 3 other security issues * Wed Oct 05 2016 ns80 <ns80> 4.0.6-4.mga6 + Revision: 1058902 - address a long list of CVEs (mga#17480): * update to latest CVS commit for CVE-2015-8668, CVE-2016-3186 (gif2tiff tool is not provided anymore), CVE-2016-3622, CVE-2016-3623, CVE-2016-3632, CVE-2016-3945, CVE-2016-3990, CVE-2016-3991, CVE-2016-5314, CVE-2016-5315, CVE-2016-5316, CVE-2016-5317, CVE-2016-5320, CVE-2016-5321, CVE-2016-5322, CVE-2016-5323, CVE-2016-5875, CVE-2016-6223 * add a patch from Redhat for CVE-2015-7554 (partial solution, it seems) - some programs are not provided anymore (package libtiff-progs): bmp2tiff, gif2tiff, ras2tiff, rgb2ycbcr and thumbnail * Tue Jan 12 2016 luigiwalser <luigiwalser> 4.0.6-3.mga6 + Revision: 922129 - add patch suggested upstream (maptools#2499) - fixes remaining CVE-2014-8128 issue unfixed upstream * Tue Dec 29 2015 luigiwalser <luigiwalser> 4.0.6-2.mga6 + Revision: 916815 - sync with upstream cvs 20151227, fixes mga#15519, CVE-2015-8665, CVE-2015-8683 * Thu Dec 24 2015 luigiwalser <luigiwalser> 4.0.6-1.mga6 + Revision: 914393 - 4.0.6 * Fri Sep 04 2015 luigiwalser <luigiwalser> 4.0.5-1.mga6 + Revision: 872826 - 4.0.5 * Thu Jul 09 2015 luigiwalser <luigiwalser> 4.0.4-1.mga6 + Revision: 853121 - 4.0.4 (final) - remove opensuse patches (security issues they fixed and regressions they caused were fixed upstream) * Wed Mar 18 2015 luigiwalser <luigiwalser> 4.0.4-0.1.mga5 + Revision: 818759 - 4.0.4beta (fully fixes CVE-2014-8127) - remove upstream patches * Mon Mar 09 2015 luigiwalser <luigiwalser> 4.0.3-11.mga5 + Revision: 818271 - add patches from OpenSuSE to fix: - CVE-2014-812[7-9], CVE-2014-8130, CVE-2014-9655, and CVE-2015-1547 * Wed Oct 15 2014 umeabot <umeabot> 4.0.3-10.mga5 + Revision: 742880 - Second Mageia 5 Mass Rebuild * Tue Sep 16 2014 umeabot <umeabot> 4.0.3-9.mga5 + Revision: 681812 - Mageia 5 Mass Rebuild * Sun Oct 20 2013 umeabot <umeabot> 4.0.3-8.mga4 + Revision: 536718 - Mageia 4 Mass Rebuild * Tue Sep 24 2013 luigiwalser <luigiwalser> 4.0.3-7.mga4 + Revision: 485465 - add patch from opensuse to fix CVE-2013-4243 * Wed Aug 28 2013 luigiwalser <luigiwalser> 4.0.3-6.mga4 + Revision: 472649 - add patch from debian to fix CVE-2013-4244 * Mon Aug 19 2013 luigiwalser <luigiwalser> 4.0.3-5.mga4 + Revision: 467997 - add patches from fedora to fix CVE-2013-4231 and CVE-2013-4232 * Fri May 03 2013 luigiwalser <luigiwalser> 4.0.3-4.mga3 + Revision: 412150 - add patches from fedora to fix CVE-2013-1960 and CVE-2013-1961 * Sat Jan 12 2013 umeabot <umeabot> 4.0.3-3.mga3 + Revision: 358249 - Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild + boklm <boklm> - Update group: Graphics/Other -> Graphics/Utilities * Thu Nov 15 2012 luigiwalser <luigiwalser> 4.0.3-2.mga3 + Revision: 318232 - add patch from redhat to fix CVE-2012-4564 * Tue Oct 23 2012 luigiwalser <luigiwalser> 4.0.3-1.mga3 + Revision: 309517 - 4.0.3 - patch raw_decode test to work with libjpeg-turbo * Tue Oct 23 2012 luigiwalser <luigiwalser> 4.0.2-3.mga3 + Revision: 309490 - revert to 4.0.2 - add patch from debian to fix CVE-2012-4447 - 4.0.3 + fwang <fwang> - use ld_library_path * Thu Jul 19 2012 luigiwalser <luigiwalser> 4.0.2-2.mga3 + Revision: 272692 - fix CVE-2012-3401 (from RedHat) * Tue Jul 03 2012 luigiwalser <luigiwalser> 4.0.2-1.mga3 + Revision: 267040 - 4.0.2 (fixes CVE-2012-2113) * Thu Apr 05 2012 luigiwalser <luigiwalser> 4.0.1-2.mga2 + Revision: 228674 - fix CVE-2012-1173 (from mdv) * Sun Feb 19 2012 fwang <fwang> 4.0.1-1.mga2 + Revision: 210744 - enable ld version script - new version 4.0.1 * Thu Dec 22 2011 fwang <fwang> 4.0.0-1.mga2 + Revision: 186081 - new version 4.0.0 * Fri Sep 23 2011 fwang <fwang> 3.9.5-1.mga2 + Revision: 146947 - switch to freeglut * Wed Apr 20 2011 pterjan <pterjan> 3.9.5-1.mga1 + Revision: 88881 - Update to 3.9.5 * Tue Jan 11 2011 pterjan <pterjan> 3.9.4-3.mga1 + Revision: 5548 - Drop obsolete scriptlets - imported package libtiff * Thu Sep 30 2010 Oden Eriksson <oeriksson@mandriva.com> 3.9.4-3mdv2011.0 + Revision: 582193 - sync with MDVSA-2010:190 * Fri Aug 06 2010 Oden Eriksson <oeriksson@mandriva.com> 3.9.4-2mdv2011.0 + Revision: 567027 - P2: security fix for CVE-2010-2595 - P3: security fix for CVE-2010-2483 - P4: security fix for CVE-2010-2597 - P5: http://bugzilla.maptools.org/show_bug.cgi?id=2218 (tiffdump crashes on unreasonably large dircount) - P6: security fix for CVE-2010-2233 - P7: http://bugzilla.maptools.org/show_bug.cgi?id=2210 (additional fixes for CVE-2010-2481) - P8: security fix for CVE-2010-2482 * Mon Jul 12 2010 Oden Eriksson <oeriksson@mandriva.com> 3.9.4-1mdv2011.0 + Revision: 551257 - 3.9.4 * Sun Jan 10 2010 Oden Eriksson <oeriksson@mandriva.com> 3.9.2-2mdv2010.1 + Revision: 488784 - rebuilt against libjpeg v8 * Fri Nov 06 2009 Oden Eriksson <oeriksson@mandriva.com> 3.9.2-1mdv2010.1 + Revision: 461145 - 3.9.2 - the format string patch (P0) was applied upstream * Fri Oct 02 2009 Oden Eriksson <oeriksson@mandriva.com> 3.9.1-4mdv2010.0 + Revision: 452663 - fix #54150 (SPEC file contains wrong project URL) * Sun Aug 30 2009 Oden Eriksson <oeriksson@mandriva.com> 3.9.1-3mdv2010.0 + Revision: 422565 - fix obsoletes (anssi) * Sun Aug 30 2009 Oden Eriksson <oeriksson@mandriva.com> 3.9.1-2mdv2010.0 + Revision: 422558 - the devel package obsoletes itself (anssi) * Sun Aug 30 2009 Oden Eriksson <oeriksson@mandriva.com> 3.9.1-1mdv2010.0 + Revision: 422431 - 3.9.1 - drop all patches implemented upstream - rediffed the string format patch - fix cleaner docs - cleanup the spec file a bit * Sat Aug 15 2009 Oden Eriksson <oeriksson@mandriva.com> 3.8.2-16mdv2010.0 + Revision: 416523 - rebuilt against libjpeg v7 * Tue Jul 14 2009 Oden Eriksson <oeriksson@mandriva.com> 3.8.2-15mdv2010.0 + Revision: 395912 - P6: security fix for CVE-2009-2285 (redhat) - P7: security fix for CVE-2009-2347 (redhat) * Mon May 11 2009 Oden Eriksson <oeriksson@mandriva.com> 3.8.2-14mdv2010.0 + Revision: 374654 - fix #50788 (tiff2pdf ignores JPEG compression quality) - fix build * Thu Dec 18 2008 Oden Eriksson <oeriksson@mandriva.com> 3.8.2-13mdv2009.1 + Revision: 315623 - use LDFLAGS from the %%configure macro - use %%optflags - fix build with -Werror=format-security (P4) * Fri Sep 05 2008 Oden Eriksson <oeriksson@mandriva.com> 3.8.2-12mdv2009.0 + Revision: 281203 - P3: security fix for CVE-2008-2327 * Tue Jun 17 2008 Thierry Vignaud <tv@mandriva.org> 3.8.2-11mdv2009.0 + Revision: 223011 - rebuild + Pixel <pixel@mandriva.com> - do not call ldconfig in %%post/%%postun, it is now handled by filetriggers - adapt to %%_localstatedir now being /var instead of /var/lib (#22312) * Tue Mar 04 2008 Oden Eriksson <oeriksson@mandriva.com> 3.8.2-10mdv2008.1 + Revision: 178953 - rebuild + Thierry Vignaud <tv@mandriva.org> - rebuild - kill re-definition of %%buildroot on Pixel's request + Olivier Blin <oblin@mandriva.com> - restore BuildRoot * Tue Oct 31 2006 Oden Eriksson <oeriksson@mandriva.com> 3.8.2-8mdv2007.0 + Revision: 74790 - rebuild - bzip2 cleanup - rebuild - bunzip patches - Import libtiff * Thu Sep 07 2006 Stew Benedict <sbenedict@mandriva.com> 3.8.2-5mdv2007.0 - fix %%files in -devel so we don't provide %%{multiarch_includedir} * Wed Aug 02 2006 Stew Benedict <sbenedict@mandriva.com> 3.8.2-4mdv2007.0 - P2: security fix for CVE-2006-3459-thru-3465 - rpmlint * Fri Jun 16 2006 Stew Benedict <sbenedict@mandriva.com> 3.8.2-3mdv2007.0 - P1: security fix for CVE-2006-2193 * Wed Jun 07 2006 Stew Benedict <sbenedict@mandriva.com> 3.8.2-2mdv2007.0 - P0: security fix for CVE-2006-2656 * Wed Apr 19 2006 Stew Benedict <sbenedict@mandriva.com> 3.8.2-1mdk - 3.8.2 * Thu Mar 16 2006 Olivier Blin <oblin@mandriva.com> 3.6.1-14mdk - from Vincent Danen: security fix for CVE-2005-1544 (P105) * Sun Jan 01 2006 Mandriva Linux Team <http://www.mandrivaexpert.com/> 3.6.1-13mdk - Rebuild * Fri Aug 19 2005 Olivier Blin <oblin@mandriva.com> 3.6.1-12mdk - from Stew Benedict: security update for CAN-2005-2452 (P104) * Wed Mar 23 2005 Olivier Blin <oblin@mandrakesoft.com> 3.6.1-11mdk - Patch8: fix man page about tiffsplit filename range (CVS, #12071) * Tue Mar 22 2005 Olivier Blin <oblin@mandrakesoft.com> 3.6.1-10mdk - update Patch103: do not abort if an unknown tag is found (#13125) * Thu Mar 10 2005 Christiaan Welvaart <cjw@daneel.dyndns.org> 3.6.1-9mdk - build fix: do not pass cflags to make * Mon Feb 28 2005 Gwenole Beauchesne <gbeauchesne@mandrakesoft.com> 3.6.1-8mdk - cross-endian multiarch fixes * Tue Jan 25 2005 Frederic Lepied <flepied@mandrakesoft.com> 3.6.1-7mdk - parallel build - really fix MDKSA-2005:001 * Tue Jan 25 2005 Michael Scherer <misc@mandrake.org> 3.6.1-6mdk - security fix ( patch #102 ) * Wed Oct 27 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 3.6.1-5mdk - added security fixes for buffer and integer overflows (P100 & P101) * Fri Oct 08 2004 Olivier Blin <blino@mandrake.org> 3.6.1-4mdk - fix Hylafax decoding, see : http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=500 * Mon Sep 13 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 3.6.1-3mdk - add missing headers - misc spec file fixes * Fri May 28 2004 Buchan Milne <bgmilne@linux-mandrake.com> 3.6.1-2mdk - Merge back changes I clobbered - rediff P0,P1,P4 * Sat May 15 2004 Buchan Milne <bgmilne@linux-mandrake.com> 3.6.1-1mdk - 3.6.1