automatic version update by autodist [release 4.0.3-1mamba;Sat Oct 13 2012]

README.md

@@ -1,2 +1,5 @@
 # libtiff
 
+The libtiff package contains a library of functions for manipulating TIFF format image files. TIFF is a widely used file format for bittmapped images.
+TISFF files usually ends in the .tif extension and they are often quite large.
+

libtiff-3.8.2-cve_2006_2193.patch

@@ -0,0 +1,18 @@
+  * SECURITY UPDATE: Arbitrary command execution with crafted TIF files.
+  * Add debian/patches/tiff2pdf-octal-printf.patch:
+    - tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal
+      signed char (it printed a signed integer, which overflow the buffer and
+      was wrong anyway).
+    - CVE-2006-2193
+
+--- tiff-3.8.2/tools/tiff2pdf.c	2006-03-21 17:42:51.000000000 +0100
++++ tiff-3.8.2/tools/tiff2pdf.c.fix	2006-06-15 17:00:23.000000000 +0200
+@@ -3668,7 +3668,7 @@
+ 	written += TIFFWriteFile(output, (tdata_t) "(", 1);
+ 	for (i=0;i<len;i++){
+ 		if((pdfstr[i]&0x80) || (pdfstr[i]==127) || (pdfstr[i]<32)){
+-			sprintf(buffer, "\\%.3o", pdfstr[i]);
++			sprintf(buffer, "\\%.3hho", pdfstr[i]);
+ 			written += TIFFWriteFile(output, (tdata_t) buffer, 4);
+ 		} else {
+ 			switch (pdfstr[i]){

libtiff-3.8.2-tiffsplit_overflow.patch

@@ -0,0 +1,22 @@
+--- tiff-3.8.2/tools/tiffsplit.c	2005-12-07 10:48:33.000000000 +0100
++++ /tmp/tiffsplit.c	2006-06-07 16:33:25.000000000 +0200
+@@ -60,14 +60,16 @@
+ 		fprintf(stderr, "usage: tiffsplit input.tif [prefix]\n");
+ 		return (-3);
+ 	}
+-	if (argc > 2)
+-		strcpy(fname, argv[2]);
++	if (argc > 2) {
++		strncpy(fname, argv[2], 1024);
++		fname[1024] = '\0';
++	}
+ 	in = TIFFOpen(argv[1], "r");
+ 	if (in != NULL) {
+ 		do {
+ 			char path[1024+1];
+ 			newfilename();
+-			strcpy(path, fname);
++			strncpy(path, fname, 1020);
+ 			strcat(path, ".tif");
+ 			out = TIFFOpen(path, TIFFIsBigEndian(in)?"wb":"wl");
+ 			if (out == NULL)

libtiff.spec

@@ -0,0 +1,220 @@
+Name:          libtiff
+Version:       4.0.3
+Release:       1mamba
+Summary:       A library of functions for manipulating TIFF format image files
+Group:         System/Libraries
+Vendor:        openmamba
+Distribution:  openmamba
+Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
+URL:           http://www.libtiff.org/
+Source:        ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
+Patch0:        %{name}-3.8.2-tiffsplit_overflow.patch
+Patch1:        %{name}-3.8.2-cve_2006_2193.patch
+License:       BSD
+## AUTOBUILDREQ-BEGIN
+BuildRequires: glibc-devel
+BuildRequires: libe2fs-devel
+BuildRequires: libgcc
+BuildRequires: libjpeg-devel
+BuildRequires: libstdc++6-devel
+%if "%{stage1}" != "1"
+BuildRequires: libGL-devel
+BuildRequires: libGLU-devel
+BuildRequires: libGLUT-devel
+BuildRequires: libICE-devel
+BuildRequires: libSM-devel
+BuildRequires: libX11-devel
+BuildRequires: libXau-devel
+BuildRequires: libxcb-devel
+BuildRequires: libXdmcp-devel
+BuildRequires: libXext-devel
+BuildRequires: libXi-devel
+BuildRequires: libXmu-devel
+BuildRequires: libXt-devel
+%endif
+BuildRequires: libuuid-devel
+BuildRequires: libz-devel
+## AUTOBUILDREQ-END
+BuildRoot:     %{_tmppath}/%{name}-%{version}-root
+
+%debug_package
+
+%description
+The libtiff package contains a library of functions for manipulating TIFF format image files. TIFF is a widely used file format for bittmapped images. 
+TISFF files usually ends in the .tif extension and they are often quite large.
+
+%package devel
+Summary:       Development tools for programs which will use the libtiff library
+Group:         Development/Libraries
+Requires:      %{name} = %{version}-%{release}
+
+%description devel
+This package contains the header files and .so libraries for developing programs which will manipulate TIFF format image files using the libtiff library.
+
+%package doc
+Summary:       libtiff documentation in HTML format
+Group:         Documentation
+Requires:      %{name} = %{version}-%{release}
+
+%description doc
+This package contains the libtiff documentation.
+
+%package -n tiffgt
+Summary:       Displays an image stored in a TIFF file
+Group:         Graphical Desktop/Applications/Graphics
+Requires:      %{name} = %{version}-%{release}
+
+%description -n tiffgt
+Displays an image stored in a TIFF file.
+
+%package -n tiff-utils
+Summary:       Command line tools for tiff files manipulation
+Group:         System/Tools
+Requires:      %{name} = %{version}-%{release}
+
+%description -n tiff-utils
+Command line tools for tiff files manipulation.
+
+%prep
+%setup -q -n tiff-%{version}
+#%patch0 -p1 -b .cve_2006_2656
+#%patch1 -p1 -b .cve_2006_2193
+
+%build
+%configure \
+   --enable-old-jpeg
+%make
+
+%install
+[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
+# note do NOT enable the `OJPEG_SUPPORT' flag: it's unsecure
+# see CAN-2004-0929
+%makeinstall
+
+# remove unneeded stuff
+rm -f %{buildroot}%{_datadir}/doc/tiff-%{version}/{VERSION,RELEASE-DATE}
+rm -f %{buildroot}%{_datadir}/doc/tiff-%{version}/README
+
+%if "%{stage1}" == "1"
+rm -f %{buildroot}%{_mandir}/man1/tiffgt.*
+%endif
+
+%clean
+[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
+
+%post -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
+
+%files
+%defattr(-,root,root)
+%{_libdir}/*.so.*
+%doc COPYRIGHT
+
+%files devel
+%defattr(-,root,root)
+%{_includedir}/*
+%{_libdir}/*.a
+%{_libdir}/*.la
+%{_libdir}/*.so
+%{_mandir}/man3/*
+%{_libdir}/pkgconfig/libtiff-4.pc
+%doc TODO README
+
+%files doc
+%defattr(-,root,root)
+%dir %{_datadir}/doc/tiff-%{version}
+%{_datadir}/doc/tiff-%{version}/*
+
+%files -n tiff-utils
+%defattr(-,root,root)
+%{_bindir}/*2tiff
+%{_bindir}/tiff2*
+%{_bindir}/thumbnail
+%{_bindir}/tiffcp
+%{_bindir}/tiffcrop
+%{_bindir}/tiffset
+%{_bindir}/fax2ps
+%{_bindir}/pal2rgb
+%{_bindir}/tiffdither
+%{_bindir}/tiffinfo
+%{_bindir}/tiffsplit
+%{_bindir}/rgb2ycbcr
+%{_bindir}/tiffcmp
+%{_bindir}/tiffdump
+%{_bindir}/tiffmedian
+%if "%{stage1}" != "1"
+%exclude %{_mandir}/man1/tiffgt.*
+%endif
+%{_mandir}/man1/*
+
+%if "%{stage1}" != "1"
+%files -n tiffgt
+%defattr(-,root,root)
+%{_bindir}/tiffgt
+%{_mandir}/man1/tiffgt.*
+%endif
+
+%changelog
+* Sat Oct 13 2012 Automatic Build System <autodist@mambasoft.it> 4.0.3-1mamba
+- automatic version update by autodist
+
+* Fri Aug 10 2012 Automatic Build System <autodist@mambasoft.it> 4.0.2-1mamba
+- automatic version update by autodist
+
+* Wed Apr 11 2012 Automatic Build System <autodist@mambasoft.it> 4.0.1-1mamba
+- automatic version update by autodist
+
+* Fri Feb 11 2011 Silvan Calarco <silvan.calarco@mambasoft.it> 3.9.4-1mamba
+- update to 3.9.4
+- added debug package
+
+* Fri Jul 02 2010 Silvan Calarco <silvan.calarco@mambasoft.it> 3.9.2-2mamba
+- rebuilt with libjpeg 8
+
+* Sat Nov 21 2009 Automatic Build System <autodist@mambasoft.it> 3.9.2-1mamba
+- automatic update by autodist
+
+* Sat Jun 13 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 3.8.2-6mamba
+- rebuilt (remove dep on libxcb-xlib)
+- enable old jpeg support
+
+* Sun May 18 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 3.8.2-5mamba
+- specfile updated
+
+* Thu Jun 15 2006 Davide Madrisan <davide.madrisan@qilinux.it> 3.8.2-4qilnx
+- security update: CVE-2006-2193 (qibug#185)
+
+* Wed Jun 07 2006 Davide Madrisan <davide.madrisan@qilinux.it> 3.8.2-3qilnx
+- security update CVE-2006-2656 (qibug#180)
+
+* Tue May 09 2006 Davide Madrisan <davide.madrisan@qilinux.it> 3.8.2-2qilnx
+- rebuilt
+
+* Tue May 09 2006 Davide Madrisan <davide.madrisan@qilinux.it> 3.8.2-1qilnx
+- update to version 3.8.2 by autospec
+
+* Mon Sep 26 2005 Silvan Calarco <silvan.calarco@mambasoft.it> 3.7.4-1qilnx
+- update to version 3.7.4 by autospec
+
+* Mon May 16 2005 Davide Madrisan <davide.madrisan@qilinux.it> 3.7.2-1qilnx
+- update to version 3.7.2 by autospec
+- security patch for CAN-2004-1183 removed (already merged)
+- fixed security issue:
+  http://bugzilla.remotesensing.org/show_bug.cgi?id=843
+
+* Fri Jan 28 2005 Davide Madrisan <davide.madrisan@qilinux.it> 3.7.1-3qilnx
+- security fix QSA-2005-010 (CAN-2004-1183)
+
+* Thu Dec 23 2004 Davide Madrisan <davide.madrisan@qilinux.it> 3.7.1-2qilnx
+- added missing %%post, %%postun scripts
+
+* Thu Dec 23 2004 Davide Madrisan <davide.madrisan@qilinux.it> 3.7.1-1qilnx
+- update to version 3.7.1 by autospec
+- also solve security issues QSA-2004-069 (CAN-2004-[0803,0804,0886,1308])
+  note: old package was not affected by CAN-2004-0929
+- specfile cleanups
+- fixed package groups
+- added doc subpackage
+
+* Mon Jun 09 2003 Alessandro Ramazzina <alessandro.ramazzina@qinet.it> 3.5.7-1qilnx
+- creation of tiff package