From 40330b341286b5d1c0537d227088e3aa51a05f70 Mon Sep 17 00:00:00 2001 From: Silvan Calarco Date: Sat, 6 Jan 2024 05:55:28 +0100 Subject: [PATCH] update to 4.4.0 [release 4.4.0-1mamba;Sat May 28 2022] --- README.md | 3 + libtiff-3.8.2-cve_2006_2193.patch | 18 ++ libtiff-3.8.2-tiffsplit_overflow.patch | 22 +++ libtiff5.spec | 236 +++++++++++++++++++++++++ 4 files changed, 279 insertions(+) create mode 100644 libtiff-3.8.2-cve_2006_2193.patch create mode 100644 libtiff-3.8.2-tiffsplit_overflow.patch create mode 100644 libtiff5.spec diff --git a/README.md b/README.md index 1cf438d..cc14afa 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,5 @@ # libtiff5 +The libtiff package contains a library of functions for manipulating TIFF format image files. TIFF is a widely used file format for bittmapped images. +TISFF files usually ends in the .tif extension and they are often quite large. + diff --git a/libtiff-3.8.2-cve_2006_2193.patch b/libtiff-3.8.2-cve_2006_2193.patch new file mode 100644 index 0000000..a11c5fc --- /dev/null +++ b/libtiff-3.8.2-cve_2006_2193.patch @@ -0,0 +1,18 @@ + * SECURITY UPDATE: Arbitrary command execution with crafted TIF files. + * Add debian/patches/tiff2pdf-octal-printf.patch: + - tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal + signed char (it printed a signed integer, which overflow the buffer and + was wrong anyway). + - CVE-2006-2193 + +--- tiff-3.8.2/tools/tiff2pdf.c 2006-03-21 17:42:51.000000000 +0100 ++++ tiff-3.8.2/tools/tiff2pdf.c.fix 2006-06-15 17:00:23.000000000 +0200 +@@ -3668,7 +3668,7 @@ + written += TIFFWriteFile(output, (tdata_t) "(", 1); + for (i=0;i 2) +- strcpy(fname, argv[2]); ++ if (argc > 2) { ++ strncpy(fname, argv[2], 1024); ++ fname[1024] = '\0'; ++ } + in = TIFFOpen(argv[1], "r"); + if (in != NULL) { + do { + char path[1024+1]; + newfilename(); +- strcpy(path, fname); ++ strncpy(path, fname, 1020); + strcat(path, ".tif"); + out = TIFFOpen(path, TIFFIsBigEndian(in)?"wb":"wl"); + if (out == NULL) diff --git a/libtiff5.spec b/libtiff5.spec new file mode 100644 index 0000000..2decf1d --- /dev/null +++ b/libtiff5.spec @@ -0,0 +1,236 @@ +Name: libtiff5 +Version: 4.4.0 +Release: 1mamba +Summary: A library of functions for manipulating TIFF format image files +Group: System/Libraries +Vendor: openmamba +Distribution: openmamba +Packager: Silvan Calarco +URL: http://www.libtiff.org/ +Source: http://download.osgeo.org/libtiff/tiff-%{version}.tar.gz +Patch0: libtiff-3.8.2-tiffsplit_overflow.patch +Patch1: libtiff-3.8.2-cve_2006_2193.patch +License: BSD +## AUTOBUILDREQ-BEGIN +BuildRequires: glibc-devel +BuildRequires: libGLU-devel +BuildRequires: libICE-devel +BuildRequires: libSM-devel +BuildRequires: libXi-devel +BuildRequires: libfreeglut-devel +BuildRequires: libgcc +BuildRequires: libglvnd-devel +BuildRequires: libjbig-devel +BuildRequires: libjpeg-devel +BuildRequires: liblzma-devel +BuildRequires: libstdc++6-devel +BuildRequires: libwebp-devel +BuildRequires: libz-devel +BuildRequires: libzstd-devel +## AUTOBUILDREQ-END + +%description +The libtiff package contains a library of functions for manipulating TIFF format image files. TIFF is a widely used file format for bittmapped images. +TISFF files usually ends in the .tif extension and they are often quite large. + +%package devel +Summary: Development tools for programs which will use the libtiff library +Group: Development/Libraries +Requires: %{name} = %{?epoch:%epoch:}%{version}-%{release} + +%description devel +This package contains the header files and .so libraries for developing programs which will manipulate TIFF format image files using the libtiff library. + +%package doc +Summary: libtiff documentation in HTML format +Group: Documentation +Requires: %{name} = %{?epoch:%epoch:}%{version}-%{release} + +%description doc +This package contains the libtiff documentation. + +%package -n tiff5gt +Summary: Displays an image stored in a TIFF file +Group: Graphical Desktop/Applications/Graphics +Requires: %{name} = %{?epoch:%epoch:}%{version}-%{release} + +%description -n tiff5gt +Displays an image stored in a TIFF file. + +%package -n tiff5-utils +Summary: Command line tools for tiff files manipulation +Group: System/Tools +Requires: %{name} = %{?epoch:%epoch:}%{version}-%{release} + +%description -n tiff5-utils +Command line tools for tiff files manipulation. + +%debug_package + +%prep +%setup -q -n tiff-%{version} +#%patch0 -p1 -b .cve_2006_2656 +#%patch1 -p1 -b .cve_2006_2193 + +%build +%configure \ + --enable-old-jpeg + +%make + +%install +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" +# note do NOT enable the `OJPEG_SUPPORT' flag: it's unsecure +# see CAN-2004-0929 +%makeinstall + +# remove unneeded stuff +rm -f %{buildroot}%{_datadir}/doc/tiff-%{version}/{VERSION,RELEASE-DATE} +rm -f %{buildroot}%{_datadir}/doc/tiff-%{version}/README + +%if "%{stage1}" == "1" +rm -f %{buildroot}%{_mandir}/man1/tiffgt.* +%endif + +%clean +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + +%files +%defattr(-,root,root) +%{_libdir}/libtiff*.so.* +%doc COPYRIGHT + +%files devel +%defattr(-,root,root) +%{_includedir}/* +%{_libdir}/libtiff*.a +%{_libdir}/libtiff*.so +%{_mandir}/man3/* +%{_libdir}/pkgconfig/libtiff-4.pc +%doc TODO + +%files doc +%defattr(-,root,root) +%dir %{_datadir}/doc/tiff-%{version} +%{_datadir}/doc/tiff-%{version}/* + +%files -n tiff5-utils +%defattr(-,root,root) +%{_bindir}/*2tiff +%{_bindir}/tiff2* +#%{_bindir}/thumbnail +%{_bindir}/tiffcp +%{_bindir}/tiffcrop +%{_bindir}/tiffset +%{_bindir}/fax2ps +%{_bindir}/pal2rgb +%{_bindir}/tiffdither +%{_bindir}/tiffinfo +%{_bindir}/tiffsplit +#%{_bindir}/rgb2ycbcr +%{_bindir}/tiffcmp +%{_bindir}/tiffdump +%{_bindir}/tiffmedian +%if "%{stage1}" != "1" +%exclude %{_mandir}/man1/tiffgt.* +%endif +%{_mandir}/man1/* + +%if "%{stage1}" != "1" +%files -n tiff5gt +%defattr(-,root,root) +%{_bindir}/tiffgt +%{_mandir}/man1/tiffgt.* +%endif + +%changelog +* Sat May 28 2022 Silvan Calarco 4.4.0-1mamba +- update to 4.4.0 + +* Fri Apr 23 2021 Automatic Build System 4.3.0-1mamba +- automatic version update by autodist + +* Sat Jan 23 2021 Automatic Build System 4.2.0-1mamba +- automatic version update by autodist + +* Tue Nov 12 2019 Automatic Build System 4.1.0-1mamba +- automatic version update by autodist + +* Tue Nov 20 2018 Automatic Build System 4.0.10-1mamba +- automatic version update by autodist + +* Wed Mar 21 2018 Silvan Calarco 4.0.9-1mamba +- update to 4.0.9 + +* Thu Oct 22 2015 Automatic Build System 4.0.6-1mamba +- automatic version update by autodist + +* Mon Jul 13 2015 Automatic Build System 4.0.4-1mamba +- automatic version update by autodist + +* Sat Oct 13 2012 Automatic Build System 4.0.3-1mamba +- automatic version update by autodist + +* Fri Aug 10 2012 Automatic Build System 4.0.2-1mamba +- automatic version update by autodist + +* Wed Apr 11 2012 Automatic Build System 4.0.1-1mamba +- automatic version update by autodist + +* Fri Feb 11 2011 Silvan Calarco 3.9.4-1mamba +- update to 3.9.4 +- added debug package + +* Fri Jul 02 2010 Silvan Calarco 3.9.2-2mamba +- rebuilt with libjpeg 8 + +* Sat Nov 21 2009 Automatic Build System 3.9.2-1mamba +- automatic update by autodist + +* Sat Jun 13 2009 Silvan Calarco 3.8.2-6mamba +- rebuilt (remove dep on libxcb-xlib) +- enable old jpeg support + +* Sun May 18 2008 Silvan Calarco 3.8.2-5mamba +- specfile updated + +* Thu Jun 15 2006 Davide Madrisan 3.8.2-4qilnx +- security update: CVE-2006-2193 (qibug#185) + +* Wed Jun 07 2006 Davide Madrisan 3.8.2-3qilnx +- security update CVE-2006-2656 (qibug#180) + +* Tue May 09 2006 Davide Madrisan 3.8.2-2qilnx +- rebuilt + +* Tue May 09 2006 Davide Madrisan 3.8.2-1qilnx +- update to version 3.8.2 by autospec + +* Mon Sep 26 2005 Silvan Calarco 3.7.4-1qilnx +- update to version 3.7.4 by autospec + +* Mon May 16 2005 Davide Madrisan 3.7.2-1qilnx +- update to version 3.7.2 by autospec +- security patch for CAN-2004-1183 removed (already merged) +- fixed security issue: + http://bugzilla.remotesensing.org/show_bug.cgi?id=843 + +* Fri Jan 28 2005 Davide Madrisan 3.7.1-3qilnx +- security fix QSA-2005-010 (CAN-2004-1183) + +* Thu Dec 23 2004 Davide Madrisan 3.7.1-2qilnx +- added missing %%post, %%postun scripts + +* Thu Dec 23 2004 Davide Madrisan 3.7.1-1qilnx +- update to version 3.7.1 by autospec +- also solve security issues QSA-2004-069 (CAN-2004-[0803,0804,0886,1308]) + note: old package was not affected by CAN-2004-0929 +- specfile cleanups +- fixed package groups +- added doc subpackage + +* Mon Jun 09 2003 Alessandro Ramazzina 3.5.7-1qilnx +- creation of tiff package