PR#5: New upstream release 4.5.0 (#2153870) - rpms/libtiff

rpms / libtiff

#5 New upstream release 4.5.0 (#2153870)

Merged 8 months ago by mmuzila. Opened a year ago by mmuzila.

rpms/ mmuzila/libtiff rebase_4.5.0 into rawhide

New upstream release 4.5.0 (#2153870)

Matej Mužila • 8 months ago

cfa3982

.gitignore

file modified

		`@@ -11,3 +11,4 @@`
		`/tiff-4.2.0.tar.gz`
		`/tiff-4.3.0.tar.gz`
		`/tiff-4.4.0.tar.gz`
		`+ /tiff-4.5.0.tar.gz`

libtiff-CVE-2022-2056_2057_2058.patch

file removed

-180

		`@@ -1,180 +0,0 @@`
		`- From dd1bcc7abb26094e93636e85520f0d8f81ab0fab Mon Sep 17 00:00:00 2001`
		`- From: 4ugustus <wangdw.augustus@qq.com>`
		`- Date: Sat, 11 Jun 2022 09:31:43 +0000`
		`- Subject: [PATCH] fix the FPE in tiffcrop (#415, #427, and #428)`
		`-`
		`- ---`
		`- libtiff/tif_aux.c \| 9 +++++++`
		`- libtiff/tiffiop.h \| 1 +`
		`- tools/tiffcrop.c \| 62 ++++++++++++++++++++++++++---------------------`
		`- 3 files changed, 44 insertions(+), 28 deletions(-)`
		`-`
		`- diff --git a/libtiff/tif_aux.c b/libtiff/tif_aux.c`
		`- index 140f26c7..5b88c8d0 100644`
		`- --- a/libtiff/tif_aux.c`
		`- +++ b/libtiff/tif_aux.c`
		`- @@ -402,6 +402,15 @@ float _TIFFClampDoubleToFloat( double val )`
		`- return (float)val;`
		`- }`
		`-`
		`- +uint32_t _TIFFClampDoubleToUInt32(double val)`
		`- +{`
		`- + if( val < 0 )`
		`- + return 0;`
		`- + if( val > 0xFFFFFFFFU \|\| val != val )`
		`- + return 0xFFFFFFFFU;`
		`- + return (uint32_t)val;`
		`- +}`
		`- +`
		`- int _TIFFSeekOK(TIFF* tif, toff_t off)`
		`- {`
		`- /* Huge offsets, especially -1 / UINT64_MAX, can cause issues */`
		`- diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h`
		`- index e3af461d..4e8bdac2 100644`
		`- --- a/libtiff/tiffiop.h`
		`- +++ b/libtiff/tiffiop.h`
		`- @@ -365,6 +365,7 @@ extern double _TIFFUInt64ToDouble(uint64_t);`
		`- extern float _TIFFUInt64ToFloat(uint64_t);`
		`-`
		`- extern float _TIFFClampDoubleToFloat(double);`
		`- +extern uint32_t _TIFFClampDoubleToUInt32(double);`
		`-`
		`- extern tmsize_t`
		`- _TIFFReadEncodedStripAndAllocBuffer(TIFF* tif, uint32_t strip,`
		`- diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c`
		`- index 1f827b2b..90286a5e 100644`
		`- --- a/tools/tiffcrop.c`
		`- +++ b/tools/tiffcrop.c`
		`- @@ -5268,17 +5268,17 @@ computeInputPixelOffsets(struct crop_mask crop, struct image_data image,`
		`- {`
		`- if ((crop->res_unit == RESUNIT_INCH) \|\| (crop->res_unit == RESUNIT_CENTIMETER))`
		`- {`
		`- - x1 = (uint32_t) (crop->corners[i].X1 * scale * xres);`
		`- - x2 = (uint32_t) (crop->corners[i].X2 * scale * xres);`
		`- - y1 = (uint32_t) (crop->corners[i].Y1 * scale * yres);`
		`- - y2 = (uint32_t) (crop->corners[i].Y2 * scale * yres);`
		`- + x1 = _TIFFClampDoubleToUInt32(crop->corners[i].X1 * scale * xres);`
		`- + x2 = _TIFFClampDoubleToUInt32(crop->corners[i].X2 * scale * xres);`
		`- + y1 = _TIFFClampDoubleToUInt32(crop->corners[i].Y1 * scale * yres);`
		`- + y2 = _TIFFClampDoubleToUInt32(crop->corners[i].Y2 * scale * yres);`
		`- }`
		`- else`
		`- {`
		`- - x1 = (uint32_t) (crop->corners[i].X1);`
		`- - x2 = (uint32_t) (crop->corners[i].X2);`
		`- - y1 = (uint32_t) (crop->corners[i].Y1);`
		`- - y2 = (uint32_t) (crop->corners[i].Y2);`
		`- + x1 = _TIFFClampDoubleToUInt32(crop->corners[i].X1);`
		`- + x2 = _TIFFClampDoubleToUInt32(crop->corners[i].X2);`
		`- + y1 = _TIFFClampDoubleToUInt32(crop->corners[i].Y1);`
		`- + y2 = _TIFFClampDoubleToUInt32(crop->corners[i].Y2);`
		`- }`
		`- /* a) Region needs to be within image sizes 0.. width-1; 0..length-1`
		`- * b) Corners are expected to be submitted as top-left to bottom-right.`
		`- @@ -5357,17 +5357,17 @@ computeInputPixelOffsets(struct crop_mask crop, struct image_data image,`
		`- {`
		`- if (crop->res_unit != RESUNIT_INCH && crop->res_unit != RESUNIT_CENTIMETER)`
		`- { /* User has specified pixels as reference unit */`
		`- - tmargin = (uint32_t)(crop->margins[0]);`
		`- - lmargin = (uint32_t)(crop->margins[1]);`
		`- - bmargin = (uint32_t)(crop->margins[2]);`
		`- - rmargin = (uint32_t)(crop->margins[3]);`
		`- + tmargin = _TIFFClampDoubleToUInt32(crop->margins[0]);`
		`- + lmargin = _TIFFClampDoubleToUInt32(crop->margins[1]);`
		`- + bmargin = _TIFFClampDoubleToUInt32(crop->margins[2]);`
		`- + rmargin = _TIFFClampDoubleToUInt32(crop->margins[3]);`
		`- }`
		`- else`
		`- { /* inches or centimeters specified */`
		`- - tmargin = (uint32_t)(crop->margins[0] * scale * yres);`
		`- - lmargin = (uint32_t)(crop->margins[1] * scale * xres);`
		`- - bmargin = (uint32_t)(crop->margins[2] * scale * yres);`
		`- - rmargin = (uint32_t)(crop->margins[3] * scale * xres);`
		`- + tmargin = _TIFFClampDoubleToUInt32(crop->margins[0] * scale * yres);`
		`- + lmargin = _TIFFClampDoubleToUInt32(crop->margins[1] * scale * xres);`
		`- + bmargin = _TIFFClampDoubleToUInt32(crop->margins[2] * scale * yres);`
		`- + rmargin = _TIFFClampDoubleToUInt32(crop->margins[3] * scale * xres);`
		`- }`
		`-`
		`- if ((lmargin + rmargin) > image->width)`
		`- @@ -5397,24 +5397,24 @@ computeInputPixelOffsets(struct crop_mask crop, struct image_data image,`
		`- if (crop->res_unit != RESUNIT_INCH && crop->res_unit != RESUNIT_CENTIMETER)`
		`- {`
		`- if (crop->crop_mode & CROP_WIDTH)`
		`- - width = (uint32_t)crop->width;`
		`- + width = _TIFFClampDoubleToUInt32(crop->width);`
		`- else`
		`- width = image->width - lmargin - rmargin;`
		`-`
		`- if (crop->crop_mode & CROP_LENGTH)`
		`- - length = (uint32_t)crop->length;`
		`- + length = _TIFFClampDoubleToUInt32(crop->length);`
		`- else`
		`- length = image->length - tmargin - bmargin;`
		`- }`
		`- else`
		`- {`
		`- if (crop->crop_mode & CROP_WIDTH)`
		`- - width = (uint32_t)(crop->width * scale * image->xres);`
		`- + width = _TIFFClampDoubleToUInt32(crop->width * scale * image->xres);`
		`- else`
		`- width = image->width - lmargin - rmargin;`
		`-`
		`- if (crop->crop_mode & CROP_LENGTH)`
		`- - length = (uint32_t)(crop->length * scale * image->yres);`
		`- + length = _TIFFClampDoubleToUInt32(crop->length * scale * image->yres);`
		`- else`
		`- length = image->length - tmargin - bmargin;`
		`- }`
		`- @@ -5868,13 +5868,13 @@ computeOutputPixelOffsets (struct crop_mask crop, struct image_data image,`
		`- {`
		`- if (page->res_unit == RESUNIT_INCH \|\| page->res_unit == RESUNIT_CENTIMETER)`
		`- { /* inches or centimeters specified */`
		`- - hmargin = (uint32_t)(page->hmargin * scale * page->hres * ((image->bps + 7) / 8));`
		`- - vmargin = (uint32_t)(page->vmargin * scale * page->vres * ((image->bps + 7) / 8));`
		`- + hmargin = _TIFFClampDoubleToUInt32(page->hmargin * scale * page->hres * ((image->bps + 7) / 8));`
		`- + vmargin = _TIFFClampDoubleToUInt32(page->vmargin * scale * page->vres * ((image->bps + 7) / 8));`
		`- }`
		`- else`
		`- { /* Otherwise user has specified pixels as reference unit */`
		`- - hmargin = (uint32_t)(page->hmargin * scale * ((image->bps + 7) / 8));`
		`- - vmargin = (uint32_t)(page->vmargin * scale * ((image->bps + 7) / 8));`
		`- + hmargin = _TIFFClampDoubleToUInt32(page->hmargin * scale * ((image->bps + 7) / 8));`
		`- + vmargin = _TIFFClampDoubleToUInt32(page->vmargin * scale * ((image->bps + 7) / 8));`
		`- }`
		`-`
		`- if ((hmargin * 2.0) > (pwidth * page->hres))`
		`- @@ -5912,13 +5912,13 @@ computeOutputPixelOffsets (struct crop_mask crop, struct image_data image,`
		`- {`
		`- if (page->mode & PAGE_MODE_PAPERSIZE )`
		`- {`
		`- - owidth = (uint32_t)((pwidth * page->hres) - (hmargin * 2));`
		`- - olength = (uint32_t)((plength * page->vres) - (vmargin * 2));`
		`- + owidth = _TIFFClampDoubleToUInt32((pwidth * page->hres) - (hmargin * 2));`
		`- + olength = _TIFFClampDoubleToUInt32((plength * page->vres) - (vmargin * 2));`
		`- }`
		`- else`
		`- {`
		`- - owidth = (uint32_t)(iwidth - (hmargin * 2 * page->hres));`
		`- - olength = (uint32_t)(ilength - (vmargin * 2 * page->vres));`
		`- + owidth = _TIFFClampDoubleToUInt32(iwidth - (hmargin * 2 * page->hres));`
		`- + olength = _TIFFClampDoubleToUInt32(ilength - (vmargin * 2 * page->vres));`
		`- }`
		`- }`
		`-`
		`- @@ -5927,6 +5927,12 @@ computeOutputPixelOffsets (struct crop_mask crop, struct image_data image,`
		`- if (olength > ilength)`
		`- olength = ilength;`
		`-`
		`- + if (owidth == 0 \|\| olength == 0)`
		`- + {`
		`- + TIFFError("computeOutputPixelOffsets", "Integer overflow when calculating the number of pages");`
		`- + exit(EXIT_FAILURE);`
		`- + }`
		`- +`
		`- /* Compute the number of pages required for Portrait or Landscape */`
		`- switch (page->orient)`
		`- {`
		`- --`
		`- GitLab`
		`-`

libtiff-CVE-2022-34526.patch

file removed

-28

		`@@ -1,28 +0,0 @@`
		`- From 275735d0354e39c0ac1dc3c0db2120d6f31d1990 Mon Sep 17 00:00:00 2001`
		`- From: Even Rouault <even.rouault@spatialys.com>`
		`- Date: Mon, 27 Jun 2022 16:09:43 +0200`
		`- Subject: [PATCH] _TIFFCheckFieldIsValidForCodec(): return FALSE when passed a`
		`- codec-specific tag and the codec is not configured (fixes #433)`
		`-`
		`- This avoids crashes when querying such tags`
		`- ---`
		`- libtiff/tif_dirinfo.c \| 3 +++`
		`- 1 file changed, 3 insertions(+)`
		`-`
		`- diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c`
		`- index c30f569b..3371cb5c 100644`
		`- --- a/libtiff/tif_dirinfo.c`
		`- +++ b/libtiff/tif_dirinfo.c`
		`- @@ -1191,6 +1191,9 @@ _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag)`
		`- default:`
		`- return 1;`
		`- }`
		`- + if( !TIFFIsCODECConfigured(tif->tif_dir.td_compression) ) {`
		`- + return 0;`
		`- + }`
		`- /* Check if codec specific tags are allowed for the current`
		`- * compression scheme (codec) */`
		`- switch (tif->tif_dir.td_compression) {`
		`- --`
		`- GitLab`
		`-`

libtiff-CVE-2023-0804.patch

file modified

+43 -39

		`@@ -15,21 +15,22 @@`
		`index 84e26ac6..480b927c 100644`
		`--- a/tools/tiffcrop.c`
		`+++ b/tools/tiffcrop.c`
		`- @@ -5329,18 +5329,39 @@`
		`+ @@ -5935,18 +5935,40 @@ static int computeInputPixelOffsets(struct crop_mask *crop,`

		`- crop->regionlist[i].buffsize = buffsize;`
		`- crop->bufftotal += buffsize;`
		`+ crop->regionlist[i].buffsize = buffsize;`
		`+ crop->bufftotal += buffsize;`
		`+ +`
		`+ /* For composite images with more than one region, the`
		`+ * combined_length or combined_width always needs to be equal,`
		`+ * respectively.`
		`+ * Otherwise, even the first section/region copy`
		`+ * action might cause buffer overrun. */`
		`- if (crop->img_mode == COMPOSITE_IMAGES)`
		`- {`
		`- switch (crop->edge_ref)`
		`- {`
		`- case EDGE_LEFT:`
		`- case EDGE_RIGHT:`
		`+ if (crop->img_mode == COMPOSITE_IMAGES)`
		`+ {`
		`+ switch (crop->edge_ref)`
		`+ {`
		`+ case EDGE_LEFT:`
		`+ case EDGE_RIGHT:`
		`+ if (i > 0 && zlength != crop->combined_length)`
		`+ {`
		`+ TIFFError(`
		`@@ -38,12 +39,12 @@`
		`+ "-E left or right");`
		`+ return (-1);`
		`+ }`
		`- crop->combined_length = zlength;`
		`- crop->combined_width += zwidth;`
		`- break;`
		`- case EDGE_BOTTOM:`
		`- case EDGE_TOP: /* width from left, length from top */`
		`- default:`
		`+ crop->combined_length = zlength;`
		`+ crop->combined_width += zwidth;`
		`+ break;`
		`+ case EDGE_BOTTOM:`
		`+ case EDGE_TOP: /* width from left, length from top */`
		`+ default:`
		`+ if (i > 0 && zwidth != crop->combined_width)`
		`+ {`
		`+ TIFFError("computeInputPixelOffsets",`
		`@@ -52,12 +53,12 @@`
		`+ "top or bottom");`
		`+ return (-1);`
		`+ }`
		`- crop->combined_width = zwidth;`
		`- crop->combined_length += zlength;`
		`- break;`
		`- @@ -6546,6 +6567,46 @@`
		`- crop->combined_width = 0;`
		`- crop->combined_length = 0;`
		`+ crop->combined_width = zwidth;`
		`+ crop->combined_length += zlength;`
		`+ break;`
		`+ @@ -7301,6 +7323,46 @@ static int extractCompositeRegions(struct image_data *image,`
		`+ crop->combined_width = 0;`
		`+ crop->combined_length = 0;`

		`+ /* If there is more than one region, check beforehand whether all the width`
		`+ * and length values of the regions are the same, respectively. */`
		`@@ -99,26 +100,29 @@`
		`+ }`
		`+ }`
		`+`
		`- for (i = 0; i < crop->selections; i++)`
		`+ for (i = 0; i < crop->selections; i++)`
		`{`
		`- /* rows, columns, width, length are expressed in pixels */`
		`- @@ -6570,7 +6631,8 @@`
		`- default:`
		`- case EDGE_TOP:`
		`- case EDGE_BOTTOM:`
		`- - if ((i > 0) && (crop_width != crop->regionlist[i - 1].width))`
		`+ /* rows, columns, width, length are expressed in pixels */`
		`+ @@ -7325,7 +7387,8 @@ static int extractCompositeRegions(struct image_data *image,`
		`+ default:`
		`+ case EDGE_TOP:`
		`+ case EDGE_BOTTOM:`
		`+ - if ((i > 0) && (crop_width != crop->regionlist[i - 1].width))`
		`+ if ((crop->selections > i + 1) &&`
		`+ (crop_width != crop->regionlist[i + 1].width))`
		`- {`
		`- TIFFError ("extractCompositeRegions",`
		`- "Only equal width regions can be combined for -E top or bottom");`
		`- @@ -6651,7 +6713,8 @@`
		`- break;`
		`- case EDGE_LEFT: /* splice the pieces of each row together, side by side */`
		`- case EDGE_RIGHT:`
		`- - if ((i > 0) && (crop_length != crop->regionlist[i - 1].length))`
		`+ {`
		`+ TIFFError("extractCompositeRegions",`
		`+ "Only equal width regions can be combined for -E "`
		`+ @@ -7418,7 +7481,8 @@ static int extractCompositeRegions(struct image_data *image,`
		`+ case EDGE_LEFT: /* splice the pieces of each row together, side by`
		`+ side */`
		`+ case EDGE_RIGHT:`
		`+ - if ((i > 0) && (crop_length != crop->regionlist[i - 1].length))`
		`+ if ((crop->selections > i + 1) &&`
		`+ (crop_length != crop->regionlist[i + 1].length))`
		`- {`
		`- TIFFError ("extractCompositeRegions",`
		`- "Only equal length regions can be combined for -E left or right");`
		`+ {`
		`+ TIFFError("extractCompositeRegions",`
		`+ "Only equal length regions can be combined for "`
		`+ --`
		`+ 2.38.1`
		`+`

libtiff-make-check.patch

file removed

-12

		`@@ -1,12 +0,0 @@`
		`- diff --git a/html/man/Makefile.am b/html/man/Makefile.am`
		`- index 587296c..696005e 100644`
		`- --- a/html/man/Makefile.am`
		`- +++ b/html/man/Makefile.am`
		`- @@ -92,7 +92,6 @@ docfiles = \`
		`- tiffcrop.1.html \`
		`- tiffdither.1.html \`
		`- tiffdump.1.html \`
		`- - tiffgt.1.html \`
		`- tiffinfo.1.html \`
		`- tiffmedian.1.html \`
		`- tiffset.1.html \`

libtiff.spec

file modified

+20 -16

		`@@ -1,21 +1,21 @@`
		`Summary: Library of functions for manipulating TIFF format image files`
		`Name: libtiff`
		`- Version: 4.4.0`
		`- Release: 8%{?dist}`
		`+ Version: 4.5.0`
		`+ Release: 3%{?dist}`
		`License: libtiff`
		`URL: http://www.simplesystems.org/libtiff/`

		`Source: http://download.osgeo.org/libtiff/tiff-%{version}.tar.gz`

		`Patch0: libtiff-am-version.patch`
		`- Patch1: libtiff-make-check.patch`
		`- Patch2: libtiff-CVE-2022-2056_2057_2058.patch`
		`- Patch3: libtiff-CVE-2022-34526.patch`
		`Patch4: libtiff-CVE-2023-0804.patch`

		`BuildRequires: gcc, gcc-c++`
		`BuildRequires: zlib-devel libjpeg-devel jbigkit-devel libzstd-devel libwebp-devel liblerc-devel`
		`BuildRequires: libtool automake autoconf pkgconfig`
		`+`
		`+ # Add old libtiff to work with packages not built with new libtiff.so.6`
		`+ BuildRequires: libtiff`
		`BuildRequires: make`

		`%description`
		`@@ -62,9 +62,6 @@`
		`%autosetup -n tiff-%{version} -N`

		`%patch0 -p1 -b .backup`
		`- %patch1 -p1 -b .backup`
		`- %patch2 -p1 -b .backup`
		`- %patch3 -p1 -b .backup`
		`%patch4 -p1 -b .backup`

		`# Use build system's libtool.m4, not the one in the package.`
		`@@ -98,9 +95,6 @@`
		`rm -f $RPM_BUILD_ROOT%{_mandir}/man1/tiffgt.1`
		`rm -f $RPM_BUILD_ROOT%{_mandir}/man1/sgi2tiff.1`
		`rm -f $RPM_BUILD_ROOT%{_mandir}/man1/tiffsv.1`
		`- rm -f html/man/tiffgt.1.html`
		`- rm -f html/man/sgi2tiff.1.html`
		`- rm -f html/man/tiffsv.1.html`

		`# multilib header hack`
		`# we only apply this to known Red Hat multilib arches, per bug #233091`
		`@@ -140,22 +134,24 @@`

		`fi`

		`+ # Copy old soname %{_libdir}/libtiff.so.5`
		`+ # Copy old soname %{_libdir}/libtiffxx.so.5`
		`+ cp %{_libdir}/libtiff.so.5* $RPM_BUILD_ROOT%{_libdir}`
		`+ cp %{_libdir}/libtiffxx.so.5* $RPM_BUILD_ROOT%{_libdir}`
		`+`
		`%ldconfig_scriptlets`

		`%check`
		`LD_LIBRARY_PATH=$PWD:$LD_LIBRARY_PATH make check`

		`- # don't include documentation Makefiles, they are a multilib hazard`
		`- find html -name 'Makefile*' \| xargs rm`
		`-`
		`%files`
		`- %license COPYRIGHT`
		`+ %license LICENSE.md`
		`%doc README.md RELEASE-DATE VERSION`
		`%{_libdir}/libtiff.so.*`
		`%{_libdir}/libtiffxx.so.*`

		`%files devel`
		`- %doc TODO ChangeLog html`
		`+ %doc TODO ChangeLog`
		`%{_includedir}/*`
		`%{_libdir}/libtiff.so`
		`%{_libdir}/libtiffxx.so`
		`@@ -170,6 +166,14 @@`
		`%{_mandir}/man1/*`

		`%changelog`
		`+ * Thu Oct 05 2023 Matej Mužila <mmuzila@redhat.com> - 4.5.0-3`
		`+ - New upstream release 4.5.0 (#2153870)`
		`+ - Fix CVE-2022-3570, CVE-2022-2867, CVE-2022-2868, CVE-2022-2869, CVE-2022-2519,`
		`+ CVE-2022-2953, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626,`
		`+ CVE-2022-3627, CVE-2022-3970 (#2142735, #2118854, #2118867, #2118875,`
		`+ #2122795, #2134437, #2142737, #2148881, #2148888, #2148894, #2148897,`
		`+ #2148919)`
		`+`
		`* Mon Aug 28 2023 Nikola Forró <nforro@redhat.com> - 4.4.0-8`
		`- Enable support for LERC compression (#2234459)`

sources

file modified

+1 -1

		`@@ -1,1 +1,1 @@`
		`- SHA512 (tiff-4.4.0.tar.gz) = 78ffab7667d0feb8d38571bc482390fc6dd20b93a798ab3a8b5cc7d5ab00b44a37f67eb8f19421e4ab33ad89ab40e382128f8a4bbdf097e0efb6d9fca5ac6f9e`
		`+ SHA512 (tiff-4.5.0.tar.gz) = 02b94e355ac96ac2ecce717aff2b1e04b1bfe95bcd0cfa72e09cbd580c45de0afe341170daad0cf560064b5a8910b3e56ef260484c69919bb0545df90abe7fa9`

mmuzila commented a year ago

Fix CVE-2022-3570, CVE-2022-2867, CVE-2022-2868, CVE-2022-2869, CVE-2022-2519,
CVE-2022-2953, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626,
CVE-2022-3627, CVE-2022-3970 (#2142735, #2118854, #2118867, #2118875,
#2122795, #2134437, #2142737, #2148881, #2148888, #2148894, #2148897,
#2148919)