diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000000000000000000000000000000000..d87f5613ec4234f82f8eaeebc563711f587fdf88 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.xz filter=lfs diff=lfs merge=lfs -text diff --git a/.lfsconfig b/.lfsconfig new file mode 100644 index 0000000000000000000000000000000000000000..1f7a8e7ca02dbee5b3978ea26ea52cabc302cbbe --- /dev/null +++ b/.lfsconfig @@ -0,0 +1,2 @@ +[lfs] + url = https://artlfs.openeuler.openatom.cn/src-openEuler/libtiff diff --git a/backport-CVE-2024-13978.patch b/backport-CVE-2024-13978.patch deleted file mode 100644 index 9b074ab4bed02b8305e78ae3a098b3fa763beddc..0000000000000000000000000000000000000000 --- a/backport-CVE-2024-13978.patch +++ /dev/null @@ -1,117 +0,0 @@ -From 7be20ccaab97455f192de0ac561ceda7cd9e12d1 Mon Sep 17 00:00:00 2001 -From: Lee Howard -Date: Fri, 27 Sep 2024 11:21:57 -0700 -Subject: [PATCH 1/2] Fix issue #649 in fax2ps caused by regression in commit - https://gitlab.com/libtiff/libtiff/-/commit/28c38d648b64a66c3218778c4745225fe3e3a06d - where TIFFTAG_FAXFILLFUNC is being used rather than an output buffer. - ---- - libtiff/tif_read.c | 21 ++++++++++++++++----- - 1 file changed, 16 insertions(+), 5 deletions(-) - -diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c -index 7efab59c6..964f119a7 100644 ---- a/libtiff/tif_read.c -+++ b/libtiff/tif_read.c -@@ -466,7 +466,9 @@ int TIFFReadScanline(TIFF *tif, void *buf, uint32_t row, uint16_t sample) - } - else - { -- memset(buf, 0, (size_t)tif->tif_scanlinesize); -+ /* See TIFFReadEncodedStrip comment regarding TIFFTAG_FAXFILLFUNC. */ -+ if (buf) -+ memset(buf, 0, (size_t)tif->tif_scanlinesize); - } - return (e > 0 ? 1 : -1); - } -@@ -554,7 +556,10 @@ tmsize_t TIFFReadEncodedStrip(TIFF *tif, uint32_t strip, void *buf, - stripsize = size; - if (!TIFFFillStrip(tif, strip)) - { -- memset(buf, 0, (size_t)stripsize); -+ /* The output buf may be NULL, in particular if TIFFTAG_FAXFILLFUNC -+ is being used. Thus, memset must be conditional on buf not NULL. */ -+ if (buf) -+ memset(buf, 0, (size_t)stripsize); - return ((tmsize_t)(-1)); - } - if ((*tif->tif_decodestrip)(tif, buf, stripsize, plane) <= 0) -@@ -976,7 +981,9 @@ tmsize_t TIFFReadEncodedTile(TIFF *tif, uint32_t tile, void *buf, tmsize_t size) - size = tilesize; - if (!TIFFFillTile(tif, tile)) - { -- memset(buf, 0, (size_t)size); -+ /* See TIFFReadEncodedStrip comment regarding TIFFTAG_FAXFILLFUNC. */ -+ if (buf) -+ memset(buf, 0, (size_t)size); - return ((tmsize_t)(-1)); - } - else if ((*tif->tif_decodetile)(tif, (uint8_t *)buf, size, -@@ -1569,7 +1576,9 @@ int TIFFReadFromUserBuffer(TIFF *tif, uint32_t strile, void *inbuf, - if (!TIFFStartTile(tif, strile)) - { - ret = 0; -- memset(outbuf, 0, (size_t)outsize); -+ /* See related TIFFReadEncodedStrip comment. */ -+ if (outbuf) -+ memset(outbuf, 0, (size_t)outsize); - } - else if (!(*tif->tif_decodetile)( - tif, (uint8_t *)outbuf, outsize, -@@ -1596,7 +1605,9 @@ int TIFFReadFromUserBuffer(TIFF *tif, uint32_t strile, void *inbuf, - if (!TIFFStartStrip(tif, strile)) - { - ret = 0; -- memset(outbuf, 0, (size_t)outsize); -+ /* See related TIFFReadEncodedStrip comment. */ -+ if (outbuf) -+ memset(outbuf, 0, (size_t)outsize); - } - else if (!(*tif->tif_decodestrip)( - tif, (uint8_t *)outbuf, outsize, --- -GitLab - - -From 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4 Mon Sep 17 00:00:00 2001 -From: Lee Howard -Date: Sat, 5 Oct 2024 09:45:30 -0700 -Subject: [PATCH 2/2] Check TIFFTAG_TILELENGTH and TIFFTAGTILEWIDTH for valid - input, addresses issue #650 - ---- - tools/tiff2pdf.c | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - -diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c -index 6dfc239f1..2010feea8 100644 ---- a/tools/tiff2pdf.c -+++ b/tools/tiff2pdf.c -@@ -1371,8 +1371,24 @@ void t2p_read_tiff_init(T2P *t2p, TIFF *input) - t2p->pdf_xrefcount += (t2p->tiff_tiles[i].tiles_tilecount - 1) * 2; - TIFFGetField(input, TIFFTAG_TILEWIDTH, - &(t2p->tiff_tiles[i].tiles_tilewidth)); -+ if (t2p->tiff_tiles[i].tiles_tilewidth < 1) -+ { -+ TIFFError(TIFF2PDF_MODULE, "Invalid tile width (%d), %s", -+ t2p->tiff_tiles[i].tiles_tilewidth, -+ TIFFFileName(input)); -+ t2p->t2p_error = T2P_ERR_ERROR; -+ return; -+ } - TIFFGetField(input, TIFFTAG_TILELENGTH, - &(t2p->tiff_tiles[i].tiles_tilelength)); -+ if (t2p->tiff_tiles[i].tiles_tilelength < 1) -+ { -+ TIFFError(TIFF2PDF_MODULE, "Invalid tile length (%d), %s", -+ t2p->tiff_tiles[i].tiles_tilelength, -+ TIFFFileName(input)); -+ t2p->t2p_error = T2P_ERR_ERROR; -+ return; -+ } - t2p->tiff_tiles[i].tiles_tiles = (T2P_TILE *)_TIFFmalloc( - TIFFSafeMultiply(tmsize_t, t2p->tiff_tiles[i].tiles_tilecount, - sizeof(T2P_TILE))); --- -GitLab - diff --git a/backport-CVE-2025-8176.patch b/backport-CVE-2025-8176.patch deleted file mode 100644 index fe59991f7c99a67a2edb59344126aada17d78c3d..0000000000000000000000000000000000000000 --- a/backport-CVE-2025-8176.patch +++ /dev/null @@ -1,28 +0,0 @@ -From ce46f002eca4148497363f80fab33f9396bcbeda Mon Sep 17 00:00:00 2001 -From: Lee Howard -Date: Sat, 24 May 2025 21:25:16 -0700 -Subject: [PATCH] Fix tiffmedian bug #707 - ---- - tools/tiffmedian.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c -index f6cf26c2..8c9978ba 100644 ---- a/tools/tiffmedian.c -+++ b/tools/tiffmedian.c -@@ -414,7 +414,10 @@ static void get_histogram(TIFF *in, Colorbox *box) - for (i = 0; i < imagelength; i++) - { - if (TIFFReadScanline(in, inputline, i, 0) <= 0) -- break; -+ { -+ fprintf(stderr, "Error reading scanline\n"); -+ exit(EXIT_FAILURE); -+ } - inptr = inputline; - for (j = imagewidth; j-- > 0;) - { --- -GitLab - diff --git a/backport-CVE-2025-8177.patch b/backport-CVE-2025-8177.patch deleted file mode 100644 index e57f6ca98a20e42d69ac8ac9bd62cc1e9d1eaf13..0000000000000000000000000000000000000000 --- a/backport-CVE-2025-8177.patch +++ /dev/null @@ -1,33 +0,0 @@ -From e8de4dc1f923576dce9d625caeebd93f9db697e1 Mon Sep 17 00:00:00 2001 -From: Lee Howard -Date: Wed, 25 Jun 2025 17:14:18 +0000 -Subject: [PATCH] Fix for thumbnail issue #715 - ---- - tools/thumbnail.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/tools/thumbnail.c b/tools/thumbnail.c -index 9cade913..7e21f521 100644 ---- a/tools/thumbnail.c -+++ b/tools/thumbnail.c -@@ -620,7 +620,15 @@ static void setrow(uint8_t *row, uint32_t nrows, const uint8_t *rows[]) - } - acc += bits[*src & mask1]; - } -- *row++ = cmap[(255 * acc) / area]; -+ if (255 * acc / area < 256) -+ { -+ *row++ = cmap[(255 * acc) / area]; -+ } -+ else -+ { -+ fprintf(stderr, "acc=%d, area=%d\n", acc, area); -+ *row++ = cmap[0]; -+ } - } - } - --- -GitLab - diff --git a/backport-CVE-2025-8534.patch b/backport-CVE-2025-8534.patch deleted file mode 100644 index 993a64ca75c398b1a54cb00600d047c823210959..0000000000000000000000000000000000000000 --- a/backport-CVE-2025-8534.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 6ba36f159fd396ad11bf6b7874554197736ecc8b Mon Sep 17 00:00:00 2001 -From: Su_Laus -Date: Sat, 2 Aug 2025 18:55:54 +0200 -Subject: [PATCH] tiff2ps: check return of TIFFGetFiled() for - TIFFTAG_STRIPBYTECOUNTS and TIFFTAG_TILEBYTECOUNTS to avoid NULL pointer - dereference. - -Closes #718 ---- - tools/tiff2ps.c | 20 +++++++++++++++++--- - 1 file changed, 17 insertions(+), 3 deletions(-) - -diff --git a/tools/tiff2ps.c b/tools/tiff2ps.c -index 02158c31..9e163ab4 100644 ---- a/tools/tiff2ps.c -+++ b/tools/tiff2ps.c -@@ -2434,12 +2434,22 @@ int PS_Lvl2page(FILE *fd, TIFF *tif, uint32_t w, uint32_t h) - if (tiled_image) - { - num_chunks = TIFFNumberOfTiles(tif); -- TIFFGetField(tif, TIFFTAG_TILEBYTECOUNTS, &bc); -+ if (!TIFFGetField(tif, TIFFTAG_TILEBYTECOUNTS, &bc)) -+ { -+ TIFFError(filename, -+ "Can't read bytecounts of tiles at PS_Lvl2page()"); -+ return (FALSE); -+ } - } - else - { - num_chunks = TIFFNumberOfStrips(tif); -- TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc); -+ if (!TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc)) -+ { -+ TIFFError(filename, -+ "Can't read bytecounts of strips at PS_Lvl2page()"); -+ return (FALSE); -+ } - } - - if (use_rawdata) -@@ -3108,7 +3118,11 @@ void PSRawDataBW(FILE *fd, TIFF *tif, uint32_t w, uint32_t h) - (void)w; - (void)h; - TIFFGetFieldDefaulted(tif, TIFFTAG_FILLORDER, &fillorder); -- TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc); -+ if (!TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc)) -+ { -+ TIFFError(filename, "Can't read bytecounts of strips at PSRawDataBW()"); -+ return; -+ } - - /* - * Find largest strip: --- -GitLab - - diff --git a/backport-CVE-2025-9165.patch b/backport-CVE-2025-9165.patch deleted file mode 100644 index 734ce07dcd85a5b71b1e38bfdba5ed2fa52303cf..0000000000000000000000000000000000000000 --- a/backport-CVE-2025-9165.patch +++ /dev/null @@ -1,28 +0,0 @@ -From ed141286a37f6e5ddafb5069347ff5d587e7a4e0 Mon Sep 17 00:00:00 2001 -From: Su_Laus -Date: Fri, 8 Aug 2025 21:35:30 +0200 -Subject: [PATCH] tiffcmp: fix memory leak when second file cannot be opened. - -Closes #728, #729 ---- - tools/tiffcmp.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/tools/tiffcmp.c b/tools/tiffcmp.c -index 529c1cdc7..88d9470f5 100644 ---- a/tools/tiffcmp.c -+++ b/tools/tiffcmp.c -@@ -105,7 +105,10 @@ int main(int argc, char *argv[]) - return (2); - tif2 = TIFFOpen(argv[optind + 1], "r"); - if (tif2 == NULL) -+ { -+ TIFFClose(tif1); - return (2); -+ } - dirnum = 0; - while (tiffcmp(tif1, tif2)) - { --- -GitLab - diff --git a/libtiff.spec b/libtiff.spec index ec6c977933a6e679f31bd3b1125feae03013c3e3..caa617819ccdde6bcdc7c9e9a5f544bbaee7ac60 100644 --- a/libtiff.spec +++ b/libtiff.spec @@ -1,17 +1,11 @@ Name: libtiff -Version: 4.7.0 -Release: 5 +Version: 4.7.1 +Release: 1 Summary: TIFF Library and Utilities License: libtiff URL: https://libtiff.gitlab.io/libtiff/ Source0: https://download.osgeo.org/libtiff/tiff-%{version}.tar.xz -Patch6000: backport-CVE-2025-8176.patch -Patch6001: backport-CVE-2025-8177.patch -Patch6002: backport-CVE-2024-13978.patch -Patch6003: backport-CVE-2025-8534.patch -Patch6004: backport-CVE-2025-9165.patch - BuildRequires: gcc gcc-c++ BuildRequires: zlib-devel BuildRequires: xz-devel @@ -122,6 +116,9 @@ LD_LIBRARY_PATH=$PWD:$LD_LIBRARY_PATH %make_build check %doc TODO ChangeLog doc %changelog +* Thu Sep 18 2025 Funda Wang - 4.7.1-1 +- update to 4.7.1 + * Mon Aug 25 2025 lingsheng - 4.7.0-5 - fix CVE-2025-9165 diff --git a/tiff-4.7.0.tar.xz b/tiff-4.7.0.tar.xz deleted file mode 100644 index 60e54134ea6599c59afb96b568669061cd20929d..0000000000000000000000000000000000000000 Binary files a/tiff-4.7.0.tar.xz and /dev/null differ diff --git a/tiff-4.7.1.tar.xz b/tiff-4.7.1.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..248cc695aac385380496373f67de74574b00c8a6 --- /dev/null +++ b/tiff-4.7.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b92017489bdc1db3a4c97191aa4b75366673cb746de0dce5d7a749d5954681ba +size 2358600