Packages changed: libbacktrace (1.0+git20240718 -> 1.0+git20240805) libeconf (0.7.2 -> 0.7.3) shim-leap tiff (4.6.0 -> 4.7.0) === Details === ==== libbacktrace ==== Version update (1.0+git20240718 -> 1.0+git20240805) - Update to version 1.0+git20240805: * libbacktrace: update xcoff.c for base_address changes * libbacktrace: avoid -Wpointer-arith errors * libbacktrace: fix syntax of Windows registration functions ==== libeconf ==== Version update (0.7.2 -> 0.7.3) - Update to version 0.7.3: * Groups handled in an own list (#218) * Add econftool as dependency of its tests * Simplify snprintf call * Remove unused functions and reduce variable visibility (#213) * Fix typos (#212) ==== shim-leap ==== - RelEng emergency fix: fux source number to install shim-install. - Update shim version for aarch64 to shim-15.8-lp155.8.8.aarch64.rpm coming from openSUSE secure-boot 15.5 + To avoid failure check by robot, SOURCEs in spec file are redefined. + Version: 15.8, "Jan 23 2024" + Include the bug fixes for bsc#1215099,bsc#1215098,bsc#1215100,bsc#1215101, bsc#1215102, and bsc#1215103. ==== tiff ==== Version update (4.6.0 -> 4.7.0) - Update to 4.7.0: * This version restores in the default build the availability of the tools that had been dropped in v4.6.0 See https://libtiff.gitlab.io/libtiff/rfcs/rfc2_restoring_needed_tools.html#rfc2-restoring-needed-tools * Software configuration changes: + autoconf build: configure.ac: avoid -Werror passed to CFLAGS to interfere with feature detection + autoconf build: fix error when running make clean (fixes issue #630) + autoconf build: back off the minimum required automake version to 1.11 + autoconf.ac: fix detection of windows.h for mingw (fixes issue #605) + libtiff-4.pc: Fix Requires.private missing Lerc. It provides a .pc file starting from version 4 (in autoconf builds, we assume that liblerc is at least version 4) + CMake: Fix TIFF_INCLUDE_DIRS + CMake: MinGW compilers don't need a .def file for shared library + CMake: move libdeflate and Lerc to Requires.private + CMake: enable resource compilation on all Windows. * Library changes: + Add TIFFOpenOptionsSetMaxCumulatedMemAlloc(). This function complements TIFFOpenOptionsSetMaxSingleMemAlloc() to define the maximum cumulated memory allocations in byte, for a given TIFF handle, that libtiff internal memory allocation functions are allowed. + TIFFWriteDirectory(): Avoid overwriting following data if an IFD is enlarged. + TIFFXYZToRGB: avoid integer overflow (fixes issue #644) + uv_decode() and uv_encode(): avoid potential out-of-bounds array index (fixes issue #645) + Fix cases where tif_curdir is set incorrectly. Fix cases where the current directory number (tif_curdir) is set inconsistently or incorrectly, depending on the previous history. + TIFFRead[Scanline/EncodedStrip/EncodeTile]: 0-initialize output buffer if setupdecode fails ; most codecs: zero-initialize (not-yet-written parts of) output buffer if failure (fixes issue #375) + OJPEG: reset subsampling_convert_state=0 in OJPEGPreDecode (fixes issue #183) + ThunderRLE: fix failure when decoding last run. Bug seen with GhostPDL + LERC codec: deal with issues with multi-band PlanarConfig=Contig and NaN values + tif_fax3.c: error out after a number of times end-of-file has been reached (fixes issue #583) + LZW: avoid warning about misaligned address with UBSAN (fixes issue #616) + TIFFReadRGBAStrip/TIFFReadRGBATile: add more validation of col/row (fixes issue #622, CVE-2023-52356) + tif_dirread.c: only issue TIFFGetFileSize() for large enough RAM requests + Avoid FPEs (division by zero) in tif_getimage.c. + Avoiding FPE (division by zero) for TIFFhowmany_32() and TIFFhowmany_64() macros by checking for denominator not zero before macros are executed. (fixes issue #628) + Add non-zero check before division in TIFFComputeStrip() + Fix wrong return of TIFFIsBigTIFF() in case byte-swapping is active + Setting the TIFFFieldInfo field set_field_type should consider field_writecount not field_readcount + Avoid memory leaks when using TIFFCreateDirectory() by releasing the allocated memory in the tif-structure. + For non-terminated ASCII arrays, the buffer is first enlarged before a NULL is set at the end to avoid deleting the last character. (fixes issue #579) + Check return value of _TIFFCreateAnonField(). (fixes issue #624, CVE-2024-7006) + Prevent some out-of-memory attacks (https://gitlab.com/libtiff/libtiff/-/issues/614#note_1602683857) + Ensure absolute seeking is forced independent of TIFFReadDirectory success. (fixes issue #618) + tif_dirinfo.c: re-enable TIFFTAG_EP_CFAREPEATPATTERNDIM and TIFFTAG_EP_CFAPATTERN tags (fixes issue #608) + Fix warnings with GCC 14 + tif_dir.c: Log source file, line number, and input tif for directory count error (fixes issue #627) + Last usage of get_field_type of TIFFField structure at TIFFWriteDirectorySec() changed to using set_field_type. + tif_jpeg.c/tif_ojpeg.c: remove likely ifdef tricks related to old compilers or unusual setups + Remove _TIFFUInt64ToFloat() and _TIFFUInt64ToDouble() + Remove support for _MSC_VER < 1500. + Use #ifdef _WIN32 to test for Windows, and tiffio.h: remove definition of __WIN32__ * Documentation: + Amend manpages for changes in current directory index behaviour + Note on using TIFFFlush() before TIFFClose() to check that the data has been successfully written to the file. (fixes issue #506) + Update TIFF documentation about TIFFOpenOptions.rst and TIFFOpenOptionsSetMaxSingleMemAlloc() usage and some other small fixes (relates to CVE-2024-7006) * Re-added tools: + fax2ps + fax2tiff + pal2rgb + ppm2tiff + raw2tiff + rgb2ycbcr (not installed) + thumbnail (not installed) + tiff2bw + tiff2rgba + tiffcmp + tiffcrop + tiffdither + tiffgt + tiffmedian + tiff2ps + tiff2pdf * New/improved functionality: + tiff2rgba: Add background gradient option for alpha compositing + tiffcp: -i flag restored * Bug fixes for tools: + tiffcrop: address Coverity scan issues 1605444, 1605445, and 16054 + tiffcrop: Apply "Fix heap-buffer-overflow in function extractImageSection" + tiffcrop: fix buffer overflows, use after free (fixes issue #542, issue #550, issue #552) + tiff2pdf: address Coverity scan issues + tiff2pdf: fix inconsistent PLANARCONFIG value for the input and output TIFF + tiff2pdf: fix issue with JPEG restart-interval marker when converting from JPEG-compressed files (fixes issue #539) + tiff2pdf: red and blue were being swapped for RGBA decoding (fixes issue #253) + tiff2pdf: fixes issue #596 + thumbnail: address Coverity scan issues + tiffcp: Add check for limitMalloc return to fix Coverity 1603334 + tiffcp: preserve TIFFTAG_REFERENCEBLACKWHITE when doing YCbCr JPEG -> YCbCr JPEG + tiffcp: replace PHOTOMETRIC_YCBCR with PHOTOMETRIC_RGB when outputing to compression != JPEG (refs issue #571) + tiffcp: do not copy tags YCBCRCOEFFICIENTS, YCBCRSUBSAMPLING, YCBCRPOSITIONING, REFERENCEBLACKWHITE. Only set YCBCRSUBSAMPLING when generating YCbCr JPEG + tiffcp: Check also codec of input image, not only from output image (fixes issue #606) + Add some basic sanity checks for tiffcp and tiffcrop RGB->YCbCr JPEG conversions. + fax2ps and fax2tiff: memory leak fixes (fixes issue #476) + tiffmedian: memory leak fixes (fixes issue #599) + fax2tiff: fix EOFB interpretation (fixes issue #191) + fax2tiff: fix issue with unreasonable width input (fixes issue #249) + tiffcp and tiffcrop: fixes issue #228 ... changelog too long, skipping 10 lines ... - Tools are not built for now due to test failure: `FAIL: tiffcp-32bpp-None-jpeg.sh`