%define major 5 %define libname %mklibname tiff %{major} %define develname %mklibname tiff -d %define staticdevelname %mklibname tiff -d -s Summary: A library of functions for manipulating TIFF format image files Name: libtiff Version: 4.0.10 Release: %mkrel 1.git20190219.1 License: BSD-like Group: System/Libraries URL: http://www.simplesystems.org/libtiff/ #Source0: https://download.osgeo.org/libtiff/tiff-4.0.10.tar.gz Source0: https://gitlab.com/libtiff/libtiff/-/archive/master/libtiff-master.tar.bz2 Patch1: libtiff-CVE-2014-8128.patch Patch2: libtiff-CVE-2015-7554.patch Patch7: libtiff-CVE-2018-12900.patch Patch8: libtiff-CVE-2018-19210.patch BuildRequires: jbig-devel BuildRequires: pkgconfig(libjpeg) BuildRequires: pkgconfig(freeglut) BuildRequires: pkgconfig(zlib) BuildRequires: pkgconfig(liblzma) BuildRequires: pkgconfig(libzstd) BuildRequires: pkgconfig(libwebp) %description The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. %package progs Summary: Binaries needed to manipulate TIFF format image files Group: Graphics/Utilities Requires: %{libname} = %{version} Obsoletes: libtiff3-progs Provides: libtiff3-progs = %{version}-%{release} %description progs This package provides binaries needed to manipulate TIFF format image files. %package -n %{libname} Summary: A library of functions for manipulating TIFF format image files Group: System/Libraries Obsoletes: %{name} < %{version} Provides: %{name} = %{version}-%{release} %description -n %{libname} The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. %package -n %{develname} Summary: Development tools for programs which will use the libtiff library Group: Development/C Requires: %{libname} = %{version} Provides: %{name}-devel = %{version}-%{release} Provides: tiff-devel = %{version}-%{release} Obsoletes: %{mklibname tiff 3 -d} %description -n %{develname} This package contains the header files and .so libraries for developing programs which will manipulate TIFF format image files using the libtiff library. %package -n %{staticdevelname} Summary: Static libraries for programs which will use the libtiff library Group: Development/C Requires: %{develname} = %{version} Provides: %{name}-static-devel = %{version}-%{release} Provides: tiff-static-devel = %{version}-%{release} Obsoletes: %{mklibname tiff 3 -d -s} %description -n %{staticdevelname} This package contains the static libraries for developing programs which will manipulate TIFF format image files using the libtiff library. %prep #setup -q -n tiff-%{version} %setup -q -n libtiff-master %patch1 -p0 %patch2 -p1 %patch7 -p1 %patch8 -p1 %build ./autogen.sh %configure2_5x --enable-static --with-docdir=%{_datadir}/doc/%{develname} --enable-ld-version-script %make_build %check LD_LIBRARY_PATH=$PWD:$LD_LIBRARY_PATH make check %install %make_install rm -f %{buildroot}%{_libdir}/*.la # remove man pages for programs that are not provided anymore rm -f %{buildroot}%{_mandir}/man1/rgb2ycbcr.1* rm -f %{buildroot}%{_mandir}/man1/thumbnail.1* # multiarch policy %multiarch_includes %{buildroot}%{_includedir}/tiffconf.h %files progs %{_bindir}/* %{_mandir}/man1/* %files -n %{libname} %{_libdir}/*.so.%{major}{,.*} %files -n %{develname} %doc %{_datadir}/doc/%{develname} %{_includedir}/*.h* %{multiarch_includedir}/tiffconf.h %{_libdir}/*.so %{_libdir}/pkgconfig/*.pc %{_mandir}/man3/* %files -n %{staticdevelname} %{_libdir}/*.a %changelog * Thu Feb 21 2019 ns80 <ns80> 4.0.10-1.git20190219.1.mga6 + Revision: 1369028 - update to latest git snapshot for CVE-2019-7663 (mga#24393) - update to latest git snapshot for CVE-2019-6128 (mga#24343) - add patches for CVE-2018-12900, CVE-2018-18557 and CVE-2018-19210 (mga#24053) - add upstream patch for CVE-2018-18661 (mga#23788) - add upstream patch for CVE-2018-1710[01] (mga#23753) - add patches for CVE-2016-5319, CVE-2017-17942 and CVE-2018-10779 (mga#23142) - add upstream patch for CVE-2018-8905 (mga#23021) - add upstream patch for CVE-2018-10963 (mga#23021) - add upstream patch for CVE-2018-7456 (mga#22920) - add upstream patches for CVE-2017-11613 and CVE-2018-5784 (mga#22799) - add patches for CVE-2017-17095, CVE-2017-9935 and CVE-2017-18013 (mga#22120) - new version 4.0.9 * Fri Jul 07 2017 ns80 <ns80> 4.0.8-3.mga6 + Revision: 1109432 - update to latest CVS snapshot to fix CVE-2017-9936 and CVE-2017-10688 (mga#21195) * Fri Jun 02 2017 ns80 <ns80> 4.0.8-2.mga6 + Revision: 1105783 - add upstream patches for bug fixes and an unfixed remaining portion of CVE-2014-8128 (mga#20057) * Mon May 22 2017 ns80 <ns80> 4.0.8-1.mga6 + Revision: 1104031 - new version 4.0.8 * Thu May 18 2017 ns80 <ns80> 4.0.7-8.mga6 + Revision: 1102972 - update to latest CVS snapshot to fix several security problems * Mon May 15 2017 ns80 <ns80> 4.0.7-7.mga6 + Revision: 1101700 - update to latest CVS snapshot to fix several security problems * Thu May 11 2017 ns80 <ns80> 4.0.7-6.mga6 + Revision: 1100239 - update to latest CVS snapshot to fix some problems related to memory management * Tue May 02 2017 ns80 <ns80> 4.0.7-5.mga6 + Revision: 1098415 - update to latest CVS snapshot to fix some memory leaks * Fri Apr 28 2017 ns80 <ns80> 4.0.7-4.mga6 + Revision: 1097876 - update to latest CVS snapshot that fixes some memory leaks and crashes * Wed Apr 05 2017 ns80 <ns80> 4.0.7-3.mga6 + Revision: 1095955 - update to latest CVS snapshot to fix memory leaks * Fri Jan 27 2017 ns80 <ns80> 4.0.7-2.mga6 + Revision: 1083570 - update to latest CVS snapshot for CVE-2016-1009[2-4], CVE-2017-5225 and other security bugs * Mon Nov 21 2016 ns80 <ns80> 4.0.7-1.mga6 + Revision: 1068539 - new version 4.0.7 * Fri Nov 18 2016 ns80 <ns80> 4.0.6-11.mga6 + Revision: 1068287 - fix an out-of-bounds Write memcpy and less bound check in tiff2pdf (mga#19813) * Fri Nov 18 2016 ns80 <ns80> 4.0.6-10.mga6 + Revision: 1068153 - fix a regression introduced by the fix for CVE-2016-9297 * Mon Nov 14 2016 ns80 <ns80> 4.0.6-9.mga6 + Revision: 1067194 - update to latest CVS commit to fix CVE-2016-9273 and CVE-2016-9297 (mga#19758) * Fri Nov 04 2016 ns80 <ns80> 4.0.6-8.mga6 + Revision: 1065252 - update to 2016-10-31 CVS commit to fix potential buffer overflows * Mon Oct 31 2016 ns80 <ns80> 4.0.6-7.mga6 + Revision: 1064268 - update to 2016-10-26 CVS commit to fix: * an out-of-bound read on some tiled images * CVE-2014-8127 (duplicate: CVE-2016-3658) * segfault when specifying -r without argument (fax2tiff) * Fri Oct 21 2016 ns80 <ns80> 4.0.6-6.mga6 + Revision: 1062886 - update to 2016-10-14 CVS commit to fix an out-of-bound read of up to 3 bytes in readContigTilesIntoBuffer() * Fri Oct 14 2016 ns80 <ns80> 4.0.6-5.mga6 + Revision: 1060739 - update to 2016-10-09 CVS commit for CVE-2016-5652 and 3 other security issues * Wed Oct 05 2016 ns80 <ns80> 4.0.6-4.mga6 + Revision: 1058902 - address a long list of CVEs (mga#17480): * update to latest CVS commit for CVE-2015-8668, CVE-2016-3186 (gif2tiff tool is not provided anymore), CVE-2016-3622, CVE-2016-3623, CVE-2016-3632, CVE-2016-3945, CVE-2016-3990, CVE-2016-3991, CVE-2016-5314, CVE-2016-5315, CVE-2016-5316, CVE-2016-5317, CVE-2016-5320, CVE-2016-5321, CVE-2016-5322, CVE-2016-5323, CVE-2016-5875, CVE-2016-6223 * add a patch from Redhat for CVE-2015-7554 (partial solution, it seems) - some programs are not provided anymore (package libtiff-progs): bmp2tiff, gif2tiff, ras2tiff, rgb2ycbcr and thumbnail * Tue Jan 12 2016 luigiwalser <luigiwalser> 4.0.6-3.mga6 + Revision: 922129 - add patch suggested upstream (maptools#2499) - fixes remaining CVE-2014-8128 issue unfixed upstream * Tue Dec 29 2015 luigiwalser <luigiwalser> 4.0.6-2.mga6 + Revision: 916815 - sync with upstream cvs 20151227, fixes mga#15519, CVE-2015-8665, CVE-2015-8683 * Thu Dec 24 2015 luigiwalser <luigiwalser> 4.0.6-1.mga6 + Revision: 914393 - 4.0.6 * Fri Sep 04 2015 luigiwalser <luigiwalser> 4.0.5-1.mga6 + Revision: 872826 - 4.0.5 * Thu Jul 09 2015 luigiwalser <luigiwalser> 4.0.4-1.mga6 + Revision: 853121 - 4.0.4 (final) - remove opensuse patches (security issues they fixed and regressions they caused were fixed upstream) * Wed Mar 18 2015 luigiwalser <luigiwalser> 4.0.4-0.1.mga5 + Revision: 818759 - 4.0.4beta (fully fixes CVE-2014-8127) - remove upstream patches * Mon Mar 09 2015 luigiwalser <luigiwalser> 4.0.3-11.mga5 + Revision: 818271 - add patches from OpenSuSE to fix: - CVE-2014-812[7-9], CVE-2014-8130, CVE-2014-9655, and CVE-2015-1547 * Wed Oct 15 2014 umeabot <umeabot> 4.0.3-10.mga5 + Revision: 742880 - Second Mageia 5 Mass Rebuild * Tue Sep 16 2014 umeabot <umeabot> 4.0.3-9.mga5 + Revision: 681812 - Mageia 5 Mass Rebuild * Sun Oct 20 2013 umeabot <umeabot> 4.0.3-8.mga4 + Revision: 536718 - Mageia 4 Mass Rebuild * Tue Sep 24 2013 luigiwalser <luigiwalser> 4.0.3-7.mga4 + Revision: 485465 - add patch from opensuse to fix CVE-2013-4243 * Wed Aug 28 2013 luigiwalser <luigiwalser> 4.0.3-6.mga4 + Revision: 472649 - add patch from debian to fix CVE-2013-4244 * Mon Aug 19 2013 luigiwalser <luigiwalser> 4.0.3-5.mga4 + Revision: 467997 - add patches from fedora to fix CVE-2013-4231 and CVE-2013-4232 * Fri May 03 2013 luigiwalser <luigiwalser> 4.0.3-4.mga3 + Revision: 412150 - add patches from fedora to fix CVE-2013-1960 and CVE-2013-1961 * Sat Jan 12 2013 umeabot <umeabot> 4.0.3-3.mga3 + Revision: 358249 - Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild + boklm <boklm> - Update group: Graphics/Other -> Graphics/Utilities * Thu Nov 15 2012 luigiwalser <luigiwalser> 4.0.3-2.mga3 + Revision: 318232 - add patch from redhat to fix CVE-2012-4564 * Tue Oct 23 2012 luigiwalser <luigiwalser> 4.0.3-1.mga3 + Revision: 309517 - 4.0.3 - patch raw_decode test to work with libjpeg-turbo * Tue Oct 23 2012 luigiwalser <luigiwalser> 4.0.2-3.mga3 + Revision: 309490 - revert to 4.0.2 - add patch from debian to fix CVE-2012-4447 - 4.0.3 + fwang <fwang> - use ld_library_path * Thu Jul 19 2012 luigiwalser <luigiwalser> 4.0.2-2.mga3 + Revision: 272692 - fix CVE-2012-3401 (from RedHat) * Tue Jul 03 2012 luigiwalser <luigiwalser> 4.0.2-1.mga3 + Revision: 267040 - 4.0.2 (fixes CVE-2012-2113) * Thu Apr 05 2012 luigiwalser <luigiwalser> 4.0.1-2.mga2 + Revision: 228674 - fix CVE-2012-1173 (from mdv) * Sun Feb 19 2012 fwang <fwang> 4.0.1-1.mga2 + Revision: 210744 - enable ld version script - new version 4.0.1 * Thu Dec 22 2011 fwang <fwang> 4.0.0-1.mga2 + Revision: 186081 - new version 4.0.0 * Fri Sep 23 2011 fwang <fwang> 3.9.5-1.mga2 + Revision: 146947 - switch to freeglut * Wed Apr 20 2011 pterjan <pterjan> 3.9.5-1.mga1 + Revision: 88881 - Update to 3.9.5 * Tue Jan 11 2011 pterjan <pterjan> 3.9.4-3.mga1 + Revision: 5548 - Drop obsolete scriptlets - imported package libtiff * Thu Sep 30 2010 Oden Eriksson <oeriksson@mandriva.com> 3.9.4-3mdv2011.0 + Revision: 582193 - sync with MDVSA-2010:190 * Fri Aug 06 2010 Oden Eriksson <oeriksson@mandriva.com> 3.9.4-2mdv2011.0 + Revision: 567027 - P2: security fix for CVE-2010-2595 - P3: security fix for CVE-2010-2483 - P4: security fix for CVE-2010-2597 - P5: http://bugzilla.maptools.org/show_bug.cgi?id=2218 (tiffdump crashes on unreasonably large dircount) - P6: security fix for CVE-2010-2233 - P7: http://bugzilla.maptools.org/show_bug.cgi?id=2210 (additional fixes for CVE-2010-2481) - P8: security fix for CVE-2010-2482 * Mon Jul 12 2010 Oden Eriksson <oeriksson@mandriva.com> 3.9.4-1mdv2011.0 + Revision: 551257 - 3.9.4 * Sun Jan 10 2010 Oden Eriksson <oeriksson@mandriva.com> 3.9.2-2mdv2010.1 + Revision: 488784 - rebuilt against libjpeg v8 * Fri Nov 06 2009 Oden Eriksson <oeriksson@mandriva.com> 3.9.2-1mdv2010.1 + Revision: 461145 - 3.9.2 - the format string patch (P0) was applied upstream * Fri Oct 02 2009 Oden Eriksson <oeriksson@mandriva.com> 3.9.1-4mdv2010.0 + Revision: 452663 - fix #54150 (SPEC file contains wrong project URL) * Sun Aug 30 2009 Oden Eriksson <oeriksson@mandriva.com> 3.9.1-3mdv2010.0 + Revision: 422565 - fix obsoletes (anssi) * Sun Aug 30 2009 Oden Eriksson <oeriksson@mandriva.com> 3.9.1-2mdv2010.0 + Revision: 422558 - the devel package obsoletes itself (anssi) * Sun Aug 30 2009 Oden Eriksson <oeriksson@mandriva.com> 3.9.1-1mdv2010.0 + Revision: 422431 - 3.9.1 - drop all patches implemented upstream - rediffed the string format patch - fix cleaner docs - cleanup the spec file a bit * Sat Aug 15 2009 Oden Eriksson <oeriksson@mandriva.com> 3.8.2-16mdv2010.0 + Revision: 416523 - rebuilt against libjpeg v7 * Tue Jul 14 2009 Oden Eriksson <oeriksson@mandriva.com> 3.8.2-15mdv2010.0 + Revision: 395912 - P6: security fix for CVE-2009-2285 (redhat) - P7: security fix for CVE-2009-2347 (redhat) * Mon May 11 2009 Oden Eriksson <oeriksson@mandriva.com> 3.8.2-14mdv2010.0 + Revision: 374654 - fix #50788 (tiff2pdf ignores JPEG compression quality) - fix build * Thu Dec 18 2008 Oden Eriksson <oeriksson@mandriva.com> 3.8.2-13mdv2009.1 + Revision: 315623 - use LDFLAGS from the %%configure macro - use %%optflags - fix build with -Werror=format-security (P4) * Fri Sep 05 2008 Oden Eriksson <oeriksson@mandriva.com> 3.8.2-12mdv2009.0 + Revision: 281203 - P3: security fix for CVE-2008-2327 * Tue Jun 17 2008 Thierry Vignaud <tv@mandriva.org> 3.8.2-11mdv2009.0 + Revision: 223011 - rebuild + Pixel <pixel@mandriva.com> - do not call ldconfig in %%post/%%postun, it is now handled by filetriggers - adapt to %%_localstatedir now being /var instead of /var/lib (#22312) * Tue Mar 04 2008 Oden Eriksson <oeriksson@mandriva.com> 3.8.2-10mdv2008.1 + Revision: 178953 - rebuild + Thierry Vignaud <tv@mandriva.org> - rebuild - kill re-definition of %%buildroot on Pixel's request + Olivier Blin <oblin@mandriva.com> - restore BuildRoot * Tue Oct 31 2006 Oden Eriksson <oeriksson@mandriva.com> 3.8.2-8mdv2007.0 + Revision: 74790 - rebuild - bzip2 cleanup - rebuild - bunzip patches - Import libtiff * Thu Sep 07 2006 Stew Benedict <sbenedict@mandriva.com> 3.8.2-5mdv2007.0 - fix %%files in -devel so we don't provide %%{multiarch_includedir} * Wed Aug 02 2006 Stew Benedict <sbenedict@mandriva.com> 3.8.2-4mdv2007.0 - P2: security fix for CVE-2006-3459-thru-3465 - rpmlint * Fri Jun 16 2006 Stew Benedict <sbenedict@mandriva.com> 3.8.2-3mdv2007.0 - P1: security fix for CVE-2006-2193 * Wed Jun 07 2006 Stew Benedict <sbenedict@mandriva.com> 3.8.2-2mdv2007.0 - P0: security fix for CVE-2006-2656 * Wed Apr 19 2006 Stew Benedict <sbenedict@mandriva.com> 3.8.2-1mdk - 3.8.2 * Thu Mar 16 2006 Olivier Blin <oblin@mandriva.com> 3.6.1-14mdk - from Vincent Danen: security fix for CVE-2005-1544 (P105) * Sun Jan 01 2006 Mandriva Linux Team <http://www.mandrivaexpert.com/> 3.6.1-13mdk - Rebuild * Fri Aug 19 2005 Olivier Blin <oblin@mandriva.com> 3.6.1-12mdk - from Stew Benedict: security update for CAN-2005-2452 (P104) * Wed Mar 23 2005 Olivier Blin <oblin@mandrakesoft.com> 3.6.1-11mdk - Patch8: fix man page about tiffsplit filename range (CVS, #12071) * Tue Mar 22 2005 Olivier Blin <oblin@mandrakesoft.com> 3.6.1-10mdk - update Patch103: do not abort if an unknown tag is found (#13125) * Thu Mar 10 2005 Christiaan Welvaart <cjw@daneel.dyndns.org> 3.6.1-9mdk - build fix: do not pass cflags to make * Mon Feb 28 2005 Gwenole Beauchesne <gbeauchesne@mandrakesoft.com> 3.6.1-8mdk - cross-endian multiarch fixes * Tue Jan 25 2005 Frederic Lepied <flepied@mandrakesoft.com> 3.6.1-7mdk - parallel build - really fix MDKSA-2005:001 * Tue Jan 25 2005 Michael Scherer <misc@mandrake.org> 3.6.1-6mdk - security fix ( patch #102 ) * Wed Oct 27 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 3.6.1-5mdk - added security fixes for buffer and integer overflows (P100 & P101) * Fri Oct 08 2004 Olivier Blin <blino@mandrake.org> 3.6.1-4mdk - fix Hylafax decoding, see : http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=500 * Mon Sep 13 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 3.6.1-3mdk - add missing headers - misc spec file fixes * Fri May 28 2004 Buchan Milne <bgmilne@linux-mandrake.com> 3.6.1-2mdk - Merge back changes I clobbered - rediff P0,P1,P4 * Sat May 15 2004 Buchan Milne <bgmilne@linux-mandrake.com> 3.6.1-1mdk - 3.6.1