[meego-commits] 5812: Changes to MeeGo:1.0:Core:Update:Testing/libtiff
Bin Gao
bin.gao at intel.com
Fri Jul 16 17:00:42 UTC 2010
Hi,
I have made the following changes to libtiff in project MeeGo:1.0:Core:Update:Testing. Please review and accept ASAP.
Thank You,
Bin Gao
[This message was auto-generated]
---
Request #5812:
submit: home:bgao1:branches:MeeGo:1.0:Core:Update:Testing/libtiff(r2)(cleanup) -> MeeGo:1.0:Core:Update:Testing/libtiff
Message:
Update to 3.9.4 to fix several CVE bugs
State: new 2010-07-16T04:55:14 bgao1
Comment: None
changes files:
--------------
--- libtiff.changes
+++ libtiff.changes
@@ -0,0 +1,10 @@
+* Fri Jul 16 2010 Bin Gao <bin.gao at intel.com> - 3.9.4
+- Update to 3.9.4 which will close CVE-2010-2443/2067/2065 corresponding to BMC #3627/#3626/#3623
+- Drop following patches which are either merged to 3.9.4 or not applicable any more:
+ libtiff-3.8.2-CVE-2006-2193.patch
+ libtiff-3.8.2-lzw-bugs.patch
+ libtiff-3.8.2-ormandy.patch
+ tiff-3.8.2-CVE-2009-2347.patch
+ tiffsplit-overflow.patch
+ libtiff-bugtraq-35451.patch
+
@@ -9,263 +18,0 @@
-
-* Tue Aug 26 2008 Tom Lane <tgl at redhat.com> 3.8.2-11
-- Fix LZW decoding vulnerabilities (CVE-2008-2327)
-Related: #458674
-- Use -fno-strict-aliasing per rpmdiff recommendation
-
-* Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 3.8.2-10
-- Autorebuild for GCC 4.3
-
-* Wed Aug 22 2007 Tom Lane <tgl at redhat.com> 3.8.2-9
-- Update License tag
-- Rebuild to fix Fedora toolchain issues
-
-* Thu Jul 19 2007 Tom Lane <tgl at redhat.com> 3.8.2-8
-- Restore static library to distribution, in a separate -static subpackage
-Resolves: #219905
-- Don't apply multilib header hack to unrecognized architectures
-Resolves: #233091
-- Remove documentation for programs we don't ship
-Resolves: #205079
-Related: #185145
-
-* Tue Jan 16 2007 Tom Lane <tgl at redhat.com> 3.8.2-7
-- Remove Makefiles from the shipped /usr/share/doc/html directories
-Resolves: bz #222729
-
-* Tue Sep 5 2006 Jindrich Novy <jnovy at redhat.com> - 3.8.2-6
-- fix CVE-2006-2193, tiff2pdf buffer overflow (#194362)
-- fix typo in man page for tiffset (#186297)
-- use %%{?dist}
-
-* Mon Jul 24 2006 Matthias Clasen <mclasen at redhat.com>
-- Fix several vulnerabilities (CVE-2006-3460 CVE-2006-3461
- CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
-
-* Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 3.8.2-4.1
-- rebuild
-
-* Fri Jun 2 2006 Matthias Clasen <mclasen at redhat.com> - 3.8.2-3
-- Fix multilib conflict
-
-* Thu May 25 2006 Matthias Clasen <mclasen at redhat.com> - 3.8.2-3
-- Fix overflows in tiffsplit
-
-* Wed Apr 26 2006 Matthias Clasen <mclasen at redhat.com> - 3.8.2-2
-- Drop tiffgt to get rid of the libGL dependency (#190768)
-
-* Wed Apr 26 2006 Matthias Clasen <mclasen at redhat.com> - 3.8.2-1
-- Update to 3.8.2
-
-* Fri Feb 10 2006 Jesse Keating <jkeating at redhat.com> - 3.7.4-3.2.1
-- bump again for double-long bug on ppc(64)
-
-* Tue Feb 07 2006 Jesse Keating <jkeating at redhat.com> - 3.7.4-3.2
-- rebuilt for new gcc4.1 snapshot and glibc changes
-
-* Fri Dec 09 2005 Jesse Keating <jkeating at redhat.com>
-- rebuilt
-
-* Wed Nov 16 2005 Matthias Clasen <mclasen at redhat.com> 3.7.4-3
-- Don't ship static libs
-
-* Fri Nov 11 2005 Matthias Saou <http://freshrpms.net/> 3.7.4-2
-- Remove useless explicit dependencies.
-- Minor spec file cleanups.
-- Move make check to %%check.
-- Add _smp_mflags.
-
-* Thu Sep 29 2005 Matthias Clasen <mclasen at redhat.com> - 3.7.4-1
-- Update to 3.7.4
-- Drop upstreamed patches
-
-* Wed Jun 29 2005 Matthias Clasen <mclasen at redhat.com> - 3.7.2-1
-- Update to 3.7.2
-- Drop upstreamed patches
-
-* Fri May 6 2005 Matthias Clasen <mclasen at redhat.com> - 3.7.1-6
-- Fix a stack overflow
-
-* Wed Mar 2 2005 Matthias Clasen <mclasen at redhat.com> - 3.7.1-5
-- Don't use mktemp
-
-* Wed Mar 2 2005 Matthias Clasen <mclasen at redhat.com> - 3.7.1-4
-- Rebuild with gcc4
-
-* Wed Jan 5 2005 Matthias Clasen <mclasen at redhat.com> - 3.7.1-3
-- Drop the largefile patch again
-- Fix a problem with the handling of alpha channels
-- Fix an integer overflow in tiffdump (#143576)
-
-* Wed Dec 22 2004 Matthias Clasen <mclasen at redhat.com> - 3.7.1-2
-- Readd the largefile patch (#143560)
-
-* Wed Dec 22 2004 Matthias Clasen <mclasen at redhat.com> - 3.7.1-1
-- Upgrade to 3.7.1
-- Remove upstreamed patches
-- Remove specfile cruft
-- make check
-
-* Thu Oct 14 2004 Matthias Clasen <mclasen at redhat.com> 3.6.1-7
-- fix some integer and buffer overflows (#134853, #134848)
-
-* Tue Oct 12 2004 Matthias Clasen <mclasen at redhat.com> 3.6.1-6
-- fix http://bugzilla.remotesensing.org/show_bug.cgi?id=483
-
-* Mon Sep 27 2004 Rik van Riel <riel at redhat.com> 3.6.1-4
-- compile using RPM_OPT_FLAGS (bz #133650)
-
-* Tue Jun 15 2004 Elliot Lee <sopwith at redhat.com>
-- rebuilt
-
-* Thu May 20 2004 Matthias Clasen <mclasen at redhat.com> 3.6.1-2
-- Fix and use the makeflags patch
-
-* Wed May 19 2004 Matthias Clasen <mclasen at redhat.com> 3.6.1-1
-- Upgrade to 3.6.1
-- Adjust patches
-- Don't install tiffgt man page (#104864)
-
-* Tue Mar 02 2004 Elliot Lee <sopwith at redhat.com>
-- rebuilt
-
-* Sat Feb 21 2004 Florian La Roche <Florian.LaRoche at redhat.de>
-- really add symlink to shared lib by running ldconfig at compile time
-
-* Fri Feb 13 2004 Elliot Lee <sopwith at redhat.com>
-- rebuilt
-
-* Thu Oct 09 2003 Florian La Roche <Florian.LaRoche at redhat.de>
-- link shared lib against -lm (Jakub Jelinek)
-
-* Thu Sep 25 2003 Jeremy Katz <katzj at redhat.com> 3.5.7-13
-- rebuild to fix gzipped file md5sum (#91281)
-
-* Wed Jun 04 2003 Elliot Lee <sopwith at redhat.com>
-- rebuilt
-
-* Tue Feb 11 2003 Phil Knirsch <pknirsch at redhat.com> 3.5.7-11
-- Fixed rebuild problems.
-
-* Tue Feb 04 2003 Florian La Roche <Florian.LaRoche at redhat.de>
-- add symlink to shared lib
-
-* Wed Jan 22 2003 Tim Powers <timp at redhat.com>
-- rebuilt
-
-* Thu Dec 12 2002 Tim Powers <timp at redhat.com> 3.5.7-8
-- rebuild on all arches
-
-* Mon Aug 19 2002 Phil Knirsch <pknirsch at redhat.com> 3.5.7-7
-- Added LFS support (#71593)
-
-* Tue Jun 25 2002 Phil Knirsch <pknirsch at redhat.com> 3.5.7-6
-- Fixed wrong exit code of tiffcp app (#67240)
-
-* Fri Jun 21 2002 Tim Powers <timp at redhat.com>
-- automated rebuild
-
-* Thu May 23 2002 Tim Powers <timp at redhat.com>
-- automated rebuild
-
-* Wed May 15 2002 Phil Knirsch <pknirsch at redhat.com>
-- Fixed segfault in fax2tiff tool (#64708).
-
-* Mon Feb 25 2002 Phil Knirsch <pknirsch at redhat.com>
-- Fixed problem with newer bash versions setting CDPATH (#59741)
-
-* Tue Feb 19 2002 Phil Knirsch <pknirsch at redhat.com>
-- Update to current release 3.5.7
-
-* Wed Jan 09 2002 Tim Powers <timp at redhat.com>
-- automated rebuild
-
-* Tue Aug 28 2001 Phil Knirsch <phil at redhat.de>
-- Fixed ia64 problem with tiffinfo. Was general 64 bit arch problem where s390x
- and ia64 were missing (#52129).
-
-* Tue Jun 26 2001 Philipp Knirsch <pknirsch at redhat.de>
-- Hopefully final symlink fix
-
-* Thu Jun 21 2001 Than Ngo <than at redhat.com>
-- add missing libtiff symlink
-
-* Fri Mar 16 2001 Crutcher Dunnavant <crutcher at redhat.com>
-- killed tiff-to-ps.fpi filter
-
-* Wed Feb 28 2001 Philipp Knirsch <pknirsch at redhat.de>
-- Fixed missing devel version dependancy.
-
-* Tue Dec 19 2000 Philipp Knirsch <pknirsch at redhat.de>
-- rebuild
-
-* Tue Aug 7 2000 Crutcher Dunnavant <crutcher at redhat.com>
-- added a tiff-to-ps.fpi filter for printing
-
-* Thu Jul 13 2000 Prospector <bugzilla at redhat.com>
-- automatic rebuild
-
-* Thu Jul 13 2000 Nalin Dahyabhai <nalin at redhat.com>
-- apply Peter Skarpetis's fix for the 32-bit conversion
-
-* Mon Jul 3 2000 Nalin Dahyabhai <nalin at redhat.com>
-- make man pages non-executable (#12811)
-
-* Mon Jun 12 2000 Nalin Dahyabhai <nalin at redhat.com>
-- remove CVS repo info from data directories
-
-* Thu May 18 2000 Nalin Dahyabhai <nalin at redhat.com>
-- fix build rooting
-- fix syntax error in configure script
-- move man pages to {_mandir}
-
-* Wed May 17 2000 Nalin Dahyabhai <nalin at redhat.com>
-- rebuild for an errata release
-
-* Wed Mar 29 2000 Nalin Dahyabhai <nalin at redhat.com>
-- update to 3.5.5, which integrates our fax2ps fixes and the glibc fix
-
-* Tue Mar 28 2000 Nalin Dahyabhai <nalin at redhat.com>
-- fix fax2ps swapping height and width in the bounding box
-
-* Mon Mar 27 2000 Nalin Dahyabhai <nalin at redhat.com>
-- move man pages from devel package to the regular one
-- integrate Frank Warmerdam's fixed .fax handling code (keep until next release
- of libtiff)
-- fix fax2ps breakage (bug #8345)
-
-* Sat Feb 05 2000 Nalin Dahyabhai <nalin at redhat.com>
-- set MANDIR=man3 to make multifunction man pages friendlier
-
-* Mon Jan 31 2000 Nalin Dahyabhai <nalin at redhat.com>
-- fix URLs
-
-* Fri Jan 28 2000 Nalin Dahyabhai <nalin at redhat.com>
-- link shared library against libjpeg and libz
-
-* Tue Jan 18 2000 Nalin Dahyabhai <nalin at redhat.com>
-- enable zip and jpeg codecs
-- change defattr in normal package to 0755
-- add defattr to -devel package
-
-* Wed Dec 22 1999 Bill Nottingham <notting at redhat.com>
-- update to 3.5.4
-
-* Sun Mar 21 1999 Cristian Gafton <gafton at redhat.com>
-- auto rebuild in the new build environment (release 6)
-
-* Wed Jan 13 1999 Cristian Gafton <gafton at redhat.com>
-- build for glibc 2.1
-
-* Wed Jun 10 1998 Prospector System <bugs at redhat.com>
-- translations modified for de
-
-* Wed Jun 10 1998 Michael Fulbright <msf at redhat.com>
-- rebuilt against fixed jpeg libs (libjpeg-6b)
-
-* Thu May 07 1998 Prospector System <bugs at redhat.com>
-- translations modified for de, fr, tr
-
-* Mon Oct 13 1997 Donnie Barnes <djb at redhat.com>
-- new version to replace the one from libgr
-- patched for glibc
-- added shlib support
old:
----
libtiff-3.8.2-CVE-2006-2193.patch
libtiff-3.8.2-lzw-bugs.patch
libtiff-3.8.2-mantypo.patch
libtiff-3.8.2-ormandy.patch
libtiff-bugtraq-35451.patch
tiff-3.8.2-CVE-2009-2347.patch
tiff-3.8.2.tar.gz
tiffsplit-overflow.patch
new:
----
mantypo.patch
tiff-3.9.4.tar.gz
spec files:
-----------
--- libtiff.spec
+++ libtiff.spec
@@ -1,23 +1,13 @@
Summary: Library of functions for manipulating TIFF format image files
Name: libtiff
-Version: 3.8.2
-Release: 13%{?dist}
+Version: 3.9.4
+Release: 1
License: libtiff
-Group: System Environment/Libraries
+Group: System/Libraries
URL: http://www.libtiff.org/
-
Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
-Patch0: tiffsplit-overflow.patch
-Patch1: libtiff-3.8.2-ormandy.patch
-Patch2: libtiff-3.8.2-CVE-2006-2193.patch
-Patch3: libtiff-3.8.2-mantypo.patch
-Patch4: libtiff-3.8.2-lzw-bugs.patch
-Patch5: libtiff-bugtraq-35451.patch
-Patch6: tiff-3.8.2-CVE-2009-2347.patch
-
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
+Patch0: mantypo.patch
BuildRequires: zlib-devel libjpeg-devel
-%define LIBVER %(echo %{version} | cut -f 1-2 -d .)
%description
The libtiff package contains a library of functions for manipulating
@@ -42,41 +32,22 @@
image files, you should install this package. You'll also need to
install the libtiff package.
-%package static
-Summary: Static TIFF image format file library
-Group: Development/Libraries
-Requires: %{name}-devel = %{version}-%{release}
-
-%description static
-The libtiff-static package contains the statically linkable version of libtiff.
-Linking to static libraries is discouraged for most applications, but it is
-necessary for some boot packages.
-
%prep
%setup -q -n tiff-%{version}
-%patch0 -p1 -b .overflow
-%patch1 -p1 -b .ormandy
-%patch2 -p1 -b .CVE-2006-2193
-%patch3 -p1 -b .mantypo
-%patch4 -p1
-%patch5 -p1 -b .bugtraq-35451
-%patch6 -p1 -b .tiff-3.8.2-CVE-2009-2347
+%patch0 -p1 -b .mantypo
%build
export CFLAGS="%{optflags} -fno-strict-aliasing"
-%configure
-make %{?_smp_mflags}
-
-LD_LIBRARY_PATH=$PWD:$LD_LIBRARY_PATH make check
+%configure --disable-static
+make %{?jobs:-j%jobs}
%install
rm -rf $RPM_BUILD_ROOT
-%makeinstall
+%make_install
# remove what we didn't want installed
-rm $RPM_BUILD_ROOT%{_libdir}/*.la
rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/
# no libGL dependency, please
@@ -92,44 +63,6 @@
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/tiffsv.1
rm -f html/man/tiffsv.1.html
-# multilib header hack
-# we only apply this to known Red Hat multilib arches, per bug #233091
-case `uname -i` in
- i386 | ppc | s390)
- wordsize="32"
- ;;
- x86_64 | ppc64 | s390x)
- wordsize="64"
- ;;
- *)
- wordsize=""
- ;;
-esac
-
-if test -n "$wordsize"
-then
- mv $RPM_BUILD_ROOT%{_includedir}/tiffconf.h \
- $RPM_BUILD_ROOT%{_includedir}/tiffconf-$wordsize.h
-
- cat >$RPM_BUILD_ROOT%{_includedir}/tiffconf.h <<EOF
-#ifndef TIFFCONF_H_MULTILIB
-#define TIFFCONF_H_MULTILIB
-
-#include <bits/wordsize.h>
-
-#if __WORDSIZE == 32
-# include "tiffconf-32.h"
-#elif __WORDSIZE == 64
-# include "tiffconf-64.h"
-#else
-# error "unexpected value for __WORDSIZE macro"
-#endif
-
-#endif
-EOF
-
-fi
-
# don't include documentation Makefiles, they are a multilib hazard
find html -name 'Makefile*' | xargs rm
@@ -146,7 +79,7 @@
%{_bindir}/*
%{_libdir}/libtiff.so.*
%{_libdir}/libtiffxx.so.*
-%{_mandir}/man1/*
+%doc %{_mandir}/man1/*
%files devel
%defattr(-,root,root,0755)
@@ -154,9 +87,5 @@
%{_includedir}/*
%{_libdir}/libtiff.so
%{_libdir}/libtiffxx.so
-%{_mandir}/man3/*
-
-%files static
-%defattr(-,root,root)
-%{_libdir}/*.a
+%doc %{_mandir}/man3/*
other changes:
--------------
++++++ mantypo.patch (new)
--- mantypo.patch
+++ mantypo.patch
+--- tiff-3.9.4/man/tiffset.1 2006-04-20 20:17:19.000000000 +0800
++++ tiff-3.9.4-new/man/tiffset.1 2010-07-05 16:11:53.000000000 +0800
+@@ -60,7 +60,7 @@
+ ``Anonymous'':
+ .RS
+ .nf
+-tiffset \-s 305 Anonymous a.tif
++tiffset \-s 315 Anonymous a.tif
+ .fi
+ .RE
+ .PP
++++++ tiff-3.8.2.tar.gz -> tiff-3.9.4.tar.gz
111873 lines of diff (skipped)
++++++ deleted files:
--- libtiff-3.8.2-CVE-2006-2193.patch
--- libtiff-3.8.2-lzw-bugs.patch
--- libtiff-3.8.2-mantypo.patch
--- libtiff-3.8.2-ormandy.patch
--- libtiff-bugtraq-35451.patch
--- tiff-3.8.2-CVE-2009-2347.patch
--- tiffsplit-overflow.patch
More information about the MeeGo-commits
mailing list