--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package tiff
This is a very localized patch to the tiffcp utility (doesn't even
affect the tiff library) to fix a potential crash, fixing RC bug
#741451. The originated from upstream where it was based on a fix
previously submitted by the original reporter.
(include/attach the debdiff against the package in testing)
unblock tiff/4.0.3-11
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru tiff-4.0.3/debian/changelog tiff-4.0.3/debian/changelog
--- tiff-4.0.3/debian/changelog 2014-06-29 17:32:44.000000000 -0400
+++ tiff-4.0.3/debian/changelog 2014-12-23 15:52:13.000000000 -0500
@@ -1,3 +1,10 @@
+tiff (4.0.3-11) unstable; urgency=medium
+
+ * Don't crash on JPEG => non-JPEG conversion (Closes: #741451)
+ * Thanks Tomasz Buchert <tomasz.buchert@inria.fr> for preparing the fix!
+
+ -- Jay Berkenbilt <qjb@debian.org> Tue, 23 Dec 2014 15:51:40 -0500
+
tiff (4.0.3-10) unstable; urgency=medium
* Remove libtiff4-dev, completing the tiff transition. Packages that
diff -Nru tiff-4.0.3/debian/patches/jpeg-colorspace.patch tiff-4.0.3/debian/patches/jpeg-colorspace.patch
--- tiff-4.0.3/debian/patches/jpeg-colorspace.patch 1969-12-31 19:00:00.000000000 -0500
+++ tiff-4.0.3/debian/patches/jpeg-colorspace.patch 2014-12-23 15:52:13.000000000 -0500
@@ -0,0 +1,38 @@
+Description: fix for Debian bug #741451
+ tiffcp crashes when converting JPEG-encoded TIFF to a different
+ encoding (like none or lzw). For example this will probably fail:
+ .
+ tiffcp -c none jpeg_encoded_file.tif output.tif
+ .
+ The reason is that when the input file contains JPEG data,
+ the tiffcp code forces conversion to RGB space. However,
+ the output normally inherits YCbCr subsampling parameters
+ from the input, which leads to a smaller working buffer
+ than necessary. The buffer is subsequently overrun inside
+ cpStripToTile() (called from writeBufferToContigTiles).
+ Note that the resulting TIFF file would be scrambled even
+ if tiffcp wouldn't crash, since the output file would contain
+ RGB data intepreted as subsampled YCbCr values.
+ .
+ This patch fixes the problem by forcing RGB space on the output
+ TIF if the input is JPEG-encoded and output is *not* JPEG-encoded.
+Origin: upstream, http://bugzilla.maptools.org/show_bug.cgi?id=2480
+Author: Tomasz Buchert <tomasz.buchert@inria.fr>
+Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2480
+Bug-Debian: http://bugs.debian.org/741451
+
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -629,6 +629,12 @@
+ TIFFSetField(out, TIFFTAG_PHOTOMETRIC,
+ samplesperpixel == 1 ?
+ PHOTOMETRIC_LOGL : PHOTOMETRIC_LOGLUV);
++ else if (input_compression == COMPRESSION_JPEG &&
++ samplesperpixel == 3) {
++ /* RGB conversion was forced above
++ hence the output will be of the same type */
++ TIFFSetField(out, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_RGB);
++ }
+ else
+ CopyTag(TIFFTAG_PHOTOMETRIC, 1, TIFF_SHORT);
+ if (fillorder != 0)
diff -Nru tiff-4.0.3/debian/patches/series tiff-4.0.3/debian/patches/series
--- tiff-4.0.3/debian/patches/series 2014-06-29 17:32:44.000000000 -0400
+++ tiff-4.0.3/debian/patches/series 2014-12-23 15:52:13.000000000 -0500
@@ -6,3 +6,4 @@
CVE-2013-4232.patch
CVE-2013-4244.patch
CVE-2013-4243.patch
+jpeg-colorspace.patch
--- End Message ---