Bug#863459: marked as done (unblock (pre-approval): tiff/4.0.8)

To: Ivo De Decker <ivodd@respighi.debian.org>
Subject: Bug#863459: marked as done (unblock (pre-approval): tiff/4.0.8)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 27 May 2017 19:51:06 +0000
Message-id: <[🔎] handler.863459.D863459.149591462432539.ackdone@bugs.debian.org>
References: <E1dEhjB-0003mk-Kv@respighi.debian.org> <[🔎] CAKjSHr0+CVpAWZqb3mshj7Lit4x+mdyWr6j410k+YNPi4XLQmA@mail.gmail.com>

Your message dated Sat, 27 May 2017 19:50:21 +0000
with message-id <E1dEhjB-0003mk-Kv@respighi.debian.org>
and subject line unblock tiff
has caused the Debian Bug report #863459,
regarding unblock (pre-approval): tiff/4.0.8
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
863459: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863459
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock (pre-approval): tiff/4.0.8
From: László Böszörményi (GCS) <gcs@debian.org>
Date: Sat, 27 May 2017 09:48:21 +0200
Message-id: <[🔎] CAKjSHr0+CVpAWZqb3mshj7Lit4x+mdyWr6j410k+YNPi4XLQmA@mail.gmail.com>

Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi Release Team,

Current version of tiff in the archive is 4.0.7 and the package
already have 28 security patches that got attention (CVE id). Upstream
released 4.0.8 which contains only security related changes[1]
including memory leaks, division by zero, undefined behaviour, integer
overflows and excessive memory allocation fixes.
There are no major or software configuration changes[2].

Diffstat between the versions:
 ChangeLog                 |  464 +++++++++++++++++++++++++++++++++++++++++++++-
 RELEASE-DATE              |    2
 VERSION                   |    2
 configure                 |   24 +-
 configure.ac              |    6
 html/Makefile.am          |    3
 html/Makefile.in          |    3
 html/index.html           |    4
 html/man/CMakeLists.txt   |    2
 html/man/Makefile.am      |    2
 html/man/Makefile.in      |    2
 html/man/rgb2ycbcr.1.html |  155 ---------------
 html/man/thumbnail.1.html |  148 --------------
 html/v4.0.7.html          |    2
 html/v4.0.8.html          |  445 ++++++++++++++++++++++++++++++++++++++++++++
 libtiff/tif_color.c       |   40 ++-
 libtiff/tif_dir.c         |   48 ++++
 libtiff/tif_dirread.c     |   62 ++++--
 libtiff/tif_dirwrite.c    |  101 ++++++++--
 libtiff/tif_fax3.c        |   71 +++++--
 libtiff/tif_fax3.h        |    6
 libtiff/tif_getimage.c    |   95 ++++++---
 libtiff/tif_jpeg.c        |   29 ++
 libtiff/tif_luv.c         |   47 ++--
 libtiff/tif_lzw.c         |   33 ++-
 libtiff/tif_ojpeg.c       |   25 ++
 libtiff/tif_open.c        |    6
 libtiff/tif_packbits.c    |   12 -
 libtiff/tif_pixarlog.c    |   60 ++++-
 libtiff/tif_predict.c     |   18 +
 libtiff/tif_print.c       |   10
 libtiff/tif_read.c        |  344 +++++++++++++++++++++++++++++-----
 libtiff/tif_strip.c       |   11 -
 libtiff/tif_unix.c        |   10
 libtiff/tif_win32.c       |   10
 libtiff/tif_write.c       |   32 +--
 libtiff/tif_zip.c         |    8
 libtiff/tiffio.h          |    5
 libtiff/tiffiop.h         |    6
 libtiff/tiffvers.h        |    4
 man/CMakeLists.txt        |    2
 man/Makefile.am           |    2
 man/Makefile.in           |    2
 man/rgb2ycbcr.1           |   99 ---------
 man/thumbnail.1           |   90 --------
 tools/fax2tiff.c          |    9
 tools/raw2tiff.c          |   10
 tools/tiff2bw.c           |    9
 tools/tiff2pdf.c          |   31 +--
 tools/tiff2ps.c           |   15 +
 tools/tiffcp.c            |   65 +++++-
 tools/tiffcrop.c          |   23 +-
 tools/tiffinfo.c          |    4
 53 files changed, 1920 insertions(+), 798 deletions(-)

Tests done.
1) Using it on my Stretch/amd64 machine without problems, including
gimp and firefox.
2) Built successfully on amd64 / arm64 / armel / i386 / mipsel.
3) Built some reverse dependencies with it: graphicsmagick and gimp.

Proposed package is available[3]. Would be nice to upload it to Sid
and target Stretch instead of backporting even more fixes as those get
public exploits and/or CVE ids. Of course, I'm open for even more
testing if that's required.

Thanks for considering,
Laszlo/GCS
[1] http://libtiff.maptools.org/v4.0.8.html#libtiff
[2] http://libtiff.maptools.org/v4.0.8.html#highlights
[3] dget -x http://www.barcikacomp.hu/gcs/tiff_4.0.8-1.dsc

--- End Message ---

--- Begin Message ---

To: 863459-done@bugs.debian.org

Subject: unblock tiff

From: Ivo De Decker <ivodd@respighi.debian.org>

Date: Sat, 27 May 2017 19:50:21 +0000

Message-id: <E1dEhjB-0003mk-Kv@respighi.debian.org>
Unblocked tiff.
--- End Message ---

Reply to:

References:
- Bug#863459: unblock (pre-approval): tiff/4.0.8
  - From: László Böszörményi (GCS) <gcs@debian.org>

Prev by Date: Bug#863494: unblock: elfutils/0.168-1
Next by Date: Bug#863494: marked as done (unblock: elfutils/0.168-1)
Previous by thread: Processed: Re: unblock (pre-approval): tiff/4.0.8
Next by thread: Bug#863465: unblock: cubemap/1.3.2-1
Index(es):
- Date
- Thread