1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE>
Changes in TIFF v3.9.5
</TITLE>
</HEAD>
<BODY BGCOLOR=white>
<FONT FACE="Helvetica, Arial, Sans">
<FONT FACE="Helvetica, Arial, Sans">
<BASEFONT SIZE=4>
<B><FONT SIZE=+3>T</FONT>IFF <FONT SIZE=+2>C</FONT>HANGE <FONT SIZE=+2>I</FONT>NFORMATION</B>
<BASEFONT SIZE=3>
<UL>
<HR SIZE=4 WIDTH=65% ALIGN=left>
<B>Current Version</B>: v3.9.5<BR>
<B>Previous Version</B>: <A HREF=v3.9.4.html>v3.9.4</a><BR>
<B>Master Download Site</B>: <A HREF="https://download.osgeo.org/libtiff">
download.osgeo.org</a>, directory pub/libtiff</A><BR>
<B>Master HTTP Site</B>: <A HREF="http://www.simplesystems.org/libtiff/">
http://www.simplesystems.org/libtiff/</a>
<HR SIZE=4 WIDTH=65% ALIGN=left>
</UL>
<P>
This document describes the changes made to the software between the
<I>previous</I> and <I>current</I> versions (see above). If you don't
find something listed here, then it was not done in this timeframe, or
it was not considered important enough to be mentioned. The following
information is located here:
<UL>
<LI><A HREF="#hightlights">Major Changes</A>
<LI><A HREF="#configure">Changes in the software configuration</A>
<LI><A HREF="#libtiff">Changes in libtiff</A>
<LI><A HREF="#tools">Changes in the tools</A>
<LI><A HREF="#contrib">Changes in the contrib area</A>
</UL>
<p>
<P><HR WIDTH=65% ALIGN=left>
<!--------------------------------------------------------------------------->
<A NAME="highlights"><B><FONT SIZE=+3>M</FONT>AJOR CHANGES:</B></A>
<UL>
<li> None
</UL>
<P><HR WIDTH=65% ALIGN=left>
<!--------------------------------------------------------------------------->
<A NAME="configure"><B><FONT SIZE=+3>C</FONT>HANGES IN THE SOFTWARE CONFIGURATION:</B></A>
<UL>
<li> configure.ac: Should use AC_CANONICAL_HOST since host specifies
the run-time target whereas target is used to specify the final
output target if the package is a build tool (like a compiler),
which libtiff is not. Resolves libtiff bug 2307 "Use
AC_CANONICAL_HOST macro".
</UL>
<P><HR WIDTH=65% ALIGN=left>
<!--------------------------------------------------------------------------->
<A NAME="libtiff"><B><FONT SIZE=+3>C</FONT>HANGES IN LIBTIFF:</B></A>
<UL>
<li> libtiff/tif_getimage.c: Check the number of samples per pixel when
working with YCbCr image in PickContigCase(). As per bug
http://bugzilla.maptools.org/show_bug.cgi?id=2216
<li> libtiff/tif_dir.c: Set the bogus post-decoding hook when processing
TIFFTAG_BITSPERSAMPLE in _TIFFVSetField() for the case of 8 bit when
we don't need any post-processing. That helps to reset the hook if we
previously set this field to some other value and the hook was
initialized accordingly. As per bug
http://bugzilla.maptools.org/show_bug.cgi?id=2035
<li> libtiff/tif_getimage.c: Avoid wrong math du to the signed/unsigned
integer type conversions. As per bug
http://bugzilla.maptools.org/show_bug.cgi?id=2207
<li> libtiff/tif_dirinfo.c: Don't use assertions in _TIFFFieldWithTag()
and _TIFFFieldWithName() if the tag is not found in the tag table.
This should be normal situation and returned NULL value should be
properly handled by the caller.
<li> libtiff/{tif_dirwrite.c, tif_print.c}: Properly handle "DotRange"
tag as it can be either byte or short size and should be set and read
by value, not as an array. As per bug
http://bugzilla.maptools.org/show_bug.cgi?id=2116
<li> libtiff/tif_dirread.c: Really reset the tag count in CheckDirCount()
to expected value as the warning message suggests. As per bug
http://bugzilla.maptools.org/show_bug.cgi?id=1963
<li> libtiff/tif_open.c: Fix mode check before opening a file.
http://bugzilla.maptools.org/show_bug.cgi?id=1906
<li> libtiff/tif_jpeg.c, libtiff/tif_strip.c: apply patch for
CVE-2010-3087 per bug
http://bugzilla.maptools.org/show_bug.cgi?id=2140
<li> libtiff/tif_dirread.c: fix crash when reading a badly-constructed
TIFF per http://bugzilla.maptools.org/show_bug.cgi?id=1994
<li> libtiff/tif_ojpeg.c: fix buffer overflow on problem data
http://bugzilla.maptools.org/show_bug.cgi?id=1999
<li> libtiff/tif_dirread.c: modify warnings
http://bugzilla.maptools.org/show_bug.cgi?id=2016
<li> libtiff/tif_jpeg.c: fix use of clumplines calculation
http://bugzilla.maptools.org/show_bug.cgi?id=2149
<li> libtiff/tif_color.c: prevent crash in handling bad TIFFs
resolves CVE-2010-2595
http://bugzilla.maptools.org/show_bug.cgi?id=2208
<li> libtiff/tif_dirread.c: fix needless tag ordering warning
http://bugzilla.maptools.org/show_bug.cgi?id=2210
<li> libtiff/tif_jpeg.c: reduce usage of JCS_UNKNOWN in order
to improve compatibility with various viewers
submitted by e-mail from Dwight Kelly <dkelly@apago.com>
<li> libtiff/tif_strip.c: use TIFFGetFieldDefaulted instead
of TIFFGetField when we assume that it will succeed
http://bugzilla.maptools.org/show_bug.cgi?id=2215
<li> libtiff/tif_dirread.c: tolerate some cases where
FIELD_COLORMAP is missing
http://bugzilla.maptools.org/show_bug.cgi?id=2189
<li> libtiff/tif_jpeg.c: Fix regressions with 2 and 3 band images
caused by commit on 2010-12-14. Submitted by e-mail from
Even Rouault <even.rouault@mines-paris.org>
<li> libtiff/tif_dirwrite.c: Avoid undefined behaviour when casting from
float to unsigned integer in TIFFWriteRationalArray() as reported by
Kareem Shehata.
<li> libtiff/tif_fax3.h: Protect against a fax VL(n) codeword commanding
a move left. Without this, a malicious input file can generate an
indefinitely large series of runs without a0 ever reaching the right
margin, thus overrunning our buffer of run lengths. Per CVE-2011-0192.
This is a modified version of a patch proposed by Drew Yao of Apple
Product Security. It adds an unexpected() report, and disallows the
equality case, since emitting a run without increasing a0 still allows
buffer overrun.
<li> libtiff/tif_fax3.h: Fix to last change allowing zero length
runs at the start of a scanline - needed for legal cases.
<li> libtiff/tif_thunder.c: Correct potential buffer overflow with
thunder encoded files with wrong bitspersample set. The libtiff
development team would like to thank Marin Barbella and TippingPoint's
Zero Day Initiative for reporting this vulnerability (ZDI-CAN-1004,
CVE-2011-1167).
http://bugzilla.maptools.org/show_bug.cgi?id=2300
<li> libtiff/tiffiop.h: avoid declaring int64/uint64 on AIX with XLC
where they are already available. (#2301)
</UL>
<P><HR WIDTH=65% ALIGN=left>
<!-------------------------------------------------------------------------->
<A NAME="tools"><B><FONT SIZE=+3>C</FONT>HANGES IN THE TOOLS:</B></A>
<UL>
<li> tools/tiffcrop.c: Patch from Richard Nolde. Reject YCbCr
subsampled data since tiffcrop currently doesn't support it. Fix
JPEG support.
<li> tools/tiffcp.c: Initialize buffer arrays with zero to avoid
referencing to uninitialized memory in some cases (e.g. when tile size
set bigger than the image size).
<li> tools/tiff2pdf.c: Better generation of ID field in
t2p_write_pdf_trailer(). Get rid of GCC aliasing warnings.
<li> tools/tiff2pdf.c: Fixed computation of the tile buffer size when
converting JPEG encoded tiles.
<li> tools/tiff2pdf.c: Better handling of string fields, use static
string buffers instead of dynamically allocated, use strncpy() instead
of strcpy(), control the string lengths.
<li> tools/{tiff2bw.c, thumbnail.c, pal2rgb.c}: Fix the count for
WhitePoint tag as per bug
http://bugzilla.maptools.org/show_bug.cgi?id=2042
<li> tools/tiffdump.c: Use PrintData() function instead of
PrintByte/Short/Long(). Should fix an issue reported at
http://bugzilla.maptools.org/show_bug.cgi?id=2116
<li> tools/tiffset.c: Properly handle TIFFTAG_PAGENUMBER,
TIFFTAG_HALFTONEHINTS, TIFFTAG_YCBCRSUBSAMPLING, TIFFTAG_DOTRANGE
which should be set by value.
<li> tools/tiffdump.c: Avoid integer overflows computing the buffer size
for large directories. As per bug
http://bugzilla.maptools.org/show_bug.cgi?id=2218
<li> tools/tiff2pdf.c: Fixed ID buffer filling in
t2p_write_pdf_trailer(), thanks to Dmitry V. Levin.
<li> tools/tiffcrop.c: Patch from Richard Nolde to avoid a
potentially unterminated buffer due to using an exceptionally long
file name.
<li> tools/tiff2ps.c: improvements and enhancements from Richard Nolde
with additional command line options for Document Title,
Document Creator, and Page Orientation
<li> tools/tiffsplit.c: abort when reading a TIFF without a byte-count
per http://bugzilla.maptools.org/show_bug.cgi?id=1996
<li> tools/tiff2pdf.c: add fill-page option
http://bugzilla.maptools.org/show_bug.cgi?id=2051
<li> tools/fax2ps.c: replace unsafe tmpfile() with mkstemp()
http://bugzilla.maptools.org/show_bug.cgi?id=2118
<li> tools/tiff2pdf.c: fix colors for images with RGBA
interleaved data
http://bugzilla.maptools.org/show_bug.cgi?id=2250
<li> tools/tiffcrop.c: new release by Richard Nolde
http://bugzilla.maptools.org/show_bug.cgi?id=2004
<li> tools/fax2ps.c: be consistent with page-numbering
http://bugzilla.maptools.org/show_bug.cgi?id=2225
<li> tools/gif2tiff.c: fix buffer overrun
http://bugzilla.maptools.org/show_bug.cgi?id=2270
<li> tools/fax2ps.c (main): Use tmpfile() rather than mkstemp() since
it is much more portable. Tmpfile is included in ISO/IEC
9899:1990 and the WIN32 CRT.
</UL>
<P><HR WIDTH=65% ALIGN=left>
<!--------------------------------------------------------------------------->
<A NAME="contrib"><B><FONT SIZE=+3>C</FONT>HANGES IN THE CONTRIB AREA:</B></A>
<UL>
<li> None
</UL>
Last updated $Date: 2016-09-25 20:05:47 $.
</BODY>
</HTML>
|
