diff options
Diffstat (limited to 'html/v3.9.7.html')
| -rw-r--r-- | html/v3.9.7.html | 131 |
1 files changed, 131 insertions, 0 deletions
diff --git a/html/v3.9.7.html b/html/v3.9.7.html new file mode 100644 index 00000000..83f19e9a --- /dev/null +++ b/html/v3.9.7.html @@ -0,0 +1,131 @@ +<HTML> +<HEAD> +<TITLE> + Changes in TIFF v3.9.7 +</TITLE> +</HEAD> + +<BODY BGCOLOR=white> +<FONT FACE="Helvetica, Arial, Sans"> + +<BASEFONT SIZE=4> +<B><FONT SIZE=+3>T</FONT>IFF <FONT SIZE=+2>C</FONT>HANGE <FONT SIZE=+2>I</FONT>NFORMATION</B> +<BASEFONT SIZE=3> + +<UL> +<HR SIZE=4 WIDTH=65% ALIGN=left> +<B>Current Old Stable Version</B>: v3.9.7<BR> +<B>Previous Old Stable Version</B>: <A HREF=v3.9.6.html>v3.9.6</a><BR> +<B>Master FTP Site</B>: <A HREF="ftp://ftp.remotesensing.org/pub/libtiff"> +ftp.remotesensing.org</a>, directory pub/libtiff</A><BR> +<B>Master HTTP Site</B>: <A HREF="http://www.remotesensing.org/libtiff"> +http://www.remotesensing.org/libtiff</a> +<HR SIZE=4 WIDTH=65% ALIGN=left> +</UL> + +<P> +This document describes the changes made to the software between the +<I>previous</I> and <I>current</I> versions (see above). If you don't +find something listed here, then it was not done in this timeframe, or +it was not considered important enough to be mentioned. The following +information is located here: +<UL> +<LI><A HREF="#highlights">Major Changes</A> +<LI><A HREF="#configure">Changes in the software configuration</A> +<LI><A HREF="#libtiff">Changes in libtiff</A> +<LI><A HREF="#tools">Changes in the tools</A> +<LI><A HREF="#contrib">Changes in the contrib area</A> +</UL> +<p> +<P><HR WIDTH=65% ALIGN=left> + +<!---------------------------------------------------------------------------> + +<A NAME="highlights"><B><FONT SIZE=+3>M</FONT>AJOR CHANGES:</B></A> + +<UL> + + <li> None + +</UL> + + +<P><HR WIDTH=65% ALIGN=left> +<!---------------------------------------------------------------------------> + +<A NAME="configure"><B><FONT SIZE=+3>C</FONT>HANGES IN THE SOFTWARE CONFIGURATION:</B></A> + +<UL> + + <li> Updated to use Automake 1.12.4. Avoids security problem with + 'make distcheck' (CVE-2012-3386). + +</UL> + +<P><HR WIDTH=65% ALIGN=left> + +<!---------------------------------------------------------------------------> + +<A NAME="libtiff"><B><FONT SIZE=+3>C</FONT>HANGES IN LIBTIFF:</B></A> + +<UL> + + <li> tif_getimage.c: Fix size overflow (zdi-can-1221,CVE-2012-1173). + + <li> libtiff/tif_dir.c: Avoid generic handling of + TIFFTAG_WHITELEVEL. + (<A HREF="http://bugzilla.maptools.org/show_bug.cgi?id=2321" + >http://bugzilla.maptools.org/show_bug.cgi?id=2321</A>). + + <li> libtiff/tif_dirread.c: Avoid trusting samplesperpixel's default + of 1 for purposes of trimming tags. This is to get some super + crappy OJPEG files to work + again. (<A HREF="http://bugzilla.maptools.org/show_bug.cgi?id=2348" + >http://bugzilla.maptools.org/show_bug.cgi?id=2348</A>). + + <li> libtiff/tif_strip.c, libtiff/tif_tile.c: Back-patch the 4.0 + behavior of treating signed overflow as an error in + TIFFVStripSize and TIFFVTileSize. This is needed since the + result is declared as tsize_t which is signed, and callers are + likely to do the wrong thing entirely when the returned value + is negative (CVE-2012-2088). + +</UL> + +<P><HR WIDTH=65% ALIGN=left> + +<!--------------------------------------------------------------------------> + +<A NAME="tools"><B><FONT SIZE=+3>C</FONT>HANGES IN THE TOOLS:</B></A> + +<UL> + + <li> tiff2pdf: Defend against integer overflows while calculating + required buffer sizes (CVE-2012-2113). + + <li> tiff2pdf: Fail when TIFFSetDirectory() fails. This prevents + core dumps or perhaps even arbitrary code execution when + processing a corrupt input file (CVE-2012-3401). + + <li> tiff2pdf: Fix two places where t2p_error didn't get set after a + malloc failure. No crash risk AFAICS, but the program might + not report exit code 1 as desired. + +</UL> + +<P><HR WIDTH=65% ALIGN=left> + +<!---------------------------------------------------------------------------> + +<A NAME="contrib"><B><FONT SIZE=+3>C</FONT>HANGES IN THE CONTRIB AREA:</B></A> + +<UL> + + <li> None + +</UL> + +Last updated $Date: 2012-09-22 17:16:19 $. + +</BODY> +</HTML> |