path: root/html/v3.9.7.html

<HTML>
<HEAD>
<TITLE>
	Changes in TIFF v3.9.7
</TITLE>
</HEAD>

<BODY BGCOLOR=white>
<FONT FACE="Helvetica, Arial, Sans">

<BASEFONT SIZE=4>
<B><FONT SIZE=+3>T</FONT>IFF <FONT SIZE=+2>C</FONT>HANGE <FONT SIZE=+2>I</FONT>NFORMATION</B>
<BASEFONT SIZE=3>

<UL>
<HR SIZE=4 WIDTH=65% ALIGN=left>
<B>Current Old Stable Version</B>: v3.9.7<BR>
<B>Previous Old Stable Version</B>: <A HREF=v3.9.6.html>v3.9.6</a><BR>
<B>Master FTP Site</B>: <A HREF="ftp://ftp.remotesensing.org/pub/libtiff">
ftp.remotesensing.org</a>, directory pub/libtiff</A><BR>
<B>Master HTTP Site</B>: <A HREF="http://www.remotesensing.org/libtiff">
http://www.remotesensing.org/libtiff</a> 
<HR SIZE=4 WIDTH=65% ALIGN=left>
</UL>

<P>
This document describes the changes made to the software between the
<I>previous</I> and <I>current</I> versions (see above).  If you don't
find something listed here, then it was not done in this timeframe, or
it was not considered important enough to be mentioned.  The following
information is located here:
<UL>
<LI><A HREF="#highlights">Major Changes</A>
<LI><A HREF="#configure">Changes in the software configuration</A>
<LI><A HREF="#libtiff">Changes in libtiff</A>
<LI><A HREF="#tools">Changes in the tools</A>
<LI><A HREF="#contrib">Changes in the contrib area</A>
</UL>
<p> 
<P><HR WIDTH=65% ALIGN=left>

<!--------------------------------------------------------------------------->

<A NAME="highlights"><B><FONT SIZE=+3>M</FONT>AJOR CHANGES:</B></A>

<UL>

  <li> None

</UL>


<P><HR WIDTH=65% ALIGN=left>
<!--------------------------------------------------------------------------->

<A NAME="configure"><B><FONT SIZE=+3>C</FONT>HANGES IN THE SOFTWARE CONFIGURATION:</B></A>

<UL>

  <li> Updated to use Automake 1.12.4.  Avoids security problem with
  'make distcheck' (CVE-2012-3386).

</UL>

<P><HR WIDTH=65% ALIGN=left>

<!--------------------------------------------------------------------------->

<A NAME="libtiff"><B><FONT SIZE=+3>C</FONT>HANGES IN LIBTIFF:</B></A>

<UL>

  <li> tif_getimage.c: Fix size overflow (zdi-can-1221,CVE-2012-1173).

  <li> libtiff/tif_dir.c: Avoid generic handling of
	TIFFTAG_WHITELEVEL.
	(<A HREF="http://bugzilla.maptools.org/show_bug.cgi?id=2321"
	>http://bugzilla.maptools.org/show_bug.cgi?id=2321</A>).

  <li> libtiff/tif_dirread.c: Avoid trusting samplesperpixel's default
	of 1 for purposes of trimming tags.  This is to get some super
	crappy OJPEG files to work
	again. (<A HREF="http://bugzilla.maptools.org/show_bug.cgi?id=2348"
	>http://bugzilla.maptools.org/show_bug.cgi?id=2348</A>).

  <li> libtiff/tif_strip.c, libtiff/tif_tile.c: Back-patch the 4.0
	behavior of treating signed overflow as an error in
	TIFFVStripSize and TIFFVTileSize.  This is needed since the
	result is declared as tsize_t which is signed, and callers are
	likely to do the wrong thing entirely when the returned value
	is negative (CVE-2012-2088).

</UL>

<P><HR WIDTH=65% ALIGN=left>

<!-------------------------------------------------------------------------->
	
<A NAME="tools"><B><FONT SIZE=+3>C</FONT>HANGES IN THE TOOLS:</B></A>

<UL>

  <li> tiff2pdf: Defend against integer overflows while calculating
	required buffer sizes (CVE-2012-2113).

  <li> tiff2pdf: Fail when TIFFSetDirectory() fails.  This prevents
	core dumps or perhaps even arbitrary code execution when
	processing a corrupt input file (CVE-2012-3401).

  <li> tiff2pdf: Fix two places where t2p_error didn't get set after a
	malloc failure.  No crash risk AFAICS, but the program might
	not report exit code 1 as desired.

</UL>

<P><HR WIDTH=65% ALIGN=left>

<!--------------------------------------------------------------------------->

<A NAME="contrib"><B><FONT SIZE=+3>C</FONT>HANGES IN THE CONTRIB AREA:</B></A>

<UL> 

  <li> None

</UL>

Last updated $Date: 2012-09-22 17:16:19 $.

</BODY>
</HTML>