summaryrefslogtreecommitdiff
path: root/tiff/html/v4.0.4beta.html
diff options
context:
space:
mode:
authorJörg Frings-Fürst <debian@jff-webhosting.net>2015-11-06 07:14:47 +0100
committerJörg Frings-Fürst <debian@jff-webhosting.net>2015-11-06 07:14:47 +0100
commitd479dd1aab1c1cb907932c6595b0ef33523fc797 (patch)
treead7d454b9edaae3d8892d84cd8f8ef5c2697b79b /tiff/html/v4.0.4beta.html
parent9491825ddff7a294d1f49061bae7044e426aeb2e (diff)
Imported Upstream version 1.8.3upstream/1.8.3
Diffstat (limited to 'tiff/html/v4.0.4beta.html')
-rwxr-xr-xtiff/html/v4.0.4beta.html291
1 files changed, 0 insertions, 291 deletions
diff --git a/tiff/html/v4.0.4beta.html b/tiff/html/v4.0.4beta.html
deleted file mode 100755
index 2c2dfd2..0000000
--- a/tiff/html/v4.0.4beta.html
+++ /dev/null
@@ -1,291 +0,0 @@
-<HTML>
-<HEAD>
-<TITLE>
- Changes in TIFF v4.0.4beta
-</TITLE>
-</HEAD>
-
-<BODY BGCOLOR=white>
-<FONT FACE="Helvetica, Arial, Sans">
-
-<BASEFONT SIZE=4>
-<B><FONT SIZE=+3>T</FONT>IFF <FONT SIZE=+2>C</FONT>HANGE <FONT SIZE=+2>I</FONT>NFORMATION</B>
-<BASEFONT SIZE=3>
-
-<UL>
-<HR SIZE=4 WIDTH=65% ALIGN=left>
-<B>Current Version</B>: v4.0.4beta<BR>
-<B>Previous Version</B>: <A HREF=v4.0.3.html>v4.0.3</a><BR>
-<B>Master FTP Site</B>: <A HREF="ftp://ftp.remotesensing.org/pub/libtiff">
-ftp.remotesensing.org</a>, directory pub/libtiff</A><BR>
-<B>Master HTTP Site</B>: <A HREF="http://www.remotesensing.org/libtiff">
-http://www.remotesensing.org/libtiff</a>
-<HR SIZE=4 WIDTH=65% ALIGN=left>
-</UL>
-
-<P>
-This document describes the changes made to the software between the
-<I>previous</I> and <I>current</I> versions (see above). If you don't
-find something listed here, then it was not done in this timeframe, or
-it was not considered important enough to be mentioned. The following
-information is located here:
-<UL>
-<LI><A HREF="#highlights">Major Changes</A>
-<LI><A HREF="#configure">Changes in the software configuration</A>
-<LI><A HREF="#libtiff">Changes in libtiff</A>
-<LI><A HREF="#tools">Changes in the tools</A>
-<LI><A HREF="#contrib">Changes in the contrib area</A>
-</UL>
-<p>
-<P><HR WIDTH=65% ALIGN=left>
-
-<!--------------------------------------------------------------------------->
-
-<A NAME="highlights"><B><FONT SIZE=+3>M</FONT>AJOR CHANGES:</B></A>
-
-<UL>
-
- <li> None
-
-</UL>
-
-
-<P><HR WIDTH=65% ALIGN=left>
-<!--------------------------------------------------------------------------->
-
-<A NAME="configure"><B><FONT SIZE=+3>C</FONT>HANGES IN THE SOFTWARE CONFIGURATION:</B></A>
-
-<UL>
-
- <li> Updated to use Automake 1.15 and Libtool 2.4.5
-
-</UL>
-
-<P><HR WIDTH=65% ALIGN=left>
-
-<!--------------------------------------------------------------------------->
-
-<A NAME="libtiff"><B><FONT SIZE=+3>C</FONT>HANGES IN LIBTIFF:</B></A>
-
-<UL>
-
- <li> TIFFCheckDirOffset(): avoid uint16 overflow
- when reading more than 65535 directories, and effectively error out when
- eaching that limit.
-
- <li> TIFFNumberOfDirectories(): generate error in case of directory count
- overflow.
-
- <li> TIFFAdvanceDirectory(): If nextdir is found to
- be defective, then set it to zero before returning error in order
- to terminate processing of truncated TIFF.
-
- <li> JPEG-in-TIFF: recognize SOF2, SOF9 and SOF10
- markers to avoid emitting a warning. Fix for compatibility with mozjpeg library.
- Note: the default settings of mozjpeg will produce progressive scans, which
- is forbidden by the TechNote.
-
- <li> JPEG-in-TIFF: Fix regression introduced in 3.9.3/4.0.0 that caused
- all tiles/strips to include quantization tables even when the jpegtablesmode
- had the JPEGTABLESMODE_QUANT bit set.
- Also add explicit removal of Huffman tables when jpegtablesmode has the
- JPEGTABLESMODE_HUFF bit set, which avoids Huffman tables to be emitted in the
- first tile/strip (only useful in update scenarios. create-only was
- fine)
-
- <li> JPEG-in-TIFF: fix segfault in JPEGFixupTagsSubsampling() on
- corrupted image where tif->tif_dir.td_stripoffset == NULL.
- (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2471">#2471</a>)
-
- <li> NeXT codec: add new tests to check that we don't read outside of
- the compressed input stream buffer.
-
- <li> NeXT codec: check that BitsPerSample = 2. Fixes
- <a href="http://bugzilla.maptools.org/show_bug.cgi?id=2487">#2487</a> (CVE-2014-8129)
-
- <li> NeXT codec: in the "run mode", use tilewidth for tiled images
- instead of imagewidth to avoid crash
-
- <li> tif_getimage.c: in OJPEG case, fix checks on strile width/height
- in the putcontig8bitYCbCr42tile, putcontig8bitYCbCr41tile and
- putcontig8bitYCbCr21tile cases.
-
- <li> in TIFFDefaultDirectory(), reset any already existing
- extented tags installed by user code through the extender mechaninm before
- calling the extender callback (GDAL #5054)
-
- <li> Fix warnings about unused parameters.
-
- <li> Fix various typos in comments found by Debian lintian tool (GDAL #5756)
-
- <li> tif_getimage.c: avoid divide by zero on invalid YCbCr subsampling.
- (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2235">#2235</a>)
-
- <li> tif_dirread.c: In EstimateStripByteCounts(), check return code
- of _TIFFFillStriles(). This solves crashing bug on corrupted
- images generated by afl.
-
- <li>tif_read.c: fix several invalid comparisons of a uint64 value with
- &lt;= 0 by casting it to int64 first. This solves crashing bug on corrupted
- images generated by afl.
-
- <li>TIFFSetField(): refuse to set negative values for
- TIFFTAG_XRESOLUTION and TIFFTAG_YRESOLUTION that cause asserts when writing
- the directory
-
- <li>TIFFReadDirectory(): refuse to read ColorMap or
- TransferFunction if BitsPerSample has not yet been read, otherwise reading
- it later will cause user code to crash if BitsPerSample > 1
-
- <li> TIFFRGBAImageOK(): return FALSE if LOGLUV with
- SamplesPerPixel != 3, or if CIELAB with SamplesPerPixel != 3 or BitsPerSample != 8
-
- <li> tif_config.vc.h: no longer use "#define snprintf _snprintf" with
- Visual Studio 2015 aka VC 14 aka MSVC 1900
-
- <li> LZW codec: prevent potential null dereference of sp->dec_codetab in LZWPreDecode
- (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2459">#2459</a>)
-
- <li> TIFFReadBufferSetup(): avoid passing -1 size
- to TIFFmalloc() if passed user buffer size is 0
- (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2459">#2459</a>)
-
- <li> TIFFReadDirEntryOutputErr(): Incorrect
- count for tag should be a warning rather than an error since
- errors terminate processing.
-
- <li> tif_dirinfo.c (TIFFField) : Fix data type for TIFFTAG_GLOBALPARAMETERSIFD tag.
-
- <li> Add definitions for TIFF/EP CFARepeatPatternDim and CFAPattern tags
- (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2457">#2457</a>)
-
- <li> tif_codec.c, tif_dirinfo.c: Enlarge some fixed-size buffers that weren't
- large enough, and eliminate substantially all uses of sprintf(buf,
- ...) in favor of using snprintf(buf, sizeof(buf), ...)
- <li> configure.ac: Improve pkg-config static linking by adding -lm to Libs.private when needed.
-
- <li> tif_write.c: tmsize_t related casting warning fixed for
- 64bit linux.
-
- <li> tif_read.c: uint64/tmsize_t change for MSVC warnings.
- (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2427">#2427</a>)
-
- <li> Fix TIFFPrintDirectory's handling of
- field_passcount fields: it had the TIFF_VARIABLE and
- TIFF_VARIABLE2 cases backwards.
-
- <li> PixarLog codec: Improve previous patch for CVE-2012-4447
- (to enlarge tbuf for possible partial stride at end) so that
- overflow in the integer addition is detected.
-
- <li>tif_{unix,vms,win32}.c (_TIFFmalloc): ANSI C does not
- require malloc() to return NULL pointer if requested allocation
- size is zero. Assure that _TIFFmalloc does.
-
- <li>tif_zip.c: Avoid crash on NULL error messages.
-
-</UL>
-
-<P><HR WIDTH=65% ALIGN=left>
-
-<!-------------------------------------------------------------------------->
-
-<A NAME="tools"><B><FONT SIZE=+3>C</FONT>HANGES IN THE TOOLS:</B></A>
-
-<UL>
-
- <li> tiff2pdf: Fis various crashes and memory buffer access errors (oCERT-2014-013).
- <li> tiff2pdf: fix buffer overflow on some YCbCr JPEG compressed images.
- (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2445">#2445</a>)
- <li> tiff2pdf: fix buffer overflow on YCbCr JPEG compressed image.
- (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2443">#2443</a>)
- <li> tiff2pdf: check return code of TIFFGetField() when reading TIFFTAG_SAMPLESPERPIXEL
- <li> tiff2pdf: fix crash due to invalid tile count.
- <li> tiff2pdf: Detect invalid settings of BitsPerSample/SamplesPerPixel for CIELAB / ITULAB
- <li> tiff2pdf: Assure that memory size calculations for
- _TIFFmalloc() do not overflow the range of tmsize_t.
- <li> tiff2pdf: Avoid crash when TIFFTAG_TRANSFERFUNCTION tag returns one channel,
- with the other two channels set to NULL.
- <li> tiff2pdf: close PDF file. (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2479">#2479</a>)
- <li> tiff2pdf: Preserve input file directory order when pages
- are tagged with the same page number.
- <li> tiff2pdf.c: terminate after failure of allocating ycbcr buffer
- (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2449">#2449</a> CVE-2013-4232)
- <li> tiff2pdf: Rewrite JPEG marker parsing in
- t2p_process_jpeg_strip to be at least marginally competent. The
- approach is still fundamentally flawed, but at least now it won't
- stomp all over memory when given bogus input. Fixes CVE-2013-1960.
- <li> tiffdump: Guard against arithmetic overflow when calculating allocation buffer sizes.
- <li> tiffdump: fix crash due to overflow of entry count.
- <li> tiffdump: Fix double-free bug.
- <li> tiffdump: detect cycle in TIFF directory chaining.
- (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2463">#2463</a>)
- <li> tiffdump: avoid passing a NULL pointer to read() if seek() failed before.
- (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2459">#2459</a>)
- <li> tiff2bw: when Photometric=RGB, the utility only works if SamplesPerPixel = 3. Enforce that.
- (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2485">#2485</a>, CVE-2014-8127)
- <li> pal2rgb, thumbnail: fix crash by disabling TIFFTAG_INKNAMES copying.
- (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2484">#2484</a>, CVE-2014-8127)
- <li> thumbnail: fix out-of-buffer write.
- (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2489">#2489</a>, CVE-2014-8128)
- <li> thumbnail, tiffcmp: only read/write TIFFTAG_GROUP3OPTIONS
- or TIFFTAG_GROUP4OPTIONS if compression is COMPRESSION_CCITTFAX3 or
- COMPRESSION_CCITTFAX4.
- (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2493">#2493</a>, CVE-2014-8128)
- <li> tiffcp: fix crash when converting YCbCr JPEG-compressed to none.
- (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2480">#2480</a>)
- <li> bmp2tiff: fix crash due to int overflow related to input BMP dimensions
- <li> tiffcrop: fix crash due to invalid TileWidth/TileHeight
- <li> tiffcrop: fix segfault if bad value passed to -Z option
- ( <a href="http://bugzilla.maptools.org/show_bug.cgi?id=2459">#2459</a>)
- and add missing va_end in dump_info
- <li> thumbnail, tiffcrop: "fix" heap read over-run found with
- Valgrind and Address Sanitizer on test suite
- <li> fax2ps: check malloc()/realloc() result. (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2470">#2470</a>)
- <li> gif2tiff: apply patch for CVE-2013-4243. (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2451">#2451</a>)
- <li> gif2tiff: fix possible OOB write. (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2452">#2452</a>, CVE-2013-4244)
- <li> gif2tiff: Be more careful about corrupt or hostile input files (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2450">#2450</a>, CVE-2013-4231)
- <li> tiff2rgba: fix usage message in that zip was wrongly described
- <li> tiffinfo: Default various values fetched with TIFFGetField() to avoid being uninitialized.
- <li> tiff2ps: Fix bug in auto rotate option code.
- <li> ppm2tiff: avoid zero size buffer vulnerability (CVE-2012-4564).
- check the linebytes calculation too, get the max() calculation
- straight, avoid redundant error messages, check for malloc
- failure.
- <li> tiffset: now supports a -u option to unset a tag.
- (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2419">#2419</a>)
- <li> Fix warnings about unused parameters.
- <li> rgb2ycbcr, tiff2bw, tiff2pdf, tiff2ps, tiffcrop, tiffdither :
- Enlarge some fixed-size buffers that weren't
- large enough, and eliminate substantially all uses of sprintf(buf,
- ...) in favor of using snprintf(buf, sizeof(buf), ...), so as to
- protect against overflow of fixed-size buffers. This responds in
- particular to CVE-2013-1961 concerning overflow in tiff2pdf.c's
- t2p_write_pdf_page().
- <li>html/man/tiff2ps.1.html, html/man/tiffcp.1.html,
- html/man/tiffdither.1.html, man/tiff2ps.1, man/tiffcp.1,
- man/tiffdither.1, tools/tiff2ps.c, tools/tiffcp.c,
- tools/tiffdither.c: Sync tool usage printouts and man pages with
- reality
-
-</UL>
-
-<P><HR WIDTH=65% ALIGN=left>
-
-<!--------------------------------------------------------------------------->
-
-<A NAME="contrib"><B><FONT SIZE=+3>C</FONT>HANGES IN THE CONTRIB AREA:</B></A>
-
-<UL>
-
- <li> Fix warnings about variables set but not used.
- <li> contrib/dbs/xtiff/xtiff.c: Enlarge some fixed-size buffers that weren't
- large enough, and eliminate substantially all uses of sprintf(buf,
- ...) in favor of using snprintf(buf, sizeof(buf), ...), so as to
- protect against overflow of fixed-size buffers.
-</UL>
-
-Last updated $Date: 2015-26-01 11:18:00 $.
-
-</BODY>
-</HTML>