summaryrefslogtreecommitdiff
path: root/tiff/html/v4.0.4beta.html
diff options
context:
space:
mode:
authorJörg Frings-Fürst <debian@jff-webhosting.net>2015-11-06 05:38:49 +0100
committerJörg Frings-Fürst <debian@jff-webhosting.net>2015-11-06 05:38:49 +0100
commit9491825ddff7a294d1f49061bae7044e426aeb2e (patch)
tree06e651099f87140ec534ae47fb8ce1ac6ec7976d /tiff/html/v4.0.4beta.html
parentfa756339d4204bff7f2820067f58214d32780d17 (diff)
Imported Upstream version 1.8.3
Diffstat (limited to 'tiff/html/v4.0.4beta.html')
-rwxr-xr-xtiff/html/v4.0.4beta.html291
1 files changed, 291 insertions, 0 deletions
diff --git a/tiff/html/v4.0.4beta.html b/tiff/html/v4.0.4beta.html
new file mode 100755
index 0000000..2c2dfd2
--- /dev/null
+++ b/tiff/html/v4.0.4beta.html
@@ -0,0 +1,291 @@
+<HTML>
+<HEAD>
+<TITLE>
+ Changes in TIFF v4.0.4beta
+</TITLE>
+</HEAD>
+
+<BODY BGCOLOR=white>
+<FONT FACE="Helvetica, Arial, Sans">
+
+<BASEFONT SIZE=4>
+<B><FONT SIZE=+3>T</FONT>IFF <FONT SIZE=+2>C</FONT>HANGE <FONT SIZE=+2>I</FONT>NFORMATION</B>
+<BASEFONT SIZE=3>
+
+<UL>
+<HR SIZE=4 WIDTH=65% ALIGN=left>
+<B>Current Version</B>: v4.0.4beta<BR>
+<B>Previous Version</B>: <A HREF=v4.0.3.html>v4.0.3</a><BR>
+<B>Master FTP Site</B>: <A HREF="ftp://ftp.remotesensing.org/pub/libtiff">
+ftp.remotesensing.org</a>, directory pub/libtiff</A><BR>
+<B>Master HTTP Site</B>: <A HREF="http://www.remotesensing.org/libtiff">
+http://www.remotesensing.org/libtiff</a>
+<HR SIZE=4 WIDTH=65% ALIGN=left>
+</UL>
+
+<P>
+This document describes the changes made to the software between the
+<I>previous</I> and <I>current</I> versions (see above). If you don't
+find something listed here, then it was not done in this timeframe, or
+it was not considered important enough to be mentioned. The following
+information is located here:
+<UL>
+<LI><A HREF="#highlights">Major Changes</A>
+<LI><A HREF="#configure">Changes in the software configuration</A>
+<LI><A HREF="#libtiff">Changes in libtiff</A>
+<LI><A HREF="#tools">Changes in the tools</A>
+<LI><A HREF="#contrib">Changes in the contrib area</A>
+</UL>
+<p>
+<P><HR WIDTH=65% ALIGN=left>
+
+<!--------------------------------------------------------------------------->
+
+<A NAME="highlights"><B><FONT SIZE=+3>M</FONT>AJOR CHANGES:</B></A>
+
+<UL>
+
+ <li> None
+
+</UL>
+
+
+<P><HR WIDTH=65% ALIGN=left>
+<!--------------------------------------------------------------------------->
+
+<A NAME="configure"><B><FONT SIZE=+3>C</FONT>HANGES IN THE SOFTWARE CONFIGURATION:</B></A>
+
+<UL>
+
+ <li> Updated to use Automake 1.15 and Libtool 2.4.5
+
+</UL>
+
+<P><HR WIDTH=65% ALIGN=left>
+
+<!--------------------------------------------------------------------------->
+
+<A NAME="libtiff"><B><FONT SIZE=+3>C</FONT>HANGES IN LIBTIFF:</B></A>
+
+<UL>
+
+ <li> TIFFCheckDirOffset(): avoid uint16 overflow
+ when reading more than 65535 directories, and effectively error out when
+ eaching that limit.
+
+ <li> TIFFNumberOfDirectories(): generate error in case of directory count
+ overflow.
+
+ <li> TIFFAdvanceDirectory(): If nextdir is found to
+ be defective, then set it to zero before returning error in order
+ to terminate processing of truncated TIFF.
+
+ <li> JPEG-in-TIFF: recognize SOF2, SOF9 and SOF10
+ markers to avoid emitting a warning. Fix for compatibility with mozjpeg library.
+ Note: the default settings of mozjpeg will produce progressive scans, which
+ is forbidden by the TechNote.
+
+ <li> JPEG-in-TIFF: Fix regression introduced in 3.9.3/4.0.0 that caused
+ all tiles/strips to include quantization tables even when the jpegtablesmode
+ had the JPEGTABLESMODE_QUANT bit set.
+ Also add explicit removal of Huffman tables when jpegtablesmode has the
+ JPEGTABLESMODE_HUFF bit set, which avoids Huffman tables to be emitted in the
+ first tile/strip (only useful in update scenarios. create-only was
+ fine)
+
+ <li> JPEG-in-TIFF: fix segfault in JPEGFixupTagsSubsampling() on
+ corrupted image where tif->tif_dir.td_stripoffset == NULL.
+ (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2471">#2471</a>)
+
+ <li> NeXT codec: add new tests to check that we don't read outside of
+ the compressed input stream buffer.
+
+ <li> NeXT codec: check that BitsPerSample = 2. Fixes
+ <a href="http://bugzilla.maptools.org/show_bug.cgi?id=2487">#2487</a> (CVE-2014-8129)
+
+ <li> NeXT codec: in the "run mode", use tilewidth for tiled images
+ instead of imagewidth to avoid crash
+
+ <li> tif_getimage.c: in OJPEG case, fix checks on strile width/height
+ in the putcontig8bitYCbCr42tile, putcontig8bitYCbCr41tile and
+ putcontig8bitYCbCr21tile cases.
+
+ <li> in TIFFDefaultDirectory(), reset any already existing
+ extented tags installed by user code through the extender mechaninm before
+ calling the extender callback (GDAL #5054)
+
+ <li> Fix warnings about unused parameters.
+
+ <li> Fix various typos in comments found by Debian lintian tool (GDAL #5756)
+
+ <li> tif_getimage.c: avoid divide by zero on invalid YCbCr subsampling.
+ (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2235">#2235</a>)
+
+ <li> tif_dirread.c: In EstimateStripByteCounts(), check return code
+ of _TIFFFillStriles(). This solves crashing bug on corrupted
+ images generated by afl.
+
+ <li>tif_read.c: fix several invalid comparisons of a uint64 value with
+ &lt;= 0 by casting it to int64 first. This solves crashing bug on corrupted
+ images generated by afl.
+
+ <li>TIFFSetField(): refuse to set negative values for
+ TIFFTAG_XRESOLUTION and TIFFTAG_YRESOLUTION that cause asserts when writing
+ the directory
+
+ <li>TIFFReadDirectory(): refuse to read ColorMap or
+ TransferFunction if BitsPerSample has not yet been read, otherwise reading
+ it later will cause user code to crash if BitsPerSample > 1
+
+ <li> TIFFRGBAImageOK(): return FALSE if LOGLUV with
+ SamplesPerPixel != 3, or if CIELAB with SamplesPerPixel != 3 or BitsPerSample != 8
+
+ <li> tif_config.vc.h: no longer use "#define snprintf _snprintf" with
+ Visual Studio 2015 aka VC 14 aka MSVC 1900
+
+ <li> LZW codec: prevent potential null dereference of sp->dec_codetab in LZWPreDecode
+ (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2459">#2459</a>)
+
+ <li> TIFFReadBufferSetup(): avoid passing -1 size
+ to TIFFmalloc() if passed user buffer size is 0
+ (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2459">#2459</a>)
+
+ <li> TIFFReadDirEntryOutputErr(): Incorrect
+ count for tag should be a warning rather than an error since
+ errors terminate processing.
+
+ <li> tif_dirinfo.c (TIFFField) : Fix data type for TIFFTAG_GLOBALPARAMETERSIFD tag.
+
+ <li> Add definitions for TIFF/EP CFARepeatPatternDim and CFAPattern tags
+ (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2457">#2457</a>)
+
+ <li> tif_codec.c, tif_dirinfo.c: Enlarge some fixed-size buffers that weren't
+ large enough, and eliminate substantially all uses of sprintf(buf,
+ ...) in favor of using snprintf(buf, sizeof(buf), ...)
+ <li> configure.ac: Improve pkg-config static linking by adding -lm to Libs.private when needed.
+
+ <li> tif_write.c: tmsize_t related casting warning fixed for
+ 64bit linux.
+
+ <li> tif_read.c: uint64/tmsize_t change for MSVC warnings.
+ (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2427">#2427</a>)
+
+ <li> Fix TIFFPrintDirectory's handling of
+ field_passcount fields: it had the TIFF_VARIABLE and
+ TIFF_VARIABLE2 cases backwards.
+
+ <li> PixarLog codec: Improve previous patch for CVE-2012-4447
+ (to enlarge tbuf for possible partial stride at end) so that
+ overflow in the integer addition is detected.
+
+ <li>tif_{unix,vms,win32}.c (_TIFFmalloc): ANSI C does not
+ require malloc() to return NULL pointer if requested allocation
+ size is zero. Assure that _TIFFmalloc does.
+
+ <li>tif_zip.c: Avoid crash on NULL error messages.
+
+</UL>
+
+<P><HR WIDTH=65% ALIGN=left>
+
+<!-------------------------------------------------------------------------->
+
+<A NAME="tools"><B><FONT SIZE=+3>C</FONT>HANGES IN THE TOOLS:</B></A>
+
+<UL>
+
+ <li> tiff2pdf: Fis various crashes and memory buffer access errors (oCERT-2014-013).
+ <li> tiff2pdf: fix buffer overflow on some YCbCr JPEG compressed images.
+ (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2445">#2445</a>)
+ <li> tiff2pdf: fix buffer overflow on YCbCr JPEG compressed image.
+ (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2443">#2443</a>)
+ <li> tiff2pdf: check return code of TIFFGetField() when reading TIFFTAG_SAMPLESPERPIXEL
+ <li> tiff2pdf: fix crash due to invalid tile count.
+ <li> tiff2pdf: Detect invalid settings of BitsPerSample/SamplesPerPixel for CIELAB / ITULAB
+ <li> tiff2pdf: Assure that memory size calculations for
+ _TIFFmalloc() do not overflow the range of tmsize_t.
+ <li> tiff2pdf: Avoid crash when TIFFTAG_TRANSFERFUNCTION tag returns one channel,
+ with the other two channels set to NULL.
+ <li> tiff2pdf: close PDF file. (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2479">#2479</a>)
+ <li> tiff2pdf: Preserve input file directory order when pages
+ are tagged with the same page number.
+ <li> tiff2pdf.c: terminate after failure of allocating ycbcr buffer
+ (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2449">#2449</a> CVE-2013-4232)
+ <li> tiff2pdf: Rewrite JPEG marker parsing in
+ t2p_process_jpeg_strip to be at least marginally competent. The
+ approach is still fundamentally flawed, but at least now it won't
+ stomp all over memory when given bogus input. Fixes CVE-2013-1960.
+ <li> tiffdump: Guard against arithmetic overflow when calculating allocation buffer sizes.
+ <li> tiffdump: fix crash due to overflow of entry count.
+ <li> tiffdump: Fix double-free bug.
+ <li> tiffdump: detect cycle in TIFF directory chaining.
+ (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2463">#2463</a>)
+ <li> tiffdump: avoid passing a NULL pointer to read() if seek() failed before.
+ (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2459">#2459</a>)
+ <li> tiff2bw: when Photometric=RGB, the utility only works if SamplesPerPixel = 3. Enforce that.
+ (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2485">#2485</a>, CVE-2014-8127)
+ <li> pal2rgb, thumbnail: fix crash by disabling TIFFTAG_INKNAMES copying.
+ (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2484">#2484</a>, CVE-2014-8127)
+ <li> thumbnail: fix out-of-buffer write.
+ (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2489">#2489</a>, CVE-2014-8128)
+ <li> thumbnail, tiffcmp: only read/write TIFFTAG_GROUP3OPTIONS
+ or TIFFTAG_GROUP4OPTIONS if compression is COMPRESSION_CCITTFAX3 or
+ COMPRESSION_CCITTFAX4.
+ (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2493">#2493</a>, CVE-2014-8128)
+ <li> tiffcp: fix crash when converting YCbCr JPEG-compressed to none.
+ (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2480">#2480</a>)
+ <li> bmp2tiff: fix crash due to int overflow related to input BMP dimensions
+ <li> tiffcrop: fix crash due to invalid TileWidth/TileHeight
+ <li> tiffcrop: fix segfault if bad value passed to -Z option
+ ( <a href="http://bugzilla.maptools.org/show_bug.cgi?id=2459">#2459</a>)
+ and add missing va_end in dump_info
+ <li> thumbnail, tiffcrop: "fix" heap read over-run found with
+ Valgrind and Address Sanitizer on test suite
+ <li> fax2ps: check malloc()/realloc() result. (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2470">#2470</a>)
+ <li> gif2tiff: apply patch for CVE-2013-4243. (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2451">#2451</a>)
+ <li> gif2tiff: fix possible OOB write. (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2452">#2452</a>, CVE-2013-4244)
+ <li> gif2tiff: Be more careful about corrupt or hostile input files (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2450">#2450</a>, CVE-2013-4231)
+ <li> tiff2rgba: fix usage message in that zip was wrongly described
+ <li> tiffinfo: Default various values fetched with TIFFGetField() to avoid being uninitialized.
+ <li> tiff2ps: Fix bug in auto rotate option code.
+ <li> ppm2tiff: avoid zero size buffer vulnerability (CVE-2012-4564).
+ check the linebytes calculation too, get the max() calculation
+ straight, avoid redundant error messages, check for malloc
+ failure.
+ <li> tiffset: now supports a -u option to unset a tag.
+ (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2419">#2419</a>)
+ <li> Fix warnings about unused parameters.
+ <li> rgb2ycbcr, tiff2bw, tiff2pdf, tiff2ps, tiffcrop, tiffdither :
+ Enlarge some fixed-size buffers that weren't
+ large enough, and eliminate substantially all uses of sprintf(buf,
+ ...) in favor of using snprintf(buf, sizeof(buf), ...), so as to
+ protect against overflow of fixed-size buffers. This responds in
+ particular to CVE-2013-1961 concerning overflow in tiff2pdf.c's
+ t2p_write_pdf_page().
+ <li>html/man/tiff2ps.1.html, html/man/tiffcp.1.html,
+ html/man/tiffdither.1.html, man/tiff2ps.1, man/tiffcp.1,
+ man/tiffdither.1, tools/tiff2ps.c, tools/tiffcp.c,
+ tools/tiffdither.c: Sync tool usage printouts and man pages with
+ reality
+
+</UL>
+
+<P><HR WIDTH=65% ALIGN=left>
+
+<!--------------------------------------------------------------------------->
+
+<A NAME="contrib"><B><FONT SIZE=+3>C</FONT>HANGES IN THE CONTRIB AREA:</B></A>
+
+<UL>
+
+ <li> Fix warnings about variables set but not used.
+ <li> contrib/dbs/xtiff/xtiff.c: Enlarge some fixed-size buffers that weren't
+ large enough, and eliminate substantially all uses of sprintf(buf,
+ ...) in favor of using snprintf(buf, sizeof(buf), ...), so as to
+ protect against overflow of fixed-size buffers.
+</UL>
+
+Last updated $Date: 2015-26-01 11:18:00 $.
+
+</BODY>
+</HTML>