1 files changed, 291 insertions, 0 deletions
diff --git a/tiff/html/v4.0.4beta.html b/tiff/html/v4.0.4beta.html
new file mode 100755
index 0000000..2c2dfd2
--- /dev/null
+++ b/tiff/html/v4.0.4beta.html
@@ -0,0 +1,291 @@
+<HTML>
+<HEAD>
+<TITLE>
+	Changes in TIFF v4.0.4beta
+</TITLE>
+</HEAD>
+
+<BODY BGCOLOR=white>
+<FONT FACE="Helvetica, Arial, Sans">
+
+<BASEFONT SIZE=4>
+<B><FONT SIZE=+3>T</FONT>IFF <FONT SIZE=+2>C</FONT>HANGE <FONT SIZE=+2>I</FONT>NFORMATION</B>
+<BASEFONT SIZE=3>
+
+<UL>
+<HR SIZE=4 WIDTH=65% ALIGN=left>
+<B>Current Version</B>: v4.0.4beta<BR>
+<B>Previous Version</B>: <A HREF=v4.0.3.html>v4.0.3</a><BR>
+<B>Master FTP Site</B>: <A HREF="ftp://ftp.remotesensing.org/pub/libtiff">
+ftp.remotesensing.org</a>, directory pub/libtiff</A><BR>
+<B>Master HTTP Site</B>: <A HREF="http://www.remotesensing.org/libtiff">
+http://www.remotesensing.org/libtiff</a> 
+<HR SIZE=4 WIDTH=65% ALIGN=left>
+</UL>
+
+<P>
+This document describes the changes made to the software between the
+<I>previous</I> and <I>current</I> versions (see above).  If you don't
+find something listed here, then it was not done in this timeframe, or
+it was not considered important enough to be mentioned.  The following
+information is located here:
+<UL>
+<LI><A HREF="#highlights">Major Changes</A>
+<LI><A HREF="#configure">Changes in the software configuration</A>
+<LI><A HREF="#libtiff">Changes in libtiff</A>
+<LI><A HREF="#tools">Changes in the tools</A>
+<LI><A HREF="#contrib">Changes in the contrib area</A>
+</UL>
+<p> 
+<P><HR WIDTH=65% ALIGN=left>
+
+<!--------------------------------------------------------------------------->
+
+<A NAME="highlights"><B><FONT SIZE=+3>M</FONT>AJOR CHANGES:</B></A>
+
+<UL>
+
+	<li> None
+
+</UL>
+
+
+<P><HR WIDTH=65% ALIGN=left>
+<!--------------------------------------------------------------------------->
+
+<A NAME="configure"><B><FONT SIZE=+3>C</FONT>HANGES IN THE SOFTWARE CONFIGURATION:</B></A>
+
+<UL>
+
+  <li> Updated to use Automake 1.15 and Libtool 2.4.5
+
+</UL>
+
+<P><HR WIDTH=65% ALIGN=left>
+
+<!--------------------------------------------------------------------------->
+
+<A NAME="libtiff"><B><FONT SIZE=+3>C</FONT>HANGES IN LIBTIFF:</B></A>
+
+<UL>
+
+  <li> TIFFCheckDirOffset(): avoid uint16 overflow
+       when reading more than 65535 directories, and effectively error out when
+       eaching that limit.
+
+  <li> TIFFNumberOfDirectories(): generate error in case of directory count
+       overflow.
+
+  <li> TIFFAdvanceDirectory(): If nextdir is found to
+       be defective, then set it to zero before returning error in order
+       to terminate processing of truncated TIFF.
+
+  <li> JPEG-in-TIFF: recognize SOF2, SOF9 and SOF10
+       markers to avoid emitting a warning. Fix for compatibility with mozjpeg library.
+       Note: the default settings of mozjpeg will produce progressive scans, which
+       is forbidden by the TechNote.
+
+  <li> JPEG-in-TIFF: Fix regression introduced in 3.9.3/4.0.0 that caused
+       all tiles/strips to include quantization tables even when the jpegtablesmode
+       had the JPEGTABLESMODE_QUANT bit set.
+       Also add explicit removal of Huffman tables when jpegtablesmode has the
+       JPEGTABLESMODE_HUFF bit set, which avoids Huffman tables to be emitted in the
+       first tile/strip (only useful in update scenarios. create-only was
+       fine)
+
+  <li> JPEG-in-TIFF: fix segfault in JPEGFixupTagsSubsampling() on
+       corrupted image where tif->tif_dir.td_stripoffset == NULL.
+       (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2471">#2471</a>)
+
+  <li> NeXT codec: add new tests to check that we don't read outside of
+       the compressed input stream buffer.
+
+  <li> NeXT codec: check that BitsPerSample = 2. Fixes
+       <a href="http://bugzilla.maptools.org/show_bug.cgi?id=2487">#2487</a> (CVE-2014-8129)
+
+  <li> NeXT codec: in the "run mode", use tilewidth for tiled images
+       instead of imagewidth to avoid crash
+
+  <li> tif_getimage.c: in OJPEG case, fix checks on strile width/height
+       in the putcontig8bitYCbCr42tile, putcontig8bitYCbCr41tile and
+       putcontig8bitYCbCr21tile cases.
+
+  <li> in TIFFDefaultDirectory(), reset any already existing
+       extented tags installed by user code through the extender mechaninm before
+       calling the extender callback (GDAL #5054)
+
+  <li> Fix  warnings about unused parameters.
+
+  <li> Fix various typos in comments found by Debian lintian tool (GDAL #5756)
+
+  <li> tif_getimage.c: avoid divide by zero on invalid YCbCr subsampling.
+       (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2235">#2235</a>)
+
+  <li> tif_dirread.c: In EstimateStripByteCounts(), check return code
+       of _TIFFFillStriles(). This solves crashing bug on corrupted
+       images generated by afl.
+
+  <li>tif_read.c: fix several invalid comparisons of a uint64 value with
+       &lt;= 0 by casting it to int64 first. This solves crashing bug on corrupted
+      images generated by afl.
+
+  <li>TIFFSetField(): refuse to set negative values for
+      TIFFTAG_XRESOLUTION and TIFFTAG_YRESOLUTION that cause asserts when writing
+      the directory
+
+  <li>TIFFReadDirectory(): refuse to read ColorMap or
+      TransferFunction if BitsPerSample has not yet been read, otherwise reading
+      it later will cause user code to crash if BitsPerSample > 1
+
+  <li> TIFFRGBAImageOK(): return FALSE if LOGLUV with
+       SamplesPerPixel != 3, or if CIELAB with SamplesPerPixel != 3 or BitsPerSample != 8
+
+  <li> tif_config.vc.h: no longer use "#define snprintf _snprintf" with
+       Visual Studio 2015 aka VC 14 aka MSVC 1900
+
+  <li> LZW codec: prevent potential null dereference of sp->dec_codetab in LZWPreDecode
+       (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2459">#2459</a>)
+
+  <li> TIFFReadBufferSetup(): avoid passing -1 size
+       to TIFFmalloc() if passed user buffer size is 0
+       (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2459">#2459</a>)
+
+  <li> TIFFReadDirEntryOutputErr(): Incorrect
+       count for tag should be a warning rather than an error since
+       errors terminate processing.
+
+  <li> tif_dirinfo.c (TIFFField) : Fix data type for TIFFTAG_GLOBALPARAMETERSIFD tag.
+
+  <li> Add definitions for TIFF/EP CFARepeatPatternDim and CFAPattern tags
+       (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2457">#2457</a>)
+
+  <li> tif_codec.c, tif_dirinfo.c: Enlarge some fixed-size buffers that weren't
+        large enough, and eliminate substantially all uses of sprintf(buf,
+        ...)  in favor of using snprintf(buf, sizeof(buf), ...)
+  <li> configure.ac: Improve pkg-config static linking by adding -lm to Libs.private when needed.
+
+  <li> tif_write.c: tmsize_t related casting warning fixed for
+        64bit linux.
+
+  <li> tif_read.c: uint64/tmsize_t change for MSVC warnings.
+       (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2427">#2427</a>)
+
+  <li> Fix TIFFPrintDirectory's handling of
+       field_passcount fields: it had the TIFF_VARIABLE and
+       TIFF_VARIABLE2 cases backwards.
+
+  <li> PixarLog codec: Improve previous patch for CVE-2012-4447
+       (to enlarge tbuf for possible partial stride at end) so that
+       overflow in the integer addition is detected.
+
+  <li>tif_{unix,vms,win32}.c (_TIFFmalloc): ANSI C does not
+        require malloc() to return NULL pointer if requested allocation
+        size is zero.  Assure that _TIFFmalloc does.
+
+  <li>tif_zip.c: Avoid crash on NULL error messages.
+
+</UL>
+
+<P><HR WIDTH=65% ALIGN=left>
+
+<!-------------------------------------------------------------------------->
+	
+<A NAME="tools"><B><FONT SIZE=+3>C</FONT>HANGES IN THE TOOLS:</B></A>
+
+<UL>
+
+  <li> tiff2pdf: Fis various crashes and memory buffer access errors (oCERT-2014-013).
+  <li> tiff2pdf: fix buffer overflow on some YCbCr JPEG compressed images.
+                 (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2445">#2445</a>)
+  <li> tiff2pdf: fix buffer overflow on YCbCr JPEG compressed image.
+                 (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2443">#2443</a>)
+  <li> tiff2pdf: check return code of TIFFGetField() when reading TIFFTAG_SAMPLESPERPIXEL
+  <li> tiff2pdf: fix crash due to invalid tile count.
+  <li> tiff2pdf: Detect invalid settings of BitsPerSample/SamplesPerPixel for CIELAB / ITULAB
+  <li> tiff2pdf: Assure that memory size calculations for
+                 _TIFFmalloc() do not overflow the range of tmsize_t.
+  <li> tiff2pdf: Avoid crash when TIFFTAG_TRANSFERFUNCTION tag returns one channel,
+       with the other two channels set to NULL.
+  <li> tiff2pdf: close PDF file. (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2479">#2479</a>)
+  <li> tiff2pdf: Preserve input file directory order when pages
+       are tagged with the same page number.
+  <li> tiff2pdf.c: terminate after failure of allocating ycbcr buffer
+       (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2449">#2449</a> CVE-2013-4232)
+  <li> tiff2pdf: Rewrite JPEG marker parsing in
+        t2p_process_jpeg_strip to be at least marginally competent.  The
+        approach is still fundamentally flawed, but at least now it won't
+        stomp all over memory when given bogus input.  Fixes CVE-2013-1960.
+  <li> tiffdump: Guard against arithmetic overflow when calculating allocation buffer sizes.
+  <li> tiffdump: fix crash due to overflow of entry count.
+  <li> tiffdump: Fix double-free bug.
+  <li> tiffdump: detect cycle in TIFF directory chaining.
+       (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2463">#2463</a>)
+  <li> tiffdump: avoid passing a NULL pointer to read() if seek() failed before.
+       (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2459">#2459</a>)
+  <li> tiff2bw: when Photometric=RGB, the utility only works if SamplesPerPixel = 3. Enforce that.
+       (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2485">#2485</a>, CVE-2014-8127)
+  <li> pal2rgb, thumbnail: fix crash by disabling TIFFTAG_INKNAMES copying.
+       (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2484">#2484</a>, CVE-2014-8127)
+  <li> thumbnail: fix out-of-buffer write.
+       (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2489">#2489</a>, CVE-2014-8128)
+  <li> thumbnail, tiffcmp: only read/write TIFFTAG_GROUP3OPTIONS
+       or TIFFTAG_GROUP4OPTIONS if compression is COMPRESSION_CCITTFAX3 or
+       COMPRESSION_CCITTFAX4.
+       (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2493">#2493</a>, CVE-2014-8128)
+  <li> tiffcp: fix crash when converting YCbCr JPEG-compressed to none.
+       (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2480">#2480</a>)
+  <li> bmp2tiff: fix crash due to int overflow related to input BMP dimensions
+  <li> tiffcrop: fix crash due to invalid TileWidth/TileHeight
+  <li> tiffcrop: fix segfault if bad value passed to -Z option
+       ( <a href="http://bugzilla.maptools.org/show_bug.cgi?id=2459">#2459</a>)
+       and add missing va_end in dump_info
+  <li> thumbnail, tiffcrop: "fix" heap read over-run found with
+       Valgrind and Address Sanitizer on test suite
+  <li> fax2ps: check malloc()/realloc() result. (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2470">#2470</a>)
+  <li> gif2tiff: apply patch for CVE-2013-4243. (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2451">#2451</a>)
+  <li> gif2tiff: fix possible OOB write. (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2452">#2452</a>, CVE-2013-4244)
+  <li> gif2tiff: Be more careful about corrupt or hostile input files (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2450">#2450</a>, CVE-2013-4231)
+  <li> tiff2rgba: fix usage message in that zip was wrongly described
+  <li> tiffinfo: Default various values fetched with TIFFGetField() to avoid being uninitialized.
+  <li> tiff2ps: Fix bug in auto rotate option code.
+  <li> ppm2tiff: avoid zero size buffer vulnerability (CVE-2012-4564).
+       check the linebytes calculation too, get the max() calculation
+       straight, avoid redundant error messages, check for malloc
+       failure.
+  <li> tiffset: now supports a -u option to unset a tag.
+       (<a href="http://bugzilla.maptools.org/show_bug.cgi?id=2419">#2419</a>)
+  <li> Fix warnings about unused parameters.
+  <li> rgb2ycbcr, tiff2bw, tiff2pdf, tiff2ps, tiffcrop, tiffdither :
+       Enlarge some fixed-size buffers that weren't
+       large enough, and eliminate substantially all uses of sprintf(buf,
+       ...)  in favor of using snprintf(buf, sizeof(buf), ...), so as to
+       protect against overflow of fixed-size buffers.  This responds in
+       particular to CVE-2013-1961 concerning overflow in tiff2pdf.c's
+       t2p_write_pdf_page().
+  <li>html/man/tiff2ps.1.html, html/man/tiffcp.1.html,
+        html/man/tiffdither.1.html, man/tiff2ps.1, man/tiffcp.1,
+        man/tiffdither.1, tools/tiff2ps.c, tools/tiffcp.c,
+        tools/tiffdither.c: Sync tool usage printouts and man pages with
+        reality
+
+</UL>
+
+<P><HR WIDTH=65% ALIGN=left>
+
+<!--------------------------------------------------------------------------->
+
+<A NAME="contrib"><B><FONT SIZE=+3>C</FONT>HANGES IN THE CONTRIB AREA:</B></A>
+
+<UL> 
+
+    <li> Fix warnings about variables set but not used.
+    <li> contrib/dbs/xtiff/xtiff.c: Enlarge some fixed-size buffers that weren't
+        large enough, and eliminate substantially all uses of sprintf(buf,
+        ...)  in favor of using snprintf(buf, sizeof(buf), ...), so as to
+        protect against overflow of fixed-size buffers.
+</UL>
+
+Last updated $Date: 2015-26-01 11:18:00 $.
+
+</BODY>
+</HTML>