Opened 2 years ago

Closed 2 years ago

Last modified 23 months ago

#16589 closed enhancement (fixed)

tiff-4.4.0

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: elevated Milestone: 11.2
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (4)

comment:1 by Bruce Dubbs, 2 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 2 years ago

From changelog:

  • Handle absolute paths in pkg-config file.
  • cmake: allow running the tests with a read-only source directory
  • tiffcrop: Fixes complain of pipeline "cmake-ninja-arm64" about abs() on...
  • Public functions TIFFFieldSetGetSize() and TIFFieldSetGetCountSize() added.
  • Replace add_compile_definitions for CMake versions before 3.12
  • Remove incorrect assert.
  • test_signed_tags.c: fix CID 1504376.
  • tiffcp: Fix incomprehensible setting of orientation tag
  • tiff2pdf: handle 8-bit palette colormap.
  • Reading of signed tags added
  • Fix typos in comments.
  • tiffcp: avoid buffer overflow in "mode" string
  • TIFFIsBigTiff() function added.
  • tiffcp: Fix incomprehensible setting of orientation tag
  • extra flag for anonymous (unknown) tags
  • tif_lzw.c: fix potential out-of-bounds error when trying to read in the same tile/strip after an error has occured
  • extra flag for anonymous (unknown) tags
  • tiffcp: avoid buffer overflow in "mode" string
  • avoid hang in TIFFRewriteDirectory() if a classic file > 4 GB is attempted to be created
  • Correct reading description for anonymous tag auto-registration in addingtags.html
  • tif_lzw.c: avoid harmless unsigned-integer-overflow
  • tiffcp: do not try to fetch compressor-specific tags when not appropriate
  • Fix some CMake warnings
  • LZWDecode(): modest speed improvement: fetch input data by chunks of the largest natural integer of the architecture
  • Correct fix for the pkgconf file relative paths
  • tif_lzw.c: make LZW_CHECKEOS non-optional.
  • tiffsplit.c: fix compiler warning on 32-bit.
  • Correct fix for the pkgconf file relative paths.
  • fix heap buffer overflow in tiffcp
  • See merge request libtiff/libtiff!311
  • fix heap buffer overflow in tiffcp
  • tiffcp: do not try to fetch compressor-specific tags when not appropriate
  • tiffcrop: fix issue #395: generation of strange section images.
  • tiffcrop: fix issue #380 and #382 heap buffer overflow in extractImageSection
  • add checks for return value of limitMalloc
  • fix the FPE in tiffcrop
  • Fix pkgconf file relative paths
  • tif_jbig.c: fix crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed
  • TIFFClientOpen(): remove useless initializations of tif_rawcc and tif_flags
  • TIFFPrintDirectory(): avoid potential multi-threading issue when reading the DotRange tag
  • Constify signature of _TIFFsetXXXXArray() functions, and remove unused _TIFFsetString()
  • _TIFFVSetField(): when passing a string without explicit length, check that the length doesn't except the 1 << 31 maximum bytes we support
  • tiffsplit.c: fix use after free
  • tiff2ps: In limitMalloc() check for negative size
  • tiffinfo: limit more memory allocations using -M switch
  • tiffsplit: limitMalloc() and getopt() introduced and more error messages.
  • tiffcrop: buffsize check formula in loadImage() amended
  • TIFFClientOpen(): remove useless initializations of tif_rawcc and tif_flags after TIFFReadDirectory()
  • TIFFFetchNormalTag(): speed optimization when reading a (very large) nul-terminated ASCII tag
  • TIFFWriteDirectoryTagData(): turn assertion on data length into a runtime check
  • TIFFFetchNormalTag(): avoid calling memcpy() with a null source pointer and size of zero
  • tiffinfo: limit more memory allocations using -M switch
  • tif_dirwrite.c: take into account COMPRESSION_JXL.
  • Predictor 2 (horizontal differenciation): support 64-bit
  • tiff2pdf: Fixes initializing 't2p->pdf_compressionquality'.
  • Predictor 2 (horizontal differenciation): support 64-bit.
  • tiffcrop.c: Fix issue #352 heap-buffer-overflow by correcting uint32_t underflow.
  • Fix Coverity Scan report issues for custom_dir_EXIF_231.c and test_directory.c
  • Correct CMake testing
  • LogLuvEncode32(): avoid undefined behaviour of left shift on a signed integer
  • TIFFFetchStripThing(): avoid calling memcpy() with a null source pointer and size of zero (fixes #362)
  • Added stdlib.h
  • tif_win32.c: include stdlib.h.
  • Fix packaging with CPack.
  • Fix the global-buffer-overflow in tiffset
  • tiffset: fix global-buffer-overflow for ASCII tags where count is required
  • Fix autogen.sh permissions issues during mv
  • Correct CMake testing.
  • autogen.sh: mv -f for config.sub and config.guess.
  • TIFFYCbCrToRGBInit(): avoid Integer-overflow in gdal_TIFFYCbCrToRGBInit.
  • Fix sanity check in TIFFFillStrip()/TIFFFillStrile()
  • Fix Segmentation Fault due to field_name=NULL
  • build: Fix static library imports in mingw.
  • TIFFGetField(TIFFTAG_STRIPBYTECOUNTS/TIFFTAG_STRIPOFFSETS): return error if returned pointer is NULL
  • tiff2pdf: validate TIFFGetField(input, TIFFTAG_STRIPBYTECOUNTS, &sbc) return
  • fix raw2tiff floating point exception
  • raw2tiff: check that band number if not zero to avoid floating point exception
  • OJPEG: avoid assertion when using TIFFReadScanline()
  • OJPEG: avoid assertion when using TIFFReadScanline()
  • JPEG 12bit: make it easier for GDAL's RENAME_INTERNAL_LIBTIFF_SYMBOLS mode
  • tif_lzw.c: other warning fixes.
  • LZW codec: fix support for strips/tiles > 2 GB on Windows.
  • tiffinfo: add a -M switch to define the maximum heap allocation, and default...
  • TIFFReadDirectory: fix OJPEG hack (fixes #319)
  • TIFFAppendToStrip(): fix rewrite-in-place logic (fixes #309)
  • Fix resource leak on error path
  • rast2tiff: Fix resource leak on error path.
  • tiffsplit.c: Fix memleak before exit
  • tiffinfo: add a -M switch to define the maximum heap allocation, and default it to 256 MiB
  • tiffinfo: fix read of invalid pointer in TIFFReadRawDataTiled()
  • TIFFReadDirectory: fix OJPEG hack
  • TIFFAppendToStrip(): fix rewrite-in-place logic
  • Properly reset tif_curoff when writing strips/tiles
  • TIFFReInitJPEG_12(): avoid warning about unused variable in -DNDEBUG.
  • Suppress unnecessary warnings in Visual Studio in AppVeyor test.
  • TIFFReadCustomDirectory(): avoid crash when reading SubjectDistance tag on a non EXIF directory
  • Added missing null check.
  • tif_print.c: remove duplicated if() in previous commit.
  • Fix Segmentation fault printing GPS directory if Altitude tag is present (tif_print.c/tiffinfo.c)
  • Fix STRIPCHOP_DEFAULT value in CMake builds
  • tif_jpeg.c: typo fix.
  • tiffsplit.c: Fix memleak before exit.
  • tif_webp.c: add explicit cast to please MSVC verbose warnings.
  • tif_webp.c: white space fixing.
  • Enable writing Photoshop blobs
  • PackBitsDecode: remove hack for when char is unsigned.
  • tiffcrop.c: remove useless 'set but not read' variables.
  • TIFFAppendToStrip(): fix rewrite-in-place logic
  • TIFFAppendToStrip(): fix rewrite-in-place logic.
  • reproducable in particular with packbits compression.
  • tif_lzw.c: silence compiler warning about set but not used variable with recent clang
  • Fix build warnings on cygwin about 'argument 1 of type 'float[3]'
  • test/rational_precision2double.c: add missing curly braces to fix -Werror=misleading-indentation
  • Fix build warnings on cygwin about 'argument 1 of type 'float[3]' with mismatched bound [-Werror=array-parameter=]'
  • Fix TIFFRewriteDirectory discarding directories after the rewritten one
  • tif_dirwrite.c: Fix TIFFRewriteDirectory discarding directories.
  • tif_webp.c: add explicit cast to please MSVC verbose warnings.
  • tif_webp.c: white space fixing.
  • PackBitsDecode: remove hack for when char is unsigned.
  • tiffcrop.c: remove useless 'set but not read' variables.
  • TIFFAppendToStrip(): fix rewrite-in-place logic
  • Keep track of last directory to improve performance for large multi-page files
  • tif_jpeg.c: fix memory leak on error code path for JPEG 12 bit (CID 1086702)
  • Enable JPEG 12bit support with a libjpeg that has a different ABI than the one for 8bit support
  • Reformat tif_jpeg.c and tif_jpeg_12.c with clang-format-10.
  • Enable JPEG 12bit support with a libjpeg that has a different ABI than the one for 8bit support
  • Export tiff targets
  • Add version and requirements to pc file
  • Fix version in libtiff-4.pc.in, and CMake build: Add requirements to pc file
  • Fix build issues with CMake 3.10
  • Fix reconfiguration with cmake.
  • Export tiff targets.
  • tif_jpeg.c: simplify libjpeg 9d support
  • tif_jpeg.c: workaround bug of libjpeg 9d that defers Huffman table creation
  • tif_jpeg.c: do not emit progressive scans with mozjpeg and force optimize_coding
  • tif_jpeg.c: with mozjpeg, disable emission of Huffman tables in JpegTables tag, and use optimize_coding
  • tif_jpeg.c: workaround bug of libjpeg 9d that defers Huffman table creation
  • tif_jpeg.c: do not emit progressive scans with mozjpeg.
  • Fix memory leak in tiff2pdf
  • html: Add missing pages when using CMake
  • html: Add missing pages when using CMake.
  • ci: Re-enable cygwin builds
  • ci: Re-enable cygwin builds.
  • ci: Add arm64 build
  • _TIFFRewriteField(): fix when writing a IFD with a single tile that is a sparse one, on big endian hosts
  • Fix memory leak in tiff2pdf.
  • tif_lzw.c: cleanup, no functional change
  • tif_lzw.c: cleanup, no functional change.
  • .appveyor.yml: disable cygwin configs for now as they are broken.
  • ZSTD codec: reuse compressor/decompressor objects.
  • Fix all remaining uses of legacy Deflate compression id and warn on use.
  • tiffinfo/tiffdump: improve output for GDAL tags.
  • Prevent adding root directory to include list.
  • fix TIFFReadRawStrip man and HTML page typo.
  • HOWTO-RELEASE: update.
  • Make LERC_SUPPORT conditional on ZLIB_SUPPORT.
  • Make display of lerc options in tiffcp depend on actual zstd support.
  • automatic creation of xz archive when running make distcheck
  • iptcutil.c: fix bug in EOF comparison, spotted on NetBSD 9 earmv7hf-el.

comment:3 by Bruce Dubbs, 2 years ago

Resolution: fixed
Status: assignedclosed

Fixed at commits 

e1be4fda9d Update to gnutls-3.7.6.
002e7bd37c Update to tiff-4.4.0.
1ff5a0d8f1 Update to iw-5.19.

comment:4 by Douglas R. Reno, 23 months ago

Priority: normalelevated

Retroactively promote to Elevated.

CVEs are:

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. CVE-2022-1355, LOW

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service. CVE-2022-1354, MEDIUM

Unfortunately there's a lot of security issues fixed in the next version. Maybe we should port those back in the future, although upstream does seem to be very responsive.

Note: See TracTickets for help on using tickets.