Skip to content
Snippets Groups Projects
ChangeLog 236 KiB
Newer Older
2016-01-03  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_read.c, tif_dirread.c: fix indentation issues raised
	by GCC 6 -Wmisleading-indentation

2015-12-27  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_pixarlog.c: avoid zlib error messages to pass a NULL
	string to %s formatter, which is undefined behaviour in sprintf().

2015-12-27  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_next.c: fix potential out-of-bound write in NeXTDecode()
	triggered by http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif
	(bugzilla #2508)

2015-12-27  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_luv.c: fix potential out-of-bound writes in decode
	functions in non debug builds by replacing assert()s by regular if
	checks (bugzilla #2522).
	Fix potential out-of-bound reads in case of short input data.

2015-12-26  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_getimage.c: fix out-of-bound reads in TIFFRGBAImage
	interface in case of unsupported values of SamplesPerPixel/ExtraSamples
	for LogLUV / CIELab. Add explicit call to TIFFRGBAImageOK() in
	TIFFRGBAImageBegin(). Fix CVE-2015-8665 reported by limingxing and
	CVE-2015-8683 reported by zzf of Alibaba.

2015-12-21  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_dirread.c: workaround false positive warning of Clang Static
	Analyzer about null pointer dereference in TIFFCheckDirOffset().

2015-12-19  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_fax3.c: remove dead assignment in Fax3PutEOLgdal(). Found
	by Clang Static Analyzer

2015-12-18  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_dirwrite.c: fix truncation to 32 bit of file offsets in
	TIFFLinkDirectory() and TIFFWriteDirectorySec() when aligning directory
	offsets on a even offset (affects BigTIFF). This was a regression of the
	changeset of 2015-10-19.
2015-12-12  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_write.c: TIFFWriteEncodedStrip() and TIFFWriteEncodedTile()
	should return -1 in case of failure of tif_encodestrip() as documented
	* libtiff/tif_dumpmode.c: DumpModeEncode() should return 0 in case of
	failure so that the above mentionned functions detect the error.

2015-12-06  Even Rouault <even.rouault at spatialys.com>

	* libtiff/uvcode.h: const'ify uv_code array

2015-12-06  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_dirinfo.c: const'ify tiffFields, exifFields,
	tiffFieldArray and exifFieldArray arrays

2015-12-06  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_print.c: constify photoNames and orientNames arrays

2015-12-06  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_close.c, libtiff/tif_extension.c : rename link
	variable to avoid -Wshadow warnings
2015-11-22  Even Rouault <even.rouault at spatialys.com>

	* libtiff/*.c: fix typos in comments (patch by Kurt Schwehr)
 
2015-11-22  Even Rouault <even.rouault at spatialys.com>

	* libtiff/*.c: fix MSVC warnings related to cast shortening and
	assignment within conditional expression

2015-11-18  Even Rouault <even.rouault at spatialys.com>

	* libtiff/*.c: fix clang -Wshorten-64-to-32 warnings

2015-11-18  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_dirread.c: initialize double* data at line 3693 to NULL
	to please MSVC 2013

2015-11-17  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_dirread.c: prevent reading ColorMap or TransferFunction
	if BitsPerPixel > 24, so as to avoid huge memory allocation and file
	read attempts

2015-11-02  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_dirread.c: remove duplicated assignment (reported by
	Clang static analyzer)

2015-10-28  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_dir.c, libtiff/tif_dirinfo.c, libtiff/tif_compress.c,
	libtiff/tif_jpeg_12.c: suppress warnings about 'no previous
	declaration/prototype'

2015-10-19  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tiffiop.h, libtiff/tif_dirwrite.c: suffix constants by U to fix 
	'warning: negative integer implicitly converted to unsigned type' warning
	(part of -Wconversion)

2015-10-17  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_dir.c, libtiff/tif_dirread.c, libtiff/tif_getimage.c,
	  libtiff/tif_print.c: fix -Wshadow warnings (only in libtiff/)

2015-09-12  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

bfriesen's avatar
bfriesen committed
	* libtiff 4.0.6 released.

	* html/v4.0.6.html: Added release notes for 4.0.6.

2015-09-06  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* tools/tiffgt.c: Silence glut API deprecation warnings on MacOS
	X.  Patch by Roger Leigh.

	* Makefile.am: Added a 'coverity' rule to assist with Coverity
	submissions.

	* tools/tiff2pdf.c: Fix compiler warning about unused function
	when JPEG is not available.

	* tools/fax2ps.c (main): Detect failure to write to temporary
	file.

2015-09-05  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* libtiff/tif_dirread.c (TIFFReadDirEntryCheckRangeSlongSlong8):
	Change implementation so that it does not sometimes overflow the
	range of a 32-bit int and to avoid a signed vs unsigned compare
	compiler warning.
	(TIFF_INT64_MAX): Avoid use of platform-specific large constants.
	(TIFF_UINT32_MAX): Avoid use of platform-specific large constants.
2015-09-01  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* Makefile.am (distcheck-hook), configure.ac: Applied patches by
	Roger Leigh (via tiff mailing list on 2015-09-01) to fix issue
	with BSD make and to make use of cmake in 'distcheck' target
	conditional on if cmake is available.

	* CMakeLists.txt, Makefile.am, configure.ac: Applied patches by
	Roger Leigh (via tiff mailing list on 2015-09-01).

	CMake build is now included in 'distcheck' target.

	Builds with CMake 2.8.9 and newer.

	Tar is now resquested to use POSIX PAX format.

2015-08-31  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* CMakeLists.txt, libtiff/test/Makefile.am: Applied patches by
	Roger Leigh (via tiff mailing list on 2015-08-31.

	CMake reads all version information directly from configure.ac to
	avoid duplication of values.  This basically greps over the file
	for the LIBTIFF_* variables, then translates them to the form
	needed for cmake. This includes the release version and libtool
	shared library version information.

	Make shared/static library building configurable.  Currently it
	always builds shared libraries, with static libs having a _static
	suffix (copying zlib, but it means it's got a non-standard name).
	CMake has a -DBUILD_SHARED_LIBS=ON|OFF option to select one or the
	other, which is now used instead.  There's now a single "tiff"
	target to build either shared or static as required, and all the
	tests and tools are linked with this. Note: the Windows tests fail
	when linked with a static libtiff (says: libtiff.dll not found).
	Not really a regression since this was not tested up to this
	point, and it's likely the unit tests haven't (ever?) been run on
	Windows with a static libtiff, so there's some additional
	portability issue here to address.  Works fine on UNIX systems,
	and fine on Windows with the default to build a DLL.

	Add a missing file which wasn't being distributed, causing unit
	tests to fail.  Note that "find . -name '*.cmake'" lists all the
	CMake files which need distributing in addition to all the
	CMakeLists.txt files (which now are distributed).

2015-08-31  Even Rouault <even.rouault at spatialys.com>
	* libtiff/tif_predict.c: pedantic change to add explicit masking
	with 0xff before casting to uchar in floating-point horizontal
	differencing and accumulation routines.

2015-08-31  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_predict.c: fix generation of output with 16 bit
	or 32 bit integer, when byte swapping is needed, in
	horizontal predictor (#2521). Also fixes decoding when there is
	a single pixel to code (unlikely case...) and byte swapping is
	involved.

2015-08-30  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_lzw.c: make nextdata a unsigned type to avoid
	undefined behaviour with shifts (gcc -fsanitize=shift)

2015-08-30  Even Rouault <even.rouault at spatialys.com>
	* libtiff/tif_fax3.c, libtiff/tif_lzw.c, libtiff/tif_predict.c:
	add explicit masking with 0xff before casting
	to unsigned char (make icc -check=conversions happy)

	* libtiff/tif_predict.c: operate on unsigned datatypes when
	computing/applying differences to avoid undefined behaviour of
	signed types (C standard compliance)

2015-08-30  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* configure.ac: libtiff 4.0.5 released.

2015-08-29  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* CMakeLists.txt: Applied patch by Roger Leigh (via tiff mailing
	list on 2015-08-29) to add ld-version-script option to cmake build
	to match autoconf.  Note: defaults to 'on' to be ABI-compatible by
	default with common Linux distribution builds.  Note that the
	autoconf configure script defaults to 'off'.

	* html/build.html: Applied patch by Roger Leigh (via tiff mailing
	list on 2015-08-29) to describe how to use CMake to build libtiff.

2015-08-28  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* html/v4.0.5.html: Added HTML file describing the changes which
	will appear in the 4.0.5 release.

2015-08-23  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* libtiff/tiffiop.h: For MinGW comiles, make sure that build
	supports necessary __MSVCRT_VERSION__ (at least at least 0x800).
	Otherwise large files can not be supported for POSIX-style I/O.

	* tools/fax2tiff.c (main): Eliminate a compiler warning in 64-bit
	builds about cast to thandle_t.

	* test/rewrite_tag.c (main): Does not require any arguments.

2015-08-20  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* tools/CMakeLists.txt, port/snprintf.c: Patch by Roger Leigh to
	fix build issues when using Cmake due to Windows large file
	changes.

2015-08-18  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* libtiff/tiffiop.h: First cut at supporting large files under
	Microsoft Windows using tif_unix.c and the libtiff tools.  This
	only works if the Windows CDK is new enough to support the APIs
	used (Visual C++ 2005 or later).  Support for large files is not
	actually tested yet.

bfriesen's avatar
bfriesen committed
2015-08-15  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* libtiff/tif_jpeg.c: Applied patch by Räisä Olli to assure that
	client_data is initialized to a known value, and to report an
	error on two memory allocation failures.

2015-08-13  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* CMakeLists.txt: Applied patch by Roger Leigh to fix libtiffxx
	symbol versioning.  Patch was mailed to libtiff list on Thu, 13
	Aug 2015.

2015-07-04  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* cmake: Add d suffix to debug libraries with MSVC.  Patch #3 of 3
	by Roger Leigh posted to tiff list on Wed, 1 Jul 2015 15:58:20
	+0100.

	* cmake: Add extra warning flags.  Patch #2 of 3 by Roger Leigh
	posted to tiff list on Wed, 1 Jul 2015 15:58:20 +0100.

	* cmake: Correct snprintf fallback for VS2015.  Patch #1 of 3 by
	Roger Leigh posted to tiff list on Wed, 1 Jul 2015 15:58:20 +0100.

2015-06-24  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* CMakeLists.txt: Add CMake patchset by Roger Leigh as posted to
	libtiff mailing list on Mon, 22 Jun 2015 21:21:01 +0100. Several
	corrections to ensure that the autotools build still works were
	added by me.  I have not yet tested the build using 'cmake' or
	MSVC with 'nmake'.

2015-06-21  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* test/Makefile.am: tiff2rgba-quad-tile.jpg.sh depends on the JPEG
	library so only execute if JPEG is available.

bfriesen's avatar
bfriesen committed
	* libtiff 4.0.4 released.

	* configure.ac: Add a HAVE_FOO Automake conditional for each
	add-on library.

	* test/Makefile.am (JPEG_DEPENDENT_CHECK_PROG): raw_decode
	requires JPEG support to compile.  Use Automake conditional to
	only include it when JPEG support is available.

	* html/build.html: Try to improve the nmake-based VC++ build
	description.

	* libtiff/tiffconf.vc.h: Build fixes based on testing.

	* libtiff/tif_config.vc.h: Build fixes based on testing.

	* libtiff/libtiff.def: TIFFRasterScanline does not exist so remove
	export for it.

2015-06-20  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* libtiff/tif_config.vc.h: Make adjustments to match the new
	definitions that configure produces, including for WIN64.  Still
	needs to be tested.

	* configure.ac: For 64-bit MinGW, fix SSIZE_FORMAT formatting
	specifier.  64-bit MinGW supports 'long long' but support for
	'lld' is not assured by the run-time DLLs and so GCC warns.
	Add TIFF_SIZE_T and TIFF_SIZE_FORMAT to provide a type definition
	and printf format specifier to deal with printing values of
	'size_t' type.  In particular, this was necessary for WIN64.
	Added a configure test for if the system headers provide 'optarg'
	(normal case) and block out the many explicit 'extern' statements
	in the utilities.  This was found to be necessary under Windows
	when getopt is in a DLL and the symbols are already imported with
	dllimport via standard header files.
	* test/raw_decode.c (XMD_H): Avoid conflicting typedefs for INT32
	and boolean in MinGW build due to including jpeglib.h.

	* test/rewrite_tag.c (main): Fix problem with location of variable
	declaration.

	* libtiff/libtiff.def: Added exports for TIFFGetConfiguredCODECs,
	TIFFReadRGBAImageOriented, TIFFSetCompressionScheme,
	TIFFSwabArrayOfTriples, TIFFVGetFieldDefaulted, _TIFFCheckRealloc,
	TIFFRasterScanline, TIFFSetErrorHandlerExt,
	TIFFSetWarningHandlerExt, TIFFNumberOfDirectories,
	TIFFCreateCustomDirectory, TIFFCreateEXIFDirectory,
	TIFFWriteCustomDirectory, _TIFFRewriteField as recommended by
	Roger Leigh and justified by use in libtiff tests, documentation,
	and changelog notes.  Also sorted symbol list and removed
	duplicate entries.

2015-06-16  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* libtiff/tif_getimage.c: Fix four Coverity issues related to
	unintended sign extension.

2015-06-16  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_unix.c: fix compilation with MSVC (fix by Jeff McKenna)

faxguy's avatar
 
faxguy committed
2015-06-14  Lee Howard  <faxguy@howardsilvan.com>

faxguy's avatar
 
faxguy committed
	* libtiff/tif_unix.c: contribution from Vadim Zeitlin on
	Bugzilla Bug #2510 fixes several harmless but still annoying
faxguy's avatar
 
faxguy committed
	warnings

faxguy's avatar
 
faxguy committed
	* configure: contribution from Ludolf Holzheid on Bugzilla
	Bug #2498.  Adds an option to select the file I/O style on
faxguy's avatar
 
faxguy committed
	Windows hosts.

	* libtiff/tif_getimage.c: contribution from Gary Cramblitt
faxguy's avatar
 
faxguy committed
	on Bugzilla Bug #2409.  Correct reading of certain tiled TIFFs.

faxguy's avatar
 
faxguy committed
	* configure, configure.ac: contribution from Marcos H. Woehrmann
	on Bugzilla Bug #2405.  Correct shell equality operator.

	* tools/tiffgt.c (raster_draw): contribution from Jay Berkenbilt
faxguy's avatar
 
faxguy committed
	on Bugzilla Bug #2401.  Appropriately call glFlush().

faxguy's avatar
 
faxguy committed
	* tools/tiff2pdf.c: change ColorTransform from "0" to "1"
	following Bugzilla Bug #2150.

faxguy's avatar
 
faxguy committed
2015-06-13  Lee Howard  <faxguy@howardsilvan.com>

	* libtiff/tif_lzw.c: contribution from Andy Cave - decode
	files that contain consecutive CODE_CLEAR codes.

	* tools/tiff2pdf.c: contribution from Antti S. Lankila on
	Bugzilla Bug #2078. Suppress initial output of the header.

	* tools/tiff2pdf.c: contribution from Yuriy M. Kaminskiy -
	Take care in using the return value from snprintf().

	* tools/tiffcrop.c: contribution from Eduardo Robles Elvira -
	correctly copy the compression tag from the source TIFF.

	* tools/tiff2ps.c: contribution from Eduardo Robles Elvira -
	correct sizing and scaling problems with output document.

2015-06-10  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* libtiff/tif_jpeg.c (JPEGDecode): Split JPEGDecode() into two
	clean implementations in order to avoid pre-processor hell.  Only
	one of the implementations is used in a given build.

2015-06-08  Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_jpeg.c: Fix compilation in BITS_IN_JSAMPLE == 12
	case

2015-06-07  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* libtiff/tif_write.c (TIFFWriteEncodedStrip): Fix Coverity 715975
	"Division or modulo by zero".
	(TIFFWriteEncodedTile): Fix Coverity 715976 and 715977 "Division
	or modulo by zero".
	(TIFFWriteRawStrip): Fix Coverity 715978 "Division or modulo by
	zero".
	(TIFFWriteScanline): Fix Coverity 715979 "Division or modulo by
	zero".
	* libtiff/tif_read.c (TIFFStartTile): Fix Coverity 715973 and
	715974 "Division or modulo by zero".

2015-05-31  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* libtiff/tif_dir.c (TIFFNumberOfDirectories): Quiet Coverity
	1134470 "Logically dead code" by making the roll-over check
	explicit.

	* libtiff/tif_luv.c (LogLuvDecodeTile): Fix Coverity 991227
	"Division or modulo by zero".
	(LogLuvDecodeStrip): Fix Coverity 991239 "Division or modulo by
	zero".
	(LogLuvEncodeStrip): Fix Coverity 991240 "Division or modulo by
	zero".
	(LogLuvEncodeTile): Fix Coverity 991241 "Division or modulo by
	zero".
	* libtiff/tif_dirread.c (TIFFReadDirEntryDoubleArray): Fix
	Coverity 298626 "Logically dead code".
	(TIFFReadDirEntryFloatArray): Fix Coverity 298627 "Logically dead
	code".
	(TIFFReadDirEntryIfd8Array): Fix Coverity 298628 "Logically dead
	code".
	(TIFFReadDirEntrySlong8Array): Fix Coverity 298629 "Logically dead
	code"
	* libtiff/tif_dir.c (TIFFNumberOfDirectories): Don't depend on ++
	operator precedenc in evaluation.  Might quench Coverity 1134470
	"Logically dead code".

	* libtiff/tif_jpeg.c (JPEGDecode): Fix Coverity 602597 "Operands
	don't affect result".  This change uses ifdefs to include
	applicable code based on properties of libjpeg.  Still needs to be
	re-tested with 12-bit "6b" and "MK1".

2015-05-30  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* libtiff/tif_dirwrite.c (_TIFFRewriteField): Fix Coverity 1024310
	"Resource leak".

	* libtiff/tif_ojpeg.c (OJPEGReadHeaderInfoSecStreamDht): Fix
	Coverity 601720 "Resource leak".

	* libtiff/tif_jpeg.c (JPEGCleanup): Fix Coverity 298624
	"Dereference before null check".

	* libtiff/tif_ojpeg.c (OJPEGReadBufferFill): Fix Coverity 603400
	"Missing break in switch".

	* contrib/addtiffo/tif_overview.c (TIFF_DownSample): Check buffer
	size calculation for overflow.

	* contrib/addtiffo/addtiffo.c (main): Possibly address Coverity
	1024226 "Untrusted value as argument".

	* tools/gif2tiff.c (readgifimage): Fix Coverity 1024222 "Untrusted
	value as argument".
	(checksignature): Fix Coverity 1024894 "Ignoring number of bytes
	read".
	(readextension): Fix Coverity 1024893 "Ignoring number of bytes
	read".
	(readgifimage): Fix Coverity 1024890 "Ignoring number of bytes
	read".
	(readraster): Fix Coverity 1024891 "Ignoring number of bytes
	read".
	(readgifimage): Fix Coverity 1024892 "Ignoring number of bytes
	read".

	* tools/tiff2pdf.c (t2p_readwrite_pdf_image): Fix Coverity 1024181
	"Structurally dead code".

	* tools/raw2tiff.c (main): Fix Coverity 1024887 "Unchecked return
	value from library".
	(guessSize): Fix Coverity 1024888 "Unchecked return value from
	library".
	(guessSize): Fix Coverity 1214162 "Ignoring number of bytes read".
	(guessSize): Fix Coverity 1024889 "Unchecked return value from
	library".

	* tools/tiff2pdf.c (t2p_readwrite_pdf_image): Fix Coverity 298621
	"Resource leak".
	(t2p_readwrite_pdf_image): Fix Coverity 1024181 "Structurally dead
	code".
	(t2p_write_pdf): Fix Coverity 1227690 "Unused value".

2015-05-29  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* contrib/iptcutil/iptcutil.c (formatIPTC): Fix Coverity 1024468
	"Infinite loop".
	(formatIPTC): Fix Coverity 1024727 "Truncated stdio return value".
	(formatIPTC): Fix Coverity 1214240 "Untrusted loop bound".

2015-05-28  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* contrib/addtiffo/tif_ovrcache.c (TIFFCreateOvrCache): Fix
	Coverity 298615 "Resource leak".
	(TIFFGetOvrBlock): Fix Coverity 1024649 "Unintended sign
	extension".

	* tools/bmp2tiff.c (main): Fix Coverity 1024225 "Untrusted value
	as argument".
	(main): Fix Coverity 1024678 "Unchecked return value from
	library".
	(main): Fix Coverity 1024679 "Unchecked return value from
	library".
	(main): Fix Coverity 1214160 "Ignoring number of bytes read".

	* contrib/addtiffo/tif_ovrcache.c (TIFFCreateOvrCache): Fix
	Coverity 298615 "Resource leak".

	* tools/tiffcp.c: Fix Coverity 1024306, 1024307, 1024308, 1024309
	"Resource leak".

	* tools/tiffsplit.c (cpTiles): Fix Coverity 1024304 "Resource
	leak".
	(cpStrips): Fix Coverity 1024305 "Resource leak".

2015-05-27  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* tools/ras2tiff.c: Fix Sun Raster header definition to be safe
	for 64-bit systems.  Add some header validations.  Should fix many
	Coverity issues.
	(main): Fix Coverity 1301206: "Integer handling issues  (BAD_SHIFT)".
	(main): Quiet Coverity 1024223 "Untrusted value as argument".
	* tools/tiffmedian.c (GetInputLine): Fix Coverity 1024795 "Nesting
	level does not match indentation".
	(get_histogram): Quiet Coverity 1024386 "Out-of-bounds read".
	This was a benign mis-diagnosis but added code to enforce against
	buffer overflow.
	* tools/tiffcrop.c (ROTATE_ANY): Fix Coverity 1294542 "Logical
	vs. bitwise operator".
	(readContigStripsIntoBuffer): Fix Coverity 1024545 "Division or
	modulo by zero".
	(readContigTilesIntoBuffer): Fix Coverity 1024586 "Logically dead
	code".
	(writeSingleSection): Fix Coverity 1024796 "Nesting level does not
	match indentation".
	(writeCroppedImage): Fix Coverity 1024797 "Nesting level does not
	match indentation".
	(loadImage): Fix Coverity 1299741 "Dereference before null check".
	(loadImage): Fix Coverity 1299740 "Out-of-bounds write".
2015-03-02  Even Rouault  <even.rouault@spatialys.com>

	* tools/tiffdither.c: check memory allocations to avoid writing to
	NULL pointer. Also check multiplication overflow. Fixes #2501,
	CVE-2014-8128. Derived from patch by Petr Gajdos.

2015-01-26  Even Rouault  <even.rouault@spatialys.com>

	* add html/v4.0.4beta.html under version control
	* HOWTO-RELEASE: write that cvs add html/vX.X.html must be used

erouault's avatar
erouault committed
2015-01-26  Even Rouault  <even.rouault@spatialys.com>

	* libtiff 4.0.4beta released

erouault's avatar
erouault committed
2015-01-26  Even Rouault  <even.rouault@spatialys.com>

	* automake: updated to 1.15
	* libtool: updated to 2.4.5

2015-01-22  Even Rouault  <even.rouault@spatialys.com>

	* tools/tiff2pdf.c: Fix two crashes (oCERT-2014-013)

2015-01-05  Frank Warmerdam  <warmerdam@pobox.com>

	* html/bugs.html: remove note about needing to email the tiff mailing
	list administrator about being approved for membership, this appears
	not to be true.

2015-01-05  Olivier Paquet  <olivier.paquet@gmail.com>

	* tools/tiff2pdf.c: Fixed unsigned integer addition overflow detection.

2015-01-03  Even Rouault  <even.rouault@spatialys.com>

	* libtiff/tif_dirread.c: in TIFFCheckDirOffset(), avoid uint16 overflow
	when reading more than 65535 directories, and effectively error out when
	reaching that limit.

2014-12-29  Even Rouault  <even.rouault@spatialys.com>

	* libtiff/tif_jpeg.c: in JPEGFixupTags(), recognize SOF2, SOF9 and SOF10
	markers to avoid emitting a warning (even if, according to the TechNote,
	there are admitedly unusual/not recommended or even forbidden variants, but
	they do work well with libjpeg for SOF2, and with libjpeg-turbo for SOF2,
	SOF9 and SOF10).
	Define in_color_space and input_components to the right values in
	JPEGSetupEncode(), before calling jpeg_set_defaults(), as specified by
	libjpeg API documentation, so as to be compatible with mozjpeg library.
	Note: the default settings of mozjpeg will produce progressive scans, which
	is forbidden by the TechNote.

2014-12-29  Even Rouault  <even.rouault@spatialys.com>
	* libtiff/tif_getimage.c: move test on vertical value of YCbCr subsampling.
	to avoid buffer leak (fix previous fix, found by Coverity scan)
2014-12-29  Even Rouault  <even.rouault@spatialys.com>

	* libtiff/tif_next.c: add new tests to check that we don't read outside of
	the compressed input stream buffer.

	* libtiff/tif_getimage.c: in OJPEG case, fix checks on strile width/height
    in the putcontig8bitYCbCr42tile, putcontig8bitYCbCr41tile and
    putcontig8bitYCbCr21tile cases.

2014-12-27  Even Rouault  <even.rouault@spatialys.com>

	* libtiff/tif_dir.c: in TIFFDefaultDirectory(), reset any already existing
	extented tags installed by user code through the extender mechaninm before
	calling the extender callback (GDAL #5054)

2014-12-26  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* tools/tiffcrop.c: Fix warnings about variables set but not used.

	* contrib/iptcutil/iptcutil.c: Fix warnings about variables set
	but not used.

	* tools/tiffgt.c: Fix warnings about unused parameters.

	* libtiff/tif_stream.cxx: Fix warnings about unused parameters.

2014-12-25  Even Rouault  <even.rouault@spatialys.com>

	* libtiff/tif_getimage.c, libtiff/tif_ojpeg.c, libtiff/tif_zip.c: fix
	various typos found by Debian lintian tool (GDAL #5756)

2014-12-24  Even Rouault  <even.rouault@spatialys.com>

	* libtiff/tif_getimage.c: avoid divide by zero on invalid YCbCr subsampling.
	http://bugzilla.maptools.org/show_bug.cgi?id=2235

2014-12-24  Even Rouault  <even.rouault@spatialys.com>

	* tools/tiff2pdf.c: fix buffer overflow on some YCbCr JPEG compressed images.
	http://bugzilla.maptools.org/show_bug.cgi?id=2445

2014-12-24  Even Rouault  <even.rouault@spatialys.com>

	* tools/tiff2pdf.c: fix buffer overflow on YCbCr JPEG compressed image.
	Derived from patch by Petr Gajdos,
	http://bugzilla.maptools.org/show_bug.cgi?id=2443

2014-12-23  Even Rouault  <even.rouault@spatialys.com>

	* libtiff/tif_dirread.c: In EstimateStripByteCounts(), check return code
	of _TIFFFillStriles(). This solves crashing bug on corrupted
	images generated by afl.

2014-12-23  Even Rouault  <even.rouault@spatialys.com>

	* libtiff/tif_read.c: fix several invalid comparisons of a uint64 value with
	<= 0 by casting it to int64 first. This solves crashing bug on corrupted
	images generated by afl.

2014-12-21  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* tools/tiffdump.c: Guard against arithmetic overflow when
	calculating allocation buffer sizes.

2014-12-21  Even Rouault  <even.rouault@spatialys.com>

	* tools/tiff2bw.c: when Photometric=RGB, the utility only works if
	SamplesPerPixel = 3. Enforce that
	http://bugzilla.maptools.org/show_bug.cgi?id=2485 (CVE-2014-8127)

2014-12-21  Even Rouault  <even.rouault@spatialys.com>

	* tools/pal2rgb.c, tools/thumbnail.c: fix crash by disabling TIFFTAG_INKNAMES
	copying. The right fix would be to properly copy it, but not worth the burden
	for those esoteric utilities.
	http://bugzilla.maptools.org/show_bug.cgi?id=2484 (CVE-2014-8127)

2014-12-21  Even Rouault  <even.rouault@spatialys.com>

	* tools/thumbnail.c: fix out-of-buffer write
	http://bugzilla.maptools.org/show_bug.cgi?id=2489 (CVE-2014-8128)

2014-12-21  Even Rouault  <even.rouault@spatialys.com>

	* tools/thumbnail.c, tools/tiffcmp.c: only read/write TIFFTAG_GROUP3OPTIONS
	or TIFFTAG_GROUP4OPTIONS if compression is COMPRESSION_CCITTFAX3 or
	COMPRESSION_CCITTFAX4
	http://bugzilla.maptools.org/show_bug.cgi?id=2493 (CVE-2014-8128)

2014-12-21  Even Rouault  <even.rouault@spatialys.com>

	* libtiff/tif_next.c: check that BitsPerSample = 2. Fixes
	http://bugzilla.maptools.org/show_bug.cgi?id=2487 (CVE-2014-8129)

2014-12-21  Even Rouault  <even.rouault@spatialys.com>

	* tools/tiff2pdf.c: check return code of TIFFGetField() when reading
	TIFFTAG_SAMPLESPERPIXEL

2014-12-21  Even Rouault  <even.rouault@spatialys.com>

	* tools/tiffcp.c: fix crash when converting YCbCr JPEG-compressed to none.
	Based on patch by Tomasz Buchert (http://bugzilla.maptools.org/show_bug.cgi?id=2480)
	Description: fix for Debian bug #741451
	tiffcp crashes when converting JPEG-encoded TIFF to a different
	encoding (like none or lzw). For example this will probably fail:
	tiffcp -c none jpeg_encoded_file.tif output.tif
	The reason is that when the input file contains JPEG data,
	the tiffcp code forces conversion to RGB space. However,
	the output normally inherits YCbCr subsampling parameters
	from the input, which leads to a smaller working buffer
	than necessary. The buffer is subsequently overrun inside
	cpStripToTile() (called from writeBufferToContigTiles).
	Note that the resulting TIFF file would be scrambled even
	if tiffcp wouldn't crash, since the output file would contain
	RGB data intepreted as subsampled YCbCr values.
	This patch fixes the problem by forcing RGB space on the output
	TIF if the input is JPEG-encoded and output is *not* JPEG-encoded.
	Author: Tomasz Buchert <tomasz.buchert@inria.fr>

2014-12-21  Even Rouault  <even.rouault@spatialys.com>

	Fix various crasher bugs on fuzzed images.
	* libtiff/tif_dir.c: TIFFSetField(): refuse to set negative values for
	TIFFTAG_XRESOLUTION and TIFFTAG_YRESOLUTION that cause asserts when writing
	the directory
	* libtiff/tif_dirread.c: TIFFReadDirectory(): refuse to read ColorMap or
	TransferFunction if BitsPerSample has not yet been read, otherwise reading
	it later will cause user code to crash if BitsPerSample > 1
	* libtiff/tif_getimage.c: TIFFRGBAImageOK(): return FALSE if LOGLUV with
	SamplesPerPixel != 3, or if CIELAB with SamplesPerPixel != 3 or BitsPerSample != 8
	* libtiff/tif_next.c: in the "run mode", use tilewidth for tiled images
	instead of imagewidth to avoid crash
	* tools/bmp2tiff.c: fix crash due to int overflow related to input BMP dimensions
	* tools/tiff2pdf.c: fix crash due to invalid tile count (should likely be checked by
	libtiff too). Detect invalid settings of BitsPerSample/SamplesPerPixel for CIELAB / ITULAB
	* tools/tiffcrop.c: fix crash due to invalid TileWidth/TileHeight
	* tools/tiffdump.c: fix crash due to overflow of entry count.

2014-12-15  Even Rouault  <even.rouault@spatialys.com>

	* libtiff/tif_jpeg.c: Fix regression introduced on 2010-05-07 that caused
	all tiles/strips to include quantization tables even when the jpegtablesmode
	had the JPEGTABLESMODE_QUANT bit set.
	Also add explicit removal of Huffman tables when jpegtablesmode has the
	JPEGTABLESMODE_HUFF bit set, which avoids Huffman tables to be emitted in the
	first tile/strip (only useful in update scenarios. create-only was
	fine)

2014-12-09  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* tools/tiff2pdf.c: Assure that memory size calculations for
	_TIFFmalloc() do not overflow the range of tmsize_t.

2014-12-07  Even Rouault  <even.rouault@spatialys.com>

	* tools/thumbnail.c, tools/tiffcrop.c: "fix" heap read over-run found with
	Valgrind and Address Sanitizer on test suite

2014-12-07  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* tools/tiff2pdf.c (t2p_read_tiff_init): TIFFTAG_TRANSFERFUNCTION
	tag can return one channel, with the other two channels set to
	NULL.  The tiff2pdf code was expecting that other two channels
	were duplicate pointers in the case where there is only one
	channel.  Detect this condition in order to avoid a crash, and
	presumably perform correctly with just one channel.

2014-12-06  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* tools/tiffdump.c: Fix double-free bug.

2014-11-27  Even Rouault  <even.rouault@spatialys.com>

	* libtiff/tif_config.vc.h: no longer use "#define snprintf _snprintf" with
	Visual Studio 2015 aka VC 14 aka MSVC 1900

2014-11-20  Even Rouault  <even.rouault@spatialys.com>

	* libtiff/tif_lzw.c: prevent potential null dereference of
	sp->dec_codetab in LZWPreDecode (bug #2459)

	* libtiff/tif_read.c: in TIFFReadBufferSetup(), avoid passing -1 size
	to TIFFmalloc() if passed user buffer size is 0 (bug #2459)

	* libtiff/tif_ojpeg.c: make Coverity happier (not a bug, #2459)

	* libtiff/tif_dir.c: in _TIFFVGetField() and _TIFFVSetField(), make
	Coverity happier (not a bug, #2459)

	* libtiff/tif_dirread.c: in TIFFFetchNormalTag(), make Coverity happier
	(not a bug, #2459)

	* tools/tiff2pdf.c: close PDF file (bug #2479)

	* tools/fax2ps.c: check malloc()/realloc() result (bug #2470)

	* tools/tiffdump.c: detect cycle in TIFF directory chaining (bug #2463)
	and avoid passing a NULL pointer to read() if seek() failed before (bug #2459)

	* tools/tiffcrop.c: fix segfault if bad value passed to -Z option
	(bug #2459) and add missing va_end in dump_info (#2459)

	* tools/gif2tif.c: apply patch for CVE-2013-4243 (#2451)

2014-11-20  Even Rouault  <even.rouault@spatialys.com>
	* libtiff/tif_jpeg.c: fix segfault in JPEGFixupTagsSubsampling() on
	corrupted image where tif->tif_dir.td_stripoffset == NULL (bug #2471)

erouault's avatar
erouault committed
2014-11-20  Even Rouault  <even.rouault@spatialys.com>
	* automake: updated to 1.14.1
	* libtool: updated to 2.4.3
	* HOWTO-RELEASE: small update about autotools building order

2014-10-20  Olivier Paquet  <olivier.paquet@gmail.com>
	* tools/tiff2pdf.c: Preserve input file directory order when pages
	are tagged with the same page number.

2014-08-31  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* libtiff/tif_dirread.c (TIFFReadDirEntryOutputErr): Incorrect
	count for tag should be a warning rather than an error since
	errors terminate processing.

2014-06-07  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* tools/tiff2rgba.c (]): Fixed tiff2rgba usage message in that zip
	was wrongly described.  Fix suggested by Miguel Medalha.

2014-05-06  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* libtiff/tif_dirinfo.c (TIFFField) : Fix data type for
	TIFFTAG_GLOBALPARAMETERSIFD tag.  Patch by Steve Underwood.
	Reviewed and forwarded by Lee Howard.
2013-11-30  Frank Warmerdam  <warmerdam@pobox.com>

	* libtiff/tif_dir.c: fix last fix for TIFFNumberOfDirectories()

2013-10-21  Frank Warmerdam  <warmerdam@pobox.com>

	* libtiff/tif_dir.c: generate error in case of directory count
	overflow.

2013-10-01  Frank Warmerdam  <warmerdam@pobox.com>

	* libtiff/tiff.h, libtiff/tif_dirinfo.c: add definitions for
	TIFF/EP CFARepeatPatternDim and CFAPattern tags (bug #2457)

2013-09-12  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* libtiff/tif_dir.c (TIFFAdvanceDirectory): If nextdir is found to
	be defective, then set it to zero before returning error in order
	to terminate processing of truncated TIFF.  Issue found and fix
	suggested by Richard Nolde.

2013-08-14  Frank Warmerdam  <warmerdam@pobox.com>

	* tools/gif2tiff.c: fix possible OOB write (#2452, CVE-2013-4244)
2013-08-13  Frank Warmerdam  <warmerdam@pobox.com>

	* tools/gif2tiff.c: Be more careful about corrupt or
	hostile input files (#2450, CVE-2013-4231)

	* tools/tiff2pdf.c: terminate after failure of allocating
	ycbcr buffer (bug #2449, CVE-2013-4232)

2013-07-09  Frank Warmerdam  <warmerdam@google.com>

	* tools/tiffinfo.c: Default various values fetched with
	TIFFGetField() to avoid being uninitialized.

2013-05-02  Tom Lane  <tgl@sss.pgh.pa.us>

	* tools/tiff2pdf.c: Rewrite JPEG marker parsing in
	t2p_process_jpeg_strip to be at least marginally competent.  The
	approach is still fundamentally flawed, but at least now it won't
	stomp all over memory when given bogus input.  Fixes CVE-2013-1960.

2013-05-02  Tom Lane  <tgl@sss.pgh.pa.us>

	* contrib/dbs/xtiff/xtiff.c, libtiff/tif_codec.c,
 	libtiff/tif_dirinfo.c, tools/rgb2ycbcr.c, tools/tiff2bw.c,
 	tools/tiff2pdf.c, tools/tiff2ps.c, tools/tiffcrop.c,
 	tools/tiffdither.c: Enlarge some fixed-size buffers that weren't
 	large enough, and eliminate substantially all uses of sprintf(buf,
 	...)  in favor of using snprintf(buf, sizeof(buf), ...), so as to
 	protect against overflow of fixed-size buffers.  This responds in
 	particular to CVE-2013-1961 concerning overflow in tiff2pdf.c's
 	t2p_write_pdf_page(), but in general it seems like a good idea to
 	deprecate use of sprintf().

2013-03-29  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* configure.ac: Applied patch by Brad Smith to improve pkg-config
	static linking by adding -lm to Libs.private when needed.

2013-03-05  Tom Lane  <tgl@sss.pgh.pa.us>

	* html/man/tiff2ps.1.html, html/man/tiffcp.1.html,
 	html/man/tiffdither.1.html, man/tiff2ps.1, man/tiffcp.1,
 	man/tiffdither.1, tools/tiff2ps.c, tools/tiffcp.c,
 	tools/tiffdither.c: Sync tool usage printouts and man pages with
 	reality (quite a few options had escaped being documented in one
 	or both places).  Per an old report from Miroslav Vadkerti.

2013-01-25  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* tools/tiff2ps.c:Fix bug in auto rotate option code. Once a
	rotation angle was set by the auto rotate check, it was retained
	for all pages that followed instead ofa being retested for each
	page.  Patch by Richard Nolde.

2013-01-18  Frank Warmerdam  <warmerdam@google.com>

fwarmerdam's avatar
fwarmerdam committed
	* libtiff/tif_write.c: tmsize_t related casting warning fixed for
	* libtiff/tif_read.c: uint64/tmsize_t change for MSVC warnings.
	http://bugzilla.maptools.org/show_bug.cgi?id=2427

2012-12-20  Tom Lane  <tgl@sss.pgh.pa.us>

	* test/raw_decode.c: Relax raw_decode's pixel-value checks so that
	it will pass with more versions of libjpeg.  (There are at least
	three in active use now, and JPEG_LIB_VERSION doesn't tell us
	enough to uniquely identify expected results.)

2012-12-12  Tom Lane  <tgl@sss.pgh.pa.us>

	* libtiff/tif_print.c: Fix TIFFPrintDirectory's handling of
	field_passcount fields: it had the TIFF_VARIABLE and
	TIFF_VARIABLE2 cases backwards.

2012-12-10  Tom Lane  <tgl@sss.pgh.pa.us>

	* tools/ppm2tiff.c: Improve previous patch for CVE-2012-4564:
 	check the linebytes calculation too, get the max() calculation
 	straight, avoid redundant error messages, check for malloc
 	failure.

2012-12-10  Tom Lane  <tgl@sss.pgh.pa.us>

	* libtiff/tif_pixarlog.c: Improve previous patch for CVE-2012-4447
 	(to enlarge tbuf for possible partial stride at end) so that
 	overflow in the integer addition is detected.  Per gripe from
 	Huzaifa Sidhpurwala.

2012-12-03  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* tools/tiffset.c: tiffset now supports a -u option to unset a
	tag.  Patch by Zach Baker. See
	http://bugzilla.maptools.org/show_bug.cgi?id=2419

2012-11-18  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* automake: Update Automake to 1.12.5 release.

	* libtiff/tif_{unix,vms,win32}.c (_TIFFmalloc): ANSI C does not
	require malloc() to return NULL pointer if requested allocation
	size is zero.  Assure that _TIFFmalloc does.

2012-11-01  Frank Warmerdam  <warmerdam@pobox.com>

	* tools/ppm2tiff.c: avoid zero size buffer vulnerability.
	CVE-2012-4564 - Thanks to Huzaifa Sidhpurwala of the
	Red Hat Security Response team for the fix.