2012.06.16 00:31 "[Tiff] Libtiff 4.0.2 Released", by Frank Warmerdam

2012.06.19 19:39 "Re: [Tiff] Libtiff 4.0.2 Released", by Charles Auer

Hi Frank: tif_jpeg.c is much improved, but it

still “auto-corrects” the subsampling factors from [2, 2] to [1, 1] for PHOTOMETRIC_ITULAB images, even when, of course, the subsampling factors are indeed meant to be [2, 2]. At least now it admits doing this, generating the following error message: Improper JPEG sampling factors 2,2Apparently should be 1,1 Charles

 > Date: Fri, 15 Jun 2012 17:31:56 -0700
> From: warmerdam@pobox.com
> To: tiff@lists.maptools.org
> Subject: [Tiff] Libtiff 4.0.2 Released

I have pushed out a 4.0.2 release. It includes a few minor new features,
and a variety of bug fixes, mostly of interest to those paranoid about
security issues in libtiff. If you use libtiff with untrusted input files you
might want to update. From the version page:

CHANGES IN LIBTIFF:

tif_getimage.c: added support for _SEPARATED CMYK images.

tif_getimage.c: Added support for greyscale + alpha. Added TIFFCreateCustomDirectory() and TIFFCreateEXIFDirectory() functions. tif_print.c: Lots of fixes around printing corrupt or hostile input. Improve handling of corrupt ycbcrsubsampling values. tif_unix.c: use strerror to get meaningful error messages. tif_jpeg.c: fix serious bugs in JPEGDecodeRaw().

tif_jpeg.c: Fix size overflow (zdi-can-1221,CVE-2012-1173).

CHANGES IN THE TOOLS:

    tiff2pdf: Defend against integer overflows while calculating
required buffer sizes (CVE-2012-2113).

Hopefully I haven't botched things badly - I tried to follow the
instructions instead of just asking Bob to do it for me this time.