2009.07.17 00:42 "[Tiff] Compression algorithm does not support random access.", by Bob Friesenhahn

2009.08.24 18:46 "Re: [Tiff] libtiff 4.0.0beta3", by Jay Berkenbilt

Executive summary: bugs 1895, 2024, and 2079 have not been applied to the trunk. They are all relatively simple.

Please double-check CVS HEAD to make sure that it is to your satisfaction.

Looks good to me. As far as I know, this should take care of all the security issues.

With that, the only patch left in the debian tiff package is bug 2023, which is a few manual page nroff errors. There may be other issues in other distributions, but it looks like you've got all the security ones. I know the Red Hat/Fedora packages have some patches in them that I haven't included in the debian packages. I have yet to analyze them, but none of them are security related.

If you feel like fixing the manual page errors (doesn't matter to me -- I can keep patching them in debian), the attached patch applies cleanly to current CVS head. Either way, you have my gratitude for taking care of these problems, and I'm sure those feelings must be shared by many others as well. Thanks!

--Jay

Index: man/TIFFClose.3tiff

=================================================================== RCS file: /cvs/maptools/cvsroot/libtiff/man/TIFFClose.3tiff,v retrieving revision 1.2

diff -u -r1.2 TIFFClose.3tiff
--- man/TIFFClose.3tiff 2 Nov 2005 11:07:18 -0000 1.2
+++ man/TIFFClose.3tiff 24 Aug 2009 18:39:01 -0000
@@ -40,7 +40,7 @@
 current directory (if modified); and all resources are reclaimed.
 .SH DIAGNOSTICS
 All error messages are directed to the
-.bR TIFFError (3TIFF)
+.BR TIFFError (3TIFF)
 routine.
 Likewise, warning messages are directed to the
 .BR TIFFWarning (3TIFF)
Index: man/raw2tiff.1

=================================================================== RCS file: /cvs/maptools/cvsroot/libtiff/man/raw2tiff.1,v retrieving revision 1.6

diff -u -r1.6 raw2tiff.1

--- man/raw2tiff.1      20 Apr 2006 12:17:19 -0000      1.6
+++ man/raw2tiff.1      24 Aug 2009 18:39:01 -0000

@@ -187,7 +187,7 @@
 in some cases. But for most ordinary images guessing method will work fine.
 .SH "SEE ALSO"
 .BR pal2rgb (1),
-.bR tiffinfo (1),
+.BR tiffinfo (1),
 .BR tiffcp (1),
 .BR tiffmedian (1),
 .BR libtiff (3)
Index: man/tiffcmp.1

===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/man/tiffcmp.1,v
retrieving revision 1.5
diff -u -r1.5 tiffcmp.1
--- man/tiffcmp.1       20 Apr 2006 12:17:19 -0000      1.5
+++ man/tiffcmp.1       24 Aug 2009 18:39:01 -0000
@@ -78,7 +78,7 @@
 in some exotic cases. 
 .SH "SEE ALSO"
 .BR pal2rgb (1),
-.bR tiffinfo (1),
+.BR tiffinfo (1),
 .BR tiffcp (1),
 .BR tiffmedian (1),
 .BR libtiff (3TIFF)
Index: man/tiffsplit.1
===================================================================

RCS file: /cvs/maptools/cvsroot/libtiff/man/tiffsplit.1,v retrieving revision 1.5

diff -u -r1.5 tiffsplit.1

--- man/tiffsplit.1     2 Nov 2005 11:07:19 -0000       1.5
+++ man/tiffsplit.1     24 Aug 2009 18:39:01 -0000

@@ -1,4 +1,4 @@
-.\" $Id: tiffsplit.1,v 1.5 2005-11-02 11:07:19 dron Exp $
+.\" $Id: tiffsplit.1,v 1.5 2005/11/02 11:07:19 dron Exp $
 .\"
 .\" Copyright (c) 1992-1997 Sam Leffler
 .\" Copyright (c) 1992-1997 Silicon Graphics, Inc.
@@ -50,7 +50,7 @@
 (e.g.
 .IR xaaa.tif,
 .IR xaab.tif,
-\...
+.IR...,
 .IR xzzz.tif ).
 If a prefix is not specified on the command line,
 the default prefix of

_______________________________________________
Tiff mailing list: Tiff@lists.maptools.org
http://lists.maptools.org/mailman/listinfo/tiff
http://www.remotesensing.org/libtiff/

--=-=-=-�