- 2008.08.30 02:08 "Re: [Tiff] Some security fixes from RHEL", by Tom Lane
-
2008.08.31 15:17 "Re: [Tiff] Some security fixes from RHEL", by Frank Warmerdam
-
2008.08.31 15:38 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
-
2008.08.31 21:09 "Re: [Tiff] Some security fixes from RHEL", by Rogier Wolff
- 2008.08.31 21:21 "Re: [Tiff] Some security fixes from RHEL", by Olaf_Drümmer
-
2008.08.31 21:51 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
- 2008.08.31 22:08 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
- 2008.08.31 21:52 "Re: [Tiff] Some security fixes from RHEL", by Toby Thain
- 2008.09.01 15:40 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
-
2008.08.31 21:59 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
- 2008.08.31 22:17 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
-
2008.09.01 03:12 "Re: [Tiff] Some security fixes from RHEL", by Frank Warmerdam
-
2008.09.01 15:52 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
-
2008.09.01 21:33 "Re: [Tiff] Some security fixes from RHEL", by Frank Warmerdam
-
2008.09.03 16:38 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
-
2008.09.03 17:07 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
-
2008.09.03 17:20 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
- 2008.09.03 18:02 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
-
2008.09.03 19:32 "Re: [Tiff] Some security fixes from RHEL", by Ron
- 2008.09.03 21:39 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
-
2008.09.03 17:20 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
- 2008.09.03 17:16 "Re: [Tiff] Some security fixes from RHEL", by Frank Warmerdam
- 2008.09.04 07:45 "Re: [Tiff] Some security fixes from RHEL", by Andrey Kiselev
-
2008.09.03 17:07 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
-
2008.09.03 16:38 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
- 2008.09.01 22:30 "Re: [Tiff] Some security fixes from RHEL", by Dmitry V. Levin
-
2008.09.01 21:33 "Re: [Tiff] Some security fixes from RHEL", by Frank Warmerdam
-
2008.09.01 15:52 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
-
2008.09.01 05:11 "Re: [Tiff] Some security fixes from RHEL", by Tom Lane
- 2008.09.01 15:30 "Re: [Tiff] Some security fixes from RHEL", by Frank Warmerdam
- 2008.09.01 15:33 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
- 2008.09.01 16:23 "Re: [Tiff] Some security fixes from RHEL", by Ron
- 2008.09.01 22:04 "Re: [Tiff] Some security fixes from RHEL", by Dmitry V. Levin
-
2008.08.31 21:09 "Re: [Tiff] Some security fixes from RHEL", by Rogier Wolff
-
2008.08.31 15:38 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
-
2008.09.03 08:03 "Re: [Tiff] Some security fixes from RHEL", by Andrey Kiselev
- 2008.09.04 20:48 "Re: [Tiff] beta2 release - lfind() problem on Win64", by Edward Lam
- 2008.09.03 21:01 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
- 2008.09.03 21:59 "Re: [Tiff] Some security fixes from RHEL", by Even Rouault
2008.09.03 18:43 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
However, if the reshuffling is not going to happen in the next three months as it has not happened in the past 3 months (or past year, if you recognize that Joris's patch was made in August 2007), then I think we need to just proceed anyway.
That was before you joined the team. ;-)
The purpose of the 3.9 branch is primarily to keep folks who can't immediately update to 4.0.0 happy. There are many bugs fixed. It does also introduce Joris's substantial OJPEG updates.
Since we are already planning to cause lots of churn with the 4.0.0 release, we should make sure that existing 3.X.X libtiff users are left in the best state possible.
I have attached a diff of tiffio.h between libtiff 3.8.2 and CVS libtiff-branch-3-9 ignoring all white space changes.
>From this it can be seen that SubsamplingHor, SubsamplingVer, UaToAa, and Bitdepth16To8 were all added at rather inopportune spots in the _TIFFRGBAImage structure. I see that there are several functions (TIFFRGBAImageBegin, TIFFRGBAImageGet, TIFFRGBAImageEnd) which expect TIFFRGBAImage to be user allocated (stack/heap) as demonstrated by code in tools/tiffgt.c. In this case, the size of the structure is not allowed to be changed at all. A proper design would be for libtiff to provide APIs to allocate and deallocate this structure so the user does not need to know the size and the only commitment is to maintain existing members at their original offsets.
Bob
======================================
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
1c1
< /* $Id: tiffio.h,v 1.50 2006/03/21 16:37:51 dron Exp $ */
---
> /* $Id: tiffio.h,v 1.56 2007/03/08 03:07:42 joris Exp $ */
64,65c64,66
< typedef uint32 tstrip_t; /* strip number */
< typedef uint32 ttile_t; /* tile number */
---
> typedef uint32 tstrile_t; /* strip or tile number */
> typedef tstrile_t tstrip_t; /* strip number */
> typedef tstrile_t ttile_t; /* tile number */
99,102d99
< #ifndef NULL
< # define NULL (void *)0
< #endif
<
199a197,198
> uint16 SubsamplingHor; /* subsampling factors */
> uint16 SubsamplingVer;
209a209
> /* put decoded strip/tile */
214c214
< } put; /* put decoded strip/tile */
---
> } put;
220a221,223
> uint8* UaToAa; /* Unassociated alpha to associated alpha convertion LUT */
> uint8* Bitdepth16To8; /* LUT for conversion from 16bit to 8bit values */
>
351a355,356
> extern tsize_t TIFFOldScanlineSize(TIFF*);
> extern tsize_t TIFFNewScanlineSize(TIFF*);