AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

Thread

2009.07.17 00:42 "[Tiff] Compression algorithm does not support random access.", by Bob Friesenhahn
2009.08.20 02:36 "Re: [Tiff] any 3.9.0 status update?", by Frank Warmerdam
2009.08.20 02:08 "Re: [Tiff] any 3.9.0 status update?", by Jay Berkenbilt
2009.08.20 02:23 "Re: [Tiff] any 3.9.0 status update?", by Bob Friesenhahn
2009.08.21 16:19 "Re: [Tiff] libtiff 4.0.0beta3", by Jay Berkenbilt
2009.08.21 16:37 "Re: [Tiff] libtiff 4.0.0beta3", by Frank Warmerdam
2009.08.21 17:10 "Re: [Tiff] libtiff 4.0.0beta3", by Bob Friesenhahn
2009.08.23 16:20 "Re: [Tiff] libtiff 4.0.0beta3", by Jay Berkenbilt
2009.08.24 17:25 "Re: [Tiff] libtiff 4.0.0beta3", by Bob Friesenhahn
2009.08.24 18:46 "Re: [Tiff] libtiff 4.0.0beta3", by Jay Berkenbilt
2009.08.24 19:33 "Re: [Tiff] libtiff 4.0.0beta3", by Bob Friesenhahn

2009.08.24 17:25 "Re: [Tiff] libtiff 4.0.0beta3", by Bob Friesenhahn

It would be helpful if bug reports in bugzilla as well as CVS commit comments contained CVE numbers for security-related patches. It would make it much easier to verify that security fixes have been committed or at least acknowledged. But I did a careful analysis of this just a few days ago while preparing debian packages for 3.9.0 and 4.0.0 beta 3.

Executive summary: bugs 1895, 2024, and 2079 have not been applied to the trunk. They are all relatively simple.

Please double-check CVS HEAD to make sure that it is to your satisfaction. I have now applied fixes for the bug IDs you mentioned. The libtiff test suite ('make check') was mostly re-written yesterday.

I ran valgrind on all of the tests and was disappointed to not uncover anything which needs fixing.

Bob
--
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/