From 884f973652b8b020e533b1e340da3ef4bcd1d925 Mon Sep 17 00:00:00 2001 From: Bob Friesenhahn Date: Sat, 19 Nov 2016 17:47:39 +0000 Subject: [PATCH] * libtiff 4.0.7 released. * configure.ac: Update for 4.0.7 release. --- ChangeLog | 4 ++++ Makefile.in | 4 ++-- RELEASE-DATE | 2 +- VERSION | 2 +- configure | 24 ++++++++++++------------ configure.ac | 6 +++--- html/Makefile.am | 3 ++- html/Makefile.in | 3 ++- html/index.html | 4 ++-- html/v4.0.7.html | 16 ++++++++++++++-- libtiff/tiffvers.h | 4 ++-- 11 files changed, 45 insertions(+), 27 deletions(-) diff --git a/ChangeLog b/ChangeLog index fcbd3804..9b9d397d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ 2016-11-19 Bob Friesenhahn + * libtiff 4.0.7 released. + + * configure.ac: Update for 4.0.7 release. + * tools/tiffdump.c (ReadDirectory): Remove uint32 cast to _TIFFmalloc() argument which resulted in Coverity report. Added more mutiplication overflow checks. diff --git a/Makefile.in b/Makefile.in index 301a2685..c9c0645f 100644 --- a/Makefile.in +++ b/Makefile.in @@ -222,8 +222,8 @@ am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/libtiff-4.pc.in \ $(top_srcdir)/config/missing \ $(top_srcdir)/config/mkinstalldirs ChangeLog README TODO \ config/compile config/config.guess config/config.sub \ - config/install-sh config/ltmain.sh config/missing \ - config/mkinstalldirs + config/depcomp config/install-sh config/ltmain.sh \ + config/missing config/mkinstalldirs DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) diff --git a/RELEASE-DATE b/RELEASE-DATE index ae758a75..fb9e3f6c 100644 --- a/RELEASE-DATE +++ b/RELEASE-DATE @@ -1 +1 @@ -20150912 +20161119 diff --git a/VERSION b/VERSION index d13e837c..43beb400 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -4.0.6 +4.0.7 diff --git a/configure b/configure index 560cf732..db236949 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for LibTIFF Software 4.0.6. +# Generated by GNU Autoconf 2.69 for LibTIFF Software 4.0.7. # # Report bugs to . # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='LibTIFF Software' PACKAGE_TARNAME='tiff' -PACKAGE_VERSION='4.0.6' -PACKAGE_STRING='LibTIFF Software 4.0.6' +PACKAGE_VERSION='4.0.7' +PACKAGE_STRING='LibTIFF Software 4.0.7' PACKAGE_BUGREPORT='tiff@lists.maptools.org' PACKAGE_URL='' @@ -1408,7 +1408,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures LibTIFF Software 4.0.6 to adapt to many kinds of systems. +\`configure' configures LibTIFF Software 4.0.7 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1482,7 +1482,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of LibTIFF Software 4.0.6:";; + short | recursive ) echo "Configuration of LibTIFF Software 4.0.7:";; esac cat <<\_ACEOF @@ -1668,7 +1668,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -LibTIFF Software configure 4.0.6 +LibTIFF Software configure 4.0.7 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2441,7 +2441,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by LibTIFF Software $as_me 4.0.6, which was +It was created by LibTIFF Software $as_me 4.0.7, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3384,7 +3384,7 @@ fi # Define the identity of the package. PACKAGE='tiff' - VERSION='4.0.6' + VERSION='4.0.7' cat >>confdefs.h <<_ACEOF @@ -3588,13 +3588,13 @@ fi LIBTIFF_MAJOR_VERSION=4 LIBTIFF_MINOR_VERSION=0 -LIBTIFF_MICRO_VERSION=6 +LIBTIFF_MICRO_VERSION=7 LIBTIFF_ALPHA_VERSION= LIBTIFF_VERSION=$LIBTIFF_MAJOR_VERSION.$LIBTIFF_MINOR_VERSION.$LIBTIFF_MICRO_VERSION$LIBTIFF_ALPHA_VERSION LIBTIFF_RELEASE_DATE=`date +"%Y%m%d"` LIBTIFF_CURRENT=7 -LIBTIFF_REVISION=4 +LIBTIFF_REVISION=5 LIBTIFF_AGE=2 LIBTIFF_VERSION_INFO=$LIBTIFF_CURRENT:$LIBTIFF_REVISION:$LIBTIFF_AGE @@ -21500,7 +21500,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by LibTIFF Software $as_me 4.0.6, which was +This file was extended by LibTIFF Software $as_me 4.0.7, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -21566,7 +21566,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -LibTIFF Software config.status 4.0.6 +LibTIFF Software config.status 4.0.7 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 33ffb0dc..23d543cf 100644 --- a/configure.ac +++ b/configure.ac @@ -25,7 +25,7 @@ dnl OF THIS SOFTWARE. dnl Process this file with autoconf to produce a configure script. AC_PREREQ(2.64) -AC_INIT([LibTIFF Software],[4.0.6],[tiff@lists.maptools.org],[tiff]) +AC_INIT([LibTIFF Software],[4.0.7],[tiff@lists.maptools.org],[tiff]) AC_CONFIG_AUX_DIR(config) AC_CONFIG_MACRO_DIR(m4) AC_LANG(C) @@ -41,7 +41,7 @@ dnl Versioning. dnl Don't fill the ALPHA_VERSION field, if not applicable. LIBTIFF_MAJOR_VERSION=4 LIBTIFF_MINOR_VERSION=0 -LIBTIFF_MICRO_VERSION=6 +LIBTIFF_MICRO_VERSION=7 LIBTIFF_ALPHA_VERSION= LIBTIFF_VERSION=$LIBTIFF_MAJOR_VERSION.$LIBTIFF_MINOR_VERSION.$LIBTIFF_MICRO_VERSION$LIBTIFF_ALPHA_VERSION dnl This will be used with the 'make release' target @@ -77,7 +77,7 @@ dnl increment age. dnl 6. If any interfaces have been removed since the last public release, dnl then set age to 0. LIBTIFF_CURRENT=7 -LIBTIFF_REVISION=4 +LIBTIFF_REVISION=5 LIBTIFF_AGE=2 LIBTIFF_VERSION_INFO=$LIBTIFF_CURRENT:$LIBTIFF_REVISION:$LIBTIFF_AGE diff --git a/html/Makefile.am b/html/Makefile.am index 07f4f873..01549ba2 100644 --- a/html/Makefile.am +++ b/html/Makefile.am @@ -83,7 +83,8 @@ docfiles = \ v4.0.4beta.html \ v4.0.4.html \ v4.0.5.html \ - v4.0.6.html + v4.0.6.html \ + v4.0.7.html dist_doc_DATA = $(docfiles) diff --git a/html/Makefile.in b/html/Makefile.in index 57c464cd..3cb22e6d 100644 --- a/html/Makefile.in +++ b/html/Makefile.in @@ -446,7 +446,8 @@ docfiles = \ v4.0.4beta.html \ v4.0.4.html \ v4.0.5.html \ - v4.0.6.html + v4.0.6.html \ + v4.0.7.html dist_doc_DATA = $(docfiles) SUBDIRS = images man diff --git a/html/index.html b/html/index.html index f237396b..d1375191 100644 --- a/html/index.html +++ b/html/index.html @@ -24,7 +24,7 @@ Latest Stable Release - v4.0.6 + v4.0.7 Master Download Site @@ -114,7 +114,7 @@

- Last updated $Date: 2016-09-25 20:05:44 $. + Last updated $Date: 2016-11-19 17:47:40 $.

diff --git a/html/v4.0.7.html b/html/v4.0.7.html index 8c426564..e29e8d53 100644 --- a/html/v4.0.7.html +++ b/html/v4.0.7.html @@ -78,6 +78,15 @@ information is located here:
    +
  • libtiff/tif_dirread.c: in TIFFFetchNormalTag(), do not + dereference NULL pointer when values of tags with + TIFF_SETGET_C16_ASCII / TIFF_SETGET_C32_ASCII access are + 0-byte arrays. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2593 (regression + introduced by previous fix done on 2016-11-11 for + CVE-2016-9297). Reported by Henri Salo. Assigned as + CVE-2016-9448 +
  • libtiff/tif_aux.c: fix crash in TIFFVGetFieldDefaulted() when requesting Predictor tag and that the zip/lzw codec is not configured. Fixes @@ -362,7 +371,6 @@ information is located here: libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro (bugzilla #2543) -
  • tools/tiff2rgba.c: Fix integer overflow in size of allocated buffer, when -b mode is enabled, that could result in out-of-bounds write. Based initially on patch @@ -379,6 +387,10 @@ information is located here:
  • tools/tiffdump.c: fix a few misaligned 64-bit reads warned by -fsanitize +
  • tools/tiffdump.c (ReadDirectory): Remove uint32 cast to + _TIFFmalloc() argument which resulted in Coverity report. + Added more mutiplication overflow checks. +


@@ -393,7 +405,7 @@ information is located here: -Last updated $Date: 2016-11-12 21:43:44 $. +Last updated $Date: 2016-11-19 17:47:40 $. diff --git a/libtiff/tiffvers.h b/libtiff/tiffvers.h index e965814b..fe55c726 100644 --- a/libtiff/tiffvers.h +++ b/libtiff/tiffvers.h @@ -1,4 +1,4 @@ -#define TIFFLIB_VERSION_STR "LIBTIFF, Version 4.0.6\nCopyright (c) 1988-1996 Sam Leffler\nCopyright (c) 1991-1996 Silicon Graphics, Inc." +#define TIFFLIB_VERSION_STR "LIBTIFF, Version 4.0.7\nCopyright (c) 1988-1996 Sam Leffler\nCopyright (c) 1991-1996 Silicon Graphics, Inc." /* * This define can be used in code that requires * compilation-related definitions specific to a @@ -6,4 +6,4 @@ * version checking should be done based on the * string returned by TIFFGetVersion. */ -#define TIFFLIB_VERSION 20150912 +#define TIFFLIB_VERSION 20161119