Skip to content

Update dependency libtiff/libtiff to v4.7.0

GitLab Dependency Bot requested to merge gitlab-renovate-forks/omnibus-gitlab:renovate/libtiff-libtiff-4.x into master

This MR contains the following updates:

Package Update Change
libtiff/libtiff minor v4.6.0 -> v4.7.0

MR created with the help of gitlab-org/frontend/renovate-gitlab-bot

Release Notes

libtiff/libtiff (libtiff/libtiff)

v4.7.0: libtiff 4.7.0

Compare Source

Major changes

This version restores in the default build the availability of the tools that had been dropped in v4.6.0 (cf :ref:rfc2_restoring_needed_tools)

Software configuration changes

  • autoconf build: configure.ac: avoid -Werror passed to CFLAGS to interfere with feature detection
  • autoconf build: fix error when running make clean (fixes 630)
  • autoconf build: back off the minimum required automake version to 1.11
  • autoconf.ac: fix detection of windows.h for mingw (fixes 605)
  • libtiff-4.pc: Fix Requires.private missing Lerc. It provides a .pc file starting from version 4 (in autoconf builds, we assume that liblerc is at least version 4)
  • CMake: Fix TIFF_INCLUDE_DIRS
  • CMake: MinGW compilers don't need a .def file for shared library
  • CMake: move libdeflate and Lerc to Requires.private
  • CMake: enable resource compilation on all Windows.

Library changes

New/improved functionalities:

  • Add TIFFOpenOptionsSetMaxCumulatedMemAlloc(). This function complements TIFFOpenOptionsSetMaxSingleMemAlloc() to define the maximum cumulated memory allocations in byte, for a given TIFF handle, that libtiff internal memory allocation functions are allowed.

API/ABI breaks:

  • None

Bug fixes:

  • TIFFWriteDirectory(): Avoid overwriting following data if an IFD is enlarged.
  • TIFFXYZToRGB: avoid integer overflow (fixes 644)
  • uv_decode() and uv_encode(): avoid potential out-of-bounds array index (fixes 645)
  • Fix cases where tif_curdir is set incorrectly. Fix cases where the current directory number (tif_curdir) is set inconsistently or incorrectly, depending on the previous history.
  • TIFFRead[Scanline/EncodedStrip/EncodeTile]: 0-initialize output buffer if setupdecode fails ; most codecs: zero-initialize (not-yet-written parts of) output buffer if failure (fixes 375)
  • OJPEG: reset subsampling_convert_state=0 in OJPEGPreDecode (fixes 183)
  • ThunderRLE: fix failure when decoding last run. Bug seen with GhostPDL
  • LERC codec: deal with issues with multi-band PlanarConfig=Contig and NaN values
  • tif_fax3.c: error out after a number of times end-of-file has been reached (fixes 583)
  • LZW: avoid warning about misaligned address with UBSAN (fixes 616)
  • TIFFReadRGBAStrip/TIFFReadRGBATile: add more validation of col/row (fixes 622, CVE-2023-52356)
  • tif_dirread.c: only issue TIFFGetFileSize() for large enough RAM requests
  • Avoid FPEs (division by zero) in tif_getimage.c.
  • Avoiding FPE (division by zero) for TIFFhowmany_32() and TIFFhowmany_64() macros by checking for denominator not zero before macros are executed. (fixes 628)
  • Add non-zero check before division in TIFFComputeStrip()
  • Fix wrong return of TIFFIsBigTIFF() in case byte-swapping is active
  • Setting the TIFFFieldInfo field set_field_type should consider field_writecount not field_readcount
  • Avoid memory leaks when using TIFFCreateDirectory() by releasing the allocated memory in the tif-structure.
  • For non-terminated ASCII arrays, the buffer is first enlarged before a NULL is set at the end to avoid deleting the last character. (fixes 579)
  • Check return value of _TIFFCreateAnonField(). (fixes 624, CVE-2024-7006)
  • Prevent some out-of-memory attacks (libtiff/libtiff#614 (comment 1602683857))
  • Ensure absolute seeking is forced independent of TIFFReadDirectory success. (fixes 618)
  • tif_dirinfo.c: re-enable TIFFTAG_EP_CFAREPEATPATTERNDIM and TIFFTAG_EP_CFAPATTERN tags (fixes 608)

Other changes:

  • Fix warnings with GCC 14
  • tif_dir.c: Log source file, line number, and input tif for directory count error (fixes 627)
  • Last usage of get_field_type of TIFFField structure at TIFFWriteDirectorySec() changed to using set_field_type.
  • tif_jpeg.c/tif_ojpeg.c: remove likely ifdef tricks related to old compilers or unusual setups
  • Remove _TIFFUInt64ToFloat() and _TIFFUInt64ToDouble()
  • Remove support for _MSC_VER < 1500.
  • Use #ifdef _WIN32 to test for Windows, and tiffio.h: remove definition of WIN32

Documentation

  • Amend manpages for changes in current directory index behaviour
  • Note on using TIFFFlush() before TIFFClose() to check that the data has been successfully written to the file. (fixes 506)
  • Update TIFF documentation about TIFFOpenOptions.rst and TIFFOpenOptionsSetMaxSingleMemAlloc() usage and some other small fixes (relates to CVE-2024-7006)

Tools changes

Re-added tools:

  • fax2ps
  • fax2tiff
  • pal2rgb
  • ppm2tiff
  • raw2tiff
  • rgb2ycbcr (not installed)
  • thumbnail (not installed)
  • tiff2bw
  • tiff2rgba
  • tiffcmp
  • tiffcrop
  • tiffdither
  • tiffgt
  • tiffmedian
  • tiff2ps
  • tiff2pdf

New/improved functionality:

  • tiff2rgba: Add background gradient option for alpha compositing
  • tiffcp: -i flag restored

Bug fixes:

  • tiffcrop: address Coverity scan issues 1605444, 1605445, and 16054
  • tiffcrop: Apply "Fix heap-buffer-overflow in function extractImageSection"
  • tiffcrop: fix buffer overflows, use after free (fixes 542, 550, 552)
  • tiff2pdf: address Coverity scan issues
  • tiff2pdf: fix inconsistent PLANARCONFIG value for the input and output TIFF
  • tiff2pdf: fix issue with JPEG restart-interval marker when converting from JPEG-compressed files (fixes 539)
  • tiff2pdf: red and blue were being swapped for RGBA decoding (fixes 253)
  • tiff2pdf: fixes 596
  • thumbnail: address Coverity scan issues
  • tiffcp: Add check for limitMalloc return to fix Coverity 1603334
  • tiffcp: preserve TIFFTAG_REFERENCEBLACKWHITE when doing YCbCr JPEG -> YCbCr JPEG
  • tiffcp: replace PHOTOMETRIC_YCBCR with PHOTOMETRIC_RGB when outputing to compression != JPEG (refs 571)
  • tiffcp: do not copy tags YCBCRCOEFFICIENTS, YCBCRSUBSAMPLING, YCBCRPOSITIONING, REFERENCEBLACKWHITE. Only set YCBCRSUBSAMPLING when generating YCbCr JPEG
  • tiffcp: Check also codec of input image, not only from output image (fixes 606)
  • Add some basic sanity checks for tiffcp and tiffcrop RGB->YCbCr JPEG conversions.
  • fax2ps and fax2tiff: memory leak fixes (fixes 476)
  • tiffmedian: memory leak fixes (fixes 599)
  • fax2tiff: fix EOFB interpretation (fixes 191)
  • fax2tiff: fix issue with unreasonable width input (fixes 249)
  • tiffcp and tiffcrop: fixes 228
  • tiff2rgba: fixes 469
  • tiffdither: fixes 473
  • tiffdump: fix wrong printf formatter in error message (Coverity 1472932)
  • tiffset: avoid false positive Coverity Scan warning on 64-bit builds (Coverity 1518997)
  • tifcp/tiffset: use correct format specifiers

Changes to contributed and unsupported tools

  • contrib/addtiffo: validate return of TIFFWriteEncodedXXXX() calls (Coverity 1024680)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by GitLab Dependency Bot

Merge request reports