https://github.com/libsdl-org/libtiff/commit/0ec9ef43aab899d8b7f69e2fe9fb89f58fb4b335
From 0ec9ef43aab899d8b7f69e2fe9fb89f58fb4b335 Mon Sep 17 00:00:00 2001
From: Bob Friesenhahn <[EMAIL REDACTED]>
Date: Sat, 22 Sep 2012 17:16:17 +0000
Subject: [PATCH] * libtiff 3.9.7 released.
---
ChangeLog | 2 +
HOWTO-RELEASE | 3 +-
RELEASE-DATE | 2 +-
VERSION | 2 +-
build/Makefile.in | 2 +-
configure | 22 +++---
configure.ac | 4 +-
contrib/dbs/xtiff/Makefile.in | 2 +-
html/Makefile.in | 2 +-
html/index.html | 4 +-
html/v3.9.7.html | 131 ++++++++++++++++++++++++++++++++++
libtiff/tiffvers.h | 4 +-
12 files changed, 157 insertions(+), 23 deletions(-)
create mode 100644 html/v3.9.7.html
diff --git a/ChangeLog b/ChangeLog
index bf7fa9fa..c18d4958 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
2012-09-22 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
+ * libtiff 3.9.7 released.
+
* automake: Update to use GNU automake 1.12.4
2012-07-19 Tom Lane <tgl@sss.pgh.pa.us>
diff --git a/HOWTO-RELEASE b/HOWTO-RELEASE
index 4bf4de75..cb02a152 100644
--- a/HOWTO-RELEASE
+++ b/HOWTO-RELEASE
@@ -7,12 +7,13 @@ Notes on releasing.
and that these tools are in your executable search path prior to
any other installed versions. Versions delivered with Linux may be
altered so it is best to install official FSF releases. GNU 'm4'
- 1.4.6 or later is needed in order to avoid bugs in m4. These
+ 1.4.16 or later is needed in order to avoid bugs in m4. These
packages may be downloaded from the following ftp locations:
autoconf - ftp://ftp.gnu.org/pub/gnu/autoconf
automake - ftp://ftp.gnu.org/pub/gnu/automake
libtool - ftp://ftp.gnu.org/pub/gnu/libtool
+ m4 - ftp://ftp.gnu.org/pub/gnu/m4
Release builds should only be done on a system with a functioning
and correctly set system clock and on a filesystem which accurately
diff --git a/RELEASE-DATE b/RELEASE-DATE
index 52cbf447..f0326d2c 100644
--- a/RELEASE-DATE
+++ b/RELEASE-DATE
@@ -1 +1 @@
-20120218
+20120922
diff --git a/VERSION b/VERSION
index 1635d0f5..f69abe41 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-3.9.6
+3.9.7
diff --git a/build/Makefile.in b/build/Makefile.in
index 1a09f080..1a316b17 100644
--- a/build/Makefile.in
+++ b/build/Makefile.in
@@ -14,7 +14,7 @@
@SET_MAKE@
-# $Id: Makefile.in,v 1.1.2.24 2012-09-22 15:01:10 bfriesen Exp $
+# $Id: Makefile.in,v 1.1.2.25 2012-09-22 17:16:19 bfriesen Exp $
#
# Tag Image File Format (TIFF) Software
#
diff --git a/configure b/configure
index e36f24cd..b76fd9d6 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for LibTIFF Software 3.9.6.
+# Generated by GNU Autoconf 2.69 for LibTIFF Software 3.9.7.
#
# Report bugs to <tiff@lists.maptools.org>.
#
@@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='LibTIFF Software'
PACKAGE_TARNAME='tiff'
-PACKAGE_VERSION='3.9.6'
-PACKAGE_STRING='LibTIFF Software 3.9.6'
+PACKAGE_VERSION='3.9.7'
+PACKAGE_STRING='LibTIFF Software 3.9.7'
PACKAGE_BUGREPORT='tiff@lists.maptools.org'
PACKAGE_URL=''
@@ -1387,7 +1387,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures LibTIFF Software 3.9.6 to adapt to many kinds of systems.
+\`configure' configures LibTIFF Software 3.9.7 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1461,7 +1461,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of LibTIFF Software 3.9.6:";;
+ short | recursive ) echo "Configuration of LibTIFF Software 3.9.7:";;
esac
cat <<\_ACEOF
@@ -1626,7 +1626,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-LibTIFF Software configure 3.9.6
+LibTIFF Software configure 3.9.7
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2353,7 +2353,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by LibTIFF Software $as_me 3.9.6, which was
+It was created by LibTIFF Software $as_me 3.9.7, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3257,7 +3257,7 @@ fi
# Define the identity of the package.
PACKAGE='tiff'
- VERSION='3.9.6'
+ VERSION='3.9.7'
cat >>confdefs.h <<_ACEOF
@@ -3329,7 +3329,7 @@ fi
LIBTIFF_MAJOR_VERSION=3
LIBTIFF_MINOR_VERSION=9
-LIBTIFF_MICRO_VERSION=6
+LIBTIFF_MICRO_VERSION=7
LIBTIFF_ALPHA_VERSION=
LIBTIFF_VERSION=$LIBTIFF_MAJOR_VERSION.$LIBTIFF_MINOR_VERSION.$LIBTIFF_MICRO_VERSION$LIBTIFF_ALPHA_VERSION
LIBTIFF_RELEASE_DATE=`date +"%Y%m%d"`
@@ -20262,7 +20262,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by LibTIFF Software $as_me 3.9.6, which was
+This file was extended by LibTIFF Software $as_me 3.9.7, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -20328,7 +20328,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-LibTIFF Software config.status 3.9.6
+LibTIFF Software config.status 3.9.7
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff --git a/configure.ac b/configure.ac
index d48a58b8..e7cf8041 100644
--- a/configure.ac
+++ b/configure.ac
@@ -25,7 +25,7 @@ dnl OF THIS SOFTWARE.
dnl Process this file with autoconf to produce a configure script.
AC_PREREQ(2.64)
-AC_INIT([LibTIFF Software],[3.9.6],[tiff@lists.maptools.org],[tiff])
+AC_INIT([LibTIFF Software],[3.9.7],[tiff@lists.maptools.org],[tiff])
AC_CONFIG_AUX_DIR(config)
AC_CONFIG_MACRO_DIR(m4)
AC_LANG(C)
@@ -41,7 +41,7 @@ dnl Versioning.
dnl Don't fill the ALPHA_VERSION field, if not applicable.
LIBTIFF_MAJOR_VERSION=3
LIBTIFF_MINOR_VERSION=9
-LIBTIFF_MICRO_VERSION=6
+LIBTIFF_MICRO_VERSION=7
LIBTIFF_ALPHA_VERSION=
LIBTIFF_VERSION=$LIBTIFF_MAJOR_VERSION.$LIBTIFF_MINOR_VERSION.$LIBTIFF_MICRO_VERSION$LIBTIFF_ALPHA_VERSION
dnl This will be used with the 'make release' target
diff --git a/contrib/dbs/xtiff/Makefile.in b/contrib/dbs/xtiff/Makefile.in
index 7ae334d6..2d1ce948 100644
--- a/contrib/dbs/xtiff/Makefile.in
+++ b/contrib/dbs/xtiff/Makefile.in
@@ -14,7 +14,7 @@
@SET_MAKE@
-# $Id: Makefile.in,v 1.36.2.24 2012-09-22 15:01:10 bfriesen Exp $
+# $Id: Makefile.in,v 1.36.2.25 2012-09-22 17:16:19 bfriesen Exp $
#
# Tag Image File Format (TIFF) Software
#
diff --git a/html/Makefile.in b/html/Makefile.in
index 24b9f943..b9f86c84 100644
--- a/html/Makefile.in
+++ b/html/Makefile.in
@@ -14,7 +14,7 @@
@SET_MAKE@
-# $Id: Makefile.in,v 1.49.2.24 2012-09-22 15:01:10 bfriesen Exp $
+# $Id: Makefile.in,v 1.49.2.25 2012-09-22 17:16:19 bfriesen Exp $
#
# Tag Image File Format (TIFF) Software
#
diff --git a/html/index.html b/html/index.html
index 8d235516..39598108 100644
--- a/html/index.html
+++ b/html/index.html
@@ -24,7 +24,7 @@ <h1>LibTIFF - TIFF Library and Utilities</h1>
</tr>
<tr>
<th>Latest Old Stable 3.9.X Release</th>
- <td><a href="v3.9.6.html">v3.9.6</a></td>
+ <td><a href="v3.9.7.html">v3.9.7</a></td>
</tr>
<tr>
<th>Master Download Site</th>
@@ -114,7 +114,7 @@ <h1>LibTIFF - TIFF Library and Utilities</h1>
</ul>
<hr>
<p>
- Last updated $Date: 2012-02-18 22:24:55 $.
+ Last updated $Date: 2012-09-22 17:16:19 $.
</p>
</body>
</html>
diff --git a/html/v3.9.7.html b/html/v3.9.7.html
new file mode 100644
index 00000000..83f19e9a
--- /dev/null
+++ b/html/v3.9.7.html
@@ -0,0 +1,131 @@
+<HTML>
+<HEAD>
+<TITLE>
+ Changes in TIFF v3.9.7
+</TITLE>
+</HEAD>
+
+<BODY BGCOLOR=white>
+<FONT FACE="Helvetica, Arial, Sans">
+
+<BASEFONT SIZE=4>
+<B><FONT SIZE=+3>T</FONT>IFF <FONT SIZE=+2>C</FONT>HANGE <FONT SIZE=+2>I</FONT>NFORMATION</B>
+<BASEFONT SIZE=3>
+
+<UL>
+<HR SIZE=4 WIDTH=65% ALIGN=left>
+<B>Current Old Stable Version</B>: v3.9.7<BR>
+<B>Previous Old Stable Version</B>: <A HREF=v3.9.6.html>v3.9.6</a><BR>
+<B>Master FTP Site</B>: <A HREF="ftp://ftp.remotesensing.org/pub/libtiff">
+ftp.remotesensing.org</a>, directory pub/libtiff</A><BR>
+<B>Master HTTP Site</B>: <A HREF="http://www.remotesensing.org/libtiff">
+http://www.remotesensing.org/libtiff</a>
+<HR SIZE=4 WIDTH=65% ALIGN=left>
+</UL>
+
+<P>
+This document describes the changes made to the software between the
+<I>previous</I> and <I>current</I> versions (see above). If you don't
+find something listed here, then it was not done in this timeframe, or
+it was not considered important enough to be mentioned. The following
+information is located here:
+<UL>
+<LI><A HREF="#highlights">Major Changes</A>
+<LI><A HREF="#configure">Changes in the software configuration</A>
+<LI><A HREF="#libtiff">Changes in libtiff</A>
+<LI><A HREF="#tools">Changes in the tools</A>
+<LI><A HREF="#contrib">Changes in the contrib area</A>
+</UL>
+<p>
+<P><HR WIDTH=65% ALIGN=left>
+
+<!--------------------------------------------------------------------------->
+
+<A NAME="highlights"><B><FONT SIZE=+3>M</FONT>AJOR CHANGES:</B></A>
+
+<UL>
+
+ <li> None
+
+</UL>
+
+
+<P><HR WIDTH=65% ALIGN=left>
+<!--------------------------------------------------------------------------->
+
+<A NAME="configure"><B><FONT SIZE=+3>C</FONT>HANGES IN THE SOFTWARE CONFIGURATION:</B></A>
+
+<UL>
+
+ <li> Updated to use Automake 1.12.4. Avoids security problem with
+ 'make distcheck' (CVE-2012-3386).
+
+</UL>
+
+<P><HR WIDTH=65% ALIGN=left>
+
+<!--------------------------------------------------------------------------->
+
+<A NAME="libtiff"><B><FONT SIZE=+3>C</FONT>HANGES IN LIBTIFF:</B></A>
+
+<UL>
+
+ <li> tif_getimage.c: Fix size overflow (zdi-can-1221,CVE-2012-1173).
+
+ <li> libtiff/tif_dir.c: Avoid generic handling of
+ TIFFTAG_WHITELEVEL.
+ (<A HREF="http://bugzilla.maptools.org/show_bug.cgi?id=2321"
+ >http://bugzilla.maptools.org/show_bug.cgi?id=2321</A>).
+
+ <li> libtiff/tif_dirread.c: Avoid trusting samplesperpixel's default
+ of 1 for purposes of trimming tags. This is to get some super
+ crappy OJPEG files to work
+ again. (<A HREF="http://bugzilla.maptools.org/show_bug.cgi?id=2348"
+ >http://bugzilla.maptools.org/show_bug.cgi?id=2348</A>).
+
+ <li> libtiff/tif_strip.c, libtiff/tif_tile.c: Back-patch the 4.0
+ behavior of treating signed overflow as an error in
+ TIFFVStripSize and TIFFVTileSize. This is needed since the
+ result is declared as tsize_t which is signed, and callers are
+ likely to do the wrong thing entirely when the returned value
+ is negative (CVE-2012-2088).
+
+</UL>
+
+<P><HR WIDTH=65% ALIGN=left>
+
+<!-------------------------------------------------------------------------->
+
+<A NAME="tools"><B><FONT SIZE=+3>C</FONT>HANGES IN THE TOOLS:</B></A>
+
+<UL>
+
+ <li> tiff2pdf: Defend against integer overflows while calculating
+ required buffer sizes (CVE-2012-2113).
+
+ <li> tiff2pdf: Fail when TIFFSetDirectory() fails. This prevents
+ core dumps or perhaps even arbitrary code execution when
+ processing a corrupt input file (CVE-2012-3401).
+
+ <li> tiff2pdf: Fix two places where t2p_error didn't get set after a
+ malloc failure. No crash risk AFAICS, but the program might
+ not report exit code 1 as desired.
+
+</UL>
+
+<P><HR WIDTH=65% ALIGN=left>
+
+<!--------------------------------------------------------------------------->
+
+<A NAME="contrib"><B><FONT SIZE=+3>C</FONT>HANGES IN THE CONTRIB AREA:</B></A>
+
+<UL>
+
+ <li> None
+
+</UL>
+
+Last updated $Date: 2012-09-22 17:16:19 $.
+
+</BODY>
+</HTML>
diff --git a/libtiff/tiffvers.h b/libtiff/tiffvers.h
index 5e310686..71756021 100644
--- a/libtiff/tiffvers.h
+++ b/libtiff/tiffvers.h
@@ -1,4 +1,4 @@
-#define TIFFLIB_VERSION_STR "LIBTIFF, Version 3.9.6\nCopyright (c) 1988-1996 Sam Leffler\nCopyright (c) 1991-1996 Silicon Graphics, Inc."
+#define TIFFLIB_VERSION_STR "LIBTIFF, Version 3.9.7\nCopyright (c) 1988-1996 Sam Leffler\nCopyright (c) 1991-1996 Silicon Graphics, Inc."
/*
* This define can be used in code that requires
* compilation-related definitions specific to a
@@ -6,4 +6,4 @@
* version checking should be done based on the
* string returned by TIFFGetVersion.
*/
-#define TIFFLIB_VERSION 20120218
+#define TIFFLIB_VERSION 20120922