Changes in TIFF v4.6.0

References

Current Version	v4.6.0 (tag v4.6.0)
Previous Version	v4.5.1
Master Download Site	https://download.osgeo.org/libtiff/
Master HTTP Site #1	http://www.simplesystems.org/libtiff/
Master HTTP Site #2	https://libtiff.gitlab.io/libtiff/

This document provides a summary of significant changes made to the software between the previous and current versions (see above). A fully-detailed change summary is provided by the ChangeLog file included in the release package and by the Git commit history:

Major changes

Warning

This version removes a big number of utilities that have suffered from lack of maintenance over the years and were the source of various reported security issues. See "Removed functionality" below for the list of removed utilities. Starting with libtiff v4.6.0, the source code for most TIFF tools (except tiffinfo, tiffdump, tiffcp and tiffset) was discontinued, due to the lack of contributors able to address reported security issues. tiff2ps and tiff2pdf source code has been moved in a unsupported category, no longer built by default, but are still part of the the source distribution. Other retired utilities are in a archive/ directory, only available in the libtiff git repository. Issues related to unsupported and archived tools will no longer be accepted in the libtiff bug tracker.

Software configuration changes

• TiffConfig.cmake.in: set TIFF_INCLUDE_DIR, TIFF_INCLUDE_DIRS and TIFF_LIBRARIES for compatibility with FindTIFF.cmake as shipped by CMake (fixes issue #589)

• Update CMake and autoconf scripts to consistently update LibTIFF version defines and references in various files when version definition in configure.ac has been changed.

  • Move in tiffvers.h from libtiff source directory to libtiff build directory.

  • Remove unused version information from tif_config.h

  • With every CMake build the version defines (e.g. 4.5.1) within tiffvers.h are consistently updated from configure.ac. The version release-date is taken from file RELEASE-DATE.

  • The files VERSION and RELEASE-DATE are only updated with a special CMake target build: cmake --build . --target tiff_release.

  • For autotools, version information is updated from configure.ac with ./autogen.sh. LIBTIFF_RELEASE_DATE is taken form file RELEASE-DATE.

  • ./configure generates tiffvers.h with the cached version information and LIBTIFF_RELEASE_DATE.

  • "make release" updates tiffvers.h and VERSION file with cached version info and RELEASE-DATE file and tiffves.h with the current date.

• CMake: fix build with -Dstrip-chopping=off (fixes issue #600)

Library changes

New/improved functionalities:

• Fix using __attribute__ libtiff with clang-for-windows

API/ABI breaks:

• None

Bug fixes:

• WebP decoder: validate WebP blob width, height, band count against TIFF parameters to avoid use of uninitialized variable, or decoding corrupted content without explicit error (fixes issue #581, issue #582).

• WebP codec: turn exact mode when creating lossless files to avoid altering R,G,B values in areas where alpha=0 (https://github.com/OSGeo/gdal/issues/8038)

• Fix TransferFunction writing of only two transfer functions.

• TIFFReadDirectoryCheckOrder: avoid integer overflow. When it occurs, it should be harmless in practice though (https://gitlab.com/libtiff/libtiff/-/merge_requests/512)

Documentation

• TiffField functions documentation updated with return behaviour for not defined tags and determination of write-/read-count size.

Tools changes

Removed functionality:

• The following tools are no longer compiled and have been moved to archive/tools:

  • fax2ps

  • fax2tiff

  • pal2rgb

  • ppm2tiff

  • raw2tiff

  • rgb2ycbcr

  • thumbnail

  • tiff2bw

  • tiff2rgba

  • tiffcmp

  • tiffcrop

  • tiffdither

  • tiffgt

  • tiffmedian

• The following tools are no longer compiled by default: tiff2ps and tiff2pdf. They have been moved to tools/unsupported. They can be built by setting --enable-tools-unsupported for autoconf, or -Dtiff-tools-unsupported for CMake, but as the name imply, they are no longer supported by upstream. Packagers are suggested not to enable those options.

• tiffcp: remove -i option (ignore errors), because almost all fuzzer issues were consequential errors from ignored errors because of the "-i" option.

New/improved functionality:

• None

Bug fixes:

• tiffset: fix #597: warning: comparison of integer expressions of different signedness. (fixes issue #597)

• tiffcp: fix memory corruption (overflow) on hostile images (fixes issue #591)

Test changes

• Add missing test_write_read_tags.c and test_transferfunction_write_read.c in tarball (fixes issue #585) and correct "long" issue.

• Don't use "long" because can be int32_t or int64_t, depending on compiler and system.

Changes to contributed and unsupported tools

• raw2tiff: fix integer overflow and bypass of the check (fixes issue #592)