Changes in TIFF v4.6.0¶
v4.6.0 (tag v4.6.0)
Master Download Site
Master HTTP Site #1
Master HTTP Site #2
This document provides a summary of significant changes made to the
software between the previous and current versions (see
above). A fully-detailed change summary is provided by the
included in the release package and by the Git commit history:
This version removes a big number of utilities that have suffered from lack of maintenance over the years and were the source of various reported security issues. See "Removed functionality" below for the list of removed utilities. Starting with libtiff v4.6.0, their source code, at this time, will still be available in the source distribution, but they will no longer be built by default, and issues related to them will no longer be accepted in the libtiff bug tracker. The only remaining supported TIFF tools are tiffinfo, tiffdump, tiffcp, tiffset and tiffsplit.
Software configuration changes¶
TiffConfig.cmake.in: set TIFF_INCLUDE_DIR, TIFF_INCLUDE_DIRS and TIFF_LIBRARIES for compatibility with FindTIFF.cmake as shipped by CMake (fixes issue #589)
Update CMake and autoconf scripts to consistently update LibTIFF version defines and references in various files when version definition in configure.ac has been changed.
Move in tiffvers.h from libtiff source directory to libtiff build directory.
Remove unused version information from tif_config.h
With every CMake build the version defines (e.g. 4.5.1) within tiffvers.h are consistently updated from configure.ac. The version release-date is taken from file RELEASE-DATE.
The files VERSION and RELEASE-DATE are only updated with a special CMake target build: cmake --build . --target tiff_release.
For autotools, version information is updated from configure.ac with ./autogen.sh. LIBTIFF_RELEASE_DATE is taken form file RELEASE-DATE.
./configure generates tiffvers.h with the cached version information and LIBTIFF_RELEASE_DATE.
"make release" updates tiffvers.h and VERSION file with cached version info and RELEASE-DATE file and tiffves.h with the current date.
CMake: fix build with -Dstrip-chopping=off (fixes issue #600)
__attribute__libtiff with clang-for-windows
WebP decoder: validate WebP blob width, height, band count against TIFF parameters to avoid use of uninitialized variable, or decoding corrupted content without explicit error (fixes issue #581, issue #582).
WebP codec: turn exact mode when creating lossless files to avoid altering R,G,B values in areas where alpha=0 (https://github.com/OSGeo/gdal/issues/8038)
Fix TransferFunction writing of only two transfer functions.
TIFFReadDirectoryCheckOrder: avoid integer overflow. When it occurs, it should be harmless in practice though (https://gitlab.com/libtiff/libtiff/-/merge_requests/512)
TiffField functions documentation updated with return behaviour for not defined tags and determination of write-/read-count size.
The following tools are no longer compiled and have been moved to archive/tools:
The following tools are no longer compiled by default: tiff2ps and tiff2pdf. They have been moved to tools/unsupported. They can be built by setting
--enable-tools-unsupportedfor autoconf, or
-Dtiff-tools-unsupportedfor CMake, but as the name imply, they are no longer supported by upstream. Packagers are suggested not to enable those options.
tiffcp: remove -i option (ignore errors), because almost all fuzzer issues were consequential errors from ignored errors because of the "-i" option.
Add missing test_write_read_tags.c and test_transferfunction_write_read.c in tarball (fixes issue #585) and correct "long" issue.
Don't use "long" because can be int32_t or int64_t, depending on compiler and system.
Changes to contributed and unsupported tools¶
raw2tiff: fix integer overflow and bypass of the check (fixes issue #592)