[gdal-dev] tibtiff in GDAL 2.2.1 is hybrid 4.0.7 + patches?

Even Rouault even.rouault at spatialys.com
Mon Aug 7 13:47:40 PDT 2017

On lundi 7 août 2017 20:18:40 CEST Jim Walseth wrote:
> Greetings,
> I am in the process of upgrading our GDAL lib to 2.2.1. The primary motive
> is to update the internal libtiff to 4.0.8, because of security fixes
> there. [ref. http://www.simplesystems.org/libtiff/v4.0.8.html]
> I find that gdal-2.2.1\frmts\gtiff\libtiff\tiffvers.h is still at 4.0.7, and
> there are patches applied for a subset of the issues fixed in libtiff
> 4.0.8.
> Question: Have I interpreted the situation correctly?

The internal version of libtiff in GDAL 2.2 is the HEAD version of the libtiff CVS repository at 
the time GDAL was released, so at an intermediate point between 4.0.7 and 4.0.8.

> We actually don't use gtiff/libtiff for anything. To satisfy our security
> people, I am considering overwriting the libtiff source code with
> everything from 4.0.8.

That should work as far as I can remember.

Note: you could also build GDAL against external libtiff, and build libtiff separately if you 
don't want rebuild GDAL everytime you rebuild libtiff

Spatialys - Geospatial professional services
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/gdal-dev/attachments/20170807/c5c30c09/attachment.html>

More information about the gdal-dev mailing list