On lundi 7 août 2017 20:18:40 CEST Jim Walseth wrote: > Greetings, > > I am in the process of upgrading our GDAL lib to 2.2.1. The primary motive > is to update the internal libtiff to 4.0.8, because of security fixes > there. [ref. http://www.simplesystems.org/libtiff/v4.0.8.html] > > I find that gdal-2.2.1\frmts\gtiff\libtiff\tiffvers.h is still at 4.0.7, and > there are patches applied for a subset of the issues fixed in libtiff > 4.0.8. > > Question: Have I interpreted the situation correctly?
The internal version of libtiff in GDAL 2.2 is the HEAD version of the libtiff CVS repository at the time GDAL was released, so at an intermediate point between 4.0.7 and 4.0.8. > > We actually don't use gtiff/libtiff for anything. To satisfy our security > people, I am considering overwriting the libtiff source code with > everything from 4.0.8. That should work as far as I can remember. Note: you could also build GDAL against external libtiff, and build libtiff separately if you don't want rebuild GDAL everytime you rebuild libtiff -- Spatialys - Geospatial professional services http://www.spatialys.com
_______________________________________________ gdal-dev mailing list gdal-dev@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/gdal-dev
