AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

Thread

2020.08.16 13:51 "[Tiff] Disable Old JPEG in libtiff by default!", by Bob Friesenhahn
2020.08.16 14:27 "Re: [Tiff] Disable Old JPEG in libtiff by default!", by John
2020.08.16 15:44 "Re: [Tiff] Disable Old JPEG in libtiff by default!", by Bob Friesenhahn
2020.08.16 14:41 "Re: [Tiff] Disable Old JPEG in libtiff by default!", by Toby Thain
2020.08.16 15:49 "Re: [Tiff] Disable Old JPEG in libtiff by default!", by Bob Friesenhahn
2020.08.16 15:59 "Re: [Tiff] Disable Old JPEG in libtiff by default!", by Roger Leigh
2020.08.16 15:02 "Re: [Tiff] Disable Old JPEG in libtiff by default!", by Leonard Rosenthol
2020.08.16 15:50 "Re: [Tiff] Disable Old JPEG in libtiff by default!", by Bob Friesenhahn
2020.08.16 15:52 "Re: [Tiff] Disable Old JPEG in libtiff by default!", by Even Rouault
2020.08.16 16:02 "Re: [Tiff] Disable Old JPEG in libtiff by default!", by Bob Friesenhahn

2020.08.16 13:51 "[Tiff] Disable Old JPEG in libtiff by default!", by Bob Friesenhahn

In 1995 Adobe published DRAFT TIFF Technical Note #2 which abandoned the JPEG format described by TIFF 6.0. It is now 2020, which has provided plenty of time to stop using the deprecated/defunct format and convert existing files to the modern format.

The libtiff configure script enables support for reading old JPEG by default. I propose that the libtiff default should be to disable support for old JPEG.

While support for the deprecated old JPEG was substantially improved by libtiff 4.x (thanks to considerable effort by Joris Van Damme), support for it is not likely to become any better in the future. The old JPEG format had fundamental defects which caused Adobe to discard it.

Leaving support for old JPEG enabled in libtiff increases its default security exposure, and increases the default security exposure of all distributions which use the default.

Is there any reason this change should not be made now?

Bob

Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Public Key, http://www.simplesystems.org/users/bfriesen/public-key.txt