[gdal-dev] tibtiff in GDAL 2.2.1 is hybrid 4.0.7 + patches?
I am in the process of upgrading our GDAL lib to 2.2.1. The primary motive is to update the internal libtiff to 4.0.8, because of security fixes there. [ref. http://www.simplesystems.org/libtiff/v4.0.8.html]
I find that gdal-2.2.1\frmts\gtiff\libtiff\tiffvers.h is still at 4.0.7, and there are patches applied for a subset of the issues fixed in libtiff 4.0.8.
Question: Have I interpreted the situation correctly?
We actually don’t use gtiff/libtiff for anything. To satisfy our security people, I am considering overwriting the libtiff source code with everything from 4.0.8.