Thanks for bringing this to our attention. It looks like the sole user of libtiff is sane/lorgnette. That package still lists pstew@ as the sole owner, but he has left the team. pstew@, was there any decision on who would take over lorgnette maintenance when you left?

Just to confirm: owner=marcheu@ and status=Started is accurate?

blocked on compiler issue

was this passing a few days ago? we updated the version of clang on Tuesday early morning. So, I am wondering if this is a problem in the new version or just a problem in clang in general.

Assigning to Manoj for triage. 

Yes it built in December, then I forgot about the change, and now it looks like it doesn't build (the clang process just eats 100% CPU and sits there, I waited until it had 50 minutes of CPU time then gave up).

It is fixed in llvm trunk. Need to create a local pack.

commit 9c5e4bac4a745f6a621dcf2803fa89f6bbe51862
Author: Sanjay Patel <spatel@rotateright.com>
Date:   Thu Nov 10 00:15:14 2016 +0000

    [InstCombine] avoid infinite loop from shuffle-extract-insert sequence (PR30923)

The patch is in. I'll do CQ+1 to liftiff upgrade after successful chromium-sdk run.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/portage-stable/+/ed0d08ff82bcb42486a2df5daddd85061b500b9b

commit ed0d08ff82bcb42486a2df5daddd85061b500b9b
Author: Stéphane Marchesin <marcheu@chromium.org>
Date: Thu Feb 02 04:27:52 2017

tiff: Update to 4.0.6

This grabs latest libtiff from the upstream gentoo tree.

BUG= chromium:674365 
TEST=build on samus

Change-Id: Ic6ab8db56cbca070a12d55216de7f789d1e0a678
Reviewed-on: https://chromium-review.googlesource.com/420809
Commit-Ready: Manoj Gupta <manojgupta@chromium.org>
Tested-by: Stéphane Marchesin <marcheu@chromium.org>
Reviewed-by: Stéphane Marchesin <marcheu@chromium.org>

[modify] https://crrev.com/ed0d08ff82bcb42486a2df5daddd85061b500b9b/media-libs/tiff/Manifest
[modify] https://crrev.com/ed0d08ff82bcb42486a2df5daddd85061b500b9b/media-libs/tiff/metadata.xml
[delete] https://crrev.com/c6cd45fa61639a0034ebef2f7a2a3cd838b2d3fa/media-libs/tiff/files/tiff-4.0.3-CVE-2012-4564.patch
[delete] https://crrev.com/c6cd45fa61639a0034ebef2f7a2a3cd838b2d3fa/media-libs/tiff/files/tiff-4.0.3-CVE-2013-4232.patch
[rename] https://crrev.com/ed0d08ff82bcb42486a2df5daddd85061b500b9b/media-libs/tiff/tiff-4.0.6-r1.ebuild
[delete] https://crrev.com/c6cd45fa61639a0034ebef2f7a2a3cd838b2d3fa/media-libs/tiff/files/tiff-4.0.3-CVE-2013-1961.patch
[delete] https://crrev.com/c6cd45fa61639a0034ebef2f7a2a3cd838b2d3fa/media-libs/tiff/files/tiff-4.0.3-tiff2pdf-colors.patch
[delete] https://crrev.com/c6cd45fa61639a0034ebef2f7a2a3cd838b2d3fa/media-libs/tiff/files/tiff-4.0.3-CVE-2013-4231.patch
[delete] https://crrev.com/c6cd45fa61639a0034ebef2f7a2a3cd838b2d3fa/media-libs/tiff/files/tiff-4.0.3-libjpeg-turbo.patch
[add] https://crrev.com/ed0d08ff82bcb42486a2df5daddd85061b500b9b/media-libs/tiff/files/tiff-4.0.6-gif2tiff_removal.patch
[delete] https://crrev.com/c6cd45fa61639a0034ebef2f7a2a3cd838b2d3fa/media-libs/tiff/files/tiff-4.0.3-CVE-2013-4244.patch
[delete] https://crrev.com/c6cd45fa61639a0034ebef2f7a2a3cd838b2d3fa/media-libs/tiff/files/tiff-4.0.3-CVE-2012-4447.patch
[delete] https://crrev.com/c6cd45fa61639a0034ebef2f7a2a3cd838b2d3fa/media-libs/tiff/files/tiff-4.0.3-CVE-2013-1960.patch

Tiff 4.0.6 ebuild is now in trunk. Assigning back to marcheu@ if there is any more work regarding security.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot