libtiff 4.0.3 in thirdparty has 50 security vulnerabilities

[chkno]

Opentoonz includes libtiff 4.0.3 in thirdparty/. libtiff 4.0.3 is affected by 50 currently known security vulnerabilites.

(See also opentoonz/opentoonz#3864 and opentoonz/opentoonz#4119)

[chkno]

I made a crude attempt at merging opentoonz's 64-bit-support changes into libtiff 4.3.0 and then merging all the security fixes back in here, but I am not familiar with either opentoonz or libtiff, so I wouldn't trust this. :(

[ghost]

There's a very special reason why opentoonz uses libtiff 4.0.3, I tried to fix it myself, but ultimately gave up seeing it as a futile effort. @RodneyBaker and @shun-iwasawa could give better description about the issues surrounding using libtiff 4.0.3 and why this project is stuck with it until further notice.

[flurick]

Looks like v4.4.0 is the current available release (with various 64bit related changes AKA BigTIFF).

[RodneyBaker]

Transferring this to the Opentoonz documenation repo where discussion can continue regarding best practices for coding, security vulnerabilities and how best to proceed in modernizing dependencies.