@msmeissn JFYI:

tiff comes from SLE. We would need to find out what is needed for hylafax

I don't know much about hylafax. But I assume it wants the binaries that were deleted in tiff 4.6.0. As Axel requested it for this reason in the past. Upstream tiff added those back in 4.7.0 after several complains and a lot of effort from the hylafax maintainer.

In our Factory tiff we didn't enable those tools yet for 2 reasons 1) I didnt like that they didnt reference all the CVEs that were closed in the past by juts removing the binaries. So basically we would need to test all of them (I think around 60?) to be sure. But I can understand that some people might see it not as a good reason since upstream "claims" that all are fixed and we should follow it. Most likely then just a new CVE will be opened anyways. 2) There was one test failing when the tools were enabled and I didnt yet have the time to investigate why it was failing.