From 1295401c6e3df597790be57db0bdb42b75754375 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@redhat.com>
Date: Sun, 6 May 2012 11:46:51 -0400
Subject: [PATCH] Update to libtiff 4.0.1

---
 .gitignore                      |  1 +
 libtiff-CVE-2012-1173-3.9.patch | 71 ++++++++++++++++++++++++++
 libtiff-CVE-2012-1173.patch     | 70 +++++++++++++++++---------
 libtiff.spec                    | 89 ++++++++++++++++++++++++++++-----
 sources                         |  1 +
 5 files changed, 196 insertions(+), 36 deletions(-)
 create mode 100644 libtiff-CVE-2012-1173-3.9.patch

diff --git a/.gitignore b/.gitignore
index 9d99bf5..3703381 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
+/tiff-4.0.1.tar.gz
 /tiff-3.9.5.tar.gz
diff --git a/libtiff-CVE-2012-1173-3.9.patch b/libtiff-CVE-2012-1173-3.9.patch
new file mode 100644
index 0000000..0ada700
--- /dev/null
+++ b/libtiff-CVE-2012-1173-3.9.patch
@@ -0,0 +1,71 @@
+This patch is submitted to upstream for CVE-2012-1173
+
+
+diff -Naur tiff-3.9.5.orig/libtiff/tif_getimage.c tiff-3.9.5/libtiff/tif_getimage.c
+--- tiff-3.9.5.orig/libtiff/tif_getimage.c	2010-07-08 12:17:59.000000000 -0400
++++ tiff-3.9.5/libtiff/tif_getimage.c	2012-03-14 14:49:25.796728783 -0400
+@@ -673,18 +673,24 @@
+ 	unsigned char* p2;
+ 	unsigned char* pa;
+ 	tsize_t tilesize;
++	tsize_t bufsize;
+ 	int32 fromskew, toskew;
+ 	int alpha = img->alpha;
+ 	uint32 nrow;
+ 	int ret = 1, flip;
+ 
+ 	tilesize = TIFFTileSize(tif);
+-	buf = (unsigned char*) _TIFFmalloc((alpha?4:3)*tilesize);
++	bufsize = TIFFSafeMultiply(tsize_t,alpha?4:3,tilesize);
++	if (bufsize == 0) {
++		TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtTileSeparate");
++		return (0);
++	}
++	buf = (unsigned char*) _TIFFmalloc(bufsize);
+ 	if (buf == 0) {
+ 		TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for tile buffer");
+ 		return (0);
+ 	}
+-	_TIFFmemset(buf, 0, (alpha?4:3)*tilesize);
++	_TIFFmemset(buf, 0, bufsize);
+ 	p0 = buf;
+ 	p1 = p0 + tilesize;
+ 	p2 = p1 + tilesize;
+@@ -880,17 +886,23 @@
+ 	uint32 rowsperstrip, offset_row;
+ 	uint32 imagewidth = img->width;
+ 	tsize_t stripsize;
++	tsize_t bufsize;
+ 	int32 fromskew, toskew;
+ 	int alpha = img->alpha;
+ 	int ret = 1, flip;
+ 
+ 	stripsize = TIFFStripSize(tif);
+-	p0 = buf = (unsigned char *)_TIFFmalloc((alpha?4:3)*stripsize);
++	bufsize = TIFFSafeMultiply(tsize_t,alpha?4:3,stripsize);
++	if (bufsize == 0) {
++		TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtStripSeparate");
++		return (0);
++	}
++	p0 = buf = (unsigned char *)_TIFFmalloc(bufsize);
+ 	if (buf == 0) {
+ 		TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for tile buffer");
+ 		return (0);
+ 	}
+-	_TIFFmemset(buf, 0, (alpha?4:3)*stripsize);
++	_TIFFmemset(buf, 0, bufsize);
+ 	p1 = p0 + stripsize;
+ 	p2 = p1 + stripsize;
+ 	pa = (alpha?(p2+stripsize):NULL);
+diff -Naur tiff-3.9.5.orig/libtiff/tiffiop.h tiff-3.9.5/libtiff/tiffiop.h
+--- tiff-3.9.5.orig/libtiff/tiffiop.h	2011-03-28 09:43:43.000000000 -0400
++++ tiff-3.9.5/libtiff/tiffiop.h	2012-03-14 14:49:25.797728754 -0400
+@@ -246,7 +246,7 @@
+ #define	TIFFroundup(x, y) (TIFFhowmany(x,y)*(y))
+ 
+ /* Safe multiply which returns zero if there is an integer overflow */
+-#define TIFFSafeMultiply(t,v,m) ((((t)m != (t)0) && (((t)((v*m)/m)) == (t)v)) ? (t)(v*m) : (t)0)
++#define TIFFSafeMultiply(t,v,m) ((((t)(m) != (t)0) && (((t)(((v)*(m))/(m))) == (t)(v))) ? (t)((v)*(m)) : (t)0)
+ 
+ #define TIFFmax(A,B) ((A)>(B)?(A):(B))
+ #define TIFFmin(A,B) ((A)<(B)?(A):(B))
diff --git a/libtiff-CVE-2012-1173.patch b/libtiff-CVE-2012-1173.patch
index 0ada700..7254070 100644
--- a/libtiff-CVE-2012-1173.patch
+++ b/libtiff-CVE-2012-1173.patch
@@ -1,29 +1,45 @@
-This patch is submitted to upstream for CVE-2012-1173
-
-
-diff -Naur tiff-3.9.5.orig/libtiff/tif_getimage.c tiff-3.9.5/libtiff/tif_getimage.c
---- tiff-3.9.5.orig/libtiff/tif_getimage.c	2010-07-08 12:17:59.000000000 -0400
-+++ tiff-3.9.5/libtiff/tif_getimage.c	2012-03-14 14:49:25.796728783 -0400
-@@ -673,18 +673,24 @@
+diff -Naur tiff-4.0.1.orig/ChangeLog tiff-4.0.1/ChangeLog
+--- tiff-4.0.1.orig/ChangeLog	2012-02-18 17:02:33.000000000 -0500
++++ tiff-4.0.1/ChangeLog	2012-05-04 23:33:20.665334408 -0400
+@@ -1,3 +1,8 @@
++2012-03-30  Frank Warmerdam  <warmerdam@google.com>
++
++	* tif_getimage.c: Fix size overflow (zdi-can-1221,CVE-2012-1173)
++	care of Tom Lane @ Red Hat.
++
+ 2012-02-18  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
+ 
+ 	* libtiff 4.0.1 released.
+diff -Naur tiff-4.0.1.orig/libtiff/tif_getimage.c tiff-4.0.1/libtiff/tif_getimage.c
+--- tiff-4.0.1.orig/libtiff/tif_getimage.c	2011-02-24 22:34:02.000000000 -0500
++++ tiff-4.0.1/libtiff/tif_getimage.c	2012-05-04 23:33:20.666334244 -0400
+@@ -1,4 +1,4 @@
+-/* $Id: tif_getimage.c,v 1.78 2011-02-23 21:46:09 fwarmerdam Exp $ */
++/* $Id: tif_getimage.c,v 1.79 2012-04-06 16:46:46 fwarmerdam Exp $ */
+ 
+ /*
+  * Copyright (c) 1991-1997 Sam Leffler
+@@ -692,6 +692,7 @@
  	unsigned char* p2;
  	unsigned char* pa;
- 	tsize_t tilesize;
-+	tsize_t bufsize;
+ 	tmsize_t tilesize;
++	tmsize_t bufsize;
  	int32 fromskew, toskew;
  	int alpha = img->alpha;
  	uint32 nrow;
- 	int ret = 1, flip;
+@@ -699,12 +700,17 @@
+         int colorchannels;
  
- 	tilesize = TIFFTileSize(tif);
+ 	tilesize = TIFFTileSize(tif);  
 -	buf = (unsigned char*) _TIFFmalloc((alpha?4:3)*tilesize);
-+	bufsize = TIFFSafeMultiply(tsize_t,alpha?4:3,tilesize);
++	bufsize = TIFFSafeMultiply(tmsize_t,alpha?4:3,tilesize);
 +	if (bufsize == 0) {
 +		TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtTileSeparate");
 +		return (0);
 +	}
 +	buf = (unsigned char*) _TIFFmalloc(bufsize);
  	if (buf == 0) {
- 		TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for tile buffer");
+ 		TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "%s", "No space for tile buffer");
  		return (0);
  	}
 -	_TIFFmemset(buf, 0, (alpha?4:3)*tilesize);
@@ -31,18 +47,18 @@ diff -Naur tiff-3.9.5.orig/libtiff/tif_getimage.c tiff-3.9.5/libtiff/tif_getimag
  	p0 = buf;
  	p1 = p0 + tilesize;
  	p2 = p1 + tilesize;
-@@ -880,17 +886,23 @@
+@@ -917,17 +923,23 @@
  	uint32 rowsperstrip, offset_row;
  	uint32 imagewidth = img->width;
- 	tsize_t stripsize;
-+	tsize_t bufsize;
+ 	tmsize_t stripsize;
++	tmsize_t bufsize;
  	int32 fromskew, toskew;
  	int alpha = img->alpha;
- 	int ret = 1, flip;
+ 	int ret = 1, flip, colorchannels;
  
- 	stripsize = TIFFStripSize(tif);
+ 	stripsize = TIFFStripSize(tif);  
 -	p0 = buf = (unsigned char *)_TIFFmalloc((alpha?4:3)*stripsize);
-+	bufsize = TIFFSafeMultiply(tsize_t,alpha?4:3,stripsize);
++	bufsize = TIFFSafeMultiply(tmsize_t,alpha?4:3,stripsize);
 +	if (bufsize == 0) {
 +		TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtStripSeparate");
 +		return (0);
@@ -57,11 +73,17 @@ diff -Naur tiff-3.9.5.orig/libtiff/tif_getimage.c tiff-3.9.5/libtiff/tif_getimag
  	p1 = p0 + stripsize;
  	p2 = p1 + stripsize;
  	pa = (alpha?(p2+stripsize):NULL);
-diff -Naur tiff-3.9.5.orig/libtiff/tiffiop.h tiff-3.9.5/libtiff/tiffiop.h
---- tiff-3.9.5.orig/libtiff/tiffiop.h	2011-03-28 09:43:43.000000000 -0400
-+++ tiff-3.9.5/libtiff/tiffiop.h	2012-03-14 14:49:25.797728754 -0400
-@@ -246,7 +246,7 @@
- #define	TIFFroundup(x, y) (TIFFhowmany(x,y)*(y))
+diff -Naur tiff-4.0.1.orig/libtiff/tiffiop.h tiff-4.0.1/libtiff/tiffiop.h
+--- tiff-4.0.1.orig/libtiff/tiffiop.h	2011-02-19 11:26:09.000000000 -0500
++++ tiff-4.0.1/libtiff/tiffiop.h	2012-05-04 23:33:20.667334085 -0400
+@@ -1,4 +1,4 @@
+-/* $Id: tiffiop.h,v 1.82 2011-02-18 20:53:05 fwarmerdam Exp $ */
++/* $Id: tiffiop.h,v 1.83 2012-04-06 16:46:47 fwarmerdam Exp $ */
+ 
+ /*
+  * Copyright (c) 1988-1997 Sam Leffler
+@@ -250,7 +250,7 @@
+ #define TIFFroundup_64(x, y) (TIFFhowmany_64(x,y)*(y))
  
  /* Safe multiply which returns zero if there is an integer overflow */
 -#define TIFFSafeMultiply(t,v,m) ((((t)m != (t)0) && (((t)((v*m)/m)) == (t)v)) ? (t)(v*m) : (t)0)
diff --git a/libtiff.spec b/libtiff.spec
index 36cf013..ca5c311 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,21 +1,30 @@
 Summary: Library of functions for manipulating TIFF format image files
 Name: libtiff
-Version: 3.9.5
-Release: 3%{?dist}
+Version: 4.0.1
+Release: 1%{?dist}
 
 License: libtiff
 Group: System Environment/Libraries
 URL: http://www.remotesensing.org/libtiff/
 
-Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
+# This SRPM includes a copy of libtiff 3.9.x, which is provided as a stopgap
+# measure to satisfy dependencies on libtiff.so.3 until all applications can
+# be recompiled.  The compatibility library is placed in a separate
+# sub-RPM, libtiff-compat.  There is no support for recompiling source code
+# against the old version.
+%global prevversion 3.9.5
+
+Source0: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
+
+Source1: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{prevversion}.tar.gz
 
 Patch1: libtiff-CVE-2012-1173.patch
+# same patch for prevversion:
+Patch2: libtiff-CVE-2012-1173-3.9.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: zlib-devel libjpeg-devel
-BuildRequires: libtool automake autoconf
-
-%global LIBVER %(echo %{version} | cut -f 1-2 -d .)
+BuildRequires: libtool automake autoconf pkgconfig
 
 %description
 The libtiff package contains a library of functions for manipulating
@@ -29,7 +38,8 @@ format image files.
 %package devel
 Summary: Development tools for programs which will use the libtiff library
 Group: Development/Libraries
-Requires: %{name} = %{version}-%{release}
+Requires: %{name}%{?_isa} = %{version}-%{release}
+Requires: pkgconfig
 
 %description devel
 This package contains the header files and documentation necessary for
@@ -43,7 +53,7 @@ install the libtiff package.
 %package static
 Summary: Static TIFF image format file library
 Group: Development/Libraries
-Requires: %{name}-devel = %{version}-%{release}
+Requires: %{name}-devel%{?_isa} = %{version}-%{release}
 
 %description static
 The libtiff-static package contains the statically linkable version of libtiff.
@@ -53,12 +63,19 @@ necessary for some boot packages.
 %package tools
 Summary: Command-line utility programs for manipulating TIFF files
 Group: Development/Libraries
-Requires: %{name} = %{version}-%{release}
+Requires: %{name}%{?_isa} = %{version}-%{release}
 
 %description tools
 This package contains command-line programs for manipulating TIFF format
 image files using the libtiff library.
 
+%package compat
+Summary: Temporary backwards-compatibility copy of old libtiff
+Group: Development/Libraries
+
+%description compat
+This package contains shared libraries (only) for libtiff 3.9.x.
+
 %prep
 %setup -q -n tiff-%{version}
 
@@ -73,16 +90,48 @@ automake --add-missing --copy
 autoconf
 autoheader
 
+# And the same for the compatibility package ...
+	tar xfz %{SOURCE1}
+	pushd tiff-%{prevversion}
+%patch2 -p1
+	# Use build system's libtool.m4, not the one in the package.
+	rm -f libtool.m4
+	libtoolize --force  --copy
+	aclocal -I . -I m4
+	automake --add-missing --copy
+	autoconf
+	autoheader
+	popd
+
 %build
 export CFLAGS="%{optflags} -fno-strict-aliasing"
-%configure
+%configure --enable-ld-version-script
 make %{?_smp_mflags}
 
 LD_LIBRARY_PATH=$PWD:$LD_LIBRARY_PATH make check
 
+# And the same for the compatibility package ...
+	pushd tiff-%{prevversion}
+	%configure
+	make %{?_smp_mflags}
+	popd
+
 %install
 rm -rf $RPM_BUILD_ROOT
 
+# install compat package first, then remove unwanted files
+	pushd tiff-%{prevversion}
+	make DESTDIR=$RPM_BUILD_ROOT install
+	rm -rf $RPM_BUILD_ROOT%{_bindir}
+	rm -rf $RPM_BUILD_ROOT%{_includedir}
+	rm -rf $RPM_BUILD_ROOT%{_mandir}
+	rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/
+	rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/libtiff*.pc
+	rm -f $RPM_BUILD_ROOT%{_libdir}/libtiff*.so
+	rm -f $RPM_BUILD_ROOT%{_libdir}/libtiff*.a
+	rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
+	popd
+
 make DESTDIR=$RPM_BUILD_ROOT install
 
 # remove what we didn't want installed
@@ -150,11 +199,14 @@ rm -rf $RPM_BUILD_ROOT
 
 %postun -p /sbin/ldconfig
 
+%post compat -p /sbin/ldconfig
+%postun compat -p /sbin/ldconfig
+
 %files
 %defattr(-,root,root,0755)
 %doc COPYRIGHT README RELEASE-DATE VERSION
-%{_libdir}/libtiff.so.*
-%{_libdir}/libtiffxx.so.*
+%{_libdir}/libtiff.so.5*
+%{_libdir}/libtiffxx.so.5*
 
 %files devel
 %defattr(-,root,root,0755)
@@ -162,6 +214,7 @@ rm -rf $RPM_BUILD_ROOT
 %{_includedir}/*
 %{_libdir}/libtiff.so
 %{_libdir}/libtiffxx.so
+%{_libdir}/pkgconfig/libtiff*.pc
 %{_mandir}/man3/*
 
 %files static
@@ -173,7 +226,19 @@ rm -rf $RPM_BUILD_ROOT
 %{_bindir}/*
 %{_mandir}/man1/*
 
+%files compat
+%defattr(-,root,root)
+%{_libdir}/libtiff.so.3*
+%{_libdir}/libtiffxx.so.3*
+
 %changelog
+* Sun May  6 2012 Tom Lane <tgl@redhat.com> 4.0.1-1
+- Update to libtiff 4.0.1, adds BigTIFF support and other features;
+  library soname is bumped from libtiff.so.3 to libtiff.so.5
+Resolves: #782383
+- Temporarily package 3.9.5 shared library (only) in libtiff-compat subpackage
+  so that dependent packages won't be broken while rebuilding proceeds
+
 * Thu Apr  5 2012 Tom Lane <tgl@redhat.com> 3.9.5-3
 - Add fix for CVE-2012-1173
 Resolves: #CVE-2012-1173
diff --git a/sources b/sources
index 04027f5..69ae280 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
+fae149cc9da35c598d8be897826dfc63  tiff-4.0.1.tar.gz
 8fc7ce3b4e1d0cc8a319336967815084  tiff-3.9.5.tar.gz