Package init

CVE-2018-12900-pre.patch

@@ -0,0 +1,39 @@
+From 2b0d0e699730d1f26bbeba8397bfdf0e9e01e59d Mon Sep 17 00:00:00 2001
+From: Thomas Bernard <miniupnp@free.fr>
+Date: Mon, 11 Feb 2019 10:05:33 +0100
+Subject: [PATCH] check that (Tile Width)*(Samples/Pixel) do no overflow
+
+fixes bug 2833
+---
+ tools/tiffcp.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 2f406e2d..f0ee2c02 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -1408,7 +1408,7 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
+ 	int status = 1;
+ 	uint32 imagew = TIFFRasterScanlineSize(in);
+ 	uint32 tilew = TIFFTileRowSize(in);
+-	int iskew  = imagew - tilew*spp;
++	int iskew;
+ 	tsize_t tilesize = TIFFTileSize(in);
+ 	tdata_t tilebuf;
+ 	uint8* bufp = (uint8*) buf;
+@@ -1416,6 +1416,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
+ 	uint32 row;
+ 	uint16 bps = 0, bytes_per_sample;
+ 
++	if (spp > (0x7fffffff / tilew))
++	{
++		TIFFError(TIFFFileName(in), "Error, cannot handle that much samples per tile row (Tile Width * Samples/Pixel)");
++		return 0;
++	}
++	iskew = imagew - tilew*spp;
+ 	tilebuf = _TIFFmalloc(tilesize);
+ 	if (tilebuf == 0)
+ 		return 0;
+-- 
+2.18.1
+

CVE-2018-12900.patch

@@ -0,0 +1,33 @@
+From 7cc76e9bc40bc8eb329a718ab26ecef7dd1afd94 Mon Sep 17 00:00:00 2001
+From: Thomas Bernard <miniupnp@free.fr>
+Date: Mon, 11 Feb 2019 21:42:03 +0100
+Subject: [PATCH] tiffcp.c: use INT_MAX
+
+---
+ tools/tiffcp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index f0ee2c02..8c81aa4f 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -41,6 +41,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <limits.h>
+ 
+ #include <ctype.h>
+ 
+@@ -1416,7 +1417,7 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
+ 	uint32 row;
+ 	uint16 bps = 0, bytes_per_sample;
+ 
+-	if (spp > (0x7fffffff / tilew))
++	if (spp > (INT_MAX / tilew))
+ 	{
+ 		TIFFError(TIFFFileName(in), "Error, cannot handle that much samples per tile row (Tile Width * Samples/Pixel)");
+ 		return 0;
+-- 
+2.18.1
+

CVE-2018-19210-1.patch

@@ -0,0 +1,40 @@
+t a/libtiff/tif_dir.c b/libtiff/tif_dir.c
+index 6f0b48798bdeee91729c10e1fbcf9786234be5f3..078fbcec20677f19f7f967a4834011fe60df1df3 100644
+--- a/libtiff/tif_dir.c
++++ b/libtiff/tif_dir.c
+@@ -285,6 +285,18 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
+                 _TIFFfree(td->td_smaxsamplevalue);
+                 td->td_smaxsamplevalue = NULL;
+             }
++            /* Test if 3 transfer functions instead of just one are now needed
++               See http://bugzilla.maptools.org/show_bug.cgi?id=2820 */
++            if( td->td_transferfunction[0] != NULL && (v - td->td_extrasamples > 1) &&
++                !(td->td_samplesperpixel - td->td_extrasamples > 1))
++            {
++                    TIFFWarningExt(tif->tif_clientdata,module,
++                        "SamplesPerPixel tag value is changing, "
++                        "but TransferFunction was read with a different value. Cancelling it");
++                    TIFFClrFieldBit(tif,FIELD_TRANSFERFUNCTION);
++                    _TIFFfree(td->td_transferfunction[0]);
++                    td->td_transferfunction[0] = NULL;
++            }
+         }
+ 		td->td_samplesperpixel = (uint16) v;
+ 		break;
+@@ -361,6 +373,16 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
+ 		_TIFFsetShortArray(&td->td_colormap[2], va_arg(ap, uint16*), v32);
+ 		break;
+ 	case TIFFTAG_EXTRASAMPLES:
++            if ( td->td_transferfunction[0] != NULL && (td->td_samplesperpixel - v > 1) &&
++                 !(td->td_samplesperpixel - td->td_extrasamples > 1))
++            {
++                    TIFFWarningExt(tif->tif_clientdata,module,
++                        "ExtraSamples tag value is changing, "
++                        "but TransferFunction was read with a different value. Cancelling it");
++                    TIFFClrFieldBit(tif,FIELD_TRANSFERFUNCTION);
++                    _TIFFfree(td->td_transferfunction[0]);
++                    td->td_transferfunction[0] = NULL;
++            }
+ 		if (!setExtraSamples(td, ap, &v))
+ 			goto badvalue;
+ 		break;

CVE-2018-19210-2.patch

@@ -0,0 +1,59 @@
+diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
+index 078fbcec20677f19f7f967a4834011fe60df1df3..028ea54a256b4123ac320138aaedd1b356c2132f 100644
+--- a/libtiff/tif_dir.c
++++ b/libtiff/tif_dir.c
+@@ -88,13 +88,15 @@ setDoubleArrayOneValue(double** vpp, double value, size_t nmemb)
+  * Install extra samples information.
+  */
+ static int
+-setExtraSamples(TIFFDirectory* td, va_list ap, uint32* v)
++setExtraSamples(TIFF* tif, va_list ap, uint32* v)
+ {
+ /* XXX: Unassociated alpha data == 999 is a known Corel Draw bug, see below */
+ #define EXTRASAMPLE_COREL_UNASSALPHA 999 
+ 
+ 	uint16* va;
+ 	uint32 i;
++        TIFFDirectory* td = &tif->tif_dir;
++        static const char module[] = "setExtraSamples";
+ 
+ 	*v = (uint16) va_arg(ap, uint16_vap);
+ 	if ((uint16) *v > td->td_samplesperpixel)
+@@ -116,6 +118,18 @@ setExtraSamples(TIFFDirectory* td, va_list ap, uint32* v)
+ 				return 0;
+ 		}
+ 	}
++
++        if ( td->td_transferfunction[0] != NULL && (td->td_samplesperpixel - *v > 1) &&
++                !(td->td_samplesperpixel - td->td_extrasamples > 1))
++        {
++                TIFFWarningExt(tif->tif_clientdata,module,
++                    "ExtraSamples tag value is changing, "
++                    "but TransferFunction was read with a different value. Cancelling it");
++                TIFFClrFieldBit(tif,FIELD_TRANSFERFUNCTION);
++                _TIFFfree(td->td_transferfunction[0]);
++                td->td_transferfunction[0] = NULL;
++        }
++
+ 	td->td_extrasamples = (uint16) *v;
+ 	_TIFFsetShortArray(&td->td_sampleinfo, va, td->td_extrasamples);
+ 	return 1;
+@@ -373,17 +387,7 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
+ 		_TIFFsetShortArray(&td->td_colormap[2], va_arg(ap, uint16*), v32);
+ 		break;
+ 	case TIFFTAG_EXTRASAMPLES:
+-            if ( td->td_transferfunction[0] != NULL && (td->td_samplesperpixel - v > 1) &&
+-                 !(td->td_samplesperpixel - td->td_extrasamples > 1))
+-            {
+-                    TIFFWarningExt(tif->tif_clientdata,module,
+-                        "ExtraSamples tag value is changing, "
+-                        "but TransferFunction was read with a different value. Cancelling it");
+-                    TIFFClrFieldBit(tif,FIELD_TRANSFERFUNCTION);
+-                    _TIFFfree(td->td_transferfunction[0]);
+-                    td->td_transferfunction[0] = NULL;
+-            }
+-		if (!setExtraSamples(td, ap, &v))
++		if (!setExtraSamples(tif, ap, &v))
+ 			goto badvalue;
+ 		break;
+ 	case TIFFTAG_MATTEING:

CVE-2019-6128.patch

@@ -0,0 +1,35 @@
+diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c
+index 01d8502ecf7a8a7f015e49ca9378a1a741cbc06b..9492f1cf1212177bf7e97d307757d0977c898e90 100644
+--- a/tools/pal2rgb.c
++++ b/tools/pal2rgb.c
+@@ -118,12 +118,14 @@ main(int argc, char* argv[])
+ 	    shortv != PHOTOMETRIC_PALETTE) {
+ 		fprintf(stderr, "%s: Expecting a palette image.\n",
+ 		    argv[optind]);
++		(void) TIFFClose(in);
+ 		return (-1);
+ 	}
+ 	if (!TIFFGetField(in, TIFFTAG_COLORMAP, &rmap, &gmap, &bmap)) {
+ 		fprintf(stderr,
+ 		    "%s: No colormap (not a valid palette image).\n",
+ 		    argv[optind]);
++		(void) TIFFClose(in);
+ 		return (-1);
+ 	}
+ 	bitspersample = 0;
+@@ -131,11 +133,14 @@ main(int argc, char* argv[])
+ 	if (bitspersample != 8) {
+ 		fprintf(stderr, "%s: Sorry, can only handle 8-bit images.\n",
+ 		    argv[optind]);
++		(void) TIFFClose(in);
+ 		return (-1);
+ 	}
+ 	out = TIFFOpen(argv[optind+1], "w");
+-	if (out == NULL)
++	if (out == NULL) {
++		(void) TIFFClose(in);
+ 		return (-2);
++	}
+ 	cpTags(in, out);
+ 	TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &imagewidth);
+ 	TIFFGetField(in, TIFFTAG_IMAGELENGTH, &imagelength);

libtiff-am-version.patch

@@ -0,0 +1,31 @@
+Back off the minimum required automake version to 1.11.  There isn't
+anything in libtiff currently that actually requires 1.12, and changing
+this allows the package to be built on pre-F18 machines for easier testing.
+
+This patch can go away once we no longer care about testing on pre-F18.
+
+
+diff -Naur tiff-4.0.3.orig/Makefile.am tiff-4.0.3/Makefile.am
+--- tiff-4.0.3.orig/Makefile.am	2012-09-20 09:22:47.000000000 -0400
++++ tiff-4.0.3/Makefile.am	2012-10-30 11:33:30.312823564 -0400
+@@ -25,7 +25,7 @@
+ 
+ docdir = $(LIBTIFF_DOCDIR)
+ 
+-AUTOMAKE_OPTIONS = 1.12 dist-zip foreign
++AUTOMAKE_OPTIONS = 1.11 dist-zip foreign
+ ACLOCAL_AMFLAGS = -I m4
+ 
+ docfiles = \
+diff -Naur tiff-4.0.3.orig/test/Makefile.am tiff-4.0.3/test/Makefile.am
+--- tiff-4.0.3.orig/test/Makefile.am	2012-09-20 09:22:28.000000000 -0400
++++ tiff-4.0.3/test/Makefile.am	2012-10-30 11:33:17.109696812 -0400
+@@ -23,7 +23,7 @@
+ 
+ # Process this file with automake to produce Makefile.in.
+ 
+-AUTOMAKE_OPTIONS = 1.12 color-tests parallel-tests foreign
++AUTOMAKE_OPTIONS = 1.11 color-tests parallel-tests foreign
+ 
+ LIBTIFF = $(top_builddir)/libtiff/libtiff.la
+ 

libtiff-make-check.patch

@@ -0,0 +1,12 @@
+diff --git a/html/man/Makefile.am b/html/man/Makefile.am
+index 587296c..696005e 100644
+--- a/html/man/Makefile.am
++++ b/html/man/Makefile.am
+@@ -92,7 +92,6 @@ docfiles = \
+ 	tiffcrop.1.html \
+ 	tiffdither.1.html \
+ 	tiffdump.1.html \
+-	tiffgt.1.html \
+ 	tiffinfo.1.html \
+ 	tiffmedian.1.html \
+ 	tiffset.1.html \

libtiff.spec

@@ -0,0 +1,166 @@
+Name:           libtiff
+Version:        4.0.10
+Release:        1
+Summary:        TIFF Library and Utilities
+License:        libtiff
+URL:            https://www.simplesystems.org/libtiff/
+Source0:        https://download.osgeo.org/libtiff/tiff-%{version}.tar.gz
+
+Patch0:         libtiff-am-version.patch
+Patch1:         libtiff-make-check.patch
+
+Patch6001:      CVE-2018-12900-pre.patch
+Patch6002:      CVE-2018-12900.patch
+Patch6003:      CVE-2018-19210-1.patch
+Patch6004:      CVE-2018-19210-2.patch
+Patch6005:      CVE-2019-6128.patch
+
+BuildRequires:  gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel
+BuildRequires:  libtool automake autoconf pkgconfig git
+
+Provides:       %{name}-tools
+Obsoletes:      %{name}-tools
+
+%description
+This %{name} provides support for the Tag Image File Format (TIFF), a widely 
+used format for storing image data. The latest version of the TIFF specification 
+is available on-line in several different formats.And contains command-line programs
+for manipulating TIFF format image files using the libtiff library.
+
+%package	devel
+Summary:        Development files for %{name} library
+Requires:	%{name} = %{version}-%{release} pkgconfig
+
+Provides:       %{name}-static
+Obsoletes:      %{name}-static
+
+%description devel
+This package contains the header files and documentation necessary for developing programs
+which will manipulate TIFF format image files using the libtiff library.
+
+%package_help
+
+%prep
+%autosetup -n tiff-%{version} -p1 -S git
+
+libtoolize --force  --copy
+aclocal -I . -I m4
+automake --add-missing --copy
+autoconf
+autoheader
+
+%build
+export CFLAGS="%{optflags} -fno-strict-aliasing"
+%configure --enable-ld-version-script      
+%make_build
+
+%install
+%make_install
+%delete_la
+
+rm -rf %{buildroot}/%{_datadir}/doc/
+rm -f  %{buildroot}/%{_bindir}/tiffgt
+
+case `uname -i` in
+    x86_64 )
+         wordsize="64"
+    ;;
+    *)
+         wordsize=""
+    ;; 
+esac
+
+if test -n "$wordsize"
+then
+   mv %{buildroot}/%{_includedir}/tiffconf.h  %{buildroot}/%{_includedir}/tiffconf-$wordsize.h
+   cat >%{buildroot}/%{_includedir}/tiffconf.h <<EOF
+#ifndef TIFFCONF_H_MULTILIB
+#define TIFFCONF_H_MULTILIB
+
+#include <bits/wordsize.h>
+
+#if __WORDSIZE == 32
+# include "tiffconf-32.h"
+#elif __WORDSIZE == 64
+# include "tiffconf-64.h"
+#else
+# error "unexpected value for __WORDSIZE macro"
+#endif
+
+#endif	
+EOF
+fi
+
+%ldconfig_scriptlets
+
+%check
+make check
+find html -name 'Makefile*' | xargs rm
+
+%files
+%defattr(-,root,root)
+%doc COPYRIGHT README.md 
+%{_bindir}/*
+%{_libdir}/*.so.*
+
+%files devel
+%defattr(-,root,root)
+%{_includedir}/*
+%{_libdir}/*.a
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/
+
+%files help
+%defattr(-,root,root)
+%{_mandir}/man*
+%doc RELEASE-DATE VERSION
+%doc TODO ChangeLog html 
+%exclude %{_mandir}/man1/tiffgt.1
+%exclude %{_datadir}/html/man/tiffgt.1.html
+
+%changelog
+* Fri Sep 06 2019 openEuler Buildteam <buildteam@openeuler.org> - 4.0.10-1
+- Type:Enhance
+- ID:NA
+- SUG:NA
+- DESC: openEuler Debranding
+
+* Mon Aug 19 2019 cangyi<cangyi@huawei.com> - 4.0.9-11.h6
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:format patches
+
+* Fri Aug 09 2019 zhangyujing<zhangyujing1@huawei.com> - 4.0.9-11.h5
+- Type:cves
+- ID:CVE-2018-10779
+- SUG:NA
+- DESC:fix CVE-2018-10779
+
+* Wed Jul 31 2019 shenyangyang<shenyangyang4@huawei.com> - 4.0.9-11.h4
+- Type:NA
+- ID:NA
+- SUG:NA
+- DESC:openEuler Debrading
+
+* Mon Jul 15 2019 wangchan<wangchan9@huawei.com> - 4.0.9-11.h3
+- Type:cves
+- ID:CVE-2017-17095
+- SUG:NA
+- DESC:fix CVE-2017-17095
+
+* Mon Apr 29 2019 yuejiayan<yuejiayan@huawei.com> - 4.0.9-11.h2
+- Type:cves
+- ID:CVE-2018-19210 CVE-2019-6128
+- SUG:NA
+- DESC:fix above cves
+
+* Sun Apr 07 2019 wenjun<wenjun8@huawei.com> - 4.0.9-11.h1
+- Type:cves
+- ID:CVE-2018-18557 CVE-2018-17101 CVE-2018-17100 CVE-2018-12900 CVE-2018-18661
+- SUG:NA
+- DESC:fix above cves
+
+* Fri Jul 13 2018 shenyangyang<shenyangyang4@huawei.com> - 4.0.9-11
+- Package Initialization
+