new file mode 100644

@@ -0,0 +1,11 @@

+--- a/tools/tiffcrop.c	2016-11-18 19:45:30.000000000 -0800

+@@ -3698,7 +3698,7 @@ static int readContigStripsIntoBuffer (T

+                                   (unsigned long) strip, (unsigned long)rows);

+                         return 0;

+                 }

+-                bufp += bytes_read;

++                bufp += stripsize;

+         }

+ 

+         return 1;

new file mode 100644

@@ -0,0 +1,29 @@

+--- a/tools/tiffcp.c	2017-04-10 16:05:52.888619200 -0700

+@@ -1183,7 +1183,7 @@ bad:

+ 

+ static void

+ cpStripToTile(uint8* out, uint8* in,

+-    uint32 rows, uint32 cols, int outskew, int inskew)

++    uint32 rows, uint32 cols, int outskew, int64 inskew)

+ {

+ 	while (rows-- > 0) {

+ 		uint32 j = cols;

+@@ -1340,7 +1340,7 @@ DECLAREreadFunc(readContigTilesIntoBuffe

+ 	tdata_t tilebuf;

+ 	uint32 imagew = TIFFScanlineSize(in);

+ 	uint32 tilew  = TIFFTileRowSize(in);

+-	int iskew = imagew - tilew;

++	int64 iskew = (int64)imagew - (int64)tilew;

+ 	uint8* bufp = (uint8*) buf;

+ 	uint32 tw, tl;

+ 	uint32 row;

+@@ -1368,7 +1368,7 @@ DECLAREreadFunc(readContigTilesIntoBuffe

+ 				status = 0;

+ 				goto done;

+ 			}

+-			if (colb + tilew > imagew) {

++			if (colb > iskew) {

+ 				uint32 width = imagew - colb;

+ 				uint32 oskew = tilew - width;

+ 				cpStripToTile(bufp + colb,

new file mode 100644

@@ -0,0 +1,11 @@

+--- a/tools/tiff2pdf.c	2016-11-12 08:58:10.000000000 -0800

+@@ -2895,7 +2895,7 @@ tsize_t t2p_readwrite_pdf_image_tile(T2P

+ 				return(0);

+ 			}

+ 			if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) {

+-				if (count >= 4) {

++				if (count > 4) {

+                     /* Ignore EOI marker of JpegTables */

+ 					_TIFFmemcpy(buffer, jpt, count - 2);

+ 					bufferoffset += count - 2;

@@ -1,7 +1,7 @@

 Summary:	TIFF libraries and associated utilities.

 Name:		libtiff

 Version:	4.0.7

-Release:	2%{?dist}

+Release:	3%{?dist}

 License:	libtiff

 URL:		http://www.remotesensing.org/libtiff

 Group:		System Environment/Libraries

@@ -12,6 +12,9 @@ Source0:	http://download.osgeo.org/%{name}/tiff-%{version}.tar.gz

 Patch0:		libtiff-4.0.6-CVE-2015-7554.patch

 Patch1:     	libtiff-4.0.6-CVE-2015-1547.patch

 Patch2:     	libtiff-4.0.7-CVE-2017-5225.patch

+Patch3:     	libtiff-4.0.7-CVE-2016-10092.patch

+Patch4:     	libtiff-4.0.7-CVE-2016-10093.patch

+Patch5:     	libtiff-4.0.7-CVE-2016-10094.patch

 BuildRequires:	libjpeg-turbo-devel

 Requires:	libjpeg-turbo

 %description

@@ -29,6 +32,9 @@ It contains the libraries and header files to create applications

 %patch0 -p1

 %patch1 -p1

 %patch2 -p1

+%patch3 -p1

+%patch4 -p1

+%patch5 -p1

 %build

 ./configure \

@@ -64,6 +70,8 @@ make %{?_smp_mflags} -k check

 %{_datadir}/man/man3/*

 %changelog

+*   Mon Apr 10 2017 Dheeraj Shetty <dheerajs@vmware.com> 4.0.7-3

+-   Patch : CVE-2016-10092, CVE-2016-10093, CVE-2016-10094

 *   Thu Jan 19 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 4.0.7-2

 -   Patch : CVE-2017-5225

 *   Thu Nov 24 2016 Alexey Makhalov <amakhalov@vmware.com> 4.0.7-1