new file mode 100644

@@ -0,0 +1,66 @@

+From 6173a57d39e04d68b139f8c1aa499a24dbe74ba1 Mon Sep 17 00:00:00 2001

+From: Even Rouault <even.rouault@spatialys.com>

+Date: Fri, 30 Jun 2017 17:29:44 +0000

+Subject: [PATCH] * libtiff/tif_dirwrite.c: in

+ TIFFWriteDirectoryTagCheckedXXXX() functions associated with LONG8/SLONG8

+ data type, replace assertion that the file is BigTIFF, by a non-fatal error.

+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712 Reported by team

+ OWL337

+

+---

+ ChangeLog              |  8 ++++++++

+ libtiff/tif_dirwrite.c | 20 ++++++++++++++++----

+ 2 files changed, 24 insertions(+), 4 deletions(-)

+

+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c

+index 2967da58..8d6686ba 100644

+--- a/libtiff/tif_dirwrite.c

+@@ -2111,7 +2111,10 @@ TIFFWriteDirectoryTagCheckedLong8(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, ui

+ {

+ 	uint64 m;

+ 	assert(sizeof(uint64)==8);

+-	assert(tif->tif_flags&TIFF_BIGTIFF);

++	if( !(tif->tif_flags&TIFF_BIGTIFF) ) {

++		TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");

++		return(0);

++	}

+ 	m=value;

+ 	if (tif->tif_flags&TIFF_SWAB)

+ 		TIFFSwabLong8(&m);

+@@ -2124,7 +2127,10 @@ TIFFWriteDirectoryTagCheckedLong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* di

+ {

+ 	assert(count<0x20000000);

+ 	assert(sizeof(uint64)==8);

+-	assert(tif->tif_flags&TIFF_BIGTIFF);

++	if( !(tif->tif_flags&TIFF_BIGTIFF) ) {

++		TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");

++		return(0);

++	}

+ 	if (tif->tif_flags&TIFF_SWAB)

+ 		TIFFSwabArrayOfLong8(value,count);

+ 	return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_LONG8,count,count*8,value));

+@@ -2136,7 +2142,10 @@ TIFFWriteDirectoryTagCheckedSlong8(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, u

+ {

+ 	int64 m;

+ 	assert(sizeof(int64)==8);

+-	assert(tif->tif_flags&TIFF_BIGTIFF);

++	if( !(tif->tif_flags&TIFF_BIGTIFF) ) {

++		TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");

++		return(0);

++	}

+ 	m=value;

+ 	if (tif->tif_flags&TIFF_SWAB)

+ 		TIFFSwabLong8((uint64*)(&m));

+@@ -2149,7 +2158,10 @@ TIFFWriteDirectoryTagCheckedSlong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* d

+ {

+ 	assert(count<0x20000000);

+ 	assert(sizeof(int64)==8);

+-	assert(tif->tif_flags&TIFF_BIGTIFF);

++	if( !(tif->tif_flags&TIFF_BIGTIFF) ) {

++		TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");

++		return(0);

++	}

+ 	if (tif->tif_flags&TIFF_SWAB)

+ 		TIFFSwabArrayOfLong8((uint64*)value,count);

+ 	return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_SLONG8,count,count*8,value));

@@ -1,7 +1,7 @@

 Summary:        TIFF libraries and associated utilities.

 Name:           libtiff

 Version:        4.0.8

-Release:        1%{?dist}

+Release:        2%{?dist}

 License:        libtiff

 URL:            http://www.simplesystems.org/libtiff/

 Group:          System Environment/Libraries

@@ -12,6 +12,7 @@ Source0:        http://download.osgeo.org/%{name}/tiff-%{version}.tar.gz

 # patches:      https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/

 Patch0:         libtiff-4.0.6-CVE-2015-7554.patch

 Patch1:         libtiff-4.0.6-CVE-2015-1547.patch

+Patch2:         libtiff-CVE-2017-10688.patch

 BuildRequires:  libjpeg-turbo-devel

 Requires:       libjpeg-turbo

 %description

@@ -28,6 +29,7 @@ It contains the libraries and header files to create applications

 %setup -q -n tiff-%{version}

 %patch0 -p1

 %patch1 -p1

+%patch2 -p1

 %build

 ./configure \

@@ -63,6 +65,8 @@ make %{?_smp_mflags} -k check

 %{_datadir}/man/man3/*

 %changelog

+*   Tue Jul 11 2017 Divya Thaluru <dthaluru@vmware.com> 4.0.8-2

+-   Applied patch for CVE-2017-10688

 *   Wed Jun 07 2017 Xiaolin Li <xiaolinl@vmware.com> 4.0.8-1

 -   Updated to version 4.0.8.

 *   Tue May 16 2017 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.0.7-4