diff --git a/SOURCES/0001-Back-off-the-minimum-required-automake-version-to-1..patch b/SOURCES/0001-Back-off-the-minimum-required-automake-version-to-1..patch
index 5486431..922631b 100644
--- a/SOURCES/0001-Back-off-the-minimum-required-automake-version-to-1..patch
+++ b/SOURCES/0001-Back-off-the-minimum-required-automake-version-to-1..patch
@@ -38,6 +38,3 @@ index 2052487c..227f228f 100644
LIBTIFF = $(top_builddir)/libtiff/libtiff.la
---
-2.34.1
-
diff --git a/SOURCES/0002-Fix-Makefile.patch b/SOURCES/0002-Fix-Makefile.patch
index f252fff..d237372 100644
--- a/SOURCES/0002-Fix-Makefile.patch
+++ b/SOURCES/0002-Fix-Makefile.patch
@@ -19,6 +19,3 @@ index 3ed00d44..8a64925a 100644
tiffinfo.1.html \
tiffmedian.1.html \
tiffset.1.html \
---
-2.34.1
-
diff --git a/SOURCES/0003-CVE-2018-5784-Fix-for-bug-2772.patch b/SOURCES/0003-CVE-2018-5784-Fix-for-bug-2772.patch
index 933f6ea..1aaade9 100644
--- a/SOURCES/0003-CVE-2018-5784-Fix-for-bug-2772.patch
+++ b/SOURCES/0003-CVE-2018-5784-Fix-for-bug-2772.patch
@@ -125,6 +125,3 @@ index c69177e0..c60cb389 100644
if (image_count == 0)
{
dirnum = 0;
---
-2.34.1
-
diff --git a/SOURCES/0004-CVE-2018-7456-Fix-NULL-pointer-dereference-in-TIFFPr.patch b/SOURCES/0004-CVE-2018-7456-Fix-NULL-pointer-dereference-in-TIFFPr.patch
index 0a3af0a..8148474 100644
--- a/SOURCES/0004-CVE-2018-7456-Fix-NULL-pointer-dereference-in-TIFFPr.patch
+++ b/SOURCES/0004-CVE-2018-7456-Fix-NULL-pointer-dereference-in-TIFFPr.patch
@@ -168,6 +168,3 @@ index 24d4b98a..10a588ea 100644
fprintf(fd, " %5u",
td->td_transferfunction[i][l]);
fputc('\n', fd);
---
-2.34.1
-
diff --git a/SOURCES/0005-CVE-2017-9935-tiff2pdf-Fix-CVE-2017-9935.patch b/SOURCES/0005-CVE-2017-9935-tiff2pdf-Fix-CVE-2017-9935.patch
index c76ee4a..1021a29 100644
--- a/SOURCES/0005-CVE-2017-9935-tiff2pdf-Fix-CVE-2017-9935.patch
+++ b/SOURCES/0005-CVE-2017-9935-tiff2pdf-Fix-CVE-2017-9935.patch
@@ -150,6 +150,3 @@ index bdb91262..ef5d6a01 100644
t2p->tiff_transferfunctioncount=3;
} else {
t2p->tiff_transferfunctioncount=1;
---
-2.34.1
-
diff --git a/SOURCES/0006-CVE-2017-9935-tiff2pdf-Fix-apparent-incorrect-type-f.patch b/SOURCES/0006-CVE-2017-9935-tiff2pdf-Fix-apparent-incorrect-type-f.patch
index 80522ba..e44206f 100644
--- a/SOURCES/0006-CVE-2017-9935-tiff2pdf-Fix-apparent-incorrect-type-f.patch
+++ b/SOURCES/0006-CVE-2017-9935-tiff2pdf-Fix-apparent-incorrect-type-f.patch
@@ -56,6 +56,3 @@ index ef5d6a01..bd23c9e5 100644
) {
t2p->tiff_transferfunctioncount=3;
} else {
---
-2.34.1
-
diff --git a/SOURCES/0007-CVE-2017-18013-libtiff-tif_print.c-TIFFPrintDirector.patch b/SOURCES/0007-CVE-2017-18013-libtiff-tif_print.c-TIFFPrintDirector.patch
index 8c23d07..6c3816b 100644
--- a/SOURCES/0007-CVE-2017-18013-libtiff-tif_print.c-TIFFPrintDirector.patch
+++ b/SOURCES/0007-CVE-2017-18013-libtiff-tif_print.c-TIFFPrintDirector.patch
@@ -32,6 +32,3 @@ index 10a588ea..b9b53a0f 100644
#endif
}
}
---
-2.34.1
-
diff --git a/SOURCES/0008-CVE-2018-8905-LZWDecodeCompat-fix-potential-index-ou.patch b/SOURCES/0008-CVE-2018-8905-LZWDecodeCompat-fix-potential-index-ou.patch
index db6c0e5..e1c0322 100644
--- a/SOURCES/0008-CVE-2018-8905-LZWDecodeCompat-fix-potential-index-ou.patch
+++ b/SOURCES/0008-CVE-2018-8905-LZWDecodeCompat-fix-potential-index-ou.patch
@@ -50,6 +50,3 @@ index bc8f9c84..186ea3ca 100644
} else {
*op++ = (char)code;
occ--;
---
-2.34.1
-
diff --git a/SOURCES/0009-CVE-2018-10963-TIFFWriteDirectorySec-avoid-assertion.patch b/SOURCES/0009-CVE-2018-10963-TIFFWriteDirectorySec-avoid-assertion.patch
index 58c6ff2..1fd8f7b 100644
--- a/SOURCES/0009-CVE-2018-10963-TIFFWriteDirectorySec-avoid-assertion.patch
+++ b/SOURCES/0009-CVE-2018-10963-TIFFWriteDirectorySec-avoid-assertion.patch
@@ -27,6 +27,3 @@ index c68d6d21..5d0a6699 100644
}
}
}
---
-2.34.1
-
diff --git a/SOURCES/0010-CVE-2018-17100-avoid-potential-int32-overflows-in-mu.patch b/SOURCES/0010-CVE-2018-17100-avoid-potential-int32-overflows-in-mu.patch
index 22fb539..67a79f0 100644
--- a/SOURCES/0010-CVE-2018-17100-avoid-potential-int32-overflows-in-mu.patch
+++ b/SOURCES/0010-CVE-2018-17100-avoid-potential-int32-overflows-in-mu.patch
@@ -36,6 +36,3 @@ index 91415e96..81ffa3db 100644
}
int
---
-2.34.1
-
diff --git a/SOURCES/0011-CVE-2018-18557-JBIG-fix-potential-out-of-bounds-writ.patch b/SOURCES/0011-CVE-2018-18557-JBIG-fix-potential-out-of-bounds-writ.patch
index 5cbdde0..0c75963 100644
--- a/SOURCES/0011-CVE-2018-18557-JBIG-fix-potential-out-of-bounds-writ.patch
+++ b/SOURCES/0011-CVE-2018-18557-JBIG-fix-potential-out-of-bounds-writ.patch
@@ -105,6 +105,3 @@ index 2ba985a7..04100f4d 100644
#else
whole_strip = 1;
#endif
---
-2.34.1
-
diff --git a/SOURCES/0012-CVE-2018-18661-tiff2bw-avoid-null-pointer-dereferenc.patch b/SOURCES/0012-CVE-2018-18661-tiff2bw-avoid-null-pointer-dereferenc.patch
index 18b6f0e..9ce55f9 100644
--- a/SOURCES/0012-CVE-2018-18661-tiff2bw-avoid-null-pointer-dereferenc.patch
+++ b/SOURCES/0012-CVE-2018-18661-tiff2bw-avoid-null-pointer-dereferenc.patch
@@ -117,6 +117,3 @@ index c60cb389..3862b1ca 100644
#define TRUE 1
#define FALSE 0
---
-2.34.1
-
diff --git a/SOURCES/0013-bz1602597-Fix-two-resource-leaks.patch b/SOURCES/0013-bz1602597-Fix-two-resource-leaks.patch
index 0eff22e..6dbf46d 100644
--- a/SOURCES/0013-bz1602597-Fix-two-resource-leaks.patch
+++ b/SOURCES/0013-bz1602597-Fix-two-resource-leaks.patch
@@ -38,6 +38,3 @@ index bd23c9e5..ff7b9c22 100644
t2p->t2p_error = T2P_ERR_ERROR;
return(0);
}
---
-2.34.1
-
diff --git a/SOURCES/0014-CVE-2018-12900-check-that-Tile-Width-Samples-Pixel-d.patch b/SOURCES/0014-CVE-2018-12900-check-that-Tile-Width-Samples-Pixel-d.patch
index 3a25723..52c80b0 100644
--- a/SOURCES/0014-CVE-2018-12900-check-that-Tile-Width-Samples-Pixel-d.patch
+++ b/SOURCES/0014-CVE-2018-12900-check-that-Tile-Width-Samples-Pixel-d.patch
@@ -45,6 +45,3 @@ index 489459a7..96f14728 100644
tilebuf = _TIFFmalloc(tilesize);
if (tilebuf == 0)
return 0;
---
-2.34.1
-
diff --git a/SOURCES/0015-CVE-2019-14973-Fix-integer-overflow-in-_TIFFCheckMal.patch b/SOURCES/0015-CVE-2019-14973-Fix-integer-overflow-in-_TIFFCheckMal.patch
index 713178a..8eca5e5 100644
--- a/SOURCES/0015-CVE-2019-14973-Fix-integer-overflow-in-_TIFFCheckMal.patch
+++ b/SOURCES/0015-CVE-2019-14973-Fix-integer-overflow-in-_TIFFCheckMal.patch
@@ -421,6 +421,3 @@ index 08e5dc44..d4b86314 100644
extern void* _TIFFCheckMalloc(TIFF*, tmsize_t, tmsize_t, const char*);
extern void* _TIFFCheckRealloc(TIFF*, void*, tmsize_t, tmsize_t, const char*);
---
-2.34.1
-
diff --git a/SOURCES/0016-CVE-2019-17546-RGBA-interface-fix-integer-overflow-p.patch b/SOURCES/0016-CVE-2019-17546-RGBA-interface-fix-integer-overflow-p.patch
index 4520181..9d0adc8 100644
--- a/SOURCES/0016-CVE-2019-17546-RGBA-interface-fix-integer-overflow-p.patch
+++ b/SOURCES/0016-CVE-2019-17546-RGBA-interface-fix-integer-overflow-p.patch
@@ -100,6 +100,3 @@ index ec09feaf..c6edd27c 100644
&& img->stoponerr)
{
ret = 0;
---
-2.34.1
-
diff --git a/SOURCES/0017-CVE-2020-35521-CVE-2020-35522-enforce-configurable-m.patch b/SOURCES/0017-CVE-2020-35521-CVE-2020-35522-enforce-configurable-m.patch
index a943dca..03f47a0 100644
--- a/SOURCES/0017-CVE-2020-35521-CVE-2020-35522-enforce-configurable-m.patch
+++ b/SOURCES/0017-CVE-2020-35521-CVE-2020-35522-enforce-configurable-m.patch
@@ -84,6 +84,3 @@ index 4de96aec..e6de2209 100644
NULL
};
---
-2.34.1
-
diff --git a/SOURCES/0018-CVE-2020-35523-gtTileContig-check-Tile-width-for-ove.patch b/SOURCES/0018-CVE-2020-35523-gtTileContig-check-Tile-width-for-ove.patch
index be5176b..f150651 100644
--- a/SOURCES/0018-CVE-2020-35523-gtTileContig-check-Tile-width-for-ove.patch
+++ b/SOURCES/0018-CVE-2020-35523-gtTileContig-check-Tile-width-for-ove.patch
@@ -48,6 +48,3 @@ index c6edd27c..b1f7cc95 100644
}
/*
---
-2.34.1
-
diff --git a/SOURCES/0019-CVE-2020-35524-tiff2pdf.c-properly-calculate-datasiz.patch b/SOURCES/0019-CVE-2020-35524-tiff2pdf.c-properly-calculate-datasiz.patch
index 7aff264..59e4fbc 100644
--- a/SOURCES/0019-CVE-2020-35524-tiff2pdf.c-properly-calculate-datasiz.patch
+++ b/SOURCES/0019-CVE-2020-35524-tiff2pdf.c-properly-calculate-datasiz.patch
@@ -36,6 +36,3 @@ index ff7b9c22..a5db1f64 100644
}
if (k == 0) {
/* Assume we had overflow inside TIFFScanlineSize */
---
-2.34.1
-
diff --git a/SOURCES/0020-CVE-2020-19131-tiffcrop.c-fix-invertImage-for-bps-2-.patch b/SOURCES/0020-CVE-2020-19131-tiffcrop.c-fix-invertImage-for-bps-2-.patch
index eb61fab..094b908 100644
--- a/SOURCES/0020-CVE-2020-19131-tiffcrop.c-fix-invertImage-for-bps-2-.patch
+++ b/SOURCES/0020-CVE-2020-19131-tiffcrop.c-fix-invertImage-for-bps-2-.patch
@@ -87,6 +87,3 @@ index 3862b1ca..a6129148 100644
{
*src = ~(*src);
src++;
---
-2.34.1
-
diff --git a/SOURCES/0021-CVE-2022-0561-TIFFFetchStripThing-avoid-calling-memc.patch b/SOURCES/0021-CVE-2022-0561-TIFFFetchStripThing-avoid-calling-memc.patch
index fb1652b..146f7b6 100644
--- a/SOURCES/0021-CVE-2022-0561-TIFFFetchStripThing-avoid-calling-memc.patch
+++ b/SOURCES/0021-CVE-2022-0561-TIFFFetchStripThing-avoid-calling-memc.patch
@@ -25,6 +25,3 @@ index 80aaf8d1..1e6f1c2f 100644
_TIFFfree(data);
data=resizeddata;
}
---
-2.34.1
-
diff --git a/SOURCES/0022-CVE-2022-0562-TIFFReadDirectory-avoid-calling-memcpy.patch b/SOURCES/0022-CVE-2022-0562-TIFFReadDirectory-avoid-calling-memcpy.patch
index ef22de3..26116a2 100644
--- a/SOURCES/0022-CVE-2022-0562-TIFFReadDirectory-avoid-calling-memcpy.patch
+++ b/SOURCES/0022-CVE-2022-0562-TIFFReadDirectory-avoid-calling-memcpy.patch
@@ -23,6 +23,3 @@ index 1e6f1c2f..d68aecc5 100644
_TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
_TIFFfree(new_sampleinfo);
}
---
-2.34.1
-
diff --git a/SOURCES/0023-CVE-2022-22844-tiffset-fix-global-buffer-overflow-fo.patch b/SOURCES/0023-CVE-2022-22844-tiffset-fix-global-buffer-overflow-fo.patch
index 49e4e9d..c07175a 100644
--- a/SOURCES/0023-CVE-2022-22844-tiffset-fix-global-buffer-overflow-fo.patch
+++ b/SOURCES/0023-CVE-2022-22844-tiffset-fix-global-buffer-overflow-fo.patch
@@ -34,6 +34,3 @@ index 894c9f1f..e4b0d49f 100644
} else if (TIFFFieldWriteCount(fip) > 0
|| TIFFFieldWriteCount(fip) == TIFF_VARIABLE) {
int ret = 1;
---
-2.34.1
-
diff --git a/SOURCES/0024-CVE-2022-0865-tif_jbig.c-fix-crash-when-reading-a-fi.patch b/SOURCES/0024-CVE-2022-0865-tif_jbig.c-fix-crash-when-reading-a-fi.patch
index 87eb654..be0fa01 100644
--- a/SOURCES/0024-CVE-2022-0865-tif_jbig.c-fix-crash-when-reading-a-fi.patch
+++ b/SOURCES/0024-CVE-2022-0865-tif_jbig.c-fix-crash-when-reading-a-fi.patch
@@ -31,6 +31,3 @@ index 8136c77b..698428f0 100644
/* Setup the function pointers for encode, decode, and cleanup. */
tif->tif_setupdecode = JBIGSetupDecode;
---
-2.34.1
-
diff --git a/SOURCES/0025-CVE-2022-0891-tiffcrop-fix-issue-380-and-382-heap-bu.patch b/SOURCES/0025-CVE-2022-0891-tiffcrop-fix-issue-380-and-382-heap-bu.patch
index af2e18d..d790f39 100644
--- a/SOURCES/0025-CVE-2022-0891-tiffcrop-fix-issue-380-and-382-heap-bu.patch
+++ b/SOURCES/0025-CVE-2022-0891-tiffcrop-fix-issue-380-and-382-heap-bu.patch
@@ -196,6 +196,3 @@ index a6129148..83cf80ad 100644
/* allocate a buffer if we don't have one already */
if (createImageSection(sectsize, sect_buff_ptr))
{
---
-2.34.1
-
diff --git a/SOURCES/0026-CVE-2022-0924-fix-heap-buffer-overflow-in-tiffcp-278.patch b/SOURCES/0026-CVE-2022-0924-fix-heap-buffer-overflow-in-tiffcp-278.patch
index 769799f..bc3af27 100644
--- a/SOURCES/0026-CVE-2022-0924-fix-heap-buffer-overflow-in-tiffcp-278.patch
+++ b/SOURCES/0026-CVE-2022-0924-fix-heap-buffer-overflow-in-tiffcp-278.patch
@@ -49,6 +49,3 @@ index 96f14728..d5f1d248 100644
if (TIFFWriteEncodedStrip(out, strip++, obuf, stripsize) < 0) {
TIFFError(TIFFFileName(out),
"Error, can't write strip %u",
---
-2.34.1
-
diff --git a/SOURCES/0027-CVE-2022-0909-fix-the-FPE-in-tiffcrop-393.patch b/SOURCES/0027-CVE-2022-0909-fix-the-FPE-in-tiffcrop-393.patch
index 6ffaba8..70461d8 100644
--- a/SOURCES/0027-CVE-2022-0909-fix-the-FPE-in-tiffcrop-393.patch
+++ b/SOURCES/0027-CVE-2022-0909-fix-the-FPE-in-tiffcrop-393.patch
@@ -28,6 +28,3 @@ index c36a5f3f..f126f2aa 100644
goto badvaluedouble;
td->td_yresolution = TIFFClampDoubleToFloat( dblval );
break;
---
-2.34.1
-
diff --git a/SOURCES/0028-CVE-2022-0908-TIFFFetchNormalTag-avoid-calling-memcp.patch b/SOURCES/0028-CVE-2022-0908-TIFFFetchNormalTag-avoid-calling-memcp.patch
index b76d47f..931a2fa 100644
--- a/SOURCES/0028-CVE-2022-0908-TIFFFetchNormalTag-avoid-calling-memcp.patch
+++ b/SOURCES/0028-CVE-2022-0908-TIFFFetchNormalTag-avoid-calling-memcp.patch
@@ -25,6 +25,3 @@ index d68aecc5..b72e6a3b 100644
o[(uint32)dp->tdir_count]=0;
if (data!=0)
_TIFFfree(data);
---
-2.34.1
-
diff --git a/SOURCES/0029-CVE-2022-1355-tiffcp-avoid-buffer-overflow-in-mode-s.patch b/SOURCES/0029-CVE-2022-1355-tiffcp-avoid-buffer-overflow-in-mode-s.patch
index deb2812..706254e 100644
--- a/SOURCES/0029-CVE-2022-1355-tiffcp-avoid-buffer-overflow-in-mode-s.patch
+++ b/SOURCES/0029-CVE-2022-1355-tiffcp-avoid-buffer-overflow-in-mode-s.patch
@@ -53,6 +53,3 @@ index d5f1d248..fb98bd57 100644
break;
case 'x':
pageInSeq = 1;
---
-2.34.1
-
diff --git a/SOURCES/0030-move-_TIFFClampDoubleToFloat-to-tif_aux.c.patch b/SOURCES/0030-move-_TIFFClampDoubleToFloat-to-tif_aux.c.patch
new file mode 100644
index 0000000..e8cbc0f
--- /dev/null
+++ b/SOURCES/0030-move-_TIFFClampDoubleToFloat-to-tif_aux.c.patch
@@ -0,0 +1,161 @@
+From 9ed8c91366c9f6a3c9068aee6c5a7a0fe1c5c9c8 Mon Sep 17 00:00:00 2001
+From: Thomas Bernard <miniupnp@free.fr>
+Date: Tue, 12 Feb 2019 16:04:28 +0100
+Subject: [PATCH] move _TIFFClampDoubleToFloat() to tif_aux.c
+
+the same function was declared in tif_dir.c and tif_dirwrite.c
+
+see http://bugzilla.maptools.org/show_bug.cgi?id=2842
+
+(cherry picked from commit 8420a31e8ca5181ca36580cfeeca28661b348262)
+---
+ libtiff/tif_aux.c | 10 ++++++++++
+ libtiff/tif_dir.c | 20 +++++---------------
+ libtiff/tif_dirwrite.c | 12 +-----------
+ libtiff/tiffiop.h | 2 ++
+ 4 files changed, 18 insertions(+), 26 deletions(-)
+
+diff --git a/libtiff/tif_aux.c b/libtiff/tif_aux.c
+index 38a98b67..2071d19c 100644
+--- a/libtiff/tif_aux.c
++++ b/libtiff/tif_aux.c
+@@ -32,6 +32,7 @@
+ #include "tiffiop.h"
+ #include "tif_predict.h"
+ #include <math.h>
++#include <float.h>
+
+ uint32
+ _TIFFMultiply32(TIFF* tif, uint32 first, uint32 second, const char* where)
+@@ -398,6 +399,15 @@ _TIFFUInt64ToDouble(uint64 ui64)
+ }
+ }
+
++float _TIFFClampDoubleToFloat( double val )
++{
++ if( val > FLT_MAX )
++ return FLT_MAX;
++ if( val < -FLT_MAX )
++ return -FLT_MAX;
++ return (float)val;
++}
++
+ int _TIFFSeekOK(TIFF* tif, toff_t off)
+ {
+ /* Huge offsets, especially -1 / UINT64_MAX, can cause issues */
+diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
+index f126f2aa..ad550c65 100644
+--- a/libtiff/tif_dir.c
++++ b/libtiff/tif_dir.c
+@@ -31,7 +31,6 @@
+ * (and also some miscellaneous stuff)
+ */
+ #include "tiffiop.h"
+-#include <float.h>
+
+ /*
+ * These are used in the backwards compatibility code...
+@@ -155,15 +154,6 @@ bad:
+ return (0);
+ }
+
+-static float TIFFClampDoubleToFloat( double val )
+-{
+- if( val > FLT_MAX )
+- return FLT_MAX;
+- if( val < -FLT_MAX )
+- return -FLT_MAX;
+- return (float)val;
+-}
+-
+ static int
+ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
+ {
+@@ -322,13 +312,13 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
+ dblval = va_arg(ap, double);
+ if( dblval != dblval || dblval < 0 )
+ goto badvaluedouble;
+- td->td_xresolution = TIFFClampDoubleToFloat( dblval );
++ td->td_xresolution = _TIFFClampDoubleToFloat( dblval );
+ break;
+ case TIFFTAG_YRESOLUTION:
+ dblval = va_arg(ap, double);
+ if( dblval != dblval || dblval < 0 )
+ goto badvaluedouble;
+- td->td_yresolution = TIFFClampDoubleToFloat( dblval );
++ td->td_yresolution = _TIFFClampDoubleToFloat( dblval );
+ break;
+ case TIFFTAG_PLANARCONFIG:
+ v = (uint16) va_arg(ap, uint16_vap);
+@@ -337,10 +327,10 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
+ td->td_planarconfig = (uint16) v;
+ break;
+ case TIFFTAG_XPOSITION:
+- td->td_xposition = TIFFClampDoubleToFloat( va_arg(ap, double) );
++ td->td_xposition = _TIFFClampDoubleToFloat( va_arg(ap, double) );
+ break;
+ case TIFFTAG_YPOSITION:
+- td->td_yposition = TIFFClampDoubleToFloat( va_arg(ap, double) );
++ td->td_yposition = _TIFFClampDoubleToFloat( va_arg(ap, double) );
+ break;
+ case TIFFTAG_RESOLUTIONUNIT:
+ v = (uint16) va_arg(ap, uint16_vap);
+@@ -686,7 +676,7 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
+ case TIFF_SRATIONAL:
+ case TIFF_FLOAT:
+ {
+- float v2 = TIFFClampDoubleToFloat(va_arg(ap, double));
++ float v2 = _TIFFClampDoubleToFloat(va_arg(ap, double));
+ _TIFFmemcpy(val, &v2, tv_size);
+ }
+ break;
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
+index 5d0a6699..03a9f296 100644
+--- a/libtiff/tif_dirwrite.c
++++ b/libtiff/tif_dirwrite.c
+@@ -30,7 +30,6 @@
+ * Directory Write Support Routines.
+ */
+ #include "tiffiop.h"
+-#include <float.h>
+
+ #ifdef HAVE_IEEEFP
+ #define TIFFCvtNativeToIEEEFloat(tif, n, fp)
+@@ -948,15 +947,6 @@ bad:
+ return(0);
+ }
+
+-static float TIFFClampDoubleToFloat( double val )
+-{
+- if( val > FLT_MAX )
+- return FLT_MAX;
+- if( val < -FLT_MAX )
+- return -FLT_MAX;
+- return (float)val;
+-}
+-
+ static int8 TIFFClampDoubleToInt8( double val )
+ {
+ if( val > 127 )
+@@ -1031,7 +1021,7 @@ TIFFWriteDirectoryTagSampleformatArray(TIFF* tif, uint32* ndir, TIFFDirEntry* di
+ if (tif->tif_dir.td_bitspersample<=32)
+ {
+ for (i = 0; i < count; ++i)
+- ((float*)conv)[i] = TIFFClampDoubleToFloat(value[i]);
++ ((float*)conv)[i] = _TIFFClampDoubleToFloat(value[i]);
+ ok = TIFFWriteDirectoryTagFloatArray(tif,ndir,dir,tag,count,(float*)conv);
+ }
+ else
+diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h
+index d4b86314..05ba735b 100644
+--- a/libtiff/tiffiop.h
++++ b/libtiff/tiffiop.h
+@@ -377,6 +377,8 @@ extern void* _TIFFCheckRealloc(TIFF*, void*, tmsize_t, tmsize_t, const char*);
+ extern double _TIFFUInt64ToDouble(uint64);
+ extern float _TIFFUInt64ToFloat(uint64);
+
++extern float _TIFFClampDoubleToFloat(double);
++
+ extern tmsize_t
+ _TIFFReadEncodedStripAndAllocBuffer(TIFF* tif, uint32 strip,
+ void **buf, tmsize_t bufsizetoalloc,
diff --git a/SOURCES/0031-CVE-2022-2056-CVE-2022-2057-CVE-2022-2058-fix-the-FP.patch b/SOURCES/0031-CVE-2022-2056-CVE-2022-2057-CVE-2022-2058-fix-the-FP.patch
new file mode 100644
index 0000000..9e34aac
--- /dev/null
+++ b/SOURCES/0031-CVE-2022-2056-CVE-2022-2057-CVE-2022-2058-fix-the-FP.patch
@@ -0,0 +1,179 @@
+From fddff26550de7a5ea9735649a74aa3829e461ae5 Mon Sep 17 00:00:00 2001
+From: 4ugustus <wangdw.augustus@qq.com>
+Date: Sat, 11 Jun 2022 09:31:43 +0000
+Subject: [PATCH] (CVE-2022-2056 CVE-2022-2057 CVE-2022-2058) fix the FPE in
+ tiffcrop (#415, #427, and #428)
+
+(cherry picked from commit dd1bcc7abb26094e93636e85520f0d8f81ab0fab)
+---
+ libtiff/tif_aux.c | 9 +++++++
+ libtiff/tiffiop.h | 1 +
+ tools/tiffcrop.c | 62 ++++++++++++++++++++++++++---------------------
+ 3 files changed, 44 insertions(+), 28 deletions(-)
+
+diff --git a/libtiff/tif_aux.c b/libtiff/tif_aux.c
+index 2071d19c..4d1869b4 100644
+--- a/libtiff/tif_aux.c
++++ b/libtiff/tif_aux.c
+@@ -408,6 +408,15 @@ float _TIFFClampDoubleToFloat( double val )
+ return (float)val;
+ }
+
++uint32 _TIFFClampDoubleToUInt32(double val)
++{
++ if( val < 0 )
++ return 0;
++ if( val > 0xFFFFFFFFU || val != val )
++ return 0xFFFFFFFFU;
++ return (uint32)val;
++}
++
+ int _TIFFSeekOK(TIFF* tif, toff_t off)
+ {
+ /* Huge offsets, especially -1 / UINT64_MAX, can cause issues */
+diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h
+index 05ba735b..5b106e03 100644
+--- a/libtiff/tiffiop.h
++++ b/libtiff/tiffiop.h
+@@ -378,6 +378,7 @@ extern double _TIFFUInt64ToDouble(uint64);
+ extern float _TIFFUInt64ToFloat(uint64);
+
+ extern float _TIFFClampDoubleToFloat(double);
++extern uint32 _TIFFClampDoubleToUInt32(double);
+
+ extern tmsize_t
+ _TIFFReadEncodedStripAndAllocBuffer(TIFF* tif, uint32 strip,
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 83cf80ad..ea0b98be 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -5140,17 +5140,17 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image,
+ {
+ if ((crop->res_unit == RESUNIT_INCH) || (crop->res_unit == RESUNIT_CENTIMETER))
+ {
+- x1 = (uint32) (crop->corners[i].X1 * scale * xres);
+- x2 = (uint32) (crop->corners[i].X2 * scale * xres);
+- y1 = (uint32) (crop->corners[i].Y1 * scale * yres);
+- y2 = (uint32) (crop->corners[i].Y2 * scale * yres);
++ x1 = _TIFFClampDoubleToUInt32(crop->corners[i].X1 * scale * xres);
++ x2 = _TIFFClampDoubleToUInt32(crop->corners[i].X2 * scale * xres);
++ y1 = _TIFFClampDoubleToUInt32(crop->corners[i].Y1 * scale * yres);
++ y2 = _TIFFClampDoubleToUInt32(crop->corners[i].Y2 * scale * yres);
+ }
+ else
+ {
+- x1 = (uint32) (crop->corners[i].X1);
+- x2 = (uint32) (crop->corners[i].X2);
+- y1 = (uint32) (crop->corners[i].Y1);
+- y2 = (uint32) (crop->corners[i].Y2);
++ x1 = _TIFFClampDoubleToUInt32(crop->corners[i].X1);
++ x2 = _TIFFClampDoubleToUInt32(crop->corners[i].X2);
++ y1 = _TIFFClampDoubleToUInt32(crop->corners[i].Y1);
++ y2 = _TIFFClampDoubleToUInt32(crop->corners[i].Y2);
+ }
+ if (x1 < 1)
+ crop->regionlist[i].x1 = 0;
+@@ -5213,17 +5213,17 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image,
+ {
+ if (crop->res_unit != RESUNIT_INCH && crop->res_unit != RESUNIT_CENTIMETER)
+ { /* User has specified pixels as reference unit */
+- tmargin = (uint32)(crop->margins[0]);
+- lmargin = (uint32)(crop->margins[1]);
+- bmargin = (uint32)(crop->margins[2]);
+- rmargin = (uint32)(crop->margins[3]);
++ tmargin = _TIFFClampDoubleToUInt32(crop->margins[0]);
++ lmargin = _TIFFClampDoubleToUInt32(crop->margins[1]);
++ bmargin = _TIFFClampDoubleToUInt32(crop->margins[2]);
++ rmargin = _TIFFClampDoubleToUInt32(crop->margins[3]);
+ }
+ else
+ { /* inches or centimeters specified */
+- tmargin = (uint32)(crop->margins[0] * scale * yres);
+- lmargin = (uint32)(crop->margins[1] * scale * xres);
+- bmargin = (uint32)(crop->margins[2] * scale * yres);
+- rmargin = (uint32)(crop->margins[3] * scale * xres);
++ tmargin = _TIFFClampDoubleToUInt32(crop->margins[0] * scale * yres);
++ lmargin = _TIFFClampDoubleToUInt32(crop->margins[1] * scale * xres);
++ bmargin = _TIFFClampDoubleToUInt32(crop->margins[2] * scale * yres);
++ rmargin = _TIFFClampDoubleToUInt32(crop->margins[3] * scale * xres);
+ }
+
+ if ((lmargin + rmargin) > image->width)
+@@ -5253,24 +5253,24 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image,
+ if (crop->res_unit != RESUNIT_INCH && crop->res_unit != RESUNIT_CENTIMETER)
+ {
+ if (crop->crop_mode & CROP_WIDTH)
+- width = (uint32)crop->width;
++ width = _TIFFClampDoubleToUInt32(crop->width);
+ else
+ width = image->width - lmargin - rmargin;
+
+ if (crop->crop_mode & CROP_LENGTH)
+- length = (uint32)crop->length;
++ length = _TIFFClampDoubleToUInt32(crop->length);
+ else
+ length = image->length - tmargin - bmargin;
+ }
+ else
+ {
+ if (crop->crop_mode & CROP_WIDTH)
+- width = (uint32)(crop->width * scale * image->xres);
++ width = _TIFFClampDoubleToUInt32(crop->width * scale * image->xres);
+ else
+ width = image->width - lmargin - rmargin;
+
+ if (crop->crop_mode & CROP_LENGTH)
+- length = (uint32)(crop->length * scale * image->yres);
++ length = _TIFFClampDoubleToUInt32(crop->length * scale * image->yres);
+ else
+ length = image->length - tmargin - bmargin;
+ }
+@@ -5669,13 +5669,13 @@ computeOutputPixelOffsets (struct crop_mask *crop, struct image_data *image,
+ {
+ if (page->res_unit == RESUNIT_INCH || page->res_unit == RESUNIT_CENTIMETER)
+ { /* inches or centimeters specified */
+- hmargin = (uint32)(page->hmargin * scale * page->hres * ((image->bps + 7)/ 8));
+- vmargin = (uint32)(page->vmargin * scale * page->vres * ((image->bps + 7)/ 8));
++ hmargin = _TIFFClampDoubleToUInt32(page->hmargin * scale * page->hres * ((image->bps + 7) / 8));
++ vmargin = _TIFFClampDoubleToUInt32(page->vmargin * scale * page->vres * ((image->bps + 7) / 8));
+ }
+ else
+ { /* Otherwise user has specified pixels as reference unit */
+- hmargin = (uint32)(page->hmargin * scale * ((image->bps + 7)/ 8));
+- vmargin = (uint32)(page->vmargin * scale * ((image->bps + 7)/ 8));
++ hmargin = _TIFFClampDoubleToUInt32(page->hmargin * scale * ((image->bps + 7) / 8));
++ vmargin = _TIFFClampDoubleToUInt32(page->vmargin * scale * ((image->bps + 7) / 8));
+ }
+
+ if ((hmargin * 2.0) > (pwidth * page->hres))
+@@ -5713,13 +5713,13 @@ computeOutputPixelOffsets (struct crop_mask *crop, struct image_data *image,
+ {
+ if (page->mode & PAGE_MODE_PAPERSIZE )
+ {
+- owidth = (uint32)((pwidth * page->hres) - (hmargin * 2));
+- olength = (uint32)((plength * page->vres) - (vmargin * 2));
++ owidth = _TIFFClampDoubleToUInt32((pwidth * page->hres) - (hmargin * 2));
++ olength = _TIFFClampDoubleToUInt32((plength * page->vres) - (vmargin * 2));
+ }
+ else
+ {
+- owidth = (uint32)(iwidth - (hmargin * 2 * page->hres));
+- olength = (uint32)(ilength - (vmargin * 2 * page->vres));
++ owidth = _TIFFClampDoubleToUInt32(iwidth - (hmargin * 2 * page->hres));
++ olength = _TIFFClampDoubleToUInt32(ilength - (vmargin * 2 * page->vres));
+ }
+ }
+
+@@ -5728,6 +5728,12 @@ computeOutputPixelOffsets (struct crop_mask *crop, struct image_data *image,
+ if (olength > ilength)
+ olength = ilength;
+
++ if (owidth == 0 || olength == 0)
++ {
++ TIFFError("computeOutputPixelOffsets", "Integer overflow when calculating the number of pages");
++ exit(EXIT_FAILURE);
++ }
++
+ /* Compute the number of pages required for Portrait or Landscape */
+ switch (page->orient)
+ {
diff --git a/SOURCES/0032-CVE-2022-2867-CVE-2022-2868-tiffcrop.c-Fix-issue-352.patch b/SOURCES/0032-CVE-2022-2867-CVE-2022-2868-tiffcrop.c-Fix-issue-352.patch
new file mode 100644
index 0000000..15e8d00
--- /dev/null
+++ b/SOURCES/0032-CVE-2022-2867-CVE-2022-2868-tiffcrop.c-Fix-issue-352.patch
@@ -0,0 +1,161 @@
+From 5d214a07db3bb8dcea8354d8f1e52f9c46264acb Mon Sep 17 00:00:00 2001
+From: Su Laus <sulau@freenet.de>
+Date: Wed, 9 Feb 2022 21:31:29 +0000
+Subject: [PATCH] (CVE-2022-2867 CVE-2022-2868) tiffcrop.c: Fix issue #352
+ heap-buffer-overflow by correcting uint32_t underflow.
+
+(cherry picked from commit 07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c)
+---
+ tools/tiffcrop.c | 81 +++++++++++++++++++++++++++++++-----------------
+ 1 file changed, 53 insertions(+), 28 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index ea0b98be..5801b8f6 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -5152,29 +5152,45 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image,
+ y1 = _TIFFClampDoubleToUInt32(crop->corners[i].Y1);
+ y2 = _TIFFClampDoubleToUInt32(crop->corners[i].Y2);
+ }
+- if (x1 < 1)
+- crop->regionlist[i].x1 = 0;
+- else
+- crop->regionlist[i].x1 = (uint32) (x1 - 1);
++ /* a) Region needs to be within image sizes 0.. width-1; 0..length-1
++ * b) Corners are expected to be submitted as top-left to bottom-right.
++ * Therefore, check that and reorder input.
++ * (be aware x,y are already casted to (uint32_t) and avoid (0 - 1) )
++ */
++ uint32 aux;
++ if (x1 > x2) {
++ aux = x1;
++ x1 = x2;
++ x2 = aux;
++ }
++ if (y1 > y2) {
++ aux = y1;
++ y1 = y2;
++ y2 = aux;
++ }
++ if (x1 > image->width - 1)
++ crop->regionlist[i].x1 = image->width - 1;
++ else if (x1 > 0)
++ crop->regionlist[i].x1 = (uint32)(x1 - 1);
+
+ if (x2 > image->width - 1)
+ crop->regionlist[i].x2 = image->width - 1;
+- else
+- crop->regionlist[i].x2 = (uint32) (x2 - 1);
+- zwidth = crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1;
++ else if (x2 > 0)
++ crop->regionlist[i].x2 = (uint32)(x2 - 1);
+
+- if (y1 < 1)
+- crop->regionlist[i].y1 = 0;
+- else
+- crop->regionlist[i].y1 = (uint32) (y1 - 1);
++ zwidth = crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1;
++
++ if (y1 > image->length - 1)
++ crop->regionlist[i].y1 = image->length - 1;
++ else if (y1 > 0)
++ crop->regionlist[i].y1 = (uint32)(y1 - 1);
+
+ if (y2 > image->length - 1)
+ crop->regionlist[i].y2 = image->length - 1;
+- else
+- crop->regionlist[i].y2 = (uint32) (y2 - 1);
+-
+- zlength = crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1;
++ else if (y2 > 0)
++ crop->regionlist[i].y2 = (uint32)(y2 - 1);
+
++ zlength = crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1;
+ if (zwidth > max_width)
+ max_width = zwidth;
+ if (zlength > max_length)
+@@ -5204,7 +5220,7 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image,
+ }
+ }
+ return (0);
+- }
++ } /* crop_mode == CROP_REGIONS */
+
+ /* Convert crop margins into offsets into image
+ * Margins are expressed as pixel rows and columns, not bytes
+@@ -5240,7 +5256,7 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image,
+ bmargin = (uint32) 0;
+ return (-1);
+ }
+- }
++ } /* crop_mode == CROP_MARGINS */
+ else
+ { /* no margins requested */
+ tmargin = (uint32) 0;
+@@ -5331,24 +5347,23 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image,
+ off->endx = endx;
+ off->endy = endy;
+
+- crop_width = endx - startx + 1;
+- crop_length = endy - starty + 1;
+-
+- if (crop_width <= 0)
++ if (endx + 1 <= startx)
+ {
+ TIFFError("computeInputPixelOffsets",
+ "Invalid left/right margins and /or image crop width requested");
+ return (-1);
+ }
++ crop_width = endx - startx + 1;
+ if (crop_width > image->width)
+ crop_width = image->width;
+
+- if (crop_length <= 0)
++ if (endy + 1 <= starty)
+ {
+ TIFFError("computeInputPixelOffsets",
+ "Invalid top/bottom margins and /or image crop length requested");
+ return (-1);
+ }
++ crop_length = endy - starty + 1;
+ if (crop_length > image->length)
+ crop_length = image->length;
+
+@@ -5448,10 +5463,17 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
+ else
+ crop->selections = crop->zones;
+
+- for (i = 0; i < crop->zones; i++)
++ /* Initialize regions iterator i */
++ i = 0;
++ for (int j = 0; j < crop->zones; j++)
+ {
+- seg = crop->zonelist[i].position;
+- total = crop->zonelist[i].total;
++ seg = crop->zonelist[j].position;
++ total = crop->zonelist[j].total;
++
++ /* check for not allowed zone cases like 0:0; 4:3; etc. and skip that input */
++ if (seg == 0 || total == 0 || seg > total) {
++ continue;
++ }
+
+ switch (crop->edge_ref)
+ {
+@@ -5578,10 +5600,13 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
+ if (dump->outfile != NULL)
+ dump_info (dump->outfile, dump->format, "", "Zone %d, width: %4d, length: %4d, x1: %4d x2: %4d y1: %4d y2: %4d",
+ i + 1, (uint32)zwidth, (uint32)zlength,
+- crop->regionlist[i].x1, crop->regionlist[i].x2,
+- crop->regionlist[i].y1, crop->regionlist[i].y2);
++ crop->regionlist[i].x1, crop->regionlist[i].x2,
++ crop->regionlist[i].y1, crop->regionlist[i].y2);
++ /* increment regions iterator */
++ i++;
+ }
+-
++ /* set number of generated regions out of given zones */
++ crop->selections = i;
+ return (0);
+ } /* end getCropOffsets */
+
diff --git a/SOURCES/0033-CVE-2022-2519-CVE-2022-2520-CVE-2022-2521-CVE-2022-2.patch b/SOURCES/0033-CVE-2022-2519-CVE-2022-2520-CVE-2022-2521-CVE-2022-2.patch
new file mode 100644
index 0000000..d7f816a
--- /dev/null
+++ b/SOURCES/0033-CVE-2022-2519-CVE-2022-2520-CVE-2022-2521-CVE-2022-2.patch
@@ -0,0 +1,92 @@
+From d26748dd8fb90b0af8c9344615f65d273dc66f93 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Mon, 15 Aug 2022 22:11:03 +0200
+Subject: [PATCH] =?UTF-8?q?(CVE-2022-2519=20CVE-2022-2520=20CVE-2022-2521?=
+ =?UTF-8?q?=20CVE-2022-2953)=20According=20to=20Richard=20Nolde=20https://?=
+ =?UTF-8?q?gitlab.com/libtiff/libtiff/-/issues/401#note=5F877637400=20the?=
+ =?UTF-8?q?=20tiffcrop=20option=20=E2=80=9E-S=E2=80=9C=20is=20also=20mutua?=
+ =?UTF-8?q?lly=20exclusive=20to=20the=20other=20crop=20options=20(-X|-Y),?=
+ =?UTF-8?q?=20-Z=20and=20-z.?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This is now checked and ends tiffcrop if those arguments are not mutually exclusive.
+
+This MR will fix the following tiffcrop issues: #349, #414, #422, #423, #424
+
+(cherry picked from commit 8fe3735942ea1d90d8cef843b55b3efe8ab6feaf)
+---
+ tools/tiffcrop.c | 31 +++++++++++++++++++++++--------
+ 1 file changed, 23 insertions(+), 8 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 5801b8f6..27e6f81c 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -104,7 +104,10 @@
+ * includes annotations for image parameters and scanline info. Level
+ * selects which functions dump data, with higher numbers selecting
+ * lower level, scanline level routines. Debug reports a limited set
+- * of messages to monitor progess without enabling dump logs.
++ * of messages to monitor progress without enabling dump logs.
++ *
++ * Note: The (-X|-Y), -Z, -z and -S options are mutually exclusive.
++ * In no case should the options be applied to a given selection successively.
+ */
+
+ static char tiffcrop_version_id[] = "2.4";
+@@ -177,12 +180,12 @@ extern int getopt(int argc, char * const argv[], const char *optstring);
+ #define ROTATECW_270 32
+ #define ROTATE_ANY (ROTATECW_90 | ROTATECW_180 | ROTATECW_270)
+
+-#define CROP_NONE 0
+-#define CROP_MARGINS 1
+-#define CROP_WIDTH 2
+-#define CROP_LENGTH 4
+-#define CROP_ZONES 8
+-#define CROP_REGIONS 16
++#define CROP_NONE 0 /* "-S" -> Page_MODE_ROWSCOLS and page->rows/->cols != 0 */
++#define CROP_MARGINS 1 /* "-m" */
++#define CROP_WIDTH 2 /* "-X" */
++#define CROP_LENGTH 4 /* "-Y" */
++#define CROP_ZONES 8 /* "-Z" */
++#define CROP_REGIONS 16 /* "-z" */
+ #define CROP_ROTATE 32
+ #define CROP_MIRROR 64
+ #define CROP_INVERT 128
+@@ -320,7 +323,7 @@ struct crop_mask {
+ #define PAGE_MODE_RESOLUTION 1
+ #define PAGE_MODE_PAPERSIZE 2
+ #define PAGE_MODE_MARGINS 4
+-#define PAGE_MODE_ROWSCOLS 8
++#define PAGE_MODE_ROWSCOLS 8 /* for -S option */
+
+ #define INVERT_DATA_ONLY 10
+ #define INVERT_DATA_AND_TAG 11
+@@ -751,6 +754,8 @@ static char* usage_info[] = {
+ " The four debug/dump options are independent, though it makes little sense to",
+ " specify a dump file without specifying a detail level.",
+ " ",
++"Note: The (-X|-Y), -Z, -z and -S options are mutually exclusive."
++" ",
+ NULL
+ };
+
+@@ -2099,6 +2104,16 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
+ /*NOTREACHED*/
+ }
+ }
++ /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are mutually exclusive) --*/
++ char XY, Z, R, S;
++ XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH));
++ Z = (crop_data->crop_mode & CROP_ZONES);
++ R = (crop_data->crop_mode & CROP_REGIONS);
++ S = (page->mode & PAGE_MODE_ROWSCOLS);
++ if ((XY && Z) || (XY && R) || (XY && S) || (Z && R) || (Z && S) || (R && S)) {
++ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit");
++ exit(EXIT_FAILURE);
++ }
+ } /* end process_command_opts */
+
+ /* Start a new output file if one has not been previously opened or
diff --git a/SOURCES/0034-CVE-2022-2519-CVE-2022-2520-CVE-2022-2521-CVE-2022-2.patch b/SOURCES/0034-CVE-2022-2519-CVE-2022-2520-CVE-2022-2521-CVE-2022-2.patch
new file mode 100644
index 0000000..7fc4e5a
--- /dev/null
+++ b/SOURCES/0034-CVE-2022-2519-CVE-2022-2520-CVE-2022-2521-CVE-2022-2.patch
@@ -0,0 +1,32 @@
+From 3635844b59578eb572372e7546548ea84c967ba1 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Sat, 20 Aug 2022 23:35:26 +0200
+Subject: [PATCH] (CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2953)
+ tiffcrop -S option: Make decision simpler.
+
+(cherry picked from commit bad48e90b410df32172006c7876da449ba62cdba)
+---
+ tools/tiffcrop.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 27e6f81c..ff118496 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -2106,11 +2106,11 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
+ }
+ /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are mutually exclusive) --*/
+ char XY, Z, R, S;
+- XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH));
+- Z = (crop_data->crop_mode & CROP_ZONES);
+- R = (crop_data->crop_mode & CROP_REGIONS);
+- S = (page->mode & PAGE_MODE_ROWSCOLS);
+- if ((XY && Z) || (XY && R) || (XY && S) || (Z && R) || (Z && S) || (R && S)) {
++ XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH)) ? 1 : 0;
++ Z = (crop_data->crop_mode & CROP_ZONES) ? 1 : 0;
++ R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0;
++ S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0;
++ if (XY + Z + R + S > 1) {
+ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit");
+ exit(EXIT_FAILURE);
+ }
diff --git a/SPECS/libtiff.spec b/SPECS/libtiff.spec
index 5e51860..145f85e 100644
--- a/SPECS/libtiff.spec
+++ b/SPECS/libtiff.spec
@@ -1,7 +1,7 @@
Summary: Library of functions for manipulating TIFF format image files
Name: libtiff
Version: 4.0.9
-Release: 23%{?dist}
+Release: 26%{?dist}
License: libtiff
Group: System Environment/Libraries
URL: http://www.simplesystems.org/libtiff/
@@ -10,7 +10,7 @@ Source: ftp://ftp.simplesystems.org/pub/libtiff/tiff-%{version}.tar.gz
# Patches generated from https://gitlab.cee.redhat.com/mmuzila/libtiff/-/tree/rhel-8.7.0
-# Patches were generated by: git format-patch -N ...
+# Patches were generated by: git format-patch -N --no-signature ...
Patch0001: 0001-Back-off-the-minimum-required-automake-version-to-1..patch
Patch0002: 0002-Fix-Makefile.patch
Patch0003: 0003-CVE-2018-5784-Fix-for-bug-2772.patch
@@ -40,6 +40,11 @@ Patch0026: 0026-CVE-2022-0924-fix-heap-buffer-overflow-in-tiffcp-278.patch
Patch0027: 0027-CVE-2022-0909-fix-the-FPE-in-tiffcrop-393.patch
Patch0028: 0028-CVE-2022-0908-TIFFFetchNormalTag-avoid-calling-memcp.patch
Patch0029: 0029-CVE-2022-1355-tiffcp-avoid-buffer-overflow-in-mode-s.patch
+Patch0030: 0030-move-_TIFFClampDoubleToFloat-to-tif_aux.c.patch
+Patch0031: 0031-CVE-2022-2056-CVE-2022-2057-CVE-2022-2058-fix-the-FP.patch
+Patch0032: 0032-CVE-2022-2867-CVE-2022-2868-tiffcrop.c-Fix-issue-352.patch
+Patch0033: 0033-CVE-2022-2519-CVE-2022-2520-CVE-2022-2521-CVE-2022-2.patch
+Patch0034: 0034-CVE-2022-2519-CVE-2022-2520-CVE-2022-2521-CVE-2022-2.patch
BuildRequires: gcc, gcc-c++
@@ -194,6 +199,19 @@ find html -name 'Makefile*' | xargs rm
%{_mandir}/man1/*
%changelog
+* Mon Oct 24 2022 Matej Mu탑ila <mmuzila@redhat.com> - 4.0.9-26
+- Fix various CVEs
+- Resolves: CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2953
+
+* Tue Sep 06 2022 Matej Mu탑ila <mmuzila@redhat.com> - 4.0.9-25
+- Fix CVE-2022-2867 (#2118857)
+- Fix CVE-2022-2868 (#2118882)
+- Fix CVE-2022-2869 (#2118878)
+
+* Mon Jul 18 2022 Matej Mu탑ila <mmuzila@redhat.com> - 4.0.9-24
+- Fix CVE-2022-2056 CVE-2022-2057 CVE-2022-2058
+- Resolves: #2103222
+
* Thu May 12 2022 Matej Mu탑ila <mmuzila@redhat.com> - 4.0.9-23
- Fix various CVEs
- Resolves: CVE-2022-0561 CVE-2022-0562 CVE-2022-22844 CVE-2022-0865