diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..0432824
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/tiff-4.0.9.tar.gz
diff --git a/.libtiff.metadata b/.libtiff.metadata
new file mode 100644
index 0000000..0a25bcd
--- /dev/null
+++ b/.libtiff.metadata
@@ -0,0 +1 @@
+87d4543579176cc568668617c22baceccd568296 SOURCES/tiff-4.0.9.tar.gz
diff --git a/SOURCES/libtiff-CVE-2017-18013.patch b/SOURCES/libtiff-CVE-2017-18013.patch
new file mode 100644
index 0000000..77afc48
--- /dev/null
+++ b/SOURCES/libtiff-CVE-2017-18013.patch
@@ -0,0 +1,36 @@
+From b1997b9c3ac0d6bac5effd7558141986487217a9 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 31 Dec 2017 15:09:41 +0100
+Subject: [PATCH 2/4] libtiff/tif_print.c: TIFFPrintDirectory(): fix null
+ pointer dereference on corrupted file. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2770 / CVE-2017-18013
+
+---
+ libtiff/tif_print.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c
+index 10a588e..b9b53a0 100644
+--- a/libtiff/tif_print.c
++++ b/libtiff/tif_print.c
+@@ -667,13 +667,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)
+ #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
+ 			fprintf(fd, "    %3lu: [%8I64u, %8I64u]\n",
+ 			    (unsigned long) s,
+-			    (unsigned __int64) td->td_stripoffset[s],
+-			    (unsigned __int64) td->td_stripbytecount[s]);
++			    td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0,
++			    td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0);
+ #else
+ 			fprintf(fd, "    %3lu: [%8llu, %8llu]\n",
+ 			    (unsigned long) s,
+-			    (unsigned long long) td->td_stripoffset[s],
+-			    (unsigned long long) td->td_stripbytecount[s]);
++			    td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0,
++			    td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0);
+ #endif
+ 	}
+ }
+-- 
+2.17.0
+
diff --git a/SOURCES/libtiff-CVE-2017-9935.patch b/SOURCES/libtiff-CVE-2017-9935.patch
new file mode 100644
index 0000000..39327ff
--- /dev/null
+++ b/SOURCES/libtiff-CVE-2017-9935.patch
@@ -0,0 +1,164 @@
+From e1cd2d7ab032e7fe80b4c13e07895194c8bac85e Mon Sep 17 00:00:00 2001
+From: Brian May <brian@linuxpenguins.xyz>
+Date: Thu, 7 Dec 2017 07:46:47 +1100
+Subject: [PATCH 1/4] [PATCH] tiff2pdf: Fix CVE-2017-9935
+
+Fix for http://bugzilla.maptools.org/show_bug.cgi?id=2704
+
+This vulnerability - at least for the supplied test case - is because we
+assume that a tiff will only have one transfer function that is the same
+for all pages. This is not required by the TIFF standards.
+
+We than read the transfer function for every page.  Depending on the
+transfer function, we allocate either 2 or 4 bytes to the XREF buffer.
+We allocate this memory after we read in the transfer function for the
+page.
+
+For the first exploit - POC1, this file has 3 pages. For the first page
+we allocate 2 extra extra XREF entries. Then for the next page 2 more
+entries. Then for the last page the transfer function changes and we
+allocate 4 more entries.
+
+When we read the file into memory, we assume we have 4 bytes extra for
+each and every page (as per the last transfer function we read). Which
+is not correct, we only have 2 bytes extra for the first 2 pages. As a
+result, we end up writing past the end of the buffer.
+
+There are also some related issues that this also fixes. For example,
+TIFFGetField can return uninitalized pointer values, and the logic to
+detect a N=3 vs N=1 transfer function seemed rather strange.
+
+It is also strange that we declare the transfer functions to be of type
+float, when the standard says they are unsigned 16 bit values. This is
+fixed in another patch.
+
+This patch will check to ensure that the N value for every transfer
+function is the same for every page. If this changes, we abort with an
+error. In theory, we should perhaps check that the transfer function
+itself is identical for every page, however we don't do that due to the
+confusion of the type of the data in the transfer function.
+---
+ libtiff/tif_dir.c |  3 +++
+ tools/tiff2pdf.c  | 69 +++++++++++++++++++++++++++++++----------------
+ 2 files changed, 49 insertions(+), 23 deletions(-)
+
+diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
+index f00f808..c36a5f3 100644
+--- a/libtiff/tif_dir.c
++++ b/libtiff/tif_dir.c
+@@ -1067,6 +1067,9 @@ _TIFFVGetField(TIFF* tif, uint32 tag, va_list ap)
+ 			if (td->td_samplesperpixel - td->td_extrasamples > 1) {
+ 				*va_arg(ap, uint16**) = td->td_transferfunction[1];
+ 				*va_arg(ap, uint16**) = td->td_transferfunction[2];
++			} else {
++				*va_arg(ap, uint16**) = NULL;
++				*va_arg(ap, uint16**) = NULL;
+ 			}
+ 			break;
+ 		case TIFFTAG_REFERENCEBLACKWHITE:
+diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
+index bdb9126..bd23c9e 100644
+--- a/tools/tiff2pdf.c
++++ b/tools/tiff2pdf.c
+@@ -239,7 +239,7 @@ typedef struct {
+ 	float tiff_whitechromaticities[2];
+ 	float tiff_primarychromaticities[6];
+ 	float tiff_referenceblackwhite[2];
+-	float* tiff_transferfunction[3];
++	uint16* tiff_transferfunction[3];
+ 	int pdf_image_interpolate;	/* 0 (default) : do not interpolate,
+ 					   1 : interpolate */
+ 	uint16 tiff_transferfunctioncount;
+@@ -1049,6 +1049,8 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){
+ 	uint16 pagen=0;
+ 	uint16 paged=0;
+ 	uint16 xuint16=0;
++	uint16 tiff_transferfunctioncount=0;
++	uint16* tiff_transferfunction[3];
+ 
+ 	directorycount=TIFFNumberOfDirectories(input);
+ 	if(directorycount > TIFF_DIR_MAX) {
+@@ -1157,26 +1159,48 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){
+                 }
+ #endif
+ 		if (TIFFGetField(input, TIFFTAG_TRANSFERFUNCTION,
+-                                 &(t2p->tiff_transferfunction[0]),
+-                                 &(t2p->tiff_transferfunction[1]),
+-                                 &(t2p->tiff_transferfunction[2]))) {
+-			if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
+-                           (t2p->tiff_transferfunction[2] != (float*) NULL) &&
+-                           (t2p->tiff_transferfunction[1] !=
+-                            t2p->tiff_transferfunction[0])) {
+-				t2p->tiff_transferfunctioncount = 3;
+-				t2p->tiff_pages[i].page_extra += 4;
+-				t2p->pdf_xrefcount += 4;
+-			} else {
+-				t2p->tiff_transferfunctioncount = 1;
+-				t2p->tiff_pages[i].page_extra += 2;
+-				t2p->pdf_xrefcount += 2;
+-			}
+-			if(t2p->pdf_minorversion < 2)
+-				t2p->pdf_minorversion = 2;
++                                 &(tiff_transferfunction[0]),
++                                 &(tiff_transferfunction[1]),
++                                 &(tiff_transferfunction[2]))) {
++
++                        if((tiff_transferfunction[1] != (uint16*) NULL) &&
++                           (tiff_transferfunction[2] != (uint16*) NULL)
++                          ) {
++                            tiff_transferfunctioncount=3;
++                        } else {
++                            tiff_transferfunctioncount=1;
++                        }
+                 } else {
+-			t2p->tiff_transferfunctioncount=0;
++			tiff_transferfunctioncount=0;
+ 		}
++
++                if (i > 0){
++                    if (tiff_transferfunctioncount != t2p->tiff_transferfunctioncount){
++                        TIFFError(
++                            TIFF2PDF_MODULE,
++                            "Different transfer function on page %d",
++                            i);
++                        t2p->t2p_error = T2P_ERR_ERROR;
++                        return;
++                    }
++                }
++
++                t2p->tiff_transferfunctioncount = tiff_transferfunctioncount;
++                t2p->tiff_transferfunction[0] = tiff_transferfunction[0];
++                t2p->tiff_transferfunction[1] = tiff_transferfunction[1];
++                t2p->tiff_transferfunction[2] = tiff_transferfunction[2];
++                if(tiff_transferfunctioncount == 3){
++                        t2p->tiff_pages[i].page_extra += 4;
++                        t2p->pdf_xrefcount += 4;
++                        if(t2p->pdf_minorversion < 2)
++                                t2p->pdf_minorversion = 2;
++                } else if (tiff_transferfunctioncount == 1){
++                        t2p->tiff_pages[i].page_extra += 2;
++                        t2p->pdf_xrefcount += 2;
++                        if(t2p->pdf_minorversion < 2)
++                                t2p->pdf_minorversion = 2;
++                }
++
+ 		if( TIFFGetField(
+ 			input, 
+ 			TIFFTAG_ICCPROFILE, 
+@@ -1837,10 +1861,9 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){
+ 			 &(t2p->tiff_transferfunction[0]),
+ 			 &(t2p->tiff_transferfunction[1]),
+ 			 &(t2p->tiff_transferfunction[2]))) {
+-		if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
+-                   (t2p->tiff_transferfunction[2] != (float*) NULL) &&
+-                   (t2p->tiff_transferfunction[1] !=
+-                    t2p->tiff_transferfunction[0])) {
++		if((t2p->tiff_transferfunction[1] != (uint16*) NULL) &&
++                   (t2p->tiff_transferfunction[2] != (uint16*) NULL)
++                  ) {
+ 			t2p->tiff_transferfunctioncount=3;
+ 		} else {
+ 			t2p->tiff_transferfunctioncount=1;
+-- 
+2.17.0
+
diff --git a/SOURCES/libtiff-CVE-2018-10963.patch b/SOURCES/libtiff-CVE-2018-10963.patch
new file mode 100644
index 0000000..039b7c1
--- /dev/null
+++ b/SOURCES/libtiff-CVE-2018-10963.patch
@@ -0,0 +1,31 @@
+From 98ed6179dec22db48f6e235d8ca9e2708bf4e71a Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 12 May 2018 14:24:15 +0200
+Subject: [PATCH 4/4] TIFFWriteDirectorySec: avoid assertion. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2795. CVE-2018-10963
+
+---
+ libtiff/tif_dirwrite.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
+index c68d6d2..5d0a669 100644
+--- a/libtiff/tif_dirwrite.c
++++ b/libtiff/tif_dirwrite.c
+@@ -697,8 +697,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
+ 								}
+ 								break;
+ 							default:
+-								assert(0);   /* we should never get here */
+-								break;
++								TIFFErrorExt(tif->tif_clientdata,module,
++								            "Cannot write tag %d (%s)",
++								            TIFFFieldTag(o),
++                                                                            o->field_name ? o->field_name : "unknown");
++								goto bad;
+ 						}
+ 					}
+ 				}
+-- 
+2.17.0
+
diff --git a/SOURCES/libtiff-CVE-2018-12900.patch b/SOURCES/libtiff-CVE-2018-12900.patch
new file mode 100644
index 0000000..c7c3d30
--- /dev/null
+++ b/SOURCES/libtiff-CVE-2018-12900.patch
@@ -0,0 +1,47 @@
+From 775b0d85eab499ccf577e72ec202eb4c6fb37197 Mon Sep 17 00:00:00 2001
+From: Thomas Bernard <miniupnp@free.fr>
+Date: Mon, 11 Feb 2019 10:05:33 +0100
+Subject: [PATCH] check that (Tile Width)*(Samples/Pixel) do no overflow
+
+fixes bug 2833
+---
+ tools/tiffcp.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 489459a..0c66229 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -43,6 +43,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <limits.h>
+ 
+ #include <ctype.h>
+ 
+@@ -1391,7 +1392,7 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
+ 	int status = 1;
+ 	uint32 imagew = TIFFRasterScanlineSize(in);
+ 	uint32 tilew = TIFFTileRowSize(in);
+-	int iskew  = imagew - tilew*spp;
++	int iskew;
+ 	tsize_t tilesize = TIFFTileSize(in);
+ 	tdata_t tilebuf;
+ 	uint8* bufp = (uint8*) buf;
+@@ -1399,6 +1400,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
+ 	uint32 row;
+ 	uint16 bps = 0, bytes_per_sample;
+ 
++	if (tilew && spp > (INT_MAX / tilew))
++	{
++		TIFFError(TIFFFileName(in), "Error, cannot handle that much samples per tile row (Tile Width * Samples/Pixel)");
++		return 0;
++	}
++	iskew = imagew - tilew*spp;
+ 	tilebuf = _TIFFmalloc(tilesize);
+ 	if (tilebuf == 0)
+ 		return 0;
+-- 
+2.21.0
+
diff --git a/SOURCES/libtiff-CVE-2018-17100.patch b/SOURCES/libtiff-CVE-2018-17100.patch
new file mode 100644
index 0000000..8ed6dca
--- /dev/null
+++ b/SOURCES/libtiff-CVE-2018-17100.patch
@@ -0,0 +1,39 @@
+From 491e3acc55d7a54e2588de476733e93c4c7ffea0 Mon Sep 17 00:00:00 2001
+From: Young_X <YangX92@hotmail.com>
+Date: Sat, 8 Sep 2018 14:46:27 +0800
+Subject: [PATCH] avoid potential int32 overflows in multiply_ms()
+
+---
+ tools/ppm2tiff.c | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/tools/ppm2tiff.c b/tools/ppm2tiff.c
+index 91415e9..81ffa3d 100644
+--- a/tools/ppm2tiff.c
++++ b/tools/ppm2tiff.c
+@@ -72,15 +72,16 @@ BadPPM(char* file)
+ 	exit(-2);
+ }
+ 
++
++#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0))
++#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1)
++
+ static tmsize_t
+ multiply_ms(tmsize_t m1, tmsize_t m2)
+ {
+-	tmsize_t bytes = m1 * m2;
+-
+-	if (m1 && bytes / m1 != m2)
+-		bytes = 0;
+-
+-	return bytes;
++        if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 )
++            return 0;
++        return m1 * m2;
+ }
+ 
+ int
+-- 
+2.17.2
+
diff --git a/SOURCES/libtiff-CVE-2018-18557.patch b/SOURCES/libtiff-CVE-2018-18557.patch
new file mode 100644
index 0000000..d2cd3c5
--- /dev/null
+++ b/SOURCES/libtiff-CVE-2018-18557.patch
@@ -0,0 +1,107 @@
+From 2683f6c21aefc760d2f7e56dac6b4383841886d6 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 14 Oct 2018 16:38:29 +0200
+Subject: [PATCH 2/2] JBIG: fix potential out-of-bounds write in JBIGDecode()
+
+JBIGDecode doesn't check if the user provided buffer is large enough
+to store the JBIG decoded image, which can potentially cause out-of-bounds
+write in the buffer.
+This issue was reported and analyzed by Thomas Dullien.
+
+Also fixes a (harmless) potential use of uninitialized memory when
+tif->tif_rawsize > tif->tif_rawcc
+
+And in case libtiff is compiled with CHUNKY_STRIP_READ_SUPPORT, make sure
+that whole strip data is provided to JBIGDecode()
+---
+ libtiff/tif_jbig.c | 32 ++++++++++++++++++++++++++------
+ libtiff/tif_read.c |  6 ++++++
+ 2 files changed, 32 insertions(+), 6 deletions(-)
+
+diff --git a/libtiff/tif_jbig.c b/libtiff/tif_jbig.c
+index 7a14dd9..8136c77 100644
+--- a/libtiff/tif_jbig.c
++++ b/libtiff/tif_jbig.c
+@@ -53,17 +53,18 @@ static int JBIGDecode(TIFF* tif, uint8* buffer, tmsize_t size, uint16 s)
+ 	struct jbg_dec_state decoder;
+ 	int decodeStatus = 0;
+ 	unsigned char* pImage = NULL;
+-	(void) size, (void) s;
++	unsigned long decodedSize;
++	(void) s;
+ 
+ 	if (isFillOrder(tif, tif->tif_dir.td_fillorder))
+ 	{
+-		TIFFReverseBits(tif->tif_rawdata, tif->tif_rawdatasize);
++		TIFFReverseBits(tif->tif_rawcp, tif->tif_rawcc);
+ 	}
+ 
+ 	jbg_dec_init(&decoder);
+ 
+ #if defined(HAVE_JBG_NEWLEN)
+-	jbg_newlen(tif->tif_rawdata, (size_t)tif->tif_rawdatasize);
++	jbg_newlen(tif->tif_rawcp, (size_t)tif->tif_rawcc);
+ 	/*
+ 	 * I do not check the return status of jbg_newlen because even if this
+ 	 * function fails it does not necessarily mean that decoding the image
+@@ -76,8 +77,8 @@ static int JBIGDecode(TIFF* tif, uint8* buffer, tmsize_t size, uint16 s)
+ 	 */
+ #endif /* HAVE_JBG_NEWLEN */
+ 
+-	decodeStatus = jbg_dec_in(&decoder, (unsigned char*)tif->tif_rawdata,
+-				  (size_t)tif->tif_rawdatasize, NULL);
++	decodeStatus = jbg_dec_in(&decoder, (unsigned char*)tif->tif_rawcp,
++				  (size_t)tif->tif_rawcc, NULL);
+ 	if (JBG_EOK != decodeStatus)
+ 	{
+ 		/*
+@@ -98,9 +99,28 @@ static int JBIGDecode(TIFF* tif, uint8* buffer, tmsize_t size, uint16 s)
+ 		return 0;
+ 	}
+ 
++	decodedSize = jbg_dec_getsize(&decoder);
++	if( (tmsize_t)decodedSize < size )
++	{
++	    TIFFWarningExt(tif->tif_clientdata, "JBIG",
++	                   "Only decoded %lu bytes, whereas %lu requested",
++	                   decodedSize, (unsigned long)size);
++	}
++	else if( (tmsize_t)decodedSize > size )
++	{
++	    TIFFErrorExt(tif->tif_clientdata, "JBIG",
++	                 "Decoded %lu bytes, whereas %lu were requested",
++	                 decodedSize, (unsigned long)size);
++	    jbg_dec_free(&decoder);
++	    return 0;
++	}
+ 	pImage = jbg_dec_getimage(&decoder, 0);
+-	_TIFFmemcpy(buffer, pImage, jbg_dec_getsize(&decoder));
++	_TIFFmemcpy(buffer, pImage, decodedSize);
+ 	jbg_dec_free(&decoder);
++
++        tif->tif_rawcp += tif->tif_rawcc;
++        tif->tif_rawcc = 0;
++
+ 	return 1;
+ }
+ 
+diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
+index 2ba985a..04100f4 100644
+--- a/libtiff/tif_read.c
++++ b/libtiff/tif_read.c
+@@ -348,6 +348,12 @@ TIFFSeek(TIFF* tif, uint32 row, uint16 sample )
+             return 0;
+         whole_strip = tif->tif_dir.td_stripbytecount[strip] < 10
+                 || isMapped(tif);
++        if( td->td_compression == COMPRESSION_JBIG )
++        {
++            /* Ideally plugins should have a way to declare they don't support
++             * chunk strip */
++            whole_strip = 1;
++        }
+ #else
+         whole_strip = 1;
+ #endif
+-- 
+2.17.2
+
diff --git a/SOURCES/libtiff-CVE-2018-18661.patch b/SOURCES/libtiff-CVE-2018-18661.patch
new file mode 100644
index 0000000..9a7430b
--- /dev/null
+++ b/SOURCES/libtiff-CVE-2018-18661.patch
@@ -0,0 +1,121 @@
+From 20dbecdf69cf0209ad0246707aaf142bb1fee96e Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Tue, 30 Oct 2018 18:50:27 +0100
+Subject: [PATCH] tiff2bw: avoid null pointer dereference in case of out of
+ memory situation. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2819 /
+ CVE-2018-18661
+
+---
+ libtiff/tiffiop.h |  1 +
+ tools/tiff2bw.c   | 30 ++++++++++++++++++++++++++----
+ tools/tiffcrop.c  |  5 -----
+ 3 files changed, 27 insertions(+), 9 deletions(-)
+
+diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h
+index daa291c..08e5dc4 100644
+--- a/libtiff/tiffiop.h
++++ b/libtiff/tiffiop.h
+@@ -72,6 +72,7 @@ extern int snprintf(char* str, size_t size, const char* format, ...);
+ #endif
+ 
+ #define    streq(a,b)      (strcmp(a,b) == 0)
++#define    strneq(a,b,n)   (strncmp(a,b,n) == 0)
+ 
+ #ifndef TRUE
+ #define	TRUE	1
+diff --git a/tools/tiff2bw.c b/tools/tiff2bw.c
+index dad54af..1f3bb2c 100644
+--- a/tools/tiff2bw.c
++++ b/tools/tiff2bw.c
+@@ -40,9 +40,7 @@
+ #endif
+ 
+ #include "tiffio.h"
+-
+-#define	streq(a,b)	(strcmp((a),(b)) == 0)
+-#define	strneq(a,b,n)	(strncmp(a,b,n) == 0)
++#include "tiffiop.h"
+ 
+ /* x% weighting -> fraction of full color */
+ #define	PCT(x)	(((x)*256+50)/100)
+@@ -223,6 +221,11 @@ main(int argc, char* argv[])
+ 	TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, thing);
+ 	TIFFSetField(out, TIFFTAG_SOFTWARE, "tiff2bw");
+ 	outbuf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
++        if( !outbuf )
++        {
++            fprintf(stderr, "Out of memory\n");
++            goto tiff2bw_error;
++        }
+ 	TIFFSetField(out, TIFFTAG_ROWSPERSTRIP,
+ 	    TIFFDefaultStripSize(out, rowsperstrip));
+ 
+@@ -246,6 +249,11 @@ main(int argc, char* argv[])
+ #undef CVT
+ 		}
+ 		inbuf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(in));
++                if( !inbuf )
++                {
++                    fprintf(stderr, "Out of memory\n");
++                    goto tiff2bw_error;
++                }
+ 		for (row = 0; row < h; row++) {
+ 			if (TIFFReadScanline(in, inbuf, row, 0) < 0)
+ 				break;
+@@ -256,6 +264,11 @@ main(int argc, char* argv[])
+ 		break;
+ 	case pack(PHOTOMETRIC_RGB, PLANARCONFIG_CONTIG):
+ 		inbuf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(in));
++                if( !inbuf )
++                {
++                    fprintf(stderr, "Out of memory\n");
++                    goto tiff2bw_error;
++                }
+ 		for (row = 0; row < h; row++) {
+ 			if (TIFFReadScanline(in, inbuf, row, 0) < 0)
+ 				break;
+@@ -265,8 +278,16 @@ main(int argc, char* argv[])
+ 		}
+ 		break;
+ 	case pack(PHOTOMETRIC_RGB, PLANARCONFIG_SEPARATE):
++        {
++                tmsize_t inbufsize;
+ 		rowsize = TIFFScanlineSize(in);
+-		inbuf = (unsigned char *)_TIFFmalloc(3*rowsize);
++                inbufsize = TIFFSafeMultiply(tmsize_t, 3, rowsize);
++		inbuf = (unsigned char *)_TIFFmalloc(inbufsize);
++                if( !inbuf )
++                {
++                    fprintf(stderr, "Out of memory\n");
++                    goto tiff2bw_error;
++                }
+ 		for (row = 0; row < h; row++) {
+ 			for (s = 0; s < 3; s++)
+ 				if (TIFFReadScanline(in,
+@@ -278,6 +299,7 @@ main(int argc, char* argv[])
+ 				break;
+ 		}
+ 		break;
++        }
+ 	}
+ #undef pack
+         if (inbuf)
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index c60cb38..3862b1c 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -150,11 +150,6 @@ extern int getopt(int argc, char * const argv[], const char *optstring);
+ 
+ #define TIFF_UINT32_MAX     0xFFFFFFFFU
+ 
+-#ifndef streq
+-#define	streq(a,b)	(strcmp((a),(b)) == 0)
+-#endif
+-#define	strneq(a,b,n)	(strncmp((a),(b),(n)) == 0)
+-
+ #define	TRUE	1
+ #define	FALSE	0
+ 
+-- 
+2.17.2
+
diff --git a/SOURCES/libtiff-CVE-2018-5784.patch b/SOURCES/libtiff-CVE-2018-5784.patch
new file mode 100644
index 0000000..5f26e5d
--- /dev/null
+++ b/SOURCES/libtiff-CVE-2018-5784.patch
@@ -0,0 +1,128 @@
+From 49723b0eb683cca80142b01a48ba1475fed5188a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
+Date: Fri, 23 Mar 2018 15:35:39 +0100
+Subject: [PATCH] Fix for bug 2772
+
+It is possible to craft a TIFF document where the IFD list is circular,
+leading to an infinite loop while traversing the chain. The libtiff
+directory reader has a failsafe that will break out of this loop after
+reading 65535 directory entries, but it will continue processing,
+consuming time and resources to process what is essentially a bogus TIFF
+document.
+
+This change fixes the above behavior by breaking out of processing when
+a TIFF document has >= 65535 directories and terminating with an error.
+---
+ contrib/addtiffo/tif_overview.c | 14 +++++++++++++-
+ tools/tiff2pdf.c                | 10 ++++++++++
+ tools/tiffcrop.c                | 13 +++++++++++--
+ 3 files changed, 34 insertions(+), 3 deletions(-)
+
+diff --git a/contrib/addtiffo/tif_overview.c b/contrib/addtiffo/tif_overview.c
+index c61ffbb..03b3573 100644
+--- a/contrib/addtiffo/tif_overview.c
++++ b/contrib/addtiffo/tif_overview.c
+@@ -65,6 +65,8 @@
+ #  define MAX(a,b)      ((a>b) ? a : b)
+ #endif
+ 
++#define TIFF_DIR_MAX  65534
++
+ void TIFFBuildOverviews( TIFF *, int, int *, int, const char *,
+                          int (*)(double,void*), void * );
+ 
+@@ -91,6 +93,7 @@ uint32 TIFF_WriteOverview( TIFF *hTIFF, uint32 nXSize, uint32 nYSize,
+ {
+     toff_t	nBaseDirOffset;
+     toff_t	nOffset;
++    tdir_t	iNumDir;
+ 
+     (void) bUseSubIFDs;
+ 
+@@ -147,7 +150,16 @@ uint32 TIFF_WriteOverview( TIFF *hTIFF, uint32 nXSize, uint32 nYSize,
+         return 0;
+ 
+     TIFFWriteDirectory( hTIFF );
+-    TIFFSetDirectory( hTIFF, (tdir_t) (TIFFNumberOfDirectories(hTIFF)-1) );
++    iNumDir = TIFFNumberOfDirectories(hTIFF);
++    if( iNumDir > TIFF_DIR_MAX )
++    {
++        TIFFErrorExt( TIFFClientdata(hTIFF),
++                      "TIFF_WriteOverview",
++                      "File `%s' has too many directories.\n",
++                      TIFFFileName(hTIFF) );
++        exit(-1);
++    }
++    TIFFSetDirectory( hTIFF, (tdir_t) (iNumDir - 1) );
+ 
+     nOffset = TIFFCurrentDirOffset( hTIFF );
+ 
+diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
+index 454befb..bdb9126 100644
+--- a/tools/tiff2pdf.c
++++ b/tools/tiff2pdf.c
+@@ -68,6 +68,8 @@ extern int getopt(int, char**, char*);
+ 
+ #define PS_UNIT_SIZE	72.0F
+ 
++#define TIFF_DIR_MAX    65534
++
+ /* This type is of PDF color spaces. */
+ typedef enum {
+ 	T2P_CS_BILEVEL = 0x01,	/* Bilevel, black and white */
+@@ -1049,6 +1051,14 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){
+ 	uint16 xuint16=0;
+ 
+ 	directorycount=TIFFNumberOfDirectories(input);
++	if(directorycount > TIFF_DIR_MAX) {
++		TIFFError(
++			TIFF2PDF_MODULE,
++			"TIFF contains too many directories, %s",
++			TIFFFileName(input));
++		t2p->t2p_error = T2P_ERR_ERROR;
++		return;
++	}
+ 	t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE)));
+ 	if(t2p->tiff_pages==NULL){
+ 		TIFFError(
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index c69177e..c60cb38 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -217,6 +217,8 @@ extern int getopt(int argc, char * const argv[], const char *optstring);
+ #define DUMP_TEXT   1
+ #define DUMP_RAW    2
+ 
++#define TIFF_DIR_MAX  65534
++
+ /* Offsets into buffer for margins and fixed width and length segments */
+ struct offset {
+   uint32  tmargin;
+@@ -2233,7 +2235,7 @@ main(int argc, char* argv[])
+     pageNum = -1;
+   else
+     total_images = 0;
+-  /* read multiple input files and write to output file(s) */
++  /* Read multiple input files and write to output file(s) */
+   while (optind < argc - 1)
+     {
+     in = TIFFOpen (argv[optind], "r");
+@@ -2241,7 +2243,14 @@ main(int argc, char* argv[])
+       return (-3);
+ 
+     /* If only one input file is specified, we can use directory count */
+-    total_images = TIFFNumberOfDirectories(in); 
++    total_images = TIFFNumberOfDirectories(in);
++    if (total_images > TIFF_DIR_MAX)
++      {
++      TIFFError (TIFFFileName(in), "File contains too many directories");
++      if (out != NULL)
++        (void) TIFFClose(out);
++      return (1);
++      }
+     if (image_count == 0)
+       {
+       dirnum = 0;
+-- 
+2.13.6
+
diff --git a/SOURCES/libtiff-CVE-2018-7456.patch b/SOURCES/libtiff-CVE-2018-7456.patch
new file mode 100644
index 0000000..65a8947
--- /dev/null
+++ b/SOURCES/libtiff-CVE-2018-7456.patch
@@ -0,0 +1,170 @@
+From de5385cd882a5ff0970f63f4d93da0cbc87230c2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
+Date: Tue, 17 Apr 2018 18:42:09 +0200
+Subject: [PATCH] Fix NULL pointer dereference in TIFFPrintDirectory
+
+The TIFFPrintDirectory function relies on the following assumptions,
+supposed to be guaranteed by the specification:
+
+(a) A Transfer Function field is only present if the TIFF file has
+    photometric type < 3.
+
+(b) If SamplesPerPixel > Color Channels, then the ExtraSamples field
+    has count SamplesPerPixel - (Color Channels) and contains
+    information about supplementary channels.
+
+While respect of (a) and (b) are essential for the well functioning of
+TIFFPrintDirectory, no checks are realized neither by the callee nor
+by TIFFPrintDirectory itself. Hence, following scenarios might happen
+and trigger the NULL pointer dereference:
+
+(1) TIFF File of photometric type 4 or more has illegal Transfer
+    Function field.
+
+(2) TIFF File has photometric type 3 or less and defines a
+    SamplesPerPixel field such that SamplesPerPixel > Color Channels
+    without defining all extra samples in the ExtraSamples fields.
+
+In this patch, we address both issues with respect of the following
+principles:
+
+(A) In the case of (1), the defined transfer table should be printed
+    safely even if it isn't 'legal'. This allows us to avoid expensive
+    checks in TIFFPrintDirectory. Also, it is quite possible that
+    an alternative photometric type would be developed (not part of the
+    standard) and would allow definition of Transfer Table. We want
+    libtiff to be able to handle this scenario out of the box.
+
+(B) In the case of (2), the transfer table should be printed at its
+    right size, that is if TIFF file has photometric type Palette
+    then the transfer table should have one row and not three, even
+    if two extra samples are declared.
+
+In order to fulfill (A) we simply add a new 'i < 3' end condition to
+the broken TIFFPrintDirectory loop. This makes sure that in any case
+where (b) would be respected but not (a), everything stays fine.
+
+(B) is fulfilled by the loop condition
+'i < td->td_samplesperpixel - td->td_extrasamples'. This is enough as
+long as (b) is respected.
+
+Naturally, we also make sure (b) is respected. This is done in the
+TIFFReadDirectory function by making sure any non-color channel is
+counted in ExtraSamples.
+
+This commit addresses CVE-2018-7456.
+---
+ libtiff/tif_dirread.c | 62 +++++++++++++++++++++++++++++++++++++++++++
+ libtiff/tif_print.c   |  2 +-
+ 2 files changed, 63 insertions(+), 1 deletion(-)
+
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 5e62e81..80aaf8d 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -167,6 +167,7 @@ static int TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uin
+ static int TIFFFetchSubjectDistance(TIFF*, TIFFDirEntry*);
+ static void ChopUpSingleUncompressedStrip(TIFF*);
+ static uint64 TIFFReadUInt64(const uint8 *value);
++static int _TIFFGetMaxColorChannels(uint16 photometric);
+ 
+ static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount );
+ 
+@@ -3506,6 +3507,35 @@ static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, c
+ 	}
+ }
+ 
++/*
++ * Return the maximum number of color channels specified for a given photometric
++ * type. 0 is returned if photometric type isn't supported or no default value
++ * is defined by the specification.
++ */
++static int _TIFFGetMaxColorChannels( uint16 photometric )
++{
++    switch (photometric) {
++	case PHOTOMETRIC_PALETTE:
++	case PHOTOMETRIC_MINISWHITE:
++	case PHOTOMETRIC_MINISBLACK:
++            return 1;
++	case PHOTOMETRIC_YCBCR:
++	case PHOTOMETRIC_RGB:
++	case PHOTOMETRIC_CIELAB:
++            return 3;
++	case PHOTOMETRIC_SEPARATED:
++	case PHOTOMETRIC_MASK:
++            return 4;
++	case PHOTOMETRIC_LOGL:
++	case PHOTOMETRIC_LOGLUV:
++	case PHOTOMETRIC_CFA:
++	case PHOTOMETRIC_ITULAB:
++	case PHOTOMETRIC_ICCLAB:
++	default:
++            return 0;
++    }
++}
++
+ /*
+  * Read the next TIFF directory from a file and convert it to the internal
+  * format. We read directories sequentially.
+@@ -3522,6 +3552,7 @@ TIFFReadDirectory(TIFF* tif)
+ 	uint32 fii=FAILED_FII;
+         toff_t nextdiroff;
+     int bitspersample_read = FALSE;
++        int color_channels;
+ 
+ 	tif->tif_diroff=tif->tif_nextdiroff;
+ 	if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff))
+@@ -4026,6 +4057,37 @@ TIFFReadDirectory(TIFF* tif)
+ 			}
+ 		}
+ 	}
++
++	/*
++	 * Make sure all non-color channels are extrasamples.
++	 * If it's not the case, define them as such.
++	 */
++        color_channels = _TIFFGetMaxColorChannels(tif->tif_dir.td_photometric);
++        if (color_channels && tif->tif_dir.td_samplesperpixel - tif->tif_dir.td_extrasamples > color_channels) {
++                uint16 old_extrasamples;
++                uint16 *new_sampleinfo;
++
++                TIFFWarningExt(tif->tif_clientdata,module, "Sum of Photometric type-related "
++                    "color channels and ExtraSamples doesn't match SamplesPerPixel. "
++                    "Defining non-color channels as ExtraSamples.");
++
++                old_extrasamples = tif->tif_dir.td_extrasamples;
++                tif->tif_dir.td_extrasamples = (tif->tif_dir.td_samplesperpixel - color_channels);
++
++                // sampleinfo should contain information relative to these new extra samples
++                new_sampleinfo = (uint16*) _TIFFcalloc(tif->tif_dir.td_extrasamples, sizeof(uint16));
++                if (!new_sampleinfo) {
++                    TIFFErrorExt(tif->tif_clientdata, module, "Failed to allocate memory for "
++                                "temporary new sampleinfo array (%d 16 bit elements)",
++                                tif->tif_dir.td_extrasamples);
++                    goto bad;
++                }
++
++                memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
++                _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
++                _TIFFfree(new_sampleinfo);
++        }
++
+ 	/*
+ 	 * Verify Palette image has a Colormap.
+ 	 */
+diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c
+index 24d4b98..10a588e 100644
+--- a/libtiff/tif_print.c
++++ b/libtiff/tif_print.c
+@@ -546,7 +546,7 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)
+ 				uint16 i;
+ 				fprintf(fd, "    %2ld: %5u",
+ 				    l, td->td_transferfunction[0][l]);
+-				for (i = 1; i < td->td_samplesperpixel; i++)
++				for (i = 1; i < td->td_samplesperpixel - td->td_extrasamples && i < 3; i++)
+ 					fprintf(fd, " %5u",
+ 					    td->td_transferfunction[i][l]);
+ 				fputc('\n', fd);
+-- 
+2.17.0
+
diff --git a/SOURCES/libtiff-CVE-2018-8905.patch b/SOURCES/libtiff-CVE-2018-8905.patch
new file mode 100644
index 0000000..be6bee4
--- /dev/null
+++ b/SOURCES/libtiff-CVE-2018-8905.patch
@@ -0,0 +1,53 @@
+From 1c127eb3cb7653bd61b61f9c3cfeb36fd10edab1 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 12 May 2018 15:32:31 +0200
+Subject: [PATCH 3/4] LZWDecodeCompat(): fix potential index-out-of-bounds
+ write. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2780 /
+ CVE-2018-8905
+
+The fix consists in using the similar code LZWDecode() to validate we
+don't write outside of the output buffer.
+---
+ libtiff/tif_lzw.c | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
+index bc8f9c8..186ea3c 100644
+--- a/libtiff/tif_lzw.c
++++ b/libtiff/tif_lzw.c
+@@ -604,6 +604,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
+ 	char *tp;
+ 	unsigned char *bp;
+ 	int code, nbits;
++	int len;
+ 	long nextbits, nextdata, nbitsmask;
+ 	code_t *codep, *free_entp, *maxcodep, *oldcodep;
+ 
+@@ -755,13 +756,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
+ 				}  while (--occ);
+ 				break;
+ 			}
+-			assert(occ >= codep->length);
+-			op += codep->length;
+-			occ -= codep->length;
+-			tp = op;
++			len = codep->length;
++			tp = op + len;
+ 			do {
+-				*--tp = codep->value;
+-			} while( (codep = codep->next) != NULL );
++				int t;
++				--tp;
++				t = codep->value;
++				codep = codep->next;
++				*tp = (char)t;
++			} while (codep && tp > op);
++			assert(occ >= len);
++			op += len;
++			occ -= len;
+ 		} else {
+ 			*op++ = (char)code;
+ 			occ--;
+-- 
+2.17.0
+
diff --git a/SOURCES/libtiff-am-version.patch b/SOURCES/libtiff-am-version.patch
new file mode 100644
index 0000000..c94c2e0
--- /dev/null
+++ b/SOURCES/libtiff-am-version.patch
@@ -0,0 +1,31 @@
+Back off the minimum required automake version to 1.11.  There isn't
+anything in libtiff currently that actually requires 1.12, and changing
+this allows the package to be built on pre-F18 machines for easier testing.
+
+This patch can go away once we no longer care about testing on pre-F18.
+
+
+diff -Naur tiff-4.0.3.orig/Makefile.am tiff-4.0.3/Makefile.am
+--- tiff-4.0.3.orig/Makefile.am	2012-09-20 09:22:47.000000000 -0400
++++ tiff-4.0.3/Makefile.am	2012-10-30 11:33:30.312823564 -0400
+@@ -25,7 +25,7 @@
+ 
+ docdir = $(LIBTIFF_DOCDIR)
+ 
+-AUTOMAKE_OPTIONS = 1.12 dist-zip foreign
++AUTOMAKE_OPTIONS = 1.11 dist-zip foreign
+ ACLOCAL_AMFLAGS = -I m4
+ 
+ docfiles = \
+diff -Naur tiff-4.0.3.orig/test/Makefile.am tiff-4.0.3/test/Makefile.am
+--- tiff-4.0.3.orig/test/Makefile.am	2012-09-20 09:22:28.000000000 -0400
++++ tiff-4.0.3/test/Makefile.am	2012-10-30 11:33:17.109696812 -0400
+@@ -23,7 +23,7 @@
+ 
+ # Process this file with automake to produce Makefile.in.
+ 
+-AUTOMAKE_OPTIONS = 1.12 color-tests parallel-tests foreign
++AUTOMAKE_OPTIONS = 1.11 color-tests parallel-tests foreign
+ 
+ LIBTIFF = $(top_builddir)/libtiff/libtiff.la
+ 
diff --git a/SOURCES/libtiff-coverity.patch b/SOURCES/libtiff-coverity.patch
new file mode 100644
index 0000000..04a445a
--- /dev/null
+++ b/SOURCES/libtiff-coverity.patch
@@ -0,0 +1,42 @@
+diff --git a/tools/ppm2tiff.c b/tools/ppm2tiff.c
+index 81ffa3d..a02e865 100644
+--- a/tools/ppm2tiff.c
++++ b/tools/ppm2tiff.c
+@@ -285,6 +285,8 @@ main(int argc, char* argv[])
+ 		if (TIFFWriteScanline(out, buf, row, 0) < 0)
+ 			break;
+ 	}
++	if (in != stdin)
++		fclose(in);
+ 	(void) TIFFClose(out);
+ 	if (buf)
+ 		_TIFFfree(buf);
+diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
+index bd23c9e..a15a3ef 100644
+--- a/tools/tiff2pdf.c
++++ b/tools/tiff2pdf.c
+@@ -3020,6 +3020,7 @@ tsize_t t2p_readwrite_pdf_image_tile(T2P* t2p, TIFF* input, TIFF* output, ttile_
+                                         "for t2p_readwrite_pdf_image_tile, %s", 
+ 					(unsigned long) t2p->tiff_datasize, 
+ 					TIFFFileName(input));
++				_TIFFfree(buffer);
+ 				t2p->t2p_error = T2P_ERR_ERROR;
+ 				return(0);
+ 			}
+@@ -3747,11 +3748,11 @@ t2p_sample_rgbaa_to_rgb(tdata_t data, uint32 samplecount)
+ {
+ 	uint32 i;
+ 	
+-    /* For the 3 first samples, there is overlapping between souce and
+-       destination, so use memmove().
+-       See http://bugzilla.maptools.org/show_bug.cgi?id=2577 */
+-    for(i = 0; i < 3 && i < samplecount; i++)
+-        memmove((uint8*)data + i * 3, (uint8*)data + i * 4, 3);
++	/* For the 3 first samples, there is overlapping between souce and
++	   destination, so use memmove().
++	   See http://bugzilla.maptools.org/show_bug.cgi?id=2577 */
++	for(i = 0; i < 3 && i < samplecount; i++)
++		memmove((uint8*)data + i * 3, (uint8*)data + i * 4, 3);
+ 	for(; i < samplecount; i++)
+ 		memcpy((uint8*)data + i * 3, (uint8*)data + i * 4, 3);
+ 
diff --git a/SOURCES/libtiff-make-check.patch b/SOURCES/libtiff-make-check.patch
new file mode 100644
index 0000000..e79dc94
--- /dev/null
+++ b/SOURCES/libtiff-make-check.patch
@@ -0,0 +1,12 @@
+diff --git a/html/man/Makefile.am b/html/man/Makefile.am
+index 587296c..696005e 100644
+--- a/html/man/Makefile.am
++++ b/html/man/Makefile.am
+@@ -92,7 +92,6 @@ docfiles = \
+ 	tiffcrop.1.html \
+ 	tiffdither.1.html \
+ 	tiffdump.1.html \
+-	tiffgt.1.html \
+ 	tiffinfo.1.html \
+ 	tiffmedian.1.html \
+ 	tiffset.1.html \
diff --git a/SPECS/libtiff.spec b/SPECS/libtiff.spec
new file mode 100644
index 0000000..42dd6a0
--- /dev/null
+++ b/SPECS/libtiff.spec
@@ -0,0 +1,718 @@
+Summary:       Library of functions for manipulating TIFF format image files
+Name:          libtiff
+Version:       4.0.9
+Release:       15%{?dist}
+License:       libtiff
+Group:         System Environment/Libraries
+URL:           http://www.simplesystems.org/libtiff/
+
+Source:        ftp://ftp.simplesystems.org/pub/libtiff/tiff-%{version}.tar.gz
+
+Patch0:        libtiff-am-version.patch
+Patch1:        libtiff-make-check.patch
+Patch2:        libtiff-CVE-2018-5784.patch
+Patch3:        libtiff-CVE-2018-7456.patch
+Patch4:        libtiff-CVE-2017-9935.patch
+Patch5:        libtiff-CVE-2017-18013.patch
+Patch6:        libtiff-CVE-2018-8905.patch
+Patch7:        libtiff-CVE-2018-10963.patch
+Patch8:        libtiff-CVE-2018-17100.patch
+Patch9:        libtiff-coverity.patch
+Patch10:       libtiff-CVE-2018-18557.patch
+Patch11:       libtiff-CVE-2018-18661.patch
+Patch12:       libtiff-CVE-2018-12900.patch
+
+BuildRequires: gcc, gcc-c++
+BuildRequires: zlib-devel libjpeg-devel jbigkit-devel
+BuildRequires: libtool automake autoconf pkgconfig
+
+%description
+The libtiff package contains a library of functions for manipulating
+TIFF (Tagged Image File Format) image format files.  TIFF is a widely
+used file format for bitmapped images.  TIFF files usually end in the
+.tif extension and they are often quite large.
+
+The libtiff package should be installed if you need to manipulate TIFF
+format image files.
+
+%package devel
+Summary:       Development tools for programs which will use the libtiff library
+Group:         Development/Libraries
+Requires:      %{name}%{?_isa} = %{version}-%{release}
+Requires:      pkgconfig%{?_isa}
+
+%description devel
+This package contains the header files and documentation necessary for
+developing programs which will manipulate TIFF format image files
+using the libtiff library.
+
+If you need to develop programs which will manipulate TIFF format
+image files, you should install this package.  You'll also need to
+install the libtiff package.
+
+%package static
+Summary:     Static TIFF image format file library
+Group:       Development/Libraries
+Requires:    %{name}-devel%{?_isa} = %{version}-%{release}
+
+%description static
+The libtiff-static package contains the statically linkable version of libtiff.
+Linking to static libraries is discouraged for most applications, but it is
+necessary for some boot packages.
+
+%package tools
+Summary:    Command-line utility programs for manipulating TIFF files
+Group:      Development/Libraries
+Requires:   %{name}%{?_isa} = %{version}-%{release}
+
+%description tools
+This package contains command-line programs for manipulating TIFF format
+image files using the libtiff library.
+
+%prep
+%setup -q -n tiff-%{version}
+
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+%patch11 -p1
+%patch12 -p1
+
+# Use build system's libtool.m4, not the one in the package.
+rm -f libtool.m4
+
+libtoolize --force  --copy
+aclocal -I . -I m4
+automake --add-missing --copy
+autoconf
+autoheader
+
+%build
+export CFLAGS="%{optflags} -fno-strict-aliasing"
+%configure --enable-ld-version-script
+make %{?_smp_mflags}
+
+%install
+make DESTDIR=$RPM_BUILD_ROOT install
+
+# remove what we didn't want installed
+rm $RPM_BUILD_ROOT%{_libdir}/*.la
+rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/
+
+# no libGL dependency, please
+rm -f $RPM_BUILD_ROOT%{_bindir}/tiffgt
+
+# no sgi2tiff or tiffsv, either
+rm -f $RPM_BUILD_ROOT%{_bindir}/sgi2tiff
+rm -f $RPM_BUILD_ROOT%{_bindir}/tiffsv
+
+rm -f $RPM_BUILD_ROOT%{_mandir}/man1/tiffgt.1
+rm -f $RPM_BUILD_ROOT%{_mandir}/man1/sgi2tiff.1
+rm -f $RPM_BUILD_ROOT%{_mandir}/man1/tiffsv.1
+rm -f html/man/tiffgt.1.html
+rm -f html/man/sgi2tiff.1.html
+rm -f html/man/tiffsv.1.html
+
+# multilib header hack
+# we only apply this to known Red Hat multilib arches, per bug #233091
+case `uname -i` in
+  i386 | ppc | s390 | sparc )
+    wordsize="32"
+    ;;
+  x86_64 | ppc64 | s390x | sparc64 )
+    wordsize="64"
+    ;;
+  *)
+    wordsize=""
+    ;;
+esac
+
+if test -n "$wordsize"
+then
+  mv $RPM_BUILD_ROOT%{_includedir}/tiffconf.h \
+     $RPM_BUILD_ROOT%{_includedir}/tiffconf-$wordsize.h
+
+  cat >$RPM_BUILD_ROOT%{_includedir}/tiffconf.h <<EOF
+#ifndef TIFFCONF_H_MULTILIB
+#define TIFFCONF_H_MULTILIB
+
+#include <bits/wordsize.h>
+
+#if __WORDSIZE == 32
+# include "tiffconf-32.h"
+#elif __WORDSIZE == 64
+# include "tiffconf-64.h"
+#else
+# error "unexpected value for __WORDSIZE macro"
+#endif
+
+#endif
+EOF
+
+fi
+
+%ldconfig_scriptlets
+
+%check
+LD_LIBRARY_PATH=$PWD:$LD_LIBRARY_PATH make check
+
+# don't include documentation Makefiles, they are a multilib hazard
+find html -name 'Makefile*' | xargs rm
+
+%files
+%doc COPYRIGHT README RELEASE-DATE VERSION
+%{_libdir}/libtiff.so.*
+%{_libdir}/libtiffxx.so.*
+
+%files devel
+%doc TODO ChangeLog html
+%{_includedir}/*
+%{_libdir}/libtiff.so
+%{_libdir}/libtiffxx.so
+%{_libdir}/pkgconfig/libtiff*.pc
+%{_mandir}/man3/*
+
+%files static
+%{_libdir}/*.a
+
+%files tools
+%{_bindir}/*
+%{_mandir}/man1/*
+
+%changelog
+* Wed Jun 12 2019 Nikola Forró <nforro@redhat.com> - 4.0.9-15
+- Fix DIVIDE_BY_ZERO in patch for CVE-2018-12900 (#1595579)
+
+* Thu Jun 06 2019 Nikola Forró <nforro@redhat.com> - 4.0.9-14
+- Fix CVE-2018-12900 (#1595579)
+
+* Thu Dec 13 2018 Nikola Forró <nforro@redhat.com> - 4.0.9-13
+- Fix compiler warning introduced by patch for CVE-2018-18661
+
+* Wed Nov 14 2018 Nikola Forró <nforro@redhat.com> - 4.0.9-12
+- Fix CVE-2018-18557 (#1647738) and CVE-2018-18661 (#1644452)
+
+* Mon Oct 15 2018 Nikola Forró <nforro@redhat.com> - 4.0.9-11
+- Fix important Covscan defects (#1602597)
+
+* Mon Oct 15 2018 Nikola Forró <nforro@redhat.com> - 4.0.9-10
+- Fix CVE-2018-17100 (#1631073)
+
+* Wed May 30 2018 Nikola Forró <nforro@redhat.com> - 4.0.9-9
+- Fix CVE-2017-9935, CVE-2017-18013, CVE-2018-8905 (#1559708)
+  and CVE-2018-10963 (#1579060)
+
+* Tue Apr 17 2018 Nikola Forró <nforro@redhat.com> - 4.0.9-8
+- Fix CVE-2018-7456 (#1556709)
+
+* Fri Mar 23 2018 Nikola Forró <nforro@redhat.com> - 4.0.9-7
+- Fix CVE-2018-5784 (#1537742)
+
+* Tue Feb 20 2018 Nikola Forró <nforro@redhat.com> - 4.0.9-6
+- Add missing gcc-c++ build dependency
+
+* Tue Feb 20 2018 Nikola Forró <nforro@redhat.com> - 4.0.9-5
+- Add missing gcc build dependency
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.9-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Sat Feb 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.0.9-3
+- Switch to %%ldconfig_scriptlets
+
+* Mon Dec 11 2017 Nikola Forró <nforro@redhat.com> - 4.0.9-2
+- Fix unescaped macro in changelog entry (#1523643)
+
+* Thu Nov 23 2017 Nikola Forró <nforro@redhat.com> - 4.0.9-1
+- New upstream version libtiff-4.0.9 (#1514863)
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.8-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Mon May 22 2017 Nikola Forró <nforro@redhat.com> - 4.0.8-1
+- New upstream version libtiff-4.0.8 (#1453030)
+
+* Wed Apr 12 2017 Nikola Forró <nforro@redhat.com> - 4.0.7-5
+- Fix CVE-2017-759{2,3,4,5,6,7,8,9}, CVE-2017-760{0,1,2} (#1441273)
+
+* Wed Apr 05 2017 Nikola Forró <nforro@redhat.com> - 4.0.7-4
+- Fix CVE-2016-1026{6,7,8,9}, CVE-2016-1027{0,1,2} (#1438464)
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.7-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Tue Jan 24 2017 Nikola Forró <nforro@redhat.com> - 4.0.7-2
+- Fix Hylafax breakage (#1416042)
+
+* Mon Nov 21 2016 Nikola Forró <nforro@redhat.com> - 4.0.7-1
+- New upstream version libtiff-4.0.7 (#1396769)
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Fri Oct 09 2015 Petr Hracek <phracek@redhat.com> - 4.0.6-1
+- New upstream version libtiff-4.0.6 (#1262585)
+
+* Wed Sep 09 2015 Petr Hracek <phracek@redhat.com> - 4.0.5-1
+- New upstream version libtiff-4.0.5 (#1258286)
+
+* Mon Jun 22 2015 Petr Hracek <phracek@redhat.com> - 4.0.4-1
+- New upstream version libtiff-4.0.4 (#1234191)
+
+* Fri Jun 19 2015 Petr Hracek <phracek@redhat.com> - 4.0.4beta-1
+- New upstream version libtiff-4.0.4beta (#1186219)
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.0.3-21
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Tue May 19 2015 Petr Hracek <phracek@redhat.com> - 4.0.3-20
+- CVE-2014-9655 and CVE-2015-1547 #1190710
+
+* Sat May 02 2015 Kalev Lember <kalevlember@gmail.com> - 4.0.3-19
+- Rebuilt for GCC 5 C++11 ABI change
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.0.3-18
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Tue Aug 12 2014 Kalev Lember <kalevlember@gmail.com> - 4.0.3-17
+- Rebuilt for libjbig soname bump
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.0.3-16
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Wed May 21 2014 Petr Hracek <phracek@redhat.com> - 4.0.3-15
+- Add upstream patches for CVE-2013-4243 (#996832)
+
+* Thu Dec 19 2013 Petr Hracek <phracek@redhat.com> - 4.0.3-14
+- Fix: #1044609 Can't install both architectures
+
+* Wed Dec 18 2013 Petr Hracek <phracek@redhat.com> - 4.0.3-13
+- Fix #510240 Correct tiff2ps man option -W
+
+* Wed Oct 16 2013 Petr Hracek <phracek@redhat.com> - 4.0.3-12
+- make check moved to %%check section (#1017070)
+
+* Tue Oct 08 2013 Petr Hracek <phracek@redhat.com> - 4.0.3-11
+- Resolves: #510258, #510240 - man page corrections
+
+* Mon Aug 19 2013 Petr Hracek <phracek@redhat.com> 4.0.3-10
+- Add upstream patches for CVE-2013-4244
+Resolves: #996468
+
+* Wed Aug 14 2013 Petr Hracek <phracek@redhat.com> 4.0.3-9
+- Add upstream patches for CVE-2013-4231 CVE-2013-4232
+Resolves: #995965 #995975
+
+* Mon Aug 12 2013 Petr Hracek <phracek@redhat.com> - 4.0.3-8
+- Manpage fixing (#510240, #510258)
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.0.3-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Thu May  2 2013 Tom Lane <tgl@redhat.com> 4.0.3-6
+- Add upstream patches for CVE-2013-1960, CVE-2013-1961
+Resolves: #958609
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.0.3-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Fri Jan 18 2013 Adam Tkac <atkac redhat com> - 4.0.3-4
+- rebuild due to "jpeg8-ABI" feature drop
+
+* Wed Dec 19 2012 Tom Lane <tgl@redhat.com> 4.0.3-3
+- Add upstream patch to avoid bogus self-test failure with libjpeg-turbo v8
+
+* Thu Dec 13 2012 Tom Lane <tgl@redhat.com> 4.0.3-2
+- Add upstream patches for CVE-2012-4447, CVE-2012-4564
+  (note: CVE-2012-5581 is already fixed in 4.0.3)
+Resolves: #880907
+
+* Thu Oct  4 2012 Tom Lane <tgl@redhat.com> 4.0.3-1
+- Update to libtiff 4.0.3
+
+* Fri Aug  3 2012 Tom Lane <tgl@redhat.com> 4.0.2-6
+- Remove compat subpackage; no longer needed
+- Minor specfile cleanup per suggestions from Tom Callaway
+Related: #845110
+
+* Thu Aug  2 2012 Tom Lane <tgl@redhat.com> 4.0.2-5
+- Add accessor functions for opaque type TIFFField (backport of not-yet-released
+  upstream feature addition; needed to fix freeimage)
+
+* Sun Jul 22 2012 Tom Lane <tgl@redhat.com> 4.0.2-4
+- Add patches for CVE-2012-3401
+Resolves: #841736
+
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.0.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Tue Jul 03 2012 Karsten Hopp <karsten@redhat.com> 4.0.2-2
+- add opensuse bigendian patch to fix raw_decode self check failure on ppc*, s390*
+
+* Thu Jun 28 2012 Tom Lane <tgl@redhat.com> 4.0.2-1
+- Update to libtiff 4.0.2, includes fix for CVE-2012-2113
+  (note that CVE-2012-2088 does not apply to 4.0.x)
+- Update libtiff-compat to 3.9.6 and add patches to it for
+  CVE-2012-2088, CVE-2012-2113
+Resolves: #832866
+
+* Fri Jun  1 2012 Tom Lane <tgl@redhat.com> 4.0.1-2
+- Enable JBIG support
+Resolves: #826240
+
+* Sun May  6 2012 Tom Lane <tgl@redhat.com> 4.0.1-1
+- Update to libtiff 4.0.1, adds BigTIFF support and other features;
+  library soname is bumped from libtiff.so.3 to libtiff.so.5
+Resolves: #782383
+- Temporarily package 3.9.5 shared library (only) in libtiff-compat subpackage
+  so that dependent packages won't be broken while rebuilding proceeds
+
+* Thu Apr  5 2012 Tom Lane <tgl@redhat.com> 3.9.5-3
+- Add fix for CVE-2012-1173
+Resolves: #CVE-2012-1173
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.9.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Tue Apr 12 2011 Tom Lane <tgl@redhat.com> 3.9.5-1
+- Update to libtiff 3.9.5, incorporating all our previous patches plus other
+  fixes, notably the fix for CVE-2009-5022
+Related: #695885
+
+* Mon Mar 21 2011 Tom Lane <tgl@redhat.com> 3.9.4-4
+- Fix incorrect fix for CVE-2011-0192
+Resolves: #684007
+Related: #688825
+- Add fix for CVE-2011-1167
+Resolves: #689574
+
+* Wed Mar  2 2011 Tom Lane <tgl@redhat.com> 3.9.4-3
+- Add patch for CVE-2011-0192
+Resolves: #681672
+- Fix non-security-critical potential SIGSEGV in gif2tiff
+Related: #648820
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.9.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Tue Jun 22 2010 Tom Lane <tgl@redhat.com> 3.9.4-1
+- Update to libtiff 3.9.4, for numerous bug fixes including fixes for
+  CVE-2010-1411, CVE-2010-2065, CVE-2010-2067
+Resolves: #554371
+Related: #460653, #588784, #601274, #599576, #592361, #603024
+- Add fixes for multiple SIGSEGV problems
+Resolves: #583081
+Related: #603081, #603699, #603703
+
+* Tue Jan  5 2010 Tom Lane <tgl@redhat.com> 3.9.2-3
+- Apply Adam Goode's fix for Warmerdam's fix
+Resolves: #552360
+Resolves: #533353
+- Add some defenses to prevent tiffcmp from crashing on downsampled JPEG
+  images; this isn't enough to make it really work correctly though
+Related: #460322
+
+* Wed Dec 16 2009 Tom Lane <tgl@redhat.com> 3.9.2-2
+- Apply Warmerdam's partial fix for bug #460322 ... better than nothing.
+Related: #460322
+
+* Thu Dec  3 2009 Tom Lane <tgl@redhat.com> 3.9.2-1
+- Update to libtiff 3.9.2; stop carrying a lot of old patches
+Resolves: #520734
+- Split command-line tools into libtiff-tools subpackage
+Resolves: #515170
+- Use build system's libtool instead of what package contains;
+  among other cleanup this gets rid of unwanted rpath specs in executables
+Related: #226049
+
+* Thu Oct 15 2009 Tom Lane <tgl@redhat.com> 3.8.2-16
+- add sparc/sparc64 to multilib header support
+
+* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.8.2-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Mon Jul 13 2009 Tom Lane <tgl@redhat.com> 3.8.2-14
+- Fix buffer overrun risks caused by unchecked integer overflow (CVE-2009-2347)
+Related: #510041
+
+* Wed Jul  1 2009 Tom Lane <tgl@redhat.com> 3.8.2-13
+- Fix some more LZW decoding vulnerabilities (CVE-2009-2285)
+Related: #507465
+- Update upstream URL
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.8.2-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Tue Aug 26 2008 Tom Lane <tgl@redhat.com> 3.8.2-11
+- Fix LZW decoding vulnerabilities (CVE-2008-2327)
+Related: #458674
+- Use -fno-strict-aliasing per rpmdiff recommendation
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 3.8.2-10
+- Autorebuild for GCC 4.3
+
+* Wed Aug 22 2007 Tom Lane <tgl@redhat.com> 3.8.2-9
+- Update License tag
+- Rebuild to fix Fedora toolchain issues
+
+* Thu Jul 19 2007 Tom Lane <tgl@redhat.com> 3.8.2-8
+- Restore static library to distribution, in a separate -static subpackage
+Resolves: #219905
+- Don't apply multilib header hack to unrecognized architectures
+Resolves: #233091
+- Remove documentation for programs we don't ship
+Resolves: #205079
+Related: #185145
+
+* Tue Jan 16 2007 Tom Lane <tgl@redhat.com> 3.8.2-7
+- Remove Makefiles from the shipped /usr/share/doc/html directories
+Resolves: bz #222729
+
+* Tue Sep  5 2006 Jindrich Novy <jnovy@redhat.com> - 3.8.2-6
+- fix CVE-2006-2193, tiff2pdf buffer overflow (#194362)
+- fix typo in man page for tiffset (#186297)
+- use %%{?dist}
+
+* Mon Jul 24 2006 Matthias Clasen <mclasen@redhat.com>
+- Fix several vulnerabilities (CVE-2006-3460 CVE-2006-3461
+  CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
+
+* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 3.8.2-4.1
+- rebuild
+
+* Fri Jun  2 2006 Matthias Clasen <mclasen@redhat.com> - 3.8.2-3
+- Fix multilib conflict
+
+* Thu May 25 2006 Matthias Clasen <mclasen@redhat.com> - 3.8.2-3
+- Fix overflows in tiffsplit
+
+* Wed Apr 26 2006 Matthias Clasen <mclasen@redhat.com> - 3.8.2-2
+- Drop tiffgt to get rid of the libGL dependency (#190768)
+
+* Wed Apr 26 2006 Matthias Clasen <mclasen@redhat.com> - 3.8.2-1
+- Update to 3.8.2
+
+* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 3.7.4-3.2.1
+- bump again for double-long bug on ppc(64)
+
+* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 3.7.4-3.2
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
+- rebuilt
+
+* Wed Nov 16 2005 Matthias Clasen <mclasen@redhat.com> 3.7.4-3
+- Don't ship static libs
+
+* Fri Nov 11 2005 Matthias Saou <http://freshrpms.net/> 3.7.4-2
+- Remove useless explicit dependencies.
+- Minor spec file cleanups.
+- Move make check to %%check.
+- Add _smp_mflags.
+
+* Thu Sep 29 2005 Matthias Clasen <mclasen@redhat.com> - 3.7.4-1
+- Update to 3.7.4
+- Drop upstreamed patches
+
+* Wed Jun 29 2005 Matthias Clasen <mclasen@redhat.com> - 3.7.2-1
+- Update to 3.7.2
+- Drop upstreamed patches
+
+* Fri May  6 2005 Matthias Clasen <mclasen@redhat.com> - 3.7.1-6
+- Fix a stack overflow
+
+* Wed Mar  2 2005 Matthias Clasen <mclasen@redhat.com> - 3.7.1-5
+- Don't use mktemp
+
+* Wed Mar  2 2005 Matthias Clasen <mclasen@redhat.com> - 3.7.1-4
+- Rebuild with gcc4
+
+* Wed Jan  5 2005 Matthias Clasen <mclasen@redhat.com> - 3.7.1-3
+- Drop the largefile patch again
+- Fix a problem with the handling of alpha channels
+- Fix an integer overflow in tiffdump (#143576)
+
+* Wed Dec 22 2004 Matthias Clasen <mclasen@redhat.com> - 3.7.1-2
+- Readd the largefile patch (#143560)
+
+* Wed Dec 22 2004 Matthias Clasen <mclasen@redhat.com> - 3.7.1-1
+- Upgrade to 3.7.1
+- Remove upstreamed patches
+- Remove specfile cruft
+- make check
+
+* Thu Oct 14 2004 Matthias Clasen <mclasen@redhat.com> 3.6.1-7
+- fix some integer and buffer overflows (#134853, #134848)
+
+* Tue Oct 12 2004 Matthias Clasen <mclasen@redhat.com> 3.6.1-6
+- fix http://bugzilla.remotesensing.org/show_bug.cgi?id=483
+
+* Mon Sep 27 2004 Rik van Riel <riel@redhat.com> 3.6.1-4
+- compile using RPM_OPT_FLAGS (bz #133650)
+
+* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Thu May 20 2004 Matthias Clasen <mclasen@redhat.com> 3.6.1-2
+- Fix and use the makeflags patch
+
+* Wed May 19 2004 Matthias Clasen <mclasen@redhat.com> 3.6.1-1
+- Upgrade to 3.6.1
+- Adjust patches
+- Don't install tiffgt man page  (#104864)
+
+* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Sat Feb 21 2004 Florian La Roche <Florian.LaRoche@redhat.de>
+- really add symlink to shared lib by running ldconfig at compile time
+
+* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Thu Oct 09 2003 Florian La Roche <Florian.LaRoche@redhat.de>
+- link shared lib against -lm (Jakub Jelinek)
+
+* Thu Sep 25 2003 Jeremy Katz <katzj@redhat.com> 3.5.7-13
+- rebuild to fix gzipped file md5sum (#91281)
+
+* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Tue Feb 11 2003 Phil Knirsch <pknirsch@redhat.com> 3.5.7-11
+- Fixed rebuild problems.
+
+* Tue Feb 04 2003 Florian La Roche <Florian.LaRoche@redhat.de>
+- add symlink to shared lib
+
+* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
+- rebuilt
+
+* Thu Dec 12 2002 Tim Powers <timp@redhat.com> 3.5.7-8
+- rebuild on all arches
+
+* Mon Aug 19 2002 Phil Knirsch <pknirsch@redhat.com> 3.5.7-7
+- Added LFS support (#71593)
+
+* Tue Jun 25 2002 Phil Knirsch <pknirsch@redhat.com> 3.5.7-6
+- Fixed wrong exit code of tiffcp app (#67240)
+
+* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Thu May 23 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Wed May 15 2002 Phil Knirsch <pknirsch@redhat.com>
+- Fixed segfault in fax2tiff tool (#64708).
+
+* Mon Feb 25 2002 Phil Knirsch <pknirsch@redhat.com>
+- Fixed problem with newer bash versions setting CDPATH (#59741)
+
+* Tue Feb 19 2002 Phil Knirsch <pknirsch@redhat.com>
+- Update to current release 3.5.7
+
+* Wed Jan 09 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Tue Aug 28 2001 Phil Knirsch <phil@redhat.de>
+- Fixed ia64 problem with tiffinfo. Was general 64 bit arch problem where s390x
+  and ia64 were missing (#52129).
+
+* Tue Jun 26 2001 Philipp Knirsch <pknirsch@redhat.de>
+- Hopefully final symlink fix
+
+* Thu Jun 21 2001 Than Ngo <than@redhat.com>
+- add missing libtiff symlink
+
+* Fri Mar 16 2001 Crutcher Dunnavant <crutcher@redhat.com>
+- killed tiff-to-ps.fpi filter
+
+* Wed Feb 28 2001 Philipp Knirsch <pknirsch@redhat.de>
+- Fixed missing devel version dependancy.
+
+* Tue Dec 19 2000 Philipp Knirsch <pknirsch@redhat.de>
+- rebuild
+
+* Mon Aug  7 2000 Crutcher Dunnavant <crutcher@redhat.com>
+- added a tiff-to-ps.fpi filter for printing
+
+* Thu Jul 13 2000 Prospector <bugzilla@redhat.com>
+- automatic rebuild
+
+* Thu Jul 13 2000 Nalin Dahyabhai <nalin@redhat.com>
+- apply Peter Skarpetis's fix for the 32-bit conversion
+
+* Mon Jul  3 2000 Nalin Dahyabhai <nalin@redhat.com>
+- make man pages non-executable (#12811)
+
+* Mon Jun 12 2000 Nalin Dahyabhai <nalin@redhat.com>
+- remove CVS repo info from data directories
+
+* Thu May 18 2000 Nalin Dahyabhai <nalin@redhat.com>
+- fix build rooting
+- fix syntax error in configure script
+- move man pages to {_mandir}
+
+* Wed May 17 2000 Nalin Dahyabhai <nalin@redhat.com>
+- rebuild for an errata release
+
+* Wed Mar 29 2000 Nalin Dahyabhai <nalin@redhat.com>
+- update to 3.5.5, which integrates our fax2ps fixes and the glibc fix
+
+* Tue Mar 28 2000 Nalin Dahyabhai <nalin@redhat.com>
+- fix fax2ps swapping height and width in the bounding box
+
+* Mon Mar 27 2000 Nalin Dahyabhai <nalin@redhat.com>
+- move man pages from devel package to the regular one
+- integrate Frank Warmerdam's fixed .fax handling code (keep until next release
+  of libtiff)
+- fix fax2ps breakage (bug #8345)
+
+* Sat Feb 05 2000 Nalin Dahyabhai <nalin@redhat.com>
+- set MANDIR=man3 to make multifunction man pages friendlier
+
+* Mon Jan 31 2000 Nalin Dahyabhai <nalin@redhat.com>
+- fix URLs
+
+* Fri Jan 28 2000 Nalin Dahyabhai <nalin@redhat.com>
+- link shared library against libjpeg and libz
+
+* Tue Jan 18 2000 Nalin Dahyabhai <nalin@redhat.com>
+- enable zip and jpeg codecs
+- change defattr in normal package to 0755
+- add defattr to -devel package
+
+* Wed Dec 22 1999 Bill Nottingham <notting@redhat.com>
+- update to 3.5.4
+
+* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com>
+- auto rebuild in the new build environment (release 6)
+
+* Wed Jan 13 1999 Cristian Gafton <gafton@redhat.com>
+- build for glibc 2.1
+
+* Wed Jun 10 1998 Prospector System <bugs@redhat.com>
+- translations modified for de
+
+* Wed Jun 10 1998 Michael Fulbright <msf@redhat.com>
+- rebuilt against fixed jpeg libs (libjpeg-6b)
+
+* Thu May 07 1998 Prospector System <bugs@redhat.com>
+- translations modified for de, fr, tr
+
+* Mon Oct 13 1997 Donnie Barnes <djb@redhat.com>
+- new version to replace the one from libgr
+- patched for glibc
+- added shlib support