- Update to 4.7.0:

* This version restores in the default build the availability of
    the tools that had been dropped in v4.6.0
    See https://libtiff.gitlab.io/libtiff/rfcs/rfc2_restoring_needed_tools.html#rfc2-restoring-needed-tools
  * Software configuration changes:
    + autoconf build: configure.ac: avoid -Werror passed to CFLAGS to interfere with feature detection
    + autoconf build: fix error when running make clean (fixes issue #630)
    + autoconf build: back off the minimum required automake version to 1.11
    + autoconf.ac: fix detection of windows.h for mingw (fixes issue #605)
    + libtiff-4.pc: Fix Requires.private missing Lerc. It provides a .pc file
      starting from version 4 (in autoconf builds, we assume that liblerc is at least version 4)
    + CMake: Fix TIFF_INCLUDE_DIRS
    + CMake: MinGW compilers don't need a .def file for shared library
    + CMake: move libdeflate and Lerc to Requires.private
    + CMake: enable resource compilation on all Windows.
  * Library changes:
    + Add TIFFOpenOptionsSetMaxCumulatedMemAlloc(). This function complements
      TIFFOpenOptionsSetMaxSingleMemAlloc() to define the maximum cumulated memory
      allocations in byte, for a given TIFF handle, that libtiff internal memory
      allocation functions are allowed. 
    + TIFFWriteDirectory(): Avoid overwriting following data if an IFD is enlarged.
    + TIFFXYZToRGB: avoid integer overflow (fixes issue #644)
    + uv_decode() and uv_encode(): avoid potential out-of-bounds array index (fixes issue #645)
    + Fix cases where tif_curdir is set incorrectly. Fix cases where the current directory number (tif_curdir)
      is set inconsistently or incorrectly, depending on the previous history.
    + TIFFRead[Scanline/EncodedStrip/EncodeTile]: 0-initialize output buffer if setupdecode fails ;
      most codecs: zero-initialize (not-yet-written parts of) output buffer if failure (fixes issue #375)
    + OJPEG: reset subsampling_convert_state=0 in OJPEGPreDecode (fixes issue #183)
    + ThunderRLE: fix failure when decoding last run. Bug seen with GhostPDL
    + LERC codec: deal with issues with multi-band PlanarConfig=Contig and NaN values

OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=182

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

README.SUSE

@@ -0,0 +1,2 @@
+The documentation for tiff programs and library is in package tiff
+in directory /usr/share/doc/packages/tiff.

baselibs.conf

@@ -0,0 +1,6 @@
+libtiff6
+  obsoletes "libtiff-<targettype> <= <version>"
+  provides "libtiff-<targettype> = <version>"
+libtiff-devel
+ requires -libtiff-<targettype>
+ requires "libtiff6-<targettype> = <version>"

tiff-4.0.3-seek.patch

@@ -0,0 +1,13 @@
+Index: tiff-4.6.0/libtiff/tiffiop.h
+===================================================================
+--- tiff-4.6.0.orig/libtiff/tiffiop.h
++++ tiff-4.6.0/libtiff/tiffiop.h
+@@ -256,7 +256,7 @@ struct TIFFOpenOptions
+ #define TIFFWriteFile(tif, buf, size)                                          \
+     ((*(tif)->tif_writeproc)((tif)->tif_clientdata, (buf), (size)))
+ #define TIFFSeekFile(tif, off, whence)                                         \
+-    ((*(tif)->tif_seekproc)((tif)->tif_clientdata, (off), (whence)))
++  	((tif)->tif_seekproc?((*(tif)->tif_seekproc)((tif)->tif_clientdata,(toff_t)(off),whence)):0)
+ #define TIFFCloseFile(tif) ((*(tif)->tif_closeproc)((tif)->tif_clientdata))
+ #define TIFFGetFileSize(tif) ((*(tif)->tif_sizeproc)((tif)->tif_clientdata))
+ #define TIFFMapFileContents(tif, paddr, psize)                                 \

tiff-4.7.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:273a0a73b1f0bed640afee4a5df0337357ced5b53d3d5d1c405b936501f71017
+size 2286220

tiff-CVE-2023-52356.patch

@@ -0,0 +1,33 @@
+Index: tiff-4.6.0/libtiff/tif_getimage.c
+===================================================================
+--- tiff-4.6.0.orig/libtiff/tif_getimage.c
++++ tiff-4.6.0/libtiff/tif_getimage.c
+@@ -3224,6 +3224,13 @@ int TIFFReadRGBAStripExt(TIFF *tif, uint
+     if (TIFFRGBAImageOK(tif, emsg) &&
+         TIFFRGBAImageBegin(&img, tif, stop_on_error, emsg))
+     {
++		if (row >= img.height)
++        {
++            TIFFErrorExtR(tif, TIFFFileName(tif),
++                          "Invalid row passed to TIFFReadRGBAStrip().");
++            TIFFRGBAImageEnd(&img);
++            return (0);
++        }
+ 
+         img.row_offset = row;
+         img.col_offset = 0;
+@@ -3301,6 +3308,14 @@ int TIFFReadRGBATileExt(TIFF *tif, uint3
+         return (0);
+     }
+ 
++	if (col >= img.width || row >= img.height)
++    {
++        TIFFErrorExtR(tif, TIFFFileName(tif),
++                      "Invalid row/col passed to TIFFReadRGBATile().");
++        TIFFRGBAImageEnd(&img);
++        return (0);
++    }
++
+     /*
+      * The TIFFRGBAImageGet() function doesn't allow us to get off the
+      * edge of the image, even to fill an otherwise valid tile.  So we

tiff-CVE-2024-7006.patch

@@ -0,0 +1,49 @@
+Upstream:
+3705f82b6483c7906cf08cd6b9dcdcd59c61d779
+Index: tiff-4.6.0/libtiff/tif_dirinfo.c
+===================================================================
+--- tiff-4.6.0.orig/libtiff/tif_dirinfo.c
++++ tiff-4.6.0/libtiff/tif_dirinfo.c
+@@ -887,7 +887,7 @@ const TIFFField *_TIFFFindOrRegisterFiel
+     if (fld == NULL)
+     {
+         fld = _TIFFCreateAnonField(tif, tag, dt);
+-        if (!_TIFFMergeFields(tif, fld, 1))
++        if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
+             return NULL;
+     }
+ 
+Index: tiff-4.6.0/libtiff/tif_dirread.c
+===================================================================
+--- tiff-4.6.0.orig/libtiff/tif_dirread.c
++++ tiff-4.6.0/libtiff/tif_dirread.c
+@@ -4260,11 +4260,9 @@ int TIFFReadDirectory(TIFF *tif)
+                                 dp->tdir_tag, dp->tdir_tag);
+                 /* the following knowingly leaks the
+                    anonymous field structure */
+-                if (!_TIFFMergeFields(
+-                        tif,
+-                        _TIFFCreateAnonField(tif, dp->tdir_tag,
+-                                             (TIFFDataType)dp->tdir_type),
+-                        1))
++				const TIFFField *fld = _TIFFCreateAnonField(
++                    tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
++                if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
+                 {
+                     TIFFWarningExtR(
+                         tif, module,
+@@ -5138,11 +5136,9 @@ int TIFFReadCustomDirectory(TIFF *tif, t
+                             "Unknown field with tag %" PRIu16 " (0x%" PRIx16
+                             ") encountered",
+                             dp->tdir_tag, dp->tdir_tag);
+-            if (!_TIFFMergeFields(
+-                    tif,
+-                    _TIFFCreateAnonField(tif, dp->tdir_tag,
+-                                         (TIFFDataType)dp->tdir_type),
+-                    1))
++			const TIFFField *fld = _TIFFCreateAnonField(
++                tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
++            if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
+             {
+                 TIFFWarningExtR(tif, module,
+                                 "Registering anonymous field with tag %" PRIu16

tiff.keyring

@@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFWDB10BCADeJcYKb4zsG2fs3MWGf996ZS4KIiOBRNQtQwCI5+h3K8m1qDur
+qyRZ50tB/ODJwJNqdKGdGyrIvGDynsS9JsZMJ2PVoI9IK+X/vQiokx9lJCuDXTtw
+1THmA85lyl1blLe3j6tA74MSXDiT3nVk375djTz+zOGxa/Ueg49tM+DjltYpkVsG
+TCc29/QJ4rZmto0Lj8iU+9S7S8H/2/54qUn7vFzfzsTkI8fiLM0deCzONzE7j9Ho
+vj/8dSHmB5GOGtLf2kMHbgDhHfs61UN4FawugnilCfrxVzi5EmmEByP8Zp6h/or5
++QrTCFrVEW+zRXDGsqicN01rK22/JvyUbpyNABEBAAG0KUV2ZW4gUm91YXVsdCA8
+ZXZlbi5yb3VhdWx0QHNwYXRpYWx5cy5jb20+iQE4BBMBAgAiBQJVgwddAhsDBgsJ
+CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAz67/Eez3YfZphB/9H/fWUakZqzlqi
+NhZbev0um5GUYBERB7cp8JqmILF6TzCvievmR8q0zJb3vyc+8Kjti/n5CyziWDtH
+XqibyhsoAFoOHhyMjQVj/hFR6oCWxF6fASkzpUSoDAHtVpFXqaLrbI1B2Fb9JpTs
+VrHz0HVaW30E7eybmi7oYjV4T1bO22D/aH80zx3i6cLnoGqMCHmKrwNOK7A95mKj
+k9s9GRbamR/3ef8BDF3xikDe8nSxICVc3WJbMHcGjHU6p8C/RzCvWqfHDtTuiWcG
+feqaA1LmBKtpIHwG1uigM8+MJT+S+NYljTLqbz0FsORbUQ1QqXuqrfNoBqAEbLxg
+esSGPx7UuQENBFWDB10BCADwo42Jwl14Tq3xhPM+1BSOfy3Aw6wTXsWzxoDABs+8
+42WhD53vn7MnOSz2VX4cTvw4ioi+N3NB2zaHGNTrwyV3DExh0d8ZNq53IXoMYfot
+Uv/lZ6QHJB+kIYe+twOjkKCYj4jt1m7aEDZ3Ra4aoZbYWfFbQNZ0tnUKFVUBWcWQ
+jyCWC84BdXkbxcmsr2njocqyu0lfjXpVcCBcTCcgf/LHy79asm4jgB0XpE+e8ri8
+kEadj7x7x4rrhJfa9t3oJ3AZ3rmo5zzFdbJtNKhCmwCoHrvRNWOPn6u5E7YYW9kB
+xgzUUhh1g2F9RMbh3CZjICi9HtbWK3slWGYTaMt4lg/ZABEBAAGJAR8EGAECAAkF
+AlWDB10CGwwACgkQM+u/xHs92H2a0wf/XV0XjqMWufAIKkvL6CmrZrCixWmPOiC1
+q8894h+gR5JpKD9h0gLJhtk4tLMy+pDmNSxPXsoRYHneJIqHl1M72Q7vEhTKIVXn
+h9A306ZjCHTTNSQ3npNG1wpO0LyLDmn+Zvd1JBoFyCzsTPZ+TbUYvVJT0CeFbJBe
+1JzoO1Mi2fOtA91GuYtstWLNccDbv2b5s+JSbAf3ix3+qiUpA5fglWFljCYPxzkA
+eU8AReBpuirD0ZQ1Z7GJDJs2zHKZu5BqCTf5gpVLUHCXd3F46CZ4IaVrOGhNP1Ki
+KemC/dPHz7Ku7HN0tqmmmu12nvUACBckNsVebCefOFrkGtdryHQ1Zw==
+=4/vP
+-----END PGP PUBLIC KEY BLOCK-----

tiff.spec

@@ -0,0 +1,125 @@
+#
+# spec file for package tiff
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define asan_build 0
+%define debug_build 0
+Name:           tiff
+Version:        4.7.0
+Release:        0
+Summary:        Tools for Converting from and to the Tagged Image File Format
+License:        HPND
+Group:          Productivity/Graphics/Convertors
+URL:            https://libtiff.gitlab.io/libtiff/
+Source:         https://download.osgeo.org/libtiff/tiff-%{version}.tar.xz
+Source1:        https://download.osgeo.org/libtiff/tiff-%{version}.tar.xz.sig
+Source2:        README.SUSE
+Source3:        baselibs.conf
+Source99:       tiff.keyring
+Patch0:         tiff-4.0.3-seek.patch
+BuildRequires:  gcc-c++
+BuildRequires:  libjbig-devel
+BuildRequires:  libjpeg-devel
+BuildRequires:  libtool
+BuildRequires:  lzma-devel
+BuildRequires:  pkgconfig
+BuildRequires:  pkgconfig(libzstd)
+BuildRequires:  pkgconfig(zlib)
+
+%description
+This package contains the library and support programs for the TIFF
+image format.
+
+%package -n libtiff6
+Summary:        The Tiff Library (with JPEG and compression support)
+Group:          System/Libraries
+Provides:       libtiff = %{version}
+
+%description -n libtiff6
+This package includes the tiff libraries. To link a program with
+libtiff, you will have to add -ljpeg and -lz to include the necessary
+libjpeg and libz in the linking process.
+
+%package -n libtiff-devel
+Summary:        Development Tools for Programs which will use the libtiff Library
+Group:          Development/Libraries/C and C++
+Requires:       glibc-devel
+Requires:       libstdc++-devel
+Requires:       libtiff6 = %{version}
+
+%description -n libtiff-devel
+This package contains the header files and static libraries for
+developing programs which will manipulate TIFF format image files using
+the libtiff library.
+
+%prep
+%autosetup -p1
+
+%build
+CFLAGS="%{optflags} -fPIE"
+%if %{debug_build}
+CFLAGS="$CFLAGS -O0"
+%endif
+# tools are not enabled for now due to test failure `FAIL: tiffcp-32bpp-None-jpeg.sh`
+%configure --disable-static
+%if %{asan_build}
+find -name Makefile | xargs sed -i 's/\(^CFLAGS.*\)/\1 -fsanitize=address/'
+%endif
+%make_build LDFLAGS="-pie"
+
+%install
+mkdir -p %{buildroot}/{%{_mandir}/{man1,man3},usr/{bin,lib,include}}
+%make_install
+for f in `find %{buildroot}/%{_mandir} -type f -print ` ; do
+  if [ `wc -l <$f` -eq 1 ] && grep -q "^\.so " $f ; then
+    linkto=`sed -e "s|^\.so ||" $f`
+    [ -f "`dirname $f`/$linkto" ] && ln -sf "$linkto" $f
+  fi
+done
+
+cp %{SOURCE2} .
+rm -rf %{buildroot}%{_datadir}/doc/tiff*
+find %{buildroot} -type f -name "*.la" -delete -print
+
+%check
+%if %{asan_build}
+# ASAN needs /proc to be mounted
+exit 0
+%endif
+for i in tools test; do
+	(cd $i && make %{?_smp_mflags} check)
+done
+
+%ldconfig_scriptlets -n libtiff6
+
+%files
+%{_bindir}/*
+%doc README.md VERSION ChangeLog TODO RELEASE-DATE
+%{_mandir}/man1/*
+
+%files -n libtiff6
+%license LICENSE.md
+%doc README.md README.SUSE
+%{_libdir}/*.so.*
+
+%files -n libtiff-devel
+%{_includedir}/*
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/*.pc
+%{_mandir}/man3/*
+
+%changelog