--- tiff-3.7.4.orig/debian/libtiff4.install
+++ tiff-3.7.4/debian/libtiff4.install
@@ -0,0 +1,2 @@
+debian/tmp/usr/lib/libtiff.so.*
+debian/tmp/usr/share/doc/libtiff4/html
--- tiff-3.7.4.orig/debian/libtiffxx0c2.install
+++ tiff-3.7.4/debian/libtiffxx0c2.install
@@ -0,0 +1 @@
+debian/tmp/usr/lib/libtiffxx.so.*
--- tiff-3.7.4.orig/debian/copyright
+++ tiff-3.7.4/debian/copyright
@@ -0,0 +1,37 @@
+libtiff was originally debianized by Guy Maor and
+later maintained by Josip Rodin . Jay
+Berkenbilt repackaged it in conjunction with the
+3.7.0 release and is now the primary maintainer.
+
+Original source can be found at: http://www.remotesensing.org/libtiff/
+
+Copyright (C) 1988-1997 Sam Leffler
+Copyright (C) 1991-1997 Silicon Graphics, Inc.
+Portions Copyright (C) 1985-1987, 1990 Regents of the University of California
+Portions Copyright (C) 1990, 1991 Digital Equipment Corporation
+Portions Copyright (C) 1990 Sun Microsystems, Inc.
+Portions Copyright (C) 1990, 1995 Frank D. Cringle
+Portions Copyright (C) 1996 BancTec AB
+Portions Copyright (C) 1996 Mike Johnson
+Portions Copyright (C) 1996 Pixar
+Portions Copyright (C) 1997 Greg Ward Larson
+Portions Copyright (C) 2000 Frank Warmerdam
+
+Permission to use, copy, modify, distribute, and sell this software and
+its documentation for any purpose is hereby granted without fee, provided
+that (i) the above copyright notices and this permission notice appear in
+all copies of the software and related documentation, and (ii) the names of
+Sam Leffler and Silicon Graphics may not be used in any advertising or
+publicity relating to the software without the specific, prior written
+permission of Sam Leffler and Silicon Graphics.
+
+THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
+EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
+WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+IN NO EVENT SHALL SAM LEFFLER OR SILICON GRAPHICS BE LIABLE FOR
+ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND,
+OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF
+LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
+OF THIS SOFTWARE.
--- tiff-3.7.4.orig/debian/control
+++ tiff-3.7.4/debian/control
@@ -0,0 +1,62 @@
+Source: tiff
+Section: libs
+Priority: optional
+Maintainer: Jay Berkenbilt
+Uploaders: Josip Rodin
+Build-Depends: cdbs, debhelper (>= 4.1.0), zlib1g-dev, libjpeg62-dev, libxmu-dev, libgl1-mesa-dev, freeglut3-dev
+Standards-Version: 3.6.2
+
+Package: libtiff4
+Architecture: any
+Depends: ${shlibs:Depends}
+Description: Tag Image File Format (TIFF) library
+ libtiff is a library providing support for the Tag Image File Format
+ (TIFF), a widely used format for storing image data. This package
+ includes the shared library.
+
+Package: libtiffxx0c2
+Architecture: any
+Depends: ${shlibs:Depends}
+Conflicts: libtiffxx0
+Replaces: libtiffxx0
+Description: Tag Image File Format (TIFF) library -- C++ interface
+ libtiff is a library providing support for the Tag Image File Format
+ (TIFF), a widely used format for storing image data. This package
+ includes the shared library for the experimental C++ interfaces.
+
+Package: libtiff4-dev
+Section: libdevel
+Architecture: any
+Depends: libtiff4 (= ${Source-Version}), libtiffxx0c2 (= ${Source-Version}), libc6-dev | libc-dev, zlib1g-dev, libjpeg62-dev
+Conflicts: libtiff3g-dev, libtiff3-dev, libtiff-dev
+Provides: libtiff-dev
+Description: Tag Image File Format library (TIFF), development files
+ libtiff is a library providing support for the Tag Image File Format
+ (TIFF), a widely used format for storing image data. This package
+ includes the development files, static library, and header files.
+
+Package: libtiff-tools
+Section: graphics
+Architecture: any
+Depends: ${shlibs:Depends}
+Suggests: libtiff-opengl
+Conflicts: libtiff3 (<< 3.4beta037-1), libtiff3-gif
+Replaces: libtiff3-gif
+Description: TIFF manipulation and conversion tools
+ libtiff is a library providing support for the Tag Image File Format
+ (TIFF), a widely used format for storing image data. This package
+ includes tools for converting TIFF images to and from other formats
+ and tools for doing simple manipulations of TIFF images. See also
+ libtiff-opengl.
+
+Package: libtiff-opengl
+Section: graphics
+Architecture: any
+Depends: ${shlibs:Depends}
+Replaces: libtiff-tools (<< 3.7.0-2)
+Description: TIFF manipulation and conversion tools
+ libtiff is a library providing support for the Tag Image File Format
+ (TIFF), a widely used format for storing image data. This package
+ contains libtiff tools that depend upon opengl. It complements the
+ libtiff-tools package, which contains the libtiff tools that don't
+ depend upon opengl.
--- tiff-3.7.4.orig/debian/rules
+++ tiff-3.7.4/debian/rules
@@ -0,0 +1,41 @@
+#!/usr/bin/make -f
+
+# Variables used by cdbs
+VERSION := $(shell dpkg-parsechangelog | \
+ awk '/Version:/ {print $$2}' | cut -d- -f 1)
+DEB_TAR_SRCDIR = tiff-$(VERSION)
+DEB_COMPRESS_EXCLUDE = html
+export CPPFLAGS = -D_REENTRANT
+
+# Include cdbs rules files.
+include /usr/share/cdbs/1/rules/tarball.mk
+include /usr/share/cdbs/1/rules/simple-patchsys.mk
+include /usr/share/cdbs/1/rules/debhelper.mk
+include /usr/share/cdbs/1/class/autotools.mk
+
+DEB_CONFIGURE_USER_FLAGS = --with-docdir="\$${prefix}/share/doc/libtiff4"
+
+# As 0.4.21, cdbs creates but doesn't remove debian/compat. It
+# creates it conditionally, so this doesn't have a trivial fix.
+clean::
+ $(RM) debian/compat
+
+# tiffgt is in libtiff-opengl so libtiff-tools doesn't have to have
+# all the X and opengl dependencies.
+binary-post-install/libtiff-tools::
+ $(RM) debian/libtiff-tools/usr/bin/tiffgt
+ $(RM) debian/libtiff-tools/usr/share/man/man1/tiffgt.1*
+
+# Install lintian override files
+binary-post-install/%::
+ if [ -f debian/$*.lintian ]; then \
+ mkdir -p debian/$*/usr/share/lintian/overrides && \
+ cp -p debian/$*.lintian debian/$*/usr/share/lintian/overrides/$*; \
+ fi
+
+# Point everyone's /usr/share/doc entry to libtiff4's
+binary-predeb/%::
+ if [ "$*" != "libtiff4" ]; then \
+ $(RM) -r debian/$*/usr/share/doc/$*; \
+ ln -s libtiff4 debian/$*/usr/share/doc/$*; \
+ fi
--- tiff-3.7.4.orig/debian/libtiff-opengl.install
+++ tiff-3.7.4/debian/libtiff-opengl.install
@@ -0,0 +1,2 @@
+debian/tmp/usr/bin/tiffgt
+debian/tmp/usr/share/man/man1/tiffgt.1
--- tiff-3.7.4.orig/debian/libtiff-tools.install
+++ tiff-3.7.4/debian/libtiff-tools.install
@@ -0,0 +1,2 @@
+debian/tmp/usr/bin
+debian/tmp/usr/share/man/man1
--- tiff-3.7.4.orig/debian/libtiff4-dev.lintian
+++ tiff-3.7.4/debian/libtiff4-dev.lintian
@@ -0,0 +1,5 @@
+#
+# The synopsis line starts with a capital letter because of the TIFF
+# acronym, not because it contains a sentence.
+#
+libtiff4-dev: description-synopsis-starts-with-a-capital-letter
--- tiff-3.7.4.orig/debian/libtiffxx0c2.lintian
+++ tiff-3.7.4/debian/libtiffxx0c2.lintian
@@ -0,0 +1,5 @@
+#
+# The synopsis line starts with a capital letter because of the TIFF
+# acronym, not because it contains a sentence.
+#
+libtiffxx0c2: description-synopsis-starts-with-a-capital-letter
--- tiff-3.7.4.orig/debian/changelog
+++ tiff-3.7.4/debian/changelog
@@ -0,0 +1,545 @@
+tiff (3.7.4-1ubuntu3.11) dapper-security; urgency=low
+
+ * SECURITY UPDATE: arbitrary code execution via crafted
+ THUNDER_2BITDELTAS data
+ - debian/patches/z_CVE-2011-1167.patch: validate bitspersample and
+ make sure npixels is sane in libtiff/tif_thunder.c.
+ - CVE-2011-1167
+
+ -- Marc Deslauriers Wed, 30 Mar 2011 13:34:17 -0400
+
+tiff (3.7.4-1ubuntu3.10) dapper-security; urgency=low
+
+ * debian/patches/CVE-2011-0192.patch: update for regression in
+ processing of certain CCITTFAX4 files (LP: #731540).
+ - http://bugzilla.maptools.org/show_bug.cgi?id=2297
+
+ -- Kees Cook Mon, 14 Mar 2011 10:56:27 -0700
+
+tiff (3.7.4-1ubuntu3.9) dapper-security; urgency=low
+
+ * SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
+ values
+ - debian/patches/z_CVE-2010-2595.patch: validate values in
+ libtiff/tif_color.c.
+ - CVE-2010-2595
+ * SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
+ - debian/patches/z_CVE-2010-2597.patch: properly initialize fields in
+ libtiff/tif_strip.c.
+ - CVE-2010-2597
+ - CVE-2010-2598
+ * SECURITY UPDATE: denial of service via out-of-order tags
+ - debian/patches/z_CVE-2010-2630.patch: correctly handle order in
+ libtiff/tif_dirread.c.
+ - CVE-2010-2630
+ * SECURITY UPDATE: denial of service and possible code exection via
+ YCBCRSUBSAMPLING tag
+ - debian/patches/z_CVE-2011-0191.patch: validate td_ycbcrsubsampling in
+ libtiff/tif_dir.c.
+ - CVE-2011-0191
+ * SECURITY UPDATE: denial of service and possible code execution via
+ buffer overflow in Fax4Decode
+ - debian/patches/z_CVE-2011-0192.patch: check length in
+ libtiff/tif_fax3.h.
+ - CVE-2011-0192
+
+ -- Marc Deslauriers Fri, 04 Mar 2011 10:09:48 -0500
+
+tiff (3.7.4-1ubuntu3.8) dapper-security; urgency=low
+
+ * SECURITY UPDATE: arbitrary code execution and crashes via multiple
+ integer overflows. Backported upstream fixes:
+ - debian/patches/CVE-2010-1411.patch
+ - debian/patches/fix-unknown-tags.patch
+
+ -- Kees Cook Thu, 17 Jun 2010 12:08:10 -0700
+
+tiff (3.7.4-1ubuntu3.6) dapper-security; urgency=low
+
+ * SECURITY UPDATE: arbitrary code execution via integer overflows in
+ tiff2rgba and rgb2ycbcr
+ - debian/patches/CVE-2009-2347.patch: check for integer overflows in
+ tools/rgb2ycbcr.c and tools/tiff2rgba.c.
+ - CVE-2009-2347
+
+ -- Marc Deslauriers Mon, 13 Jul 2009 09:31:11 -0400
+
+tiff (3.7.4-1ubuntu3.4) dapper-security; urgency=low
+
+ * SECURITY UPDATE: denial of service via buffer underflow in the
+ LZWDecodeCompat function (LP: #380149)
+ - debian/patches/CVE-2009-2285.patch: abort if code is bigger than
+ CODE_CLEAR in libtiff/tif_lzw.c.
+ - CVE-2009-2285
+
+ -- Marc Deslauriers Fri, 03 Jul 2009 15:19:54 -0400
+
+tiff (3.7.4-1ubuntu3.3) dapper-security; urgency=low
+
+ * SECURITY UPDATE: arbitrary code execution via LZW overflow.
+ * Add debian/patches/CVE-2008-2327.patch: thanks to Jay Berkenbilt.
+
+ -- Kees Cook Fri, 29 Aug 2008 11:59:21 -0700
+
+tiff (3.7.4-1ubuntu3.2) dapper-security; urgency=low
+
+ * SECURITY UPDATE: Arbitrary code execution with crafted TIFF files, found
+ by Tavis Ormandy of the Google Security Team.
+ * Add debian/patches/CVE-2006-3459-3465.patch:
+ - CVE-2006-3459: a stack buffer overflow via TIFFFetchShortPair() in
+ tif_dirread.c
+ - CVE-2006-3460: A heap overflow vulnerability was discovered in the
+ jpeg decoder
+ - CVE-2006-3461: A heap overflow exists in the PixarLog decoder
+ - CVE-2006-3462: The NeXT RLE decoder was also vulnerable to a heap
+ overflow
+ - CVE-2006-3463: An infinite loop was discovered in
+ EstimateStripByteCounts()
+ - CVE-2006-3464: Multiple unchecked arithmetic operations were
+ uncovered, including a number of the range checking operations
+ deisgned to ensure the offsets specified in tiff directories are
+ legitimate.
+ - A number of codepaths were uncovered where assertions did not hold
+ true, resulting in the client application calling abort()
+ - CVE-2006-3465: A flaw was also uncovered in libtiffs custom tag
+ support
+
+ -- Martin Pitt Wed, 2 Aug 2006 13:27:14 +0200
+
+tiff (3.7.4-1ubuntu3.1) dapper-security; urgency=low
+
+ * SECURITY UPDATE: Arbitrary command execution with crafted long file names.
+ * Add debian/patches/tiffsplit-fname-overflow.patch:
+ - tools/tiffsplit.c: Use snprintf instead of strcpy for copying the
+ user-specified file name into a statically sized buffer.
+ - CVE-2006-2656
+ * Add debian/patches/tiff2pdf-octal-printf.patch:
+ - tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal
+ signed char (it printed a signed integer, which overflew the buffer and
+ was wrong anyway).
+
+ -- Martin Pitt Fri, 2 Jun 2006 18:15:30 +0200
+
+tiff (3.7.4-1ubuntu3) dapper; urgency=low
+
+ * debian/patches/fix_43286_crasher.patch:
+ - upstream change, fix a crasher (Ubuntu: #43286)
+
+ -- Sebastien Bacher Sun, 7 May 2006 13:21:05 +0200
+
+tiff (3.7.4-1ubuntu2) dapper; urgency=low
+
+ * SECURITY UPDATE: DoS and arbitrary code execution with crafted TIFF files.
+ * Add debian/patches/3.8.1-security-fixes.patch: Backported security
+ relevant fixes from stable 3.8.1 release:
+ - libtiff/tif_dirread.c: Fix error reporting in TIFFFetchAnyArray()
+ (%d in format string without corresponding integer argument).
+ [CVE-2006-2024]
+ - libtiff/{tif_pixarlog.c, tif_fax3.c, tif_zip.c}: Properly
+ restore setfield/getfield methods in cleanup functions to avoid crash on
+ invalid files. [CVE-2006-2024]
+ - libtiff/{tif_predict.c, tif_predict.h}: Added new function
+ TIFFPredictorCleanup() to restore parent decode/encode/field methods.
+ [CVE-2006-2024]
+ - libtiff/tif_dirread.c: Check for integer overflow in TIFFFetchData().
+ [CVE-2006-2025]
+ - libtiff/tif_jpeg.c: Properly restore setfield/getfield methods in
+ cleanup functions to avoid double free(). [CVE-2006-2026]
+ - libtiff/tif_color.c: Check for out-of-bounds values in TIFFXYZToRGB().
+ [CVE-2006-2120]
+ * See http://bugzilla.remotesensing.org/show_bug.cgi?id=1102 for reproducer
+ images.
+
+ -- Martin Pitt Wed, 3 May 2006 12:56:50 +0200
+
+tiff (3.7.4-1ubuntu1) dapper; urgency=low
+
+ * Synchronize to Debian.
+ * Only change left: xlibmesa-gl-dev -> libgl1-mesa-dev build dependency
+ change.
+
+ -- Martin Pitt Wed, 9 Nov 2005 18:21:15 -0500
+
+tiff (3.7.4-1) unstable; urgency=low
+
+ * New upstream release
+ * Fix typos in manual page (Closes: #327921, #327922, #327923, #327924)
+
+ -- Jay Berkenbilt Fri, 7 Oct 2005 10:25:49 -0400
+
+tiff (3.7.3-1) unstable; urgency=low
+
+ * New upstream release
+ * g++ 4.0 transition: libtiffxx0 is now libtiffxx0c2.
+
+ -- Jay Berkenbilt Sat, 9 Jul 2005 12:00:44 -0400
+
+tiff (3.7.2-3) unstable; urgency=high
+
+ * Fix for exploitable segmentation fault on files with bad BitsPerSample
+ values. (Closes: #309739)
+ [libtiff/tif_dirread.c, CAN-2005-1544]
+ Thanks to Martin Pitt for the report.
+
+ -- Jay Berkenbilt Thu, 19 May 2005 05:41:28 -0400
+
+tiff (3.7.2-2) unstable; urgency=high
+
+ * Fix zero pagesize bug with tiff2ps -a2 and tiff2ps -a3. Thanks to
+ Patrice Fournier for the patch. (Closes: #303583)
+ * Note: uploading with urgency=high since this very small fix impacts
+ tools only (not the library), and we don't want to block tiff's many
+ reverse dependencies from transitioning to sarge.
+
+ -- Jay Berkenbilt Sun, 10 Apr 2005 10:12:37 -0400
+
+tiff (3.7.2-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- Jay Berkenbilt Sat, 19 Mar 2005 14:51:06 -0500
+
+tiff (3.7.1-4) unstable; urgency=low
+
+ * Fix from upstream: include a better workaround for tiff files with
+ invalid strip byte counts. (Closes: #183268)
+
+ -- Jay Berkenbilt Tue, 22 Feb 2005 19:20:14 -0500
+
+tiff (3.7.1-3) unstable; urgency=low
+
+ * Disable C++ new experimental interfaces for now; will reappear in a
+ future version in the separate libtiffxx0 package.
+
+ -- Jay Berkenbilt Sat, 29 Jan 2005 13:32:37 -0500
+
+tiff (3.7.1+pre3.7.2-1) experimental; urgency=low
+
+ * New upstream release
+ * Separate experimental C++ interface into separate libtiffxx library.
+
+ -- Jay Berkenbilt Sat, 29 Jan 2005 13:03:19 -0500
+
+tiff (3.7.1-2) unstable; urgency=low
+
+ * Make -dev package depend upon other -dev packages referenced in the
+ .la file created by libtool. (Closes: #291136)
+ * tiff2ps: Allow one of -w and -h without the other. (Closes: #244247)
+
+ -- Jay Berkenbilt Wed, 19 Jan 2005 10:45:00 -0500
+
+tiff (3.7.1-1) unstable; urgency=low
+
+ * New upstream release
+ * Correct error in doc-base file (Closes: #285652)
+
+ -- Jay Berkenbilt Wed, 5 Jan 2005 16:54:12 -0500
+
+tiff (3.7.0-2) experimental; urgency=low
+
+ * Replace hard-coded libc6-dev dependency with something friendlier to
+ porters (libc6-dev | libc-dev). (Closes: #179727)
+ * Fixed upstream: proper netbsdelf*-gnu support in configure. Actually
+ fixed in 3.7.0-1 but left out of changelog. (Closes: #179728)
+ * Include opengl support; adds new libtiff-opengl package. (Closes: #219456)
+ * Fixed upstream: fax2ps now allows access to first page. (Closes: #244251)
+
+ -- Jay Berkenbilt Sat, 11 Dec 2004 09:51:52 -0500
+
+tiff (3.7.0-1) experimental; urgency=low
+
+ * New upstream release (Closes: #276996)
+ * New maintainer (Thanks Joy!)
+ * Repackage using cdbs and simple-patchsys to fix some errors and
+ simplify patch management
+ * Fixed upstream: tiff2pdf ignores -z and -j (Closes: #280682)
+ * Fixed upstream: Memory leak in TIFFClientOpen (Closes: #256657)
+
+ -- Jay Berkenbilt Fri, 26 Nov 2004 13:50:13 -0500
+
+tiff (3.6.1-5) unstable; urgency=high
+
+ * New maintainer (thanks Joy!)
+ * Applied patch by Dmitry V. Levin to fix a segmentation fault
+ [tools/tiffdump.c, CAN-2004-1183]
+ Thanks to Martin Schulze for forwarding the patch.
+ * Fixed section of -dev package (devel -> libdevel)
+
+ -- Jay Berkenbilt Wed, 5 Jan 2005 16:27:26 -0500
+
+tiff (3.6.1-4) unstable; urgency=high
+
+ * Fix heap overflow security bug [CAN-2004-1308]. (Closes: #286815)
+
+ -- Jay Berkenbilt Wed, 22 Dec 2004 10:20:52 -0500
+
+tiff (3.6.1-3) unstable; urgency=medium
+
+ * Patches from upstream to fix zero-size tile and integer overflow
+ problems created by previous security patches, closes: #276783.
+ * Added Jay Berkenbilt as co-maintainer. Jay thanks Joy for letting him
+ help and eventually take over maintenance of these packages!
+
+ -- Josip Rodin Mon, 01 Nov 2004 12:28:27 +0100
+
+tiff (3.6.1-2) unstable; urgency=low
+
+ * Included security fixes for:
+ + CAN-2004-0803
+ - libtiff/tif_luv.c
+ - libtiff/tif_next.c
+ - libtiff/tif_thunder.c
+ + CAN-2004-0804 (but this one is already applied upstream, it seems)
+ - libtiff/tif_dirread.c
+ + CAN-2004-0886
+ - libtiff/tif_aux.c
+ - libtiff/tif_compress.c
+ - libtiff/tif_dir.c
+ - libtiff/tif_dirinfo.c
+ - libtiff/tif_dirread.c
+ - libtiff/tif_dirwrite.c
+ - libtiff/tif_extension.c
+ - libtiff/tif_fax3.c
+ - libtiff/tiffiop.h
+ - libtiff/tif_getimage.c
+ - libtiff/tif_luv.c
+ - libtiff/tif_pixarlog.c
+ - libtiff/tif_strip.c
+ - libtiff/tif_tile.c
+ - libtiff/tif_write.c
+ Thanks to Martin Schulze for forwarding the patches.
+
+ -- Josip Rodin Thu, 14 Oct 2004 16:13:11 +0200
+
+tiff (3.6.1-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload; thanks to Jay Berkenbilt for
+ preparing the patches
+ * Rename shared library and development packages to resolve accidental
+ upstream ABI change. Closes: #236247
+ * Include patch from upstream to fix multistrip g3 fax bug.
+ Closes: #243405
+ * Include LZW support. Closes: #260242, #248490
+ * Fix URL in copyright file. Closes: #261357
+ * Install missing documentation files. Closes: #261356
+
+ -- Steve Langasek Sun, 25 Jul 2004 10:28:06 -0400
+
+tiff (3.6.1-1) unstable; urgency=low
+
+ * New upstream version, closes: #231977.
+ * Slightly fixed up the static lib build rules so that the build process
+ does the normal stuff for the dynamic lib and then does the static with
+ the same tiffvers.h.
+
+ -- Josip Rodin Mon, 23 Feb 2004 18:23:34 +0100
+
+tiff (3.5.7-2) unstable; urgency=high
+
+ * Added back the patch that used -src static/libtiff.a in the install
+ rule. Wonder how that disappeared... closes: #170914.
+ * Fake it's a GNU system in order for the configure script to use our
+ toolchain stuff on the NetBSD port, thanks to Joel Baker, closes: #130636.
+
+ -- Josip Rodin Tue, 10 Dec 2002 17:18:28 +0100
+
+tiff (3.5.7-1) unstable; urgency=low
+
+ * New upstream version, closes: #144940.
+ * A whole new set of patches for the breakage in the build system :)
+
+ -- Josip Rodin Sun, 6 Oct 2002 22:54:08 +0200
+
+tiff (3.5.5-6) unstable; urgency=low
+
+ * It appears that the general 64-bit detection code, isn't.
+ We have to include all of those three conditions, feh.
+ This really closes: #106706.
+
+ -- Josip Rodin Wed, 8 Aug 2001 23:09:55 +0200
+
+tiff (3.5.5-5) unstable; urgency=low
+
+ * Changed two Alpha/Mips-isms into general 64-bit detection code,
+ patch from John Daily , closes: #106706.
+ * Patched man/Makefile.in to generate a manual page file for
+ TIFFClientOpen(3t), as a .so link to TIFFOpen(3t), closes: #99577.
+ * Used /usr/share/doc in the doc-base file, closes: #74122.
+ * Changed libtiff3g-dev's section back to devel, since graphics was,
+ according to elmo, "hysterical raisins". :))
+
+ -- Josip Rodin Fri, 27 Jul 2001 01:43:04 +0200
+
+tiff (3.5.5-4) unstable; urgency=low
+
+ * Updated config.* files, closes: #94696.
+ * Fixed libtiff3g-dev's section, closes: #85533.
+
+ -- Josip Rodin Wed, 20 Jun 2001 18:29:24 +0200
+
+tiff (3.5.5-3) unstable; urgency=low
+
+ * Build shared library on Hurd, too, closes: #72482.
+ * Upped Standards-Version to 3.5.0.
+
+ -- Josip Rodin Sat, 30 Sep 2000 17:42:13 +0200
+
+tiff (3.5.5-2) unstable; urgency=low
+
+ * Make `dynamic shared object' on Linux unconditionally, fixes the problem
+ with libc.so.6.1 on alpha, thanks Chris C. Chimelis.
+
+ -- Josip Rodin Wed, 13 Sep 2000 21:44:00 +0200
+
+tiff (3.5.5-1) unstable; urgency=low
+
+ * New upstream version.
+ * The upstream build system sucks. There, I said it. Back to work now. :)
+ * Added a build dependencies on make (>= 3.77) (closes: #67747) and
+ debhelper.
+ * Standards-Version: 3.2.1:
+ + added DEB_BUILD_OPTIONS checks in debian/rules
+
+ -- Josip Rodin Tue, 29 Aug 2000 14:06:02 +0200
+
+tiff (3.5.4-5) frozen unstable; urgency=low
+
+ * Fixed 16-bit/32-bit values bug in fax2ps from libtiff-tools, that
+ also breaks printing from hylafax, using provided oneliner patch
+ from Bernd Herd (accepted upstream), closes: #49232 and probably #62235.
+
+ -- Josip Rodin Mon, 27 Mar 2000 17:12:10 +0200
+
+tiff (3.5.4-4) frozen unstable; urgency=low
+
+ * Weird dpkg-shlibdeps from dpkg 1.6.8-pre has done it again, this time
+ with libz.so, making the packages depend on zlib1 (instead of zlib1g).
+ Closes: #56134, #56137, #56140, #56155.
+
+ -- Josip Rodin Tue, 25 Jan 2000 18:05:28 +0100
+
+tiff (3.5.4-3) frozen unstable; urgency=low
+
+ * Included libtiff.so file in libtiff3g-dev, dammit :( My eye hurts,
+ a lot, but this was easy to fix, thank goodness :) (closes: #55814).
+ This bugfix deserves to get into frozen because the bug cripples
+ libtiff3g-dev, a lot.
+
+ -- Josip Rodin Fri, 21 Jan 2000 19:02:22 +0100
+
+tiff (3.5.4-2) unstable; urgency=low
+
+ * Fixed upstream build system to use ${DESTDIR}, and with that working,
+ created install: rule in debian/rules and used it.
+ * Fixed the way rules file gets the version from upstream sources,
+ and fixed dist/tiff.alpha, it didn't work.
+ * Removed README file from libtiff3g binary package, useless.
+ * Fixed configure script not to emit the wrong warning about
+ zlib/jpeg dirs not specified (they're in /usr/include, stupid :).
+
+ -- Josip Rodin Thu, 30 Dec 1999 01:17:32 +0100
+
+tiff (3.5.4-1) unstable; urgency=low
+
+ * New upstream version, closes: #50338.
+ * Disabled libc5 build, it wouldn't compile. :(
+
+ -- Josip Rodin Fri, 3 Dec 1999 20:49:25 +0100
+
+tiff (3.5.2-4) unstable; urgency=low
+
+ * Castrated the rules file, to make it actually work on !(i386 m68k).
+ Closes: #49316.
+
+ -- Josip Rodin Sat, 6 Nov 1999 13:22:54 +0100
+
+tiff (3.5.2-3) unstable; urgency=low
+
+ * Removed sparc from the libtiff3 arches list, as BenC advised.
+
+ -- Josip Rodin Fri, 29 Oct 1999 23:29:23 +0200
+
+tiff (3.5.2-2) unstable; urgency=low
+
+ * Changed Architecture: line for libtiff3 from "any" to "i386 m68k sparc"
+ as it is actually only built on those. Changed description a little bit.
+ * Minor fixes to the rules file.
+
+ -- Josip Rodin Thu, 28 Oct 1999 14:00:02 +0200
+
+tiff (3.5.2-1) unstable; urgency=low
+
+ * New upstream version.
+ * Renamed source package to just "tiff", like upstream tarball name.
+ * New maintainer (thanks Guy!). Renewed packaging, with debhelper,
+ using Joey's nifty multi2 example, with several adjustments.
+ * Ditched libtiff3-altdev, nobody's using that and nobody should be
+ using that. Packaging for it still exists, it's just commented out.
+ * Uses doc-base for -dev docs now. Uncompressed HTML docs, 100kb space
+ saved is pointless when you can't use any links between documents.
+
+ -- Josip Rodin Tue, 26 Oct 1999 16:20:46 +0200
+
+libtiff3 (3.4beta037-8) unstable; urgency=low
+
+ * Argh, same bug in the prerm, closes: #36990, #36850, #36855,
+ #36866, #36988.
+
+ -- Guy Maor Sat, 1 May 1999 10:12:23 -0700
+
+libtiff3 (3.4beta037-7) unstable; urgency=low
+
+ * Don't error when dhelp is not installed, closes: #36879, #36922.
+
+ -- Guy Maor Thu, 29 Apr 1999 19:17:55 -0700
+
+libtiff3 (3.4beta037-6) unstable; urgency=low
+
+ * Only build libc5 packages on appropriate archs, closes: #27083, #32007.
+ * Apply NMU patch, closes: #26413, #26887.
+ * Add dhelp support, closes: #35154.
+ * Recompile removes invalid dependency, closes: #30961.
+
+ -- Guy Maor Sat, 24 Apr 1999 15:17:51 -0700
+
+libtiff3 (3.4beta037-5.1) frozen unstable; urgency=low
+
+ * NMU to not use install -s to strip static .a libraries. Fixes: #26413
+ * Build with recent libjpeg. Fixes: #26887
+ * Add Section: and Priority: headers to debian/control.
+
+ -- Ben Gertzfield Mon, 26 Oct 1998 22:44:33 -0800
+
+libtiff3 (3.4beta037-5) unstable; urgency=low
+
+ * Explicit link with -lm (and don't need -lc now), fixes: #19167, #22180.
+
+ -- Guy Maor Tue, 11 Aug 1998 22:27:56 -0700
+
+libtiff3 (3.4beta037-4) unstable; urgency=low
+
+ * libtiff3-tools conflicts & replaces with libtiff3-gif (13521,15107).
+
+ -- Guy Maor Sun, 11 Jan 1998 13:09:28 -0800
+
+libtiff3 (3.4beta037-3) unstable; urgency=low
+
+ * New libjpegg contains shlibs file, so don't need shlibs.local.
+ * Compile with -D_REENTRANT.
+ * Add shlibs for libtiff3g (13423).
+
+ -- Guy Maor Sat, 27 Sep 1997 13:17:45 -0500
+
+libtiff3 (3.4beta037-2) unstable; urgency=low
+
+ * Add libjpegg6a to shlibs.local to correct for broken dependency.
+
+ -- Guy Maor Fri, 26 Sep 1997 11:23:55 -0500
+
+libtiff3 (3.4beta037-1) unstable; urgency=low
+
+ * New upstream version, libc6 compile, policy 2.3.0.0 (5136, 7470, 7627, 8166
+ 8312, 9479, 9492, 9531, 11700, 11702).
+ * Fix check for shared lib support (10805).
+
+ -- Guy Maor Tue, 23 Sep 1997 16:55:56 -0500
--- tiff-3.7.4.orig/debian/libtiff4.lintian
+++ tiff-3.7.4/debian/libtiff4.lintian
@@ -0,0 +1,5 @@
+#
+# The synopsis line starts with a capital letter because of the TIFF
+# acronym, not because it contains a sentence.
+#
+libtiff4: description-synopsis-starts-with-a-capital-letter
--- tiff-3.7.4.orig/debian/libtiff4-dev.install
+++ tiff-3.7.4/debian/libtiff4-dev.install
@@ -0,0 +1,5 @@
+debian/tmp/usr/lib/lib*.so
+debian/tmp/usr/lib/lib*.a
+debian/tmp/usr/lib/lib*.la
+debian/tmp/usr/include
+debian/tmp/usr/share/man/man3
--- tiff-3.7.4.orig/debian/patches/fix-unknown-tags.patch
+++ tiff-3.7.4/debian/patches/fix-unknown-tags.patch
@@ -0,0 +1,178 @@
+diff -Nur -x '*.orig' -x '*~' tiff-3.7.4/build-tree/tiff-3.7.4/libtiff/tif_dirinfo.c tiff-3.7.4.new/build-tree/tiff-3.7.4/libtiff/tif_dirinfo.c
+--- tiff-3.7.4/libtiff/tif_dirinfo.c 2010-06-17 12:20:57.827649365 -0700
++++ tiff-3.7.4/libtiff/tif_dirinfo.c 2010-06-17 12:23:56.173899467 -0700
+@@ -437,8 +437,8 @@
+ return strcmp(ta->field_name, tb->field_name);
+ }
+
+-void
+-_TIFFMergeFieldInfo(TIFF* tif, const TIFFFieldInfo info[], int n)
++int
++_TIFFMergeFieldInfo_check(TIFF* tif, const TIFFFieldInfo info[], int n)
+ {
+ TIFFFieldInfo** tp;
+ int i;
+@@ -453,7 +453,11 @@
+ tif->tif_fieldinfo = (TIFFFieldInfo**)
+ _TIFFmalloc(n * sizeof (TIFFFieldInfo*));
+ }
+- assert(tif->tif_fieldinfo != NULL);
++ if (!tif->tif_fieldinfo) {
++ TIFFError("_TIFFMergeFieldInfo",
++ "Failed to allocate field info array");
++ return 0;
++ }
+ tp = &tif->tif_fieldinfo[tif->tif_nfields];
+ for (i = 0; i < n; i++)
+ tp[i] = (TIFFFieldInfo*) &info[i]; /* XXX */
+@@ -461,6 +465,15 @@
+ /* Sort the field info by tag number */
+ qsort(tif->tif_fieldinfo, tif->tif_nfields += n,
+ sizeof (TIFFFieldInfo*), tagCompare);
++
++ return n;
++}
++
++void
++_TIFFMergeFieldInfo(TIFF* tif, const TIFFFieldInfo info[], int n)
++{
++ if (!_TIFFMergeFieldInfo_check(tif, info, n))
++ assert(tif->tif_fieldinfo != NULL);
+ }
+
+ void
+diff -Nur -x '*.orig' -x '*~' tiff-3.7.4/build-tree/tiff-3.7.4/libtiff/tif_dirread.c tiff-3.7.4.new/build-tree/tiff-3.7.4/libtiff/tif_dirread.c
+--- tiff-3.7.4/libtiff/tif_dirread.c 2010-06-17 12:20:57.827649365 -0700
++++ tiff-3.7.4/libtiff/tif_dirread.c 2010-06-17 12:23:30.894208474 -0700
+@@ -40,6 +40,7 @@
+ extern void TIFFCvtIEEEFloatToNative(TIFF*, uint32, float*);
+ extern void TIFFCvtIEEEDoubleToNative(TIFF*, uint32, double*);
+ #endif
++extern int _TIFFMergeFieldInfo_check(TIFF* tif, const TIFFFieldInfo info[], int n);
+
+ static int EstimateStripByteCounts(TIFF*, TIFFDirEntry*, uint16);
+ static void MissingRequired(TIFF*, const char*);
+@@ -85,6 +86,7 @@
+ char* cp;
+ int diroutoforderwarning = 0;
+ int compressionknown = 0;
++ int haveunknowntags = 0;
+ toff_t* new_dirlist;
+
+ tif->tif_diroff = tif->tif_nextdiroff;
+@@ -244,8 +246,10 @@
+ fix = 0;
+ for (dp = dir, n = dircount; n > 0; n--, dp++) {
+
+- if (fix >= tif->tif_nfields || dp->tdir_tag == IGNORE)
++ if (dp->tdir_tag == IGNORE)
+ continue;
++ if (fix >= tif->tif_nfields)
++ fix = 0;
+
+ /*
+ * Silicon Beach (at least) writes unordered
+@@ -267,25 +271,9 @@
+ if (fix >= tif->tif_nfields ||
+ tif->tif_fieldinfo[fix]->field_tag != dp->tdir_tag) {
+
+- TIFFWarning(module,
+- "%s: unknown field with tag %d (0x%x) encountered",
+- tif->tif_name, dp->tdir_tag, dp->tdir_tag,
+- dp->tdir_type);
+- /*
+- * creating anonymous fields prior to knowing the compression
+- * algorithm (ie, when the field info has been merged) could cause
+- * crashes with pathological directories.
+- * -- taviso@google.com 15 Jun 2006
+- */
+- if (compressionknown)
+- TIFFMergeFieldInfo(tif, _TIFFCreateAnonFieldInfo(tif, dp->tdir_tag,
+- (TIFFDataType) dp->tdir_type), 1 );
+- else goto ignore;
+-
+- fix = 0;
+- while (fix < tif->tif_nfields &&
+- tif->tif_fieldinfo[fix]->field_tag < dp->tdir_tag)
+- fix++;
++ /* Unknown tag ... we'll deal with it below */
++ haveunknowntags = 1;
++ continue;
+ }
+ /*
+ * Null out old tags that we ignore.
+@@ -375,6 +363,74 @@
+ }
+
+ /*
++ * If we saw any unknown tags, make an extra pass over the directory
++ * to deal with them. This must be done separately because the tags
++ * could have become known when we registered a codec after finding
++ * the Compression tag. In a correctly-sorted directory there's
++ * no problem because Compression will come before any codec-private
++ * tags, but if the sorting is wrong that might not hold.
++ */
++ if (haveunknowntags) {
++ fix = 0;
++ for (dp = dir, n = dircount; n > 0; n--, dp++) {
++ if (dp->tdir_tag == IGNORE)
++ continue;
++ if (fix >= tif->tif_nfields ||
++ dp->tdir_tag < tif->tif_fieldinfo[fix]->field_tag)
++ fix = 0; /* O(n^2) */
++ while (fix < tif->tif_nfields &&
++ tif->tif_fieldinfo[fix]->field_tag < dp->tdir_tag)
++ fix++;
++ if (fix >= tif->tif_nfields ||
++ tif->tif_fieldinfo[fix]->field_tag != dp->tdir_tag) {
++
++ TIFFWarning(module,
++ "%s: unknown field with tag %d (0x%x) encountered",
++ tif->tif_name,
++ dp->tdir_tag,
++ dp->tdir_tag);
++
++ if (!_TIFFMergeFieldInfo_check(tif,
++ _TIFFCreateAnonFieldInfo(tif,
++ dp->tdir_tag,
++ (TIFFDataType) dp->tdir_type),
++ 1))
++ {
++ TIFFWarning(module,
++ "Registering anonymous field with tag %d (0x%x) failed",
++ dp->tdir_tag,
++ dp->tdir_tag);
++ dp->tdir_tag = IGNORE;
++ continue;
++ }
++ fix = 0;
++ while (fix < tif->tif_nfields &&
++ tif->tif_fieldinfo[fix]->field_tag < dp->tdir_tag)
++ fix++;
++ }
++ /*
++ * Check data type.
++ */
++ fip = tif->tif_fieldinfo[fix];
++ while (dp->tdir_type != (unsigned short) fip->field_type
++ && fix < tif->tif_nfields) {
++ if (fip->field_type == TIFF_ANY) /* wildcard */
++ break;
++ fip = tif->tif_fieldinfo[++fix];
++ if (fix >= tif->tif_nfields ||
++ fip->field_tag != dp->tdir_tag) {
++ TIFFWarning(module,
++ "%s: wrong data type %d for \"%s\"; tag ignored",
++ tif->tif_name, dp->tdir_type,
++ tif->tif_fieldinfo[fix-1]->field_name);
++ dp->tdir_tag = IGNORE;
++ break;
++ }
++ }
++ }
++ }
++
++ /*
+ * Allocate directory structure and setup defaults.
+ */
+ if (!TIFFFieldSet(tif, FIELD_IMAGEDIMENSIONS)) {
--- tiff-3.7.4.orig/debian/patches/z_CVE-2010-2595.patch
+++ tiff-3.7.4/debian/patches/z_CVE-2010-2595.patch
@@ -0,0 +1,30 @@
+Description: fix denial of service via invalid ReferenceBlackWhite values
+Origin: upstream, libtiff/tif_color.c r1.12.2.2
+Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2208
+
+diff -Naur tiff-3.7.4.orig//libtiff/tif_color.c tiff-3.7.4/libtiff/tif_color.c
+--- tiff-3.7.4.orig//libtiff/tif_color.c 2011-03-03 16:19:03.000000000 -0500
++++ tiff-3.7.4/libtiff/tif_color.c 2011-03-03 16:20:11.000000000 -0500
+@@ -182,13 +182,18 @@
+ TIFFYCbCrtoRGB(TIFFYCbCrToRGB *ycbcr, uint32 Y, int32 Cb, int32 Cr,
+ uint32 *r, uint32 *g, uint32 *b)
+ {
++ int32 i;
++
+ /* XXX: Only 8-bit YCbCr input supported for now */
+ Y = CLAMP(Y, 0, 255), Cb = CLAMP(Cb, 0, 255), Cr = CLAMP(Cr, 0, 255);
+
+- *r = ycbcr->clamptab[ycbcr->Y_tab[Y] + ycbcr->Cr_r_tab[Cr]];
+- *g = ycbcr->clamptab[ycbcr->Y_tab[Y]
+- + (int)((ycbcr->Cb_g_tab[Cb] + ycbcr->Cr_g_tab[Cr]) >> SHIFT)];
+- *b = ycbcr->clamptab[ycbcr->Y_tab[Y] + ycbcr->Cb_b_tab[Cb]];
++ i = ycbcr->Y_tab[Y] + ycbcr->Cr_r_tab[Cr];
++ *r = CLAMP(i, 0, 255);
++ i = ycbcr->Y_tab[Y]
++ + (int)((ycbcr->Cb_g_tab[Cb] + ycbcr->Cr_g_tab[Cr]) >> SHIFT);
++ *g = CLAMP(i, 0, 255);
++ i = ycbcr->Y_tab[Y] + ycbcr->Cb_b_tab[Cb];
++ *b = CLAMP(i, 0, 255);
+ }
+
+ /*
--- tiff-3.7.4.orig/debian/patches/3.8.1-security-fixes.patch
+++ tiff-3.7.4/debian/patches/3.8.1-security-fixes.patch
@@ -0,0 +1,292 @@
+diff -ruN tiff-3.7.4-old/libtiff/tif_color.c tiff-3.7.4/libtiff/tif_color.c
+--- tiff-3.7.4-old/libtiff/tif_color.c 2005-07-04 13:20:07.000000000 +0200
++++ tiff-3.7.4/libtiff/tif_color.c 2006-05-03 12:56:38.000000000 +0200
+@@ -92,6 +92,11 @@
+ Yg = TIFFmax(Yg, cielab->display.d_Y0G);
+ Yb = TIFFmax(Yb, cielab->display.d_Y0B);
+
++ /* Avoid overflow in case of wrong input values */
++ Yr = TIFFmin(Yr, cielab->display.d_YCR);
++ Yg = TIFFmin(Yg, cielab->display.d_YCG);
++ Yb = TIFFmin(Yb, cielab->display.d_YCB);
++
+ /* Turn luminosity to colour value. */
+ i = (int)((Yr - cielab->display.d_Y0R) / cielab->rstep);
+ i = TIFFmin(cielab->range, i);
+diff -ruN tiff-3.7.4-old/libtiff/tif_dirread.c tiff-3.7.4/libtiff/tif_dirread.c
+--- tiff-3.7.4-old/libtiff/tif_dirread.c 2005-08-17 15:05:26.000000000 +0200
++++ tiff-3.7.4/libtiff/tif_dirread.c 2006-05-03 12:55:40.000000000 +0200
+@@ -784,13 +784,20 @@
+ int w = TIFFDataWidth((TIFFDataType) dir->tdir_type);
+ tsize_t cc = dir->tdir_count * w;
+
++ /* Check for overflow. */
++ if (!dir->tdir_count || !w || cc / w != (tsize_t)dir->tdir_count)
++ goto bad;
++
+ if (!isMapped(tif)) {
+ if (!SeekOK(tif, dir->tdir_offset))
+ goto bad;
+ if (!ReadOK(tif, cp, cc))
+ goto bad;
+ } else {
+- if (dir->tdir_offset + cc > tif->tif_size)
++ /* Check for overflow. */
++ if ((tsize_t)dir->tdir_offset + cc < (tsize_t)dir->tdir_offset
++ || (tsize_t)dir->tdir_offset + cc < cc
++ || (tsize_t)dir->tdir_offset + cc > (tsize_t)tif->tif_size)
+ goto bad;
+ _TIFFmemcpy(cp, tif->tif_base + dir->tdir_offset, cc);
+ }
+@@ -1138,6 +1145,7 @@
+ /* TIFF_UNDEFINED */
+ TIFFError(tif->tif_name,
+ "cannot read TIFF_ANY type %d for field \"%s\"",
++ dir->tdir_type,
+ _TIFFFieldWithTag(tif, dir->tdir_tag)->field_name);
+ return (0);
+ }
+diff -ruN tiff-3.7.4-old/libtiff/tif_fax3.c tiff-3.7.4/libtiff/tif_fax3.c
+--- tiff-3.7.4-old/libtiff/tif_fax3.c 2005-07-29 15:21:10.000000000 +0200
++++ tiff-3.7.4/libtiff/tif_fax3.c 2006-05-03 12:55:40.000000000 +0200
+@@ -1056,19 +1056,22 @@
+ static void
+ Fax3Cleanup(TIFF* tif)
+ {
+- if (tif->tif_data) {
+- Fax3CodecState* sp = DecoderState(tif);
+-
+- if (sp->runs)
+- _TIFFfree(sp->runs);
+- if (sp->refline)
+- _TIFFfree(sp->refline);
+-
+- if (Fax3State(tif)->subaddress)
+- _TIFFfree(Fax3State(tif)->subaddress);
+- _TIFFfree(tif->tif_data);
+- tif->tif_data = NULL;
+- }
++ Fax3CodecState* sp = DecoderState(tif);
++
++ assert(sp != 0);
++
++ tif->tif_tagmethods.vgetfield = sp->b.vgetparent;
++ tif->tif_tagmethods.vsetfield = sp->b.vsetparent;
++
++ if (sp->runs)
++ _TIFFfree(sp->runs);
++ if (sp->refline)
++ _TIFFfree(sp->refline);
++
++ if (Fax3State(tif)->subaddress)
++ _TIFFfree(Fax3State(tif)->subaddress);
++ _TIFFfree(tif->tif_data);
++ tif->tif_data = NULL;
+ }
+
+ #define FIELD_BADFAXLINES (FIELD_CODEC+0)
+@@ -1120,6 +1123,9 @@
+ {
+ Fax3BaseState* sp = Fax3State(tif);
+
++ assert(sp != 0);
++ assert(sp->vsetparent != 0);
++
+ switch (tag) {
+ case TIFFTAG_FAXMODE:
+ sp->mode = va_arg(ap, int);
+diff -ruN tiff-3.7.4-old/libtiff/tif_jpeg.c tiff-3.7.4/libtiff/tif_jpeg.c
+--- tiff-3.7.4-old/libtiff/tif_jpeg.c 2005-06-06 11:36:57.000000000 +0200
++++ tiff-3.7.4/libtiff/tif_jpeg.c 2006-05-03 12:55:40.000000000 +0200
+@@ -1500,15 +1500,19 @@
+ static void
+ JPEGCleanup(TIFF* tif)
+ {
+- if (tif->tif_data) {
+- JPEGState *sp = JState(tif);
+- if( sp->cinfo_initialized )
+- TIFFjpeg_destroy(sp); /* release libjpeg resources */
+- if (sp->jpegtables) /* tag value */
+- _TIFFfree(sp->jpegtables);
+- _TIFFfree(tif->tif_data); /* release local state */
+- tif->tif_data = NULL;
+- }
++ JPEGState *sp = JState(tif);
++
++ assert(sp != 0);
++
++ tif->tif_tagmethods.vgetfield = sp->vgetparent;
++ tif->tif_tagmethods.vsetfield = sp->vsetparent;
++
++ if( sp->cinfo_initialized )
++ TIFFjpeg_destroy(sp); /* release libjpeg resources */
++ if (sp->jpegtables) /* tag value */
++ _TIFFfree(sp->jpegtables);
++ _TIFFfree(tif->tif_data); /* release local state */
++ tif->tif_data = NULL;
+ }
+
+ static int
+diff -ruN tiff-3.7.4-old/libtiff/tif_lzw.c tiff-3.7.4/libtiff/tif_lzw.c
+--- tiff-3.7.4-old/libtiff/tif_lzw.c 2004-10-02 15:52:29.000000000 +0200
++++ tiff-3.7.4/libtiff/tif_lzw.c 2006-05-03 12:55:40.000000000 +0200
+@@ -1002,6 +1002,8 @@
+ static void
+ LZWCleanup(TIFF* tif)
+ {
++ (void)TIFFPredictorCleanup(tif);
++
+ if (tif->tif_data) {
+ if (DecoderState(tif)->dec_codetab)
+ _TIFFfree(DecoderState(tif)->dec_codetab);
+diff -ruN tiff-3.7.4-old/libtiff/tif_pixarlog.c tiff-3.7.4/libtiff/tif_pixarlog.c
+--- tiff-3.7.4-old/libtiff/tif_pixarlog.c 2005-01-15 18:20:58.000000000 +0100
++++ tiff-3.7.4/libtiff/tif_pixarlog.c 2006-05-03 12:55:40.000000000 +0200
+@@ -1163,24 +1163,29 @@
+ {
+ PixarLogState* sp = (PixarLogState*) tif->tif_data;
+
+- if (sp) {
+- if (sp->FromLT2) _TIFFfree(sp->FromLT2);
+- if (sp->From14) _TIFFfree(sp->From14);
+- if (sp->From8) _TIFFfree(sp->From8);
+- if (sp->ToLinearF) _TIFFfree(sp->ToLinearF);
+- if (sp->ToLinear16) _TIFFfree(sp->ToLinear16);
+- if (sp->ToLinear8) _TIFFfree(sp->ToLinear8);
+- if (sp->state&PLSTATE_INIT) {
+- if (tif->tif_mode == O_RDONLY)
+- inflateEnd(&sp->stream);
+- else
+- deflateEnd(&sp->stream);
+- }
+- if (sp->tbuf)
+- _TIFFfree(sp->tbuf);
+- _TIFFfree(sp);
+- tif->tif_data = NULL;
++ assert(sp != 0);
++
++ (void)TIFFPredictorCleanup(tif);
++
++ tif->tif_tagmethods.vgetfield = sp->vgetparent;
++ tif->tif_tagmethods.vsetfield = sp->vsetparent;
++
++ if (sp->FromLT2) _TIFFfree(sp->FromLT2);
++ if (sp->From14) _TIFFfree(sp->From14);
++ if (sp->From8) _TIFFfree(sp->From8);
++ if (sp->ToLinearF) _TIFFfree(sp->ToLinearF);
++ if (sp->ToLinear16) _TIFFfree(sp->ToLinear16);
++ if (sp->ToLinear8) _TIFFfree(sp->ToLinear8);
++ if (sp->state&PLSTATE_INIT) {
++ if (tif->tif_mode == O_RDONLY)
++ inflateEnd(&sp->stream);
++ else
++ deflateEnd(&sp->stream);
+ }
++ if (sp->tbuf)
++ _TIFFfree(sp->tbuf);
++ _TIFFfree(sp);
++ tif->tif_data = NULL;
+ }
+
+ static int
+diff -ruN tiff-3.7.4-old/libtiff/tif_predict.c tiff-3.7.4/libtiff/tif_predict.c
+--- tiff-3.7.4-old/libtiff/tif_predict.c 2005-06-06 11:36:59.000000000 +0200
++++ tiff-3.7.4/libtiff/tif_predict.c 2006-05-03 12:55:40.000000000 +0200
+@@ -519,6 +519,9 @@
+ {
+ TIFFPredictorState *sp = PredictorState(tif);
+
++ assert(sp != NULL);
++ assert(sp->vsetparent != NULL);
++
+ switch (tag) {
+ case TIFFTAG_PREDICTOR:
+ sp->predictor = (uint16) va_arg(ap, int);
+@@ -536,6 +539,9 @@
+ {
+ TIFFPredictorState *sp = PredictorState(tif);
+
++ assert(sp != NULL);
++ assert(sp->vgetparent != NULL);
++
+ switch (tag) {
+ case TIFFTAG_PREDICTOR:
+ *va_arg(ap, uint16*) = sp->predictor;
+@@ -570,6 +576,8 @@
+ {
+ TIFFPredictorState* sp = PredictorState(tif);
+
++ assert(sp != 0);
++
+ /*
+ * Merge codec-specific tag information and
+ * override parent get/set field methods.
+@@ -595,4 +603,20 @@
+ return 1;
+ }
+
++int
++TIFFPredictorCleanup(TIFF* tif)
++{
++ TIFFPredictorState* sp = PredictorState(tif);
++
++ assert(sp != 0);
++
++ tif->tif_tagmethods.vgetfield = sp->vgetparent;
++ tif->tif_tagmethods.vsetfield = sp->vsetparent;
++ tif->tif_tagmethods.printdir = sp->printdir;
++ tif->tif_setupdecode = sp->setupdecode;
++ tif->tif_setupencode = sp->setupencode;
++
++ return 1;
++}
++
+ /* vim: set ts=8 sts=8 sw=8 noet: */
+diff -ruN tiff-3.7.4-old/libtiff/tif_predict.h tiff-3.7.4/libtiff/tif_predict.h
+--- tiff-3.7.4-old/libtiff/tif_predict.h 2005-04-15 19:13:34.000000000 +0200
++++ tiff-3.7.4/libtiff/tif_predict.h 2006-05-03 12:55:40.000000000 +0200
+@@ -55,6 +55,7 @@
+ extern "C" {
+ #endif
+ extern int TIFFPredictorInit(TIFF*);
++extern int TIFFPredictorCleanup(TIFF*);
+ #if defined(__cplusplus)
+ }
+ #endif
+diff -ruN tiff-3.7.4-old/libtiff/tif_zip.c tiff-3.7.4/libtiff/tif_zip.c
+--- tiff-3.7.4-old/libtiff/tif_zip.c 2004-10-02 15:52:29.000000000 +0200
++++ tiff-3.7.4/libtiff/tif_zip.c 2006-05-03 12:55:40.000000000 +0200
+@@ -249,17 +249,23 @@
+ ZIPCleanup(TIFF* tif)
+ {
+ ZIPState* sp = ZState(tif);
+- if (sp) {
+- if (sp->state&ZSTATE_INIT) {
+- /* NB: avoid problems in the library */
+- if (tif->tif_mode == O_RDONLY)
+- inflateEnd(&sp->stream);
+- else
+- deflateEnd(&sp->stream);
+- }
+- _TIFFfree(sp);
+- tif->tif_data = NULL;
++
++ assert(sp != 0);
++
++ (void)TIFFPredictorCleanup(tif);
++
++ tif->tif_tagmethods.vgetfield = sp->vgetparent;
++ tif->tif_tagmethods.vsetfield = sp->vsetparent;
++
++ if (sp->state&ZSTATE_INIT) {
++ /* NB: avoid problems in the library */
++ if (tif->tif_mode == O_RDONLY)
++ inflateEnd(&sp->stream);
++ else
++ deflateEnd(&sp->stream);
+ }
++ _TIFFfree(sp);
++ tif->tif_data = NULL;
+ }
+
+ static int
--- tiff-3.7.4.orig/debian/patches/z_CVE-2011-0192.patch
+++ tiff-3.7.4/debian/patches/z_CVE-2011-0192.patch
@@ -0,0 +1,21 @@
+Description: fix denial of service and possible code execution via
+ buffer overflow in Fax4Decode
+Origin: Thanks to Apple and Huzaifa Sidhpurwala
+
+Index: tiff-3.9.2/libtiff/tif_fax3.h
+===================================================================
+--- tiff-3.9.2.orig/libtiff/tif_fax3.h 2005-12-12 01:23:11.000000000 -0800
++++ tiff-3.9.2/libtiff/tif_fax3.h 2011-03-14 10:46:49.748757261 -0700
+@@ -478,6 +478,12 @@
+ break; \
+ case S_VL: \
+ CHECK_b1; \
++ if (b1 <= (int) (a0 + TabEnt->Param)) { \
++ if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) { \
++ unexpected("VL", a0); \
++ goto eol2d; \
++ } \
++ } \
+ SETVAL(b1 - a0 - TabEnt->Param); \
+ b1 -= *--pb; \
+ break; \
--- tiff-3.7.4.orig/debian/patches/z_CVE-2011-0191.patch
+++ tiff-3.7.4/debian/patches/z_CVE-2011-0191.patch
@@ -0,0 +1,18 @@
+Description: denial of service and possible code exection via
+ YCBCRSUBSAMPLING tag
+Origin: Thanks to Apple
+
+diff -Naur tiff-3.7.4.orig//libtiff/tif_dir.c tiff-3.7.4/libtiff/tif_dir.c
+--- tiff-3.7.4.orig//libtiff/tif_dir.c 2011-03-03 15:43:02.000000000 -0500
++++ tiff-3.7.4/libtiff/tif_dir.c 2011-03-03 16:11:21.000000000 -0500
+@@ -385,6 +385,10 @@
+ case TIFFTAG_YCBCRSUBSAMPLING:
+ td->td_ycbcrsubsampling[0] = (uint16) va_arg(ap, int);
+ td->td_ycbcrsubsampling[1] = (uint16) va_arg(ap, int);
++ if (td->td_ycbcrsubsampling[0] > 4)
++ td->td_ycbcrsubsampling[0] = (td->td_compression == 7) ? 1 : 2;
++ if (td->td_ycbcrsubsampling[1] > 4)
++ td->td_ycbcrsubsampling[1] = (td->td_compression == 7) ? 1 : 2;
+ break;
+ case TIFFTAG_WHITEPOINT:
+ _TIFFsetFloatArray(&td->td_whitepoint, va_arg(ap, float*), 2);
--- tiff-3.7.4.orig/debian/patches/doc-typos.patch
+++ tiff-3.7.4/debian/patches/doc-typos.patch
@@ -0,0 +1,144 @@
+diff -ruN tiff-3.7.4-old/html/man/gif2tiff.1.html tiff-3.7.4/html/man/gif2tiff.1.html
+--- tiff-3.7.4-old/html/man/gif2tiff.1.html 2005-03-06 12:03:07.000000000 +0100
++++ tiff-3.7.4/html/man/gif2tiff.1.html 2006-06-01 15:51:03.000000000 +0200
+@@ -54,7 +54,7 @@
+ TIFF. The TIFF image is
+ created as a palette image, with samples compressed with the
+ Lempel-Ziv & Welch algorithm (Compression=5).
+-These characteristics can overriden, or explicitly specified
++These characteristics can overridden, or explicitly specified
+ with the options described below.
+
+
+diff -ruN tiff-3.7.4-old/html/man/ppm2tiff.1.html tiff-3.7.4/html/man/ppm2tiff.1.html
+--- tiff-3.7.4-old/html/man/ppm2tiff.1.html 2005-03-06 12:03:12.000000000 +0100
++++ tiff-3.7.4/html/man/ppm2tiff.1.html 2006-06-01 15:51:03.000000000 +0200
+@@ -54,7 +54,7 @@
+ packed (PlanarConfiguration=1), compressed with the
+ Lempel-Ziv & Welch algorithm (Compression=5), and
+ with each strip no more than 8 kilobytes. These
+-characteristics can be overriden, or explicitly specified
++characteristics can be overridden, or explicitly specified
+ with the options described below
+
+ If the PPM file contains greyscale data,
+diff -ruN tiff-3.7.4-old/html/man/ras2tiff.1.html tiff-3.7.4/html/man/ras2tiff.1.html
+--- tiff-3.7.4-old/html/man/ras2tiff.1.html 2005-03-06 12:03:12.000000000 +0100
++++ tiff-3.7.4/html/man/ras2tiff.1.html 2006-06-01 15:51:03.000000000 +0200
+@@ -55,7 +55,7 @@
+ packed (PlanarConfiguration=1), compressed with the
+ Lempel-Ziv & Welch algorithm (Compression=5), and
+ with each strip no more than 8 kilobytes. These
+-characteristics can overriden, or explicitly specified with
++characteristics can overridden, or explicitly specified with
+ the options described below.
+
+ Any colormap information in the rasterfile is carried
+diff -ruN tiff-3.7.4-old/html/man/raw2tiff.1.html tiff-3.7.4/html/man/raw2tiff.1.html
+--- tiff-3.7.4-old/html/man/raw2tiff.1.html 2005-03-06 12:03:12.000000000 +0100
++++ tiff-3.7.4/html/man/raw2tiff.1.html 2006-06-01 15:51:03.000000000 +0200
+@@ -522,7 +522,7 @@
+ indicate the right line size. That is why you should be
+ cautious with the very large images, because guessing
+ process may take a while (depending on your system
+-perfomance). Of course, the utility can’t guess the
++performance). Of course, the utility can’t guess the
+ header size, number of bands and data type, so it should be
+ specified manually. If you don’t know anything about
+ your image, just try with the several combinations of those
+diff -ruN tiff-3.7.4-old/html/man/sgi2tiff.1.html tiff-3.7.4/html/man/sgi2tiff.1.html
+--- tiff-3.7.4-old/html/man/sgi2tiff.1.html 2005-03-06 12:03:13.000000000 +0100
++++ tiff-3.7.4/html/man/sgi2tiff.1.html 2006-06-01 15:51:03.000000000 +0200
+@@ -55,7 +55,7 @@
+ packed (PlanarConfiguration=1), compressed with the
+ Lempel-Ziv & Welch algorithm (Compression=5), and
+ with each strip no more than 8 kilobytes. These
+-characteristics can overriden, or explicitly specified with
++characteristics can overridden, or explicitly specified with
+ the options described below.
+
+
+diff -ruN tiff-3.7.4-old/html/man/tiffsv.1.html tiff-3.7.4/html/man/tiffsv.1.html
+--- tiff-3.7.4-old/html/man/tiffsv.1.html 2005-03-06 12:03:19.000000000 +0100
++++ tiff-3.7.4/html/man/tiffsv.1.html 2006-06-01 15:51:03.000000000 +0200
+@@ -56,7 +56,7 @@
+ (PlanarConfiguration=1), compressed with the
+ Lempel-Ziv & Welch algorithm (Compression=5), and
+ with each strip no more than 8 kilobytes. These
+-characteristics can be overriden, or explicitly specified
++characteristics can be overridden, or explicitly specified
+ with the options described below.
+
+
+diff -ruN tiff-3.7.4-old/man/gif2tiff.1 tiff-3.7.4/man/gif2tiff.1
+--- tiff-3.7.4-old/man/gif2tiff.1 1999-07-27 23:50:27.000000000 +0200
++++ tiff-3.7.4/man/gif2tiff.1 2006-06-01 15:51:03.000000000 +0200
+@@ -44,7 +44,7 @@
+ image is created as a palette image, with samples
+ compressed with the Lempel-Ziv & Welch algorithm (\c
+ .IR Compression =5).
+-These characteristics can overriden, or explicitly specified
++These characteristics can overridden, or explicitly specified
+ with the options described below.
+ .SH OPTIONS
+ .TP
+diff -ruN tiff-3.7.4-old/man/ppm2tiff.1 tiff-3.7.4/man/ppm2tiff.1
+--- tiff-3.7.4-old/man/ppm2tiff.1 2003-05-05 12:41:17.000000000 +0200
++++ tiff-3.7.4/man/ppm2tiff.1 2006-06-01 15:51:03.000000000 +0200
+@@ -51,7 +51,7 @@
+ compressed with the Lempel-Ziv & Welch algorithm (\c
+ .IR Compression =5),
+ and with each strip no more than 8 kilobytes.
+-These characteristics can be overriden, or explicitly specified
++These characteristics can be overridden, or explicitly specified
+ with the options described below
+ .PP
+ If the
+diff -ruN tiff-3.7.4-old/man/ras2tiff.1 tiff-3.7.4/man/ras2tiff.1
+--- tiff-3.7.4-old/man/ras2tiff.1 1999-07-27 23:50:28.000000000 +0200
++++ tiff-3.7.4/man/ras2tiff.1 2006-06-01 15:51:03.000000000 +0200
+@@ -46,7 +46,7 @@
+ compressed with the Lempel-Ziv & Welch algorithm (\c
+ .IR Compression =5),
+ and with each strip no more than 8 kilobytes.
+-These characteristics can overriden, or explicitly specified
++These characteristics can overridden, or explicitly specified
+ with the options described below.
+ .PP
+ Any colormap information in the rasterfile is carried over to the
+diff -ruN tiff-3.7.4-old/man/raw2tiff.1 tiff-3.7.4/man/raw2tiff.1
+--- tiff-3.7.4-old/man/raw2tiff.1 2003-11-12 10:20:10.000000000 +0100
++++ tiff-3.7.4/man/raw2tiff.1 2006-06-01 15:51:03.000000000 +0200
+@@ -175,7 +175,7 @@
+ at the image center using several appropriate line sizes and the highest
+ absolute value of the coefficient will indicate the right line size. That is
+ why you should be cautious with the very large images, because guessing
+-process may take a while (depending on your system perfomance). Of course, the
++process may take a while (depending on your system performance). Of course, the
+ utility can't guess the header size, number of bands and data type, so it
+ should be specified manually. If you don't know anything about your image,
+ just try with the several combinations of those options.
+diff -ruN tiff-3.7.4-old/man/sgi2tiff.1 tiff-3.7.4/man/sgi2tiff.1
+--- tiff-3.7.4-old/man/sgi2tiff.1 1999-07-27 23:50:28.000000000 +0200
++++ tiff-3.7.4/man/sgi2tiff.1 2006-06-01 15:51:03.000000000 +0200
+@@ -50,7 +50,7 @@
+ compressed with the Lempel-Ziv & Welch algorithm (\c
+ .IR Compression =5),
+ and with each strip no more than 8 kilobytes.
+-These characteristics can overriden, or explicitly specified
++These characteristics can overridden, or explicitly specified
+ with the options described below.
+ .SH OPTIONS
+ .TP
+diff -ruN tiff-3.7.4-old/man/tiffsv.1 tiff-3.7.4/man/tiffsv.1
+--- tiff-3.7.4-old/man/tiffsv.1 1999-07-27 23:50:28.000000000 +0200
++++ tiff-3.7.4/man/tiffsv.1 2006-06-01 15:51:03.000000000 +0200
+@@ -46,7 +46,7 @@
+ compressed with the Lempel-Ziv & Welch algorithm (\c
+ .IR Compression =5),
+ and with each strip no more than 8 kilobytes.
+-These characteristics can be overriden, or explicitly specified
++These characteristics can be overridden, or explicitly specified
+ with the options described below.
+ .SH OPTIONS
+ .TP
--- tiff-3.7.4.orig/debian/patches/z_CVE-2011-1167.patch
+++ tiff-3.7.4/debian/patches/z_CVE-2011-1167.patch
@@ -0,0 +1,72 @@
+Description: fix arbitrary code execution via crafted
+ THUNDER_2BITDELTAS data
+Origin: upstream, http://bugzilla.maptools.org/show_bug.cgi?id=2300
+Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2300
+
+diff -Naur tiff-3.8.2.ori//libtiff/tif_thunder.c tiff-3.8.2/libtiff/tif_thunder.c
+--- tiff-3.8.2.ori//libtiff/tif_thunder.c 2005-12-21 07:33:56.000000000 -0500
++++ tiff-3.8.2/libtiff/tif_thunder.c 2011-03-30 13:26:06.522487732 -0400
+@@ -25,6 +25,7 @@
+ */
+
+ #include "tiffiop.h"
++#include
+ #ifdef THUNDER_SUPPORT
+ /*
+ * TIFF Library.
+@@ -55,12 +56,32 @@
+ static const int twobitdeltas[4] = { 0, 1, 0, -1 };
+ static const int threebitdeltas[8] = { 0, 1, 2, 3, 0, -3, -2, -1 };
+
+-#define SETPIXEL(op, v) { \
+- lastpixel = (v) & 0xf; \
+- if (npixels++ & 1) \
+- *op++ |= lastpixel; \
+- else \
++#define SETPIXEL(op, v) { \
++ lastpixel = (v) & 0xf; \
++ if ( npixels < maxpixels ) \
++ { \
++ if (npixels++ & 1) \
++ *op++ |= lastpixel; \
++ else \
+ op[0] = (tidataval_t) (lastpixel << 4); \
++ } \
++}
++
++static int
++ThunderSetupDecode(TIFF* tif)
++{
++ static const char module[] = "ThunderSetupDecode";
++
++ if( tif->tif_dir.td_bitspersample != 4 )
++ {
++ TIFFError(module,
++ "Wrong bitspersample value (%d), Thunder decoder only supports 4bits per sample.",
++ (int) tif->tif_dir.td_bitspersample );
++ return 0;
++ }
++
++
++ return (1);
+ }
+
+ static int
+@@ -142,7 +163,8 @@
+ occ -= tif->tif_scanlinesize;
+ row += tif->tif_scanlinesize;
+ }
+- return (1);
++
++ return (1);
+ }
+
+ int
+@@ -151,6 +173,7 @@
+ (void) scheme;
+ tif->tif_decoderow = ThunderDecodeRow;
+ tif->tif_decodestrip = ThunderDecodeRow;
++ tif->tif_setupdecode = ThunderSetupDecode;
+ return (1);
+ }
+ #endif /* THUNDER_SUPPORT */
--- tiff-3.7.4.orig/debian/patches/fix_43286_crasher.patch
+++ tiff-3.7.4/debian/patches/fix_43286_crasher.patch
@@ -0,0 +1,18 @@
+Index: libtiff/tif_jpeg.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_jpeg.c,v
+retrieving revision 1.43
+retrieving revision 1.44
+diff -u -r1.43 -r1.44
+--- a/libtiff/tif_jpeg.c 7 Mar 2006 11:59:12 -0000 1.43
++++ b/libtiff/tif_jpeg.c 15 Mar 2006 20:56:40 -0000 1.44
+@@ -1850,9 +1850,6 @@
+
+ assert(scheme == COMPRESSION_JPEG);
+
+- if ((tif->tif_flags & TIFF_CODERSETUP) == 0)
+- JPEGCleanup(tif);
+-
+ /*
+ * Allocate state block so tag methods have storage to record values.
+ */
--- tiff-3.7.4.orig/debian/patches/tiff2pdf-octal-printf.patch
+++ tiff-3.7.4/debian/patches/tiff2pdf-octal-printf.patch
@@ -0,0 +1,12 @@
+diff -ruN tiff-3.7.4-old/tools/tiff2pdf.c tiff-3.7.4/tools/tiff2pdf.c
+--- tiff-3.7.4-old/tools/tiff2pdf.c 2005-06-23 15:30:28.000000000 +0200
++++ tiff-3.7.4/tools/tiff2pdf.c 2006-06-02 18:15:11.000000000 +0200
+@@ -3758,7 +3758,7 @@
+ written += TIFFWriteFile(output, (tdata_t) "(", 1);
+ for (i=0;i
+
+Index: tiff-3.8.2/libtiff/tif_fax3.c
+===================================================================
+--- tiff-3.8.2.orig/libtiff/tif_fax3.c 2010-06-10 18:09:58.779641597 -0700
++++ tiff-3.8.2/libtiff/tif_fax3.c 2010-06-10 18:11:50.949640612 -0700
+@@ -491,7 +491,16 @@
+ td->td_compression == COMPRESSION_CCITTFAX4
+ );
+
+- nruns = needsRefLine ? 2*TIFFroundup(rowpixels,32) : rowpixels;
++ if (needsRefLine) {
++ /* integer overflow check */
++ if ((uint32)rowpixels > 0xffffffff - 32 || TIFFroundup(rowpixels,32) > 0xffffffff / 2)
++ return (0);
++ nruns = 2*TIFFroundup(rowpixels,32);
++ } else
++ nruns = rowpixels;
++ /* integer overflow check */
++ if (nruns > (0xffffffff - 3) / 2)
++ return (0);
+
+ dsp->runs = (uint32*) _TIFFCheckMalloc(tif, 2*nruns+3, sizeof (uint32),
+ "for Group 3/4 run arrays");
--- tiff-3.7.4.orig/debian/patches/z_CVE-2010-2630.patch
+++ tiff-3.7.4/debian/patches/z_CVE-2010-2630.patch
@@ -0,0 +1,44 @@
+Description: fix denial of service via out-of-order tags
+Origin: upstream, r1.92.2.13
+Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2210
+
+diff -Naur tiff-3.7.4.orig//libtiff/tif_dirread.c tiff-3.7.4/libtiff/tif_dirread.c
+--- tiff-3.7.4.orig//libtiff/tif_dirread.c 2011-03-03 15:43:32.000000000 -0500
++++ tiff-3.7.4/libtiff/tif_dirread.c 2011-03-03 15:50:07.000000000 -0500
+@@ -82,6 +82,7 @@
+ const TIFFFieldInfo* fip;
+ int fix;
+ uint16 dircount;
++ uint16 previous_tag = 0;
+ toff_t nextdiroff;
+ char* cp;
+ int diroutoforderwarning = 0;
+@@ -248,23 +249,24 @@
+
+ if (dp->tdir_tag == IGNORE)
+ continue;
+- if (fix >= tif->tif_nfields)
+- fix = 0;
+
+ /*
+ * Silicon Beach (at least) writes unordered
+ * directory tags (violating the spec). Handle
+ * it here, but be obnoxious (maybe they'll fix it?).
+ */
+- if (dp->tdir_tag < tif->tif_fieldinfo[fix]->field_tag) {
++ if (dp->tdir_tag < previous_tag) {
+ if (!diroutoforderwarning) {
+ TIFFWarning(module,
+ "%s: invalid TIFF directory; tags are not sorted in ascending order",
+ tif->tif_name);
+ diroutoforderwarning = 1;
+ }
+- fix = 0; /* O(n^2) */
+ }
++ previous_tag = dp->tdir_tag;
++ if (fix >= tif->tif_nfields ||
++ dp->tdir_tag < tif->tif_fieldinfo[fix]->field_tag)
++ fix = 0; /* O(n^2) */
+ while (fix < tif->tif_nfields &&
+ tif->tif_fieldinfo[fix]->field_tag < dp->tdir_tag)
+ fix++;
--- tiff-3.7.4.orig/debian/patches/CVE-2008-2327.patch
+++ tiff-3.7.4/debian/patches/CVE-2008-2327.patch
@@ -0,0 +1,58 @@
+--- tiff-3.8.2.orig/libtiff/tif_lzw.c 2006-03-21 11:42:50.000000000 -0500
++++ tiff-3.8.2/libtiff/tif_lzw.c 2008-08-17 11:31:32.994004551 -0400
+@@ -237,6 +237,13 @@
+ sp->dec_codetab[code].length = 1;
+ sp->dec_codetab[code].next = NULL;
+ } while (code--);
++ /*
++ * Zero-out the unused entries
++ */
++ _TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0,
++ (CODE_FIRST-CODE_CLEAR)*sizeof (code_t));
++
++
+ }
+ return (1);
+ }
+@@ -408,12 +415,20 @@
+ break;
+ if (code == CODE_CLEAR) {
+ free_entp = sp->dec_codetab + CODE_FIRST;
++ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
+ nbits = BITS_MIN;
+ nbitsmask = MAXCODE(BITS_MIN);
+ maxcodep = sp->dec_codetab + nbitsmask-1;
+ NextCode(tif, sp, bp, code, GetNextCode);
+ if (code == CODE_EOI)
+ break;
++ if (code == CODE_CLEAR) {
++ TIFFError(tif->tif_name,
++ "LZWDecode: Corrupted LZW table at scanline %d",
++ tif->tif_row);
++ return (0);
++ }
++
+ *op++ = (char)code, occ--;
+ oldcodep = sp->dec_codetab + code;
+ continue;
+@@ -604,12 +619,20 @@
+ break;
+ if (code == CODE_CLEAR) {
+ free_entp = sp->dec_codetab + CODE_FIRST;
++ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
+ nbits = BITS_MIN;
+ nbitsmask = MAXCODE(BITS_MIN);
+ maxcodep = sp->dec_codetab + nbitsmask;
+ NextCode(tif, sp, bp, code, GetNextCodeCompat);
+ if (code == CODE_EOI)
+ break;
++ if (code == CODE_CLEAR) {
++ TIFFError(tif->tif_name,
++ "LZWDecode: Corrupted LZW table at scanline %d",
++ tif->tif_row);
++ return (0);
++ }
++
+ *op++ = code, occ--;
+ oldcodep = sp->dec_codetab + code;
+ continue;
--- tiff-3.7.4.orig/debian/patches/CVE-2009-2347.patch
+++ tiff-3.7.4/debian/patches/CVE-2009-2347.patch
@@ -0,0 +1,166 @@
+#
+# Description: fix arbitrary code execution via integer overflows in tiff2rgba and rgb2ycbcr
+#
+diff -Naur tiff-3.7.4.orig/tools/rgb2ycbcr.c tiff-3.7.4/tools/rgb2ycbcr.c
+--- tiff-3.7.4.orig/tools/rgb2ycbcr.c 2004-09-03 03:57:13.000000000 -0400
++++ tiff-3.7.4/tools/rgb2ycbcr.c 2009-07-13 09:30:34.000000000 -0400
+@@ -202,6 +202,17 @@
+ #undef LumaBlue
+ #undef V2Code
+
++static tsize_t
++multiply(tsize_t m1, tsize_t m2)
++{
++ tsize_t prod = m1 * m2;
++
++ if (m1 && prod / m1 != m2)
++ prod = 0; /* overflow */
++
++ return prod;
++}
++
+ /*
+ * Convert a strip of RGB data to YCbCr and
+ * sample to generate the output data.
+@@ -278,10 +289,19 @@
+ float floatv;
+ char *stringv;
+ uint32 longv;
++ tsize_t raster_size;
+
+ TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width);
+ TIFFGetField(in, TIFFTAG_IMAGELENGTH, &height);
+- raster = (uint32*)_TIFFmalloc(width * height * sizeof (uint32));
++
++ raster_size = multiply(multiply(width, height), sizeof (uint32));
++ if (!raster_size) {
++ TIFFError(TIFFFileName(in),
++ "Can't allocate buffer for raster of size %lux%lu",
++ (unsigned long) width, (unsigned long) height);
++ return (0);
++ }
++ raster = (uint32*)_TIFFmalloc(raster_size);
+ if (raster == 0) {
+ TIFFError(TIFFFileName(in), "No space for raster buffer");
+ return (0);
+diff -Naur tiff-3.7.4.orig/tools/tiff2rgba.c tiff-3.7.4/tools/tiff2rgba.c
+--- tiff-3.7.4.orig/tools/tiff2rgba.c 2004-11-07 06:08:37.000000000 -0500
++++ tiff-3.7.4/tools/tiff2rgba.c 2009-07-13 09:30:34.000000000 -0400
+@@ -124,6 +124,17 @@
+ return (0);
+ }
+
++static tsize_t
++multiply(tsize_t m1, tsize_t m2)
++{
++ tsize_t prod = m1 * m2;
++
++ if (m1 && prod / m1 != m2)
++ prod = 0; /* overflow */
++
++ return prod;
++}
++
+ static int
+ cvt_by_tile( TIFF *in, TIFF *out )
+
+@@ -133,6 +144,7 @@
+ uint32 tile_width, tile_height;
+ uint32 row, col;
+ uint32 *wrk_line;
++ tsize_t raster_size;
+ int ok = 1;
+
+ TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width);
+@@ -150,7 +162,14 @@
+ /*
+ * Allocate tile buffer
+ */
+- raster = (uint32*)_TIFFmalloc(tile_width * tile_height * sizeof (uint32));
++ raster_size = multiply(multiply(tile_width, tile_height), sizeof (uint32));
++ if (!raster_size) {
++ TIFFError(TIFFFileName(in),
++ "Can't allocate buffer for raster of size %lux%lu",
++ (unsigned long) tile_width, (unsigned long) tile_height);
++ return (0);
++ }
++ raster = (uint32*)_TIFFmalloc(raster_size);
+ if (raster == 0) {
+ TIFFError(TIFFFileName(in), "No space for raster buffer");
+ return (0);
+@@ -158,7 +177,7 @@
+
+ /*
+ * Allocate a scanline buffer for swapping during the vertical
+- * mirroring pass.
++ * mirroring pass. (Request can't overflow given prior checks.)
+ */
+ wrk_line = (uint32*)_TIFFmalloc(tile_width * sizeof (uint32));
+ if (!wrk_line) {
+@@ -226,6 +245,7 @@
+ uint32 width, height; /* image width & height */
+ uint32 row;
+ uint32 *wrk_line;
++ tsize_t raster_size;
+ int ok = 1;
+
+ TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width);
+@@ -241,7 +261,14 @@
+ /*
+ * Allocate strip buffer
+ */
+- raster = (uint32*)_TIFFmalloc(width * rowsperstrip * sizeof (uint32));
++ raster_size = multiply(multiply(width, rowsperstrip), sizeof (uint32));
++ if (!raster_size) {
++ TIFFError(TIFFFileName(in),
++ "Can't allocate buffer for raster of size %lux%lu",
++ (unsigned long) width, (unsigned long) rowsperstrip);
++ return (0);
++ }
++ raster = (uint32*)_TIFFmalloc(raster_size);
+ if (raster == 0) {
+ TIFFError(TIFFFileName(in), "No space for raster buffer");
+ return (0);
+@@ -249,7 +276,7 @@
+
+ /*
+ * Allocate a scanline buffer for swapping during the vertical
+- * mirroring pass.
++ * mirroring pass. (Request can't overflow given prior checks.)
+ */
+ wrk_line = (uint32*)_TIFFmalloc(width * sizeof (uint32));
+ if (!wrk_line) {
+@@ -328,14 +355,22 @@
+ uint32* raster; /* retrieve RGBA image */
+ uint32 width, height; /* image width & height */
+ uint32 row;
+-
++ tsize_t raster_size;
++
+ TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width);
+ TIFFGetField(in, TIFFTAG_IMAGELENGTH, &height);
+
+ rowsperstrip = TIFFDefaultStripSize(out, rowsperstrip);
+ TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
+
+- raster = (uint32*)_TIFFmalloc(width * height * sizeof (uint32));
++ raster_size = multiply(multiply(width, height), sizeof (uint32));
++ if (!raster_size) {
++ TIFFError(TIFFFileName(in),
++ "Can't allocate buffer for raster of size %lux%lu",
++ (unsigned long) width, (unsigned long) height);
++ return (0);
++ }
++ raster = (uint32*)_TIFFmalloc(raster_size);
+ if (raster == 0) {
+ TIFFError(TIFFFileName(in), "No space for raster buffer");
+ return (0);
+@@ -353,7 +388,7 @@
+ */
+ if( no_alpha )
+ {
+- int pixel_count = width * height;
++ tsize_t pixel_count = (tsize_t) width * (tsize_t) height;
+ unsigned char *src, *dst;
+
+ src = (unsigned char *) raster;
--- tiff-3.7.4.orig/debian/patches/soname.patch
+++ tiff-3.7.4/debian/patches/soname.patch
@@ -0,0 +1,36 @@
+--- a/libtiff/Makefile.am.qdist 2005-07-12 12:02:04.000000000 -0400
++++ b/libtiff/Makefile.am 2005-10-07 10:32:23.073588096 -0400
+@@ -108,7 +108,7 @@
+ libtiff_la_SOURCES = $(SRCS)
+ libtiff_la_LDFLAGS = \
+ -no-undefined \
+- -version-number $(LIBTIFF_VERSION_INFO)
++ -version-number 4:1:4
+ if HAVE_RPATH
+ libtiff_la_LDFLAGS += $(LIBDIR)
+ endif
+@@ -117,7 +117,7 @@
+ libtiffxx_la_SOURCES = $(SRCSXX)
+ libtiffxx_la_LDFLAGS = \
+ -no-undefined \
+- -version-number $(LIBTIFF_VERSION_INFO)
++ -version-number 0:0:4
+ if HAVE_RPATH
+ libtiffxx_la_LDFLAGS += $(LIBDIR)
+ endif
+--- a/libtiff/Makefile.in.qdist 2005-09-12 12:33:05.000000000 -0400
++++ b/libtiff/Makefile.in 2005-10-07 10:32:44.971259144 -0400
+@@ -344,11 +344,11 @@
+ lib_LTLIBRARIES = libtiff.la $(am__append_2)
+ libtiff_la_SOURCES = $(SRCS)
+ libtiff_la_LDFLAGS = -no-undefined -version-number \
+- $(LIBTIFF_VERSION_INFO) $(am__append_3)
++ 4:1:4 $(am__append_3)
+ libtiff_la_LIBADD = $(LIBPORT)
+ libtiffxx_la_SOURCES = $(SRCSXX)
+ libtiffxx_la_LDFLAGS = -no-undefined -version-number \
+- $(LIBTIFF_VERSION_INFO) $(am__append_4)
++ 0:0:4 $(am__append_4)
+ libtiffxx_la_LIBADD = $(LIBTIFF) $(LIBPORT)
+ libtiffxx_la_DEPENDENCIES = libtiff.la
+ mkg3states_SOURCES = mkg3states.c tif_fax3.h
--- tiff-3.7.4.orig/debian/patches/tiffsplit-fname-overflow.patch
+++ tiff-3.7.4/debian/patches/tiffsplit-fname-overflow.patch
@@ -0,0 +1,20 @@
+diff -ruN tiff-3.7.4-old/tools/tiffsplit.c tiff-3.7.4/tools/tiffsplit.c
+--- tiff-3.7.4-old/tools/tiffsplit.c 2005-05-26 20:38:48.000000000 +0200
++++ tiff-3.7.4/tools/tiffsplit.c 2006-06-01 16:00:11.000000000 +0200
+@@ -60,14 +60,13 @@
+ return (-3);
+ }
+ if (argc > 2)
+- strcpy(fname, argv[2]);
++ snprintf(fname, sizeof(fname), "%s", argv[2]);
+ in = TIFFOpen(argv[1], "r");
+ if (in != NULL) {
+ do {
+ char path[1024+1];
+ newfilename();
+- strcpy(path, fname);
+- strcat(path, ".tif");
++ snprintf(path, sizeof(path), "%s.tif", fname);
+ out = TIFFOpen(path, TIFFIsBigEndian(in)?"wb":"wl");
+ if (out == NULL)
+ return (-2);
--- tiff-3.7.4.orig/debian/patches/z_CVE-2010-2597.patch
+++ tiff-3.7.4/debian/patches/z_CVE-2010-2597.patch
@@ -0,0 +1,21 @@
+Description: fix denial of service via devide-by-zero
+Origin: backport, r1.19.2.3
+Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2215
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/593067
+
+diff -Naur tiff-3.7.4.orig//libtiff/tif_strip.c tiff-3.7.4/libtiff/tif_strip.c
+--- tiff-3.7.4.orig//libtiff/tif_strip.c 2004-10-26 14:18:01.000000000 -0400
++++ tiff-3.7.4/libtiff/tif_strip.c 2011-03-03 15:47:50.000000000 -0500
+@@ -124,9 +124,9 @@
+ uint16 ycbcrsubsampling[2];
+ tsize_t w, scanline, samplingarea;
+
+- TIFFGetField( tif, TIFFTAG_YCBCRSUBSAMPLING,
+- ycbcrsubsampling + 0,
+- ycbcrsubsampling + 1 );
++ TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING,
++ ycbcrsubsampling + 0,
++ ycbcrsubsampling + 1);
+
+ samplingarea = ycbcrsubsampling[0]*ycbcrsubsampling[1];
+ if (samplingarea == 0) {
--- tiff-3.7.4.orig/debian/patches/CVE-2006-3459-3465.patch
+++ tiff-3.7.4/debian/patches/CVE-2006-3459-3465.patch
@@ -0,0 +1,635 @@
+diff -Nur tiff-3.7.4/build-tree/tiff-3.7.4/libtiff/tif_dir.c tiff-3.7.4.new/build-tree/tiff-3.7.4/libtiff/tif_dir.c
+--- tiff-3.7.4/libtiff/tif_dir.c 2005-09-08 10:18:41.000000000 +0200
++++ tiff-3.7.4/libtiff/tif_dir.c 2006-08-02 13:21:13.000000000 +0200
+@@ -40,6 +40,22 @@
+ #define DATATYPE_UINT 2 /* !unsigned integer data */
+ #define DATATYPE_IEEEFP 3 /* !IEEE floating point data */
+
++static char *
++CheckMalloc(TIFF* tif, size_t nmemb, size_t elem_size, const char* what)
++{
++ char *cp = NULL;
++ tsize_t bytes = nmemb * elem_size;
++
++ if (nmemb && elem_size && bytes / elem_size == nmemb)
++ cp = (char*) _TIFFmalloc(bytes);
++
++ if (cp == NULL)
++ TIFFError(tif->tif_name, "No space %s", what);
++
++ return (cp);
++}
++
++
+ static void
+ setByteArray(void** vpp, void* vp, size_t nmemb, size_t elem_size)
+ {
+@@ -122,6 +138,7 @@
+ {
+ static const char module[] = "_TIFFVSetField";
+
++ const TIFFFieldInfo* fip = _TIFFFindFieldInfo(tif, tag, TIFF_ANY);
+ TIFFDirectory* td = &tif->tif_dir;
+ int status = 1;
+ uint32 v32, i, v;
+@@ -196,10 +213,12 @@
+ break;
+ case TIFFTAG_ORIENTATION:
+ v = va_arg(ap, uint32);
++ const TIFFFieldInfo* fip;
+ if (v < ORIENTATION_TOPLEFT || ORIENTATION_LEFTBOT < v) {
++ fip = _TIFFFieldWithTag(tif, tag);
+ TIFFWarning(tif->tif_name,
+ "Bad value %lu for \"%s\" tag ignored",
+- v, _TIFFFieldWithTag(tif, tag)->field_name);
++ v, fip ? fip->field_name : "Unknown");
+ } else
+ td->td_orientation = (uint16) v;
+ break;
+@@ -436,11 +455,15 @@
+ * happens, for example, when tiffcp is used to convert between
+ * compression schemes and codec-specific tags are blindly copied.
+ */
++ /*
++ * better not dereference fip if it is NULL.
++ * -- taviso@google.com 15 Jun 2006
++ */
+ if(fip == NULL || fip->field_bit != FIELD_CUSTOM) {
+ TIFFError(module,
+ "%s: Invalid %stag \"%s\" (not supported by codec)",
+ tif->tif_name, isPseudoTag(tag) ? "pseudo-" : "",
+- _TIFFFieldWithTag(tif, tag)->field_name);
++ fip ? fip->field_name : "Unknown");
+ status = 0;
+ break;
+ }
+@@ -515,7 +538,7 @@
+ if (fip->field_type == TIFF_ASCII)
+ _TIFFsetString((char **)&tv->value, va_arg(ap, char *));
+ else {
+- tv->value = _TIFFmalloc(tv_size * tv->count);
++ tv->value = CheckMalloc(tif, tv_size, tv->count, "Tag Value");
+ if (!tv->value) {
+ status = 0;
+ goto end;
+@@ -592,7 +615,7 @@
+ }
+ }
+ if (status) {
+- TIFFSetFieldBit(tif, _TIFFFieldWithTag(tif, tag)->field_bit);
++ TIFFSetFieldBit(tif, fip->field_bit);
+ tif->tif_flags |= TIFF_DIRTYDIRECT;
+ }
+
+@@ -601,12 +624,12 @@
+ return (status);
+ badvalue:
+ TIFFError(module, "%s: Bad value %d for \"%s\"",
+- tif->tif_name, v, _TIFFFieldWithTag(tif, tag)->field_name);
++ tif->tif_name, v, fip ? fip->field_name : "Unknown");
+ va_end(ap);
+ return (0);
+ badvalue32:
+ TIFFError(module, "%s: Bad value %ld for \"%s\"",
+- tif->tif_name, v32, _TIFFFieldWithTag(tif, tag)->field_name);
++ tif->tif_name, v32, fip ? fip->field_name : "Unknown");
+ va_end(ap);
+ return (0);
+ badvaluedbl:
+@@ -886,12 +909,16 @@
+ * If the client tries to get a tag that is not valid
+ * for the image's codec then we'll arrive here.
+ */
++ /*
++ * dont dereference fip if it's NULL.
++ * -- taviso@google.com 15 Jun 2006
++ */
+ if( fip == NULL || fip->field_bit != FIELD_CUSTOM )
+ {
+ TIFFError("_TIFFVGetField",
+ "%s: Invalid %stag \"%s\" (not supported by codec)",
+ tif->tif_name, isPseudoTag(tag) ? "pseudo-" : "",
+- _TIFFFieldWithTag(tif, tag)->field_name);
++ fip ? fip->field_name : "Unknown");
+ ret_val = 0;
+ break;
+ }
+diff -Nur tiff-3.7.4/build-tree/tiff-3.7.4/libtiff/tif_dirinfo.c tiff-3.7.4.new/build-tree/tiff-3.7.4/libtiff/tif_dirinfo.c
+--- tiff-3.7.4/libtiff/tif_dirinfo.c 2005-07-28 10:49:23.000000000 +0200
++++ tiff-3.7.4/libtiff/tif_dirinfo.c 2006-08-02 13:21:13.000000000 +0200
+@@ -636,7 +636,8 @@
+ TIFFError("TIFFFieldWithTag",
+ "Internal error, unknown tag 0x%x",
+ (unsigned int) tag);
+- assert(fip != NULL);
++ /* assert(fip != NULL); */
++
+ /*NOTREACHED*/
+ }
+ return (fip);
+@@ -650,7 +651,8 @@
+ if (!fip) {
+ TIFFError("TIFFFieldWithName",
+ "Internal error, unknown tag %s", field_name);
+- assert(fip != NULL);
++ /* assert(fip != NULL); */
++
+ /*NOTREACHED*/
+ }
+ return (fip);
+diff -Nur tiff-3.7.4/build-tree/tiff-3.7.4/libtiff/tif_dirread.c tiff-3.7.4.new/build-tree/tiff-3.7.4/libtiff/tif_dirread.c
+--- tiff-3.7.4/libtiff/tif_dirread.c 2006-08-02 13:21:12.000000000 +0200
++++ tiff-3.7.4/libtiff/tif_dirread.c 2006-08-02 13:24:02.000000000 +0200
+@@ -84,6 +84,7 @@
+ toff_t nextdiroff;
+ char* cp;
+ int diroutoforderwarning = 0;
++ int compressionknown = 0;
+ toff_t* new_dirlist;
+
+ tif->tif_diroff = tif->tif_nextdiroff;
+@@ -151,11 +152,17 @@
+ } else {
+ toff_t off = tif->tif_diroff;
+
+- if (off + sizeof (uint16) > tif->tif_size) {
+- TIFFError(module,
+- "%s: Can not read TIFF directory count",
+- tif->tif_name);
+- return (0);
++ /*
++ * Check for integer overflow when validating the dir_off, otherwise
++ * a very high offset may cause an OOB read and crash the client.
++ * -- taviso@google.com, 14 Jun 2006.
++ */
++ if (off + sizeof (uint16) > tif->tif_size ||
++ off + sizeof (uint16) < off) {
++ TIFFError(module,
++ "%s: Can not read TIFF directory count",
++ tif->tif_name);
++ return (0);
+ } else
+ _TIFFmemcpy(&dircount, tif->tif_base + off, sizeof (uint16));
+ off += sizeof (uint16);
+@@ -264,12 +271,17 @@
+ "%s: unknown field with tag %d (0x%x) encountered",
+ tif->tif_name, dp->tdir_tag, dp->tdir_tag,
+ dp->tdir_type);
+-
+- TIFFMergeFieldInfo( tif,
+- _TIFFCreateAnonFieldInfo( tif,
+- dp->tdir_tag,
+- (TIFFDataType) dp->tdir_type ),
+- 1 );
++ /*
++ * creating anonymous fields prior to knowing the compression
++ * algorithm (ie, when the field info has been merged) could cause
++ * crashes with pathological directories.
++ * -- taviso@google.com 15 Jun 2006
++ */
++ if (compressionknown)
++ TIFFMergeFieldInfo(tif, _TIFFCreateAnonFieldInfo(tif, dp->tdir_tag,
++ (TIFFDataType) dp->tdir_type), 1 );
++ else goto ignore;
++
+ fix = 0;
+ while (fix < tif->tif_nfields &&
+ tif->tif_fieldinfo[fix]->field_tag < dp->tdir_tag)
+@@ -326,6 +338,7 @@
+ dp->tdir_type, dp->tdir_offset);
+ if (!TIFFSetField(tif, dp->tdir_tag, (uint16)v))
+ goto bad;
++ else compressionknown++;
+ break;
+ /* XXX: workaround for broken TIFFs */
+ } else if (dp->tdir_type == TIFF_LONG) {
+@@ -533,6 +546,7 @@
+ * Attempt to deal with a missing StripByteCounts tag.
+ */
+ if (!TIFFFieldSet(tif, FIELD_STRIPBYTECOUNTS)) {
++ const TIFFFieldInfo* fip = _TIFFFieldWithTag(tif, TIFFTAG_STRIPBYTECOUNTS);
+ /*
+ * Some manufacturers violate the spec by not giving
+ * the size of the strips. In this case, assume there
+@@ -549,7 +563,7 @@
+ "%s: TIFF directory is missing required "
+ "\"%s\" field, calculating from imagelength",
+ tif->tif_name,
+- _TIFFFieldWithTag(tif,TIFFTAG_STRIPBYTECOUNTS)->field_name);
++ fip ? fip->field_name : "Unknown");
+ if (EstimateStripByteCounts(tif, dir, dircount) < 0)
+ goto bad;
+ /*
+@@ -573,6 +587,7 @@
+ } else if (td->td_nstrips == 1
+ && td->td_stripoffset[0] != 0
+ && BYTECOUNTLOOKSBAD) {
++ const TIFFFieldInfo* fip = _TIFFFieldWithTag(tif, TIFFTAG_STRIPBYTECOUNTS);
+ /*
+ * Plexus (and others) sometimes give a value
+ * of zero for a tag when they don't know what
+@@ -583,7 +598,7 @@
+ TIFFWarning(module,
+ "%s: Bogus \"%s\" field, ignoring and calculating from imagelength",
+ tif->tif_name,
+- _TIFFFieldWithTag(tif,TIFFTAG_STRIPBYTECOUNTS)->field_name);
++ fip ? fip->field_name : "Unknown");
+ if(EstimateStripByteCounts(tif, dir, dircount) < 0)
+ goto bad;
+ }
+@@ -682,7 +697,13 @@
+
+ register TIFFDirEntry *dp;
+ register TIFFDirectory *td = &tif->tif_dir;
+- uint16 i;
++
++ /* i is used to iterate over td->td_nstrips, so must be
++ * at least the same width.
++ * -- taviso@google.com 15 Jun 2006
++ */
++
++ uint32 i;
+
+ if (td->td_stripbytecount)
+ _TIFFfree(td->td_stripbytecount);
+@@ -759,16 +780,18 @@
+ static int
+ CheckDirCount(TIFF* tif, TIFFDirEntry* dir, uint32 count)
+ {
++ const TIFFFieldInfo* fip = _TIFFFieldWithTag(tif, dir->tdir_tag);
++
+ if (count > dir->tdir_count) {
+ TIFFWarning(tif->tif_name,
+ "incorrect count for field \"%s\" (%lu, expecting %lu); tag ignored",
+- _TIFFFieldWithTag(tif, dir->tdir_tag)->field_name,
++ fip ? fip->field_name : "Unknown",
+ dir->tdir_count, count);
+ return (0);
+ } else if (count < dir->tdir_count) {
+ TIFFWarning(tif->tif_name,
+ "incorrect count for field \"%s\" (%lu, expecting %lu); tag trimmed",
+- _TIFFFieldWithTag(tif, dir->tdir_tag)->field_name,
++ fip ? fip->field_name : "Unknown",
+ dir->tdir_count, count);
+ return (1);
+ }
+@@ -782,6 +805,7 @@
+ TIFFFetchData(TIFF* tif, TIFFDirEntry* dir, char* cp)
+ {
+ int w = TIFFDataWidth((TIFFDataType) dir->tdir_type);
++ const TIFFFieldInfo* fip = _TIFFFieldWithTag(tif, dir->tdir_tag);
+ tsize_t cc = dir->tdir_count * w;
+
+ /* Check for overflow. */
+@@ -824,7 +848,7 @@
+ return (cc);
+ bad:
+ TIFFError(tif->tif_name, "Error fetching data for field \"%s\"",
+- _TIFFFieldWithTag(tif, dir->tdir_tag)->field_name);
++ fip ? fip->field_name : "Unknown");
+ return ((tsize_t) 0);
+ }
+
+@@ -850,10 +874,12 @@
+ static int
+ cvtRational(TIFF* tif, TIFFDirEntry* dir, uint32 num, uint32 denom, float* rv)
+ {
++ const TIFFFieldInfo* fip;
+ if (denom == 0) {
++ fip = _TIFFFieldWithTag(tif, dir->tdir_tag);
+ TIFFError(tif->tif_name,
+ "%s: Rational with zero denominator (num = %lu)",
+- _TIFFFieldWithTag(tif, dir->tdir_tag)->field_name, num);
++ fip ? fip->field_name : "Unknown", num);
+ return (0);
+ } else {
+ if (dir->tdir_type == TIFF_RATIONAL)
+@@ -1077,6 +1103,20 @@
+ {
+ int i;
+
++ /*
++ * Prevent overflowing the v stack arrays below by performing a sanity
++ * check on tdir_count, this should never be greater than two.
++ * -- taviso@google.com 14 Jun 2006.
++ */
++ if (dir->tdir_count > 2) {
++ const TIFFFieldInfo* fip = _TIFFFieldWithTag(tif, dir->tdir_tag);
++ TIFFWarning(tif->tif_name,
++ "unexpected count for field \"%s\", %lu, expected 2; ignored.",
++ fip ? fip->field_name : "Unknown",
++ dir->tdir_count);
++ return 0;
++ }
++
+ switch (dir->tdir_type) {
+ case TIFF_BYTE:
+ case TIFF_SBYTE:
+@@ -1140,14 +1180,15 @@
+ case TIFF_DOUBLE:
+ return (TIFFFetchDoubleArray(tif, dir, (double*) v));
+ default:
++ { const TIFFFieldInfo* fip = _TIFFFieldWithTag(tif, dir->tdir_tag);
+ /* TIFF_NOTYPE */
+ /* TIFF_ASCII */
+ /* TIFF_UNDEFINED */
+ TIFFError(tif->tif_name,
+ "cannot read TIFF_ANY type %d for field \"%s\"",
+ dir->tdir_type,
+- _TIFFFieldWithTag(tif, dir->tdir_tag)->field_name);
+- return (0);
++ fip ? fip->field_name : "Unknown");
++ return (0); }
+ }
+ return (1);
+ }
+@@ -1162,6 +1203,9 @@
+ int ok = 0;
+ const TIFFFieldInfo* fip = _TIFFFieldWithTag(tif, dp->tdir_tag);
+
++ if (fip == NULL) {
++ return (0);
++ }
+ if (dp->tdir_count > 1) { /* array of values */
+ char* cp = NULL;
+
+@@ -1303,6 +1347,7 @@
+ TIFFFetchPerSampleShorts(TIFF* tif, TIFFDirEntry* dir, uint16* pl)
+ {
+ uint16 samples = tif->tif_dir.td_samplesperpixel;
++ const TIFFFieldInfo* fip;
+ int status = 0;
+
+ if (CheckDirCount(tif, dir, (uint32) samples)) {
+@@ -1320,9 +1365,10 @@
+
+ for (i = 1; i < check_count; i++)
+ if (v[i] != v[0]) {
++ fip = _TIFFFieldWithTag(tif, dir->tdir_tag);
+ TIFFError(tif->tif_name,
+ "Cannot handle different per-sample values for field \"%s\"",
+- _TIFFFieldWithTag(tif, dir->tdir_tag)->field_name);
++ fip ? fip->field_name : "Unknown");
+ goto bad;
+ }
+ *pl = v[0];
+@@ -1344,6 +1390,7 @@
+ TIFFFetchPerSampleLongs(TIFF* tif, TIFFDirEntry* dir, uint32* pl)
+ {
+ uint16 samples = tif->tif_dir.td_samplesperpixel;
++ const TIFFFieldInfo* fip;
+ int status = 0;
+
+ if (CheckDirCount(tif, dir, (uint32) samples)) {
+@@ -1361,9 +1408,10 @@
+ check_count = samples;
+ for (i = 1; i < check_count; i++)
+ if (v[i] != v[0]) {
++ fip = _TIFFFieldWithTag(tif, dir->tdir_tag);
+ TIFFError(tif->tif_name,
+ "Cannot handle different per-sample values for field \"%s\"",
+- _TIFFFieldWithTag(tif, dir->tdir_tag)->field_name);
++ fip ? fip->field_name : "Unknown");
+ goto bad;
+ }
+ *pl = v[0];
+@@ -1385,6 +1433,7 @@
+ TIFFFetchPerSampleAnys(TIFF* tif, TIFFDirEntry* dir, double* pl)
+ {
+ uint16 samples = tif->tif_dir.td_samplesperpixel;
++ const TIFFFieldInfo* fip;
+ int status = 0;
+
+ if (CheckDirCount(tif, dir, (uint32) samples)) {
+@@ -1402,9 +1451,10 @@
+
+ for (i = 1; i < check_count; i++)
+ if (v[i] != v[0]) {
++ fip = _TIFFFieldWithTag(tif, dir->tdir_tag);
+ TIFFError(tif->tif_name,
+ "Cannot handle different per-sample values for field \"%s\"",
+- _TIFFFieldWithTag(tif, dir->tdir_tag)->field_name);
++ fip ? fip->field_name : "Unknown");
+ goto bad;
+ }
+ *pl = v[0];
+diff -Nur tiff-3.7.4/build-tree/tiff-3.7.4/libtiff/tif_fax3.c tiff-3.7.4.new/build-tree/tiff-3.7.4/libtiff/tif_fax3.c
+--- tiff-3.7.4/libtiff/tif_fax3.c 2006-08-02 13:21:12.000000000 +0200
++++ tiff-3.7.4/libtiff/tif_fax3.c 2006-08-02 13:21:13.000000000 +0200
+@@ -1122,6 +1122,7 @@
+ Fax3VSetField(TIFF* tif, ttag_t tag, va_list ap)
+ {
+ Fax3BaseState* sp = Fax3State(tif);
++ const TIFFFieldInfo* fip;
+
+ assert(sp != 0);
+ assert(sp->vsetparent != 0);
+@@ -1167,7 +1168,13 @@
+ default:
+ return (*sp->vsetparent)(tif, tag, ap);
+ }
+- TIFFSetFieldBit(tif, _TIFFFieldWithTag(tif, tag)->field_bit);
++
++ if ((fip = _TIFFFieldWithTag(tif, tag))) {
++ TIFFSetFieldBit(tif, fip->field_bit);
++ } else {
++ return (0);
++ }
++
+ tif->tif_flags |= TIFF_DIRTYDIRECT;
+ return (1);
+ }
+diff -Nur tiff-3.7.4/build-tree/tiff-3.7.4/libtiff/tif_jpeg.c tiff-3.7.4.new/build-tree/tiff-3.7.4/libtiff/tif_jpeg.c
+--- tiff-3.7.4/libtiff/tif_jpeg.c 2006-08-02 13:21:12.000000000 +0200
++++ tiff-3.7.4/libtiff/tif_jpeg.c 2006-08-02 13:26:09.000000000 +0200
+@@ -710,15 +710,31 @@
+ segment_width = TIFFhowmany(segment_width, sp->h_sampling);
+ segment_height = TIFFhowmany(segment_height, sp->v_sampling);
+ }
+- if (sp->cinfo.d.image_width != segment_width ||
+- sp->cinfo.d.image_height != segment_height) {
++ if (sp->cinfo.d.image_width < segment_width ||
++ sp->cinfo.d.image_height < segment_height) {
+ TIFFWarning(module,
+ "Improper JPEG strip/tile size, expected %dx%d, got %dx%d",
+ segment_width,
+ segment_height,
+ sp->cinfo.d.image_width,
+ sp->cinfo.d.image_height);
++ }
++
++ if (sp->cinfo.d.image_width > segment_width ||
++ sp->cinfo.d.image_height > segment_height) {
++ /*
++ * This case could be dangerous, if the strip or tile size has been
++ * reported as less than the amount of data jpeg will return, some
++ * potential security issues arise. Catch this case and error out.
++ * -- taviso@google.com 14 Jun 2006
++ */
++ TIFFError(module,
++ "JPEG strip/tile size exceeds expected dimensions,"
++ "expected %dx%d, got %dx%d", segment_width, segment_height,
++ sp->cinfo.d.image_width, sp->cinfo.d.image_height);
++ return (0);
+ }
++
+ if (sp->cinfo.d.num_components !=
+ (td->td_planarconfig == PLANARCONFIG_CONTIG ?
+ td->td_samplesperpixel : 1)) {
+@@ -749,6 +765,22 @@
+ sp->cinfo.d.comp_info[0].v_samp_factor,
+ sp->h_sampling, sp->v_sampling);
+
++ /*
++ * There are potential security issues here for decoders that
++ * have already allocated buffers based on the expected sampling
++ * factors. Lets check the sampling factors dont exceed what
++ * we were expecting.
++ * -- taviso@google.com 14 June 2006
++ */
++ if (sp->cinfo.d.comp_info[0].h_samp_factor > sp->h_sampling ||
++ sp->cinfo.d.comp_info[0].v_samp_factor > sp->v_sampling) {
++ TIFFError(module,
++ "Cannot honour JPEG sampling factors that"
++ " exceed those specified.");
++ return (0);
++ }
++
++
+ /*
+ * XXX: Files written by the Intergraph software
+ * has different sampling factors stored in the
+@@ -1502,15 +1534,17 @@
+ {
+ JPEGState *sp = JState(tif);
+
+- assert(sp != 0);
++ /* assert(sp != 0); */
+
+ tif->tif_tagmethods.vgetfield = sp->vgetparent;
+ tif->tif_tagmethods.vsetfield = sp->vsetparent;
+
++ if (sp != NULL) {
+ if( sp->cinfo_initialized )
+ TIFFjpeg_destroy(sp); /* release libjpeg resources */
+ if (sp->jpegtables) /* tag value */
+ _TIFFfree(sp->jpegtables);
++ }
+ _TIFFfree(tif->tif_data); /* release local state */
+ tif->tif_data = NULL;
+ }
+@@ -1520,6 +1554,7 @@
+ {
+ JPEGState* sp = JState(tif);
+ TIFFDirectory* td = &tif->tif_dir;
++ const TIFFFieldInfo* fip;
+ uint32 v32;
+
+ assert(sp != NULL);
+@@ -1585,7 +1620,13 @@
+ default:
+ return (*sp->vsetparent)(tif, tag, ap);
+ }
+- TIFFSetFieldBit(tif, _TIFFFieldWithTag(tif, tag)->field_bit);
++
++ if ((fip = _TIFFFieldWithTag(tif, tag))) {
++ TIFFSetFieldBit(tif, fip->field_bit);
++ } else {
++ return (0);
++ }
++
+ tif->tif_flags |= TIFF_DIRTYDIRECT;
+ return (1);
+ }
+@@ -1705,7 +1746,11 @@
+ {
+ JPEGState* sp = JState(tif);
+
+- assert(sp != NULL);
++ /* assert(sp != NULL); */
++ if (sp == NULL) {
++ TIFFWarning("JPEGPrintDir", "Unknown JPEGState");
++ return;
++ }
+
+ (void) flags;
+ if (TIFFFieldSet(tif,FIELD_JPEGTABLES))
+diff -Nur tiff-3.7.4/build-tree/tiff-3.7.4/libtiff/tif_next.c tiff-3.7.4.new/build-tree/tiff-3.7.4/libtiff/tif_next.c
+--- tiff-3.7.4/libtiff/tif_next.c 2004-11-07 12:08:36.000000000 +0100
++++ tiff-3.7.4/libtiff/tif_next.c 2006-08-02 13:21:13.000000000 +0200
+@@ -105,11 +105,16 @@
+ * as codes of the form
+ * until we've filled the scanline.
+ */
++ /*
++ * Ensure the run does not exceed the scanline
++ * bounds, potentially resulting in a security issue.
++ * -- taviso@google.com 14 Jun 2006.
++ */
+ op = row;
+ for (;;) {
+ grey = (n>>6) & 0x3;
+ n &= 0x3f;
+- while (n-- > 0)
++ while (n-- > 0 && npixels < scanline)
+ SETPIXEL(op, grey);
+ if (npixels >= (int) imagewidth)
+ break;
+diff -Nur tiff-3.7.4/build-tree/tiff-3.7.4/libtiff/tif_pixarlog.c tiff-3.7.4.new/build-tree/tiff-3.7.4/libtiff/tif_pixarlog.c
+--- tiff-3.7.4/libtiff/tif_pixarlog.c 2006-08-02 13:21:12.000000000 +0200
++++ tiff-3.7.4/libtiff/tif_pixarlog.c 2006-08-02 13:21:13.000000000 +0200
+@@ -768,7 +768,19 @@
+ if (tif->tif_flags & TIFF_SWAB)
+ TIFFSwabArrayOfShort(up, nsamples);
+
+- for (i = 0; i < nsamples; i += llen, up += llen) {
++ /*
++ * if llen is not an exact multiple of nsamples, the decode operation
++ * may overflow the output buffer, so truncate it enough to prevent that
++ * but still salvage as much data as possible.
++ * -- taviso@google.com 14th June 2006
++ */
++ if (nsamples % llen)
++ TIFFWarning(module,
++ "%s: stride %lu is not a multiple of sample count, "
++ "%lu, data truncated.", tif->tif_name, llen, nsamples);
++
++
++ for (i = 0; i < nsamples - (nsamples % llen); i += llen, up += llen) {
+ switch (sp->user_datafmt) {
+ case PIXARLOGDATAFMT_FLOAT:
+ horizontalAccumulateF(up, llen, sp->stride,
+diff -Nur tiff-3.7.4/build-tree/tiff-3.7.4/libtiff/tif_read.c tiff-3.7.4.new/build-tree/tiff-3.7.4/libtiff/tif_read.c
+--- tiff-3.7.4/libtiff/tif_read.c 2005-04-15 19:13:34.000000000 +0200
++++ tiff-3.7.4/libtiff/tif_read.c 2006-08-02 13:21:13.000000000 +0200
+@@ -272,7 +272,13 @@
+ if ((tif->tif_flags & TIFF_MYBUFFER) && tif->tif_rawdata)
+ _TIFFfree(tif->tif_rawdata);
+ tif->tif_flags &= ~TIFF_MYBUFFER;
+- if ( td->td_stripoffset[strip] + bytecount > tif->tif_size) {
++ /*
++ * This sanity check could potentially overflow, causing an OOB read.
++ * verify that offset + bytecount is > offset.
++ * -- taviso@google.com 14 Jun 2006
++ */
++ if ( td->td_stripoffset[strip] + bytecount > tif->tif_size ||
++ (td->td_stripoffset[strip] + bytecount) < td->td_stripoffset[strip]) {
+ /*
+ * This error message might seem strange, but it's
+ * what would happen if a read were done instead.
+@@ -470,7 +476,14 @@
+ if ((tif->tif_flags & TIFF_MYBUFFER) && tif->tif_rawdata)
+ _TIFFfree(tif->tif_rawdata);
+ tif->tif_flags &= ~TIFF_MYBUFFER;
+- if ( td->td_stripoffset[tile] + bytecount > tif->tif_size) {
++ /*
++ * We must check this calculation doesnt overflow, potentially
++ * causing an OOB read.
++ * -- taviso@google.com 15 Jun 2006
++ */
++ if ( td->td_stripoffset[tile] + bytecount > tif->tif_size ||
++ (td->td_stripoffset[tile] + bytecount) <
++ td->td_stripoffset[tile]) {
+ tif->tif_curtile = NOTILE;
+ return (0);
+ }
--- tiff-3.7.4.orig/debian/patches/CVE-2009-2285.patch
+++ tiff-3.7.4/debian/patches/CVE-2009-2285.patch
@@ -0,0 +1,29 @@
+#
+# Description: fix denial of service via buffer underflow in the LZWDecodeCompat function
+# Ubuntu: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149
+# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534137
+# Upstream: http://bugzilla.maptools.org/show_bug.cgi?id=2065
+# Upstream: http://bugzilla.maptools.org/show_bug.cgi?id=1985
+# Patch: http://bugzilla.maptools.org/attachment.cgi?id=279
+#
+diff -Naur tiff-3.7.4.orig/libtiff/tif_lzw.c tiff-3.7.4/libtiff/tif_lzw.c
+--- tiff-3.7.4.orig/libtiff/tif_lzw.c 2009-07-03 15:16:44.000000000 -0400
++++ tiff-3.7.4/libtiff/tif_lzw.c 2009-07-03 15:19:14.000000000 -0400
+@@ -422,7 +422,7 @@
+ NextCode(tif, sp, bp, code, GetNextCode);
+ if (code == CODE_EOI)
+ break;
+- if (code == CODE_CLEAR) {
++ if (code >= CODE_CLEAR) {
+ TIFFError(tif->tif_name,
+ "LZWDecode: Corrupted LZW table at scanline %d",
+ tif->tif_row);
+@@ -626,7 +626,7 @@
+ NextCode(tif, sp, bp, code, GetNextCodeCompat);
+ if (code == CODE_EOI)
+ break;
+- if (code == CODE_CLEAR) {
++ if (code >= CODE_CLEAR) {
+ TIFFError(tif->tif_name,
+ "LZWDecode: Corrupted LZW table at scanline %d",
+ tif->tif_row);
--- tiff-3.7.4.orig/debian/libtiff-tools.lintian
+++ tiff-3.7.4/debian/libtiff-tools.lintian
@@ -0,0 +1,5 @@
+#
+# The synopsis line starts with a capital letter because of the TIFF
+# acronym, not because it contains a sentence.
+#
+libtiff-tools: description-synopsis-starts-with-a-capital-letter
--- tiff-3.7.4.orig/debian/libtiffxx0c2.shlibs
+++ tiff-3.7.4/debian/libtiffxx0c2.shlibs
@@ -0,0 +1 @@
+libtiffxx 0 libtiffxx0c2
--- tiff-3.7.4.orig/debian/libtiff4-dev.doc-base
+++ tiff-3.7.4/debian/libtiff4-dev.doc-base
@@ -0,0 +1,9 @@
+Document: libtiff4-dev
+Title: TIFF Software
+Author: Sam Leffler
+Abstract: Support for the Tag Image File Format (TIFF) for storing image data.
+Section: Apps/Graphics
+
+Format: HTML
+Index: /usr/share/doc/libtiff4/html/index.html
+Files: /usr/share/doc/libtiff4/html/*.html
--- tiff-3.7.4.orig/debian/README.Debian
+++ tiff-3.7.4/debian/README.Debian
@@ -0,0 +1,23 @@
+libtiff for Debian
++----------------+
+
+This version of libtiff is installed with a different shared library
+soname from the upstream version. This is because an accidental
+change to the library's ABI was introduced somewhere between 3.5.7 and
+3.6.1. There are no source-level incompatibilities between 3.5.7 and
+the current version, so any application that worked with 3.5.7 should
+work fine when recompiled with the libtiff4 packages.
+
+libtiff version 3.7.1 introduced an experimental and somewhat volatile
+C++ interface. To use it, you must link against -ltiffxx. Please
+note that the API and ABI of the C++ library may be unstable for a
+while.
+
+Example tiff files are available:
+
+ ftp://ftp.remotesensing.org/pub/libtiff/pics-.tar.gz
+
+These files may be useful for people testing software to make sure it
+can work with a wide variety of tiff files.
+
+ -- Jay Berkenbilt , Sat Jul 9 12:23:38 2005
--- tiff-3.7.4.orig/debian/libtiff4.shlibs
+++ tiff-3.7.4/debian/libtiff4.shlibs
@@ -0,0 +1 @@
+libtiff 4 libtiff4
--- tiff-3.7.4.orig/debian/libtiff-opengl.lintian
+++ tiff-3.7.4/debian/libtiff-opengl.lintian
@@ -0,0 +1,5 @@
+#
+# The synopsis line starts with a capital letter because of the TIFF
+# acronym, not because it contains a sentence.
+#
+libtiff-opengl: description-synopsis-starts-with-a-capital-letter
--- tiff-3.7.4.orig/tiff-3.7.4.tar.gz.cdbs-config_list
+++ tiff-3.7.4/tiff-3.7.4.tar.gz.cdbs-config_list
@@ -0,0 +1,2 @@
+tiff-3.7.4/config/config.guess
+tiff-3.7.4/config/config.sub