* libtiff 4.0.7 released.Release-v4-0-7

* configure.ac: Update for 4.0.7 release.

11 files changed, 45 insertions, 27 deletions

diff --git a/ChangeLog b/ChangeLog
index fcbd3804..9b9d397d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2016-11-19  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
 
+	* libtiff 4.0.7 released.
+
+	* configure.ac: Update for 4.0.7 release.
+
 	* tools/tiffdump.c (ReadDirectory): Remove uint32 cast to
 	_TIFFmalloc() argument which resulted in Coverity report.  Added
 	more mutiplication overflow checks.
diff --git a/Makefile.in b/Makefile.in
index 301a2685..c9c0645f 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -222,8 +222,8 @@ am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/libtiff-4.pc.in \
 	$(top_srcdir)/config/missing \
 	$(top_srcdir)/config/mkinstalldirs ChangeLog README TODO \
 	config/compile config/config.guess config/config.sub \
-	config/install-sh config/ltmain.sh config/missing \
-	config/mkinstalldirs
+	config/depcomp config/install-sh config/ltmain.sh \
+	config/missing config/mkinstalldirs
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 distdir = $(PACKAGE)-$(VERSION)
 top_distdir = $(distdir)
diff --git a/RELEASE-DATE b/RELEASE-DATE
index ae758a75..fb9e3f6c 100644
--- a/RELEASE-DATE
+++ b/RELEASE-DATE
@@ -1 +1 @@
-20150912
+20161119
diff --git a/VERSION b/VERSION
index d13e837c..43beb400 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-4.0.6
+4.0.7
diff --git a/configure b/configure
index 560cf732..db236949 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for LibTIFF Software 4.0.6.
+# Generated by GNU Autoconf 2.69 for LibTIFF Software 4.0.7.
 #
 # Report bugs to <tiff@lists.maptools.org>.
 #
@@ -590,8 +590,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='LibTIFF Software'
 PACKAGE_TARNAME='tiff'
-PACKAGE_VERSION='4.0.6'
-PACKAGE_STRING='LibTIFF Software 4.0.6'
+PACKAGE_VERSION='4.0.7'
+PACKAGE_STRING='LibTIFF Software 4.0.7'
 PACKAGE_BUGREPORT='tiff@lists.maptools.org'
 PACKAGE_URL=''
 
@@ -1408,7 +1408,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures LibTIFF Software 4.0.6 to adapt to many kinds of systems.
+\`configure' configures LibTIFF Software 4.0.7 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1482,7 +1482,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of LibTIFF Software 4.0.6:";;
+     short | recursive ) echo "Configuration of LibTIFF Software 4.0.7:";;
    esac
   cat <<\_ACEOF
 
@@ -1668,7 +1668,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-LibTIFF Software configure 4.0.6
+LibTIFF Software configure 4.0.7
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2441,7 +2441,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by LibTIFF Software $as_me 4.0.6, which was
+It was created by LibTIFF Software $as_me 4.0.7, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -3384,7 +3384,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='tiff'
- VERSION='4.0.6'
+ VERSION='4.0.7'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -3588,13 +3588,13 @@ fi
 
 LIBTIFF_MAJOR_VERSION=4
 LIBTIFF_MINOR_VERSION=0
-LIBTIFF_MICRO_VERSION=6
+LIBTIFF_MICRO_VERSION=7
 LIBTIFF_ALPHA_VERSION=
 LIBTIFF_VERSION=$LIBTIFF_MAJOR_VERSION.$LIBTIFF_MINOR_VERSION.$LIBTIFF_MICRO_VERSION$LIBTIFF_ALPHA_VERSION
 LIBTIFF_RELEASE_DATE=`date +"%Y%m%d"`
 
 LIBTIFF_CURRENT=7
-LIBTIFF_REVISION=4
+LIBTIFF_REVISION=5
 LIBTIFF_AGE=2
 LIBTIFF_VERSION_INFO=$LIBTIFF_CURRENT:$LIBTIFF_REVISION:$LIBTIFF_AGE
 
@@ -21500,7 +21500,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by LibTIFF Software $as_me 4.0.6, which was
+This file was extended by LibTIFF Software $as_me 4.0.7, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -21566,7 +21566,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-LibTIFF Software config.status 4.0.6
+LibTIFF Software config.status 4.0.7
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff --git a/configure.ac b/configure.ac
index 33ffb0dc..23d543cf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -25,7 +25,7 @@ dnl OF THIS SOFTWARE.
 dnl Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.64)
-AC_INIT([LibTIFF Software],[4.0.6],[tiff@lists.maptools.org],[tiff])
+AC_INIT([LibTIFF Software],[4.0.7],[tiff@lists.maptools.org],[tiff])
 AC_CONFIG_AUX_DIR(config)
 AC_CONFIG_MACRO_DIR(m4)
 AC_LANG(C)
@@ -41,7 +41,7 @@ dnl Versioning.
 dnl Don't fill the ALPHA_VERSION field, if not applicable.
 LIBTIFF_MAJOR_VERSION=4
 LIBTIFF_MINOR_VERSION=0
-LIBTIFF_MICRO_VERSION=6
+LIBTIFF_MICRO_VERSION=7
 LIBTIFF_ALPHA_VERSION=
 LIBTIFF_VERSION=$LIBTIFF_MAJOR_VERSION.$LIBTIFF_MINOR_VERSION.$LIBTIFF_MICRO_VERSION$LIBTIFF_ALPHA_VERSION
 dnl This will be used with the 'make release' target
@@ -77,7 +77,7 @@ dnl     increment age.
 dnl  6. If any interfaces have been removed since the last public release,
 dnl     then set age to 0.                                
 LIBTIFF_CURRENT=7
-LIBTIFF_REVISION=4
+LIBTIFF_REVISION=5
 LIBTIFF_AGE=2
 LIBTIFF_VERSION_INFO=$LIBTIFF_CURRENT:$LIBTIFF_REVISION:$LIBTIFF_AGE
 
diff --git a/html/Makefile.am b/html/Makefile.am
index 07f4f873..01549ba2 100644
--- a/html/Makefile.am
+++ b/html/Makefile.am
@@ -83,7 +83,8 @@ docfiles = \
 	v4.0.4beta.html \
 	v4.0.4.html \
 	v4.0.5.html \
-	v4.0.6.html
+	v4.0.6.html \
+	v4.0.7.html
 
 dist_doc_DATA = $(docfiles)
 
diff --git a/html/Makefile.in b/html/Makefile.in
index 57c464cd..3cb22e6d 100644
--- a/html/Makefile.in
+++ b/html/Makefile.in
@@ -446,7 +446,8 @@ docfiles = \
 	v4.0.4beta.html \
 	v4.0.4.html \
 	v4.0.5.html \
-	v4.0.6.html
+	v4.0.6.html \
+	v4.0.7.html
 
 dist_doc_DATA = $(docfiles)
 SUBDIRS = images man
diff --git a/html/index.html b/html/index.html
index f237396b..d1375191 100644
--- a/html/index.html
+++ b/html/index.html
@@ -24,7 +24,7 @@
     </tr>
     <tr>
       <th>Latest Stable Release</th>
-      <td><a href="v4.0.6.html">v4.0.6</a></td>
+      <td><a href="v4.0.7.html">v4.0.7</a></td>
     </tr>
     <tr>
       <th>Master Download Site</th>
@@ -114,7 +114,7 @@
   </ul>
   <hr>
   <p>
-    Last updated  $Date: 2016-09-25 20:05:44 $.
+    Last updated  $Date: 2016-11-19 17:47:40 $.
   </p>
 </body>
 </html>
diff --git a/html/v4.0.7.html b/html/v4.0.7.html
index 8c426564..e29e8d53 100644
--- a/html/v4.0.7.html
+++ b/html/v4.0.7.html
@@ -78,6 +78,15 @@ information is located here:
 
 <UL>
 
+    <LI> libtiff/tif_dirread.c: in TIFFFetchNormalTag(), do not
+        dereference NULL pointer when values of tags with
+        TIFF_SETGET_C16_ASCII / TIFF_SETGET_C32_ASCII access are
+        0-byte arrays.  Fixes
+        http://bugzilla.maptools.org/show_bug.cgi?id=2593 (regression
+        introduced by previous fix done on 2016-11-11 for
+        CVE-2016-9297).  Reported by Henri Salo. Assigned as
+        CVE-2016-9448
+
     <LI> libtiff/tif_aux.c: fix crash in TIFFVGetFieldDefaulted() when
         requesting Predictor tag and that the zip/lzw codec is not
         configured.  Fixes
@@ -362,7 +371,6 @@ information is located here:
         libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro (bugzilla
         #2543)
 
-
     <LI> tools/tiff2rgba.c: Fix integer overflow in size of allocated
         buffer, when -b mode is enabled, that could result in
         out-of-bounds write. Based initially on patch
@@ -379,6 +387,10 @@ information is located here:
     <LI> tools/tiffdump.c: fix a few misaligned 64-bit reads warned by
         -fsanitize
 
+    <LI> tools/tiffdump.c (ReadDirectory): Remove uint32 cast to
+        _TIFFmalloc() argument which resulted in Coverity report.
+        Added more mutiplication overflow checks.
+
 </UL>
 
 <P><HR WIDTH=65% ALIGN=left>
@@ -393,7 +405,7 @@ information is located here:
 
 </UL>
 
-Last updated $Date: 2016-11-12 21:43:44 $.
+Last updated $Date: 2016-11-19 17:47:40 $.
 
 </BODY>
 </HTML>
diff --git a/libtiff/tiffvers.h b/libtiff/tiffvers.h
index e965814b..fe55c726 100644
--- a/libtiff/tiffvers.h
+++ b/libtiff/tiffvers.h
@@ -1,4 +1,4 @@
-#define TIFFLIB_VERSION_STR "LIBTIFF, Version 4.0.6\nCopyright (c) 1988-1996 Sam Leffler\nCopyright (c) 1991-1996 Silicon Graphics, Inc."
+#define TIFFLIB_VERSION_STR "LIBTIFF, Version 4.0.7\nCopyright (c) 1988-1996 Sam Leffler\nCopyright (c) 1991-1996 Silicon Graphics, Inc."
 /*
  * This define can be used in code that requires
  * compilation-related definitions specific to a
@@ -6,4 +6,4 @@
  * version checking should be done based on the
  * string returned by TIFFGetVersion.
  */
-#define TIFFLIB_VERSION 20150912
+#define TIFFLIB_VERSION 20161119