From 4e574b64ac30b77c767f6466eaced934c7a4ce54 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lucio=20Andr=C3=A9s=20Illanes=20Albornoz?=
 <lucio@lucioillanes.de>
Date: Sat, 23 Mar 2019 17:56:18 +0000
Subject: vars/build.vars:{clzip,expat}{_host,}: updated to v{1.11,2.2.6} (via
 Redfoxmoon.) vars/build.vars:libxml2: updated to v2.9.9 (via Redfoxmoon.)
 vars/build.vars:libunistring: updated to v0.9.10 (via Redfoxmoon.)
 vars/build.vars:libpng: updated to v1.6.36 (via Redfoxmoon.)
 vars/build.vars:tiff: updated to v4.0.10 (via Redfoxmoon.)
 vars/build.vars:gdbm: updated to v1.18.1 (via Redfoxmoon.)
 vars/build.vars:pcre: updated to v8.43 (via Redfoxmoon.)
 vars/build.vars:gzip: updated to v1.10 (via Redfoxmoon.)
 vars/build.vars:gzip:${PKG_{CFLAGS_CONFIGURE_EXTRA,CONFIGURE_ARGS,MAKEFLAGS_{BUILD,INSTALL}_EXTRA}}:
 unset (via Redfoxmoon.) vars/build.vars:libvorbis: updated to v1.3.6 (via
 Redfoxmoon.) vars/build.vars:libxslt: updated to v1.1.33 (via Redfoxmoon.)
 vars/build.vars:libtirpc: updated to v1.1.4 (via Redfoxmoon.)
 patches/expat-2.2.{5,6}.local.patch: updated (via Redfoxmoon.)
 patches/libtirpc-1.{0.3,1.4}.local.patch: updated (via Redfoxmoon.)
 patches/libvorbis-1.3.5.local.patch: removes obsolete patch (via Redfoxmoon.)
 patches/libxslt-1.1.3{2,3}.local.patch: updated (via Redfoxmoon.)
 patches/pcre-8.4{2,3}.local.patch: updated (via Redfoxmoon.)
 patches/tiff/CVE-{2017-{11613,17095,18013,9935},2018-{10963,5784,7456,8905}}.patch:
 removes obsolete patches (via Redfoxmoon.) patches/tiff/CVE-2018-12900.patch:
 added (via Redfoxmoon.)

---
 patches/tiff/CVE-2018-12900.patch | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 patches/tiff/CVE-2018-12900.patch

(limited to 'patches/tiff/CVE-2018-12900.patch')

diff --git a/patches/tiff/CVE-2018-12900.patch b/patches/tiff/CVE-2018-12900.patch
new file mode 100644
index 00000000..f95cd06a
--- /dev/null
+++ b/patches/tiff/CVE-2018-12900.patch
@@ -0,0 +1,29 @@
+From 86861b86f26be5301ccfa96f9bf765051f4e644a Mon Sep 17 00:00:00 2001
+From: pgajdos <pgajdos@suse.cz>
+Date: Tue, 13 Nov 2018 09:03:31 +0100
+Subject: [PATCH] prevent integer overflow
+
+---
+ tools/tiffcp.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 2f406e2d..ece7ba13 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -1435,6 +1435,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
+             status = 0;
+             goto done;
+         }
++        if (0xFFFFFFFF / tilew < spp)
++        {
++            TIFFError(TIFFFileName(in), "Error, either TileWidth (%u) or BitsPerSample (%u) is too large", tilew, bps);
++            status = 0;
++            goto done;
++        }
+ 	bytes_per_sample = bps/8;
+ 
+ 	for (row = 0; row < imagelength; row += tl) {
+-- 
+2.18.1
+
-- 
cgit v1.2.3