slackware-current/source/l/libtiff/patches/CVE-2022-3970.patch

From 227500897dfb07fb7d27f7aa570050e62617e3be Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Tue, 8 Nov 2022 15:16:58 +0100
Subject: [PATCH] TIFFReadRGBATileExt(): fix (unsigned) integer overflow on
 strips/tiles > 2 GB

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137
---
 libtiff/tif_getimage.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
index a4d0c1d6..60b94d8e 100644
--- a/libtiff/tif_getimage.c
+++ b/libtiff/tif_getimage.c
@@ -3016,15 +3016,15 @@ TIFFReadRGBATileExt(TIFF* tif, uint32_t col, uint32_t row, uint32_t * raster, in
         return( ok );
 
     for( i_row = 0; i_row < read_ysize; i_row++ ) {
-        memmove( raster + (tile_ysize - i_row - 1) * tile_xsize,
-                 raster + (read_ysize - i_row - 1) * read_xsize,
+        memmove( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize,
+                 raster + (size_t)(read_ysize - i_row - 1) * read_xsize,
                  read_xsize * sizeof(uint32_t) );
-        _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize+read_xsize,
+        _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize+read_xsize,
                      0, sizeof(uint32_t) * (tile_xsize - read_xsize) );
     }
 
     for( i_row = read_ysize; i_row < tile_ysize; i_row++ ) {
-        _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize,
+        _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize,
                      0, sizeof(uint32_t) * tile_xsize );
     }
 
-- 
GitLab
Wed Jan 4 02:18:08 UTC 2023 ap/lsof-4.96.5-x86_64-1.txz: Upgraded. ap/sqlite-3.40.1-x86_64-1.txz: Upgraded. kde/bluedevil-5.26.5-x86_64-1.txz: Upgraded. kde/breeze-5.26.5-x86_64-1.txz: Upgraded. kde/breeze-grub-5.26.5-x86_64-1.txz: Upgraded. kde/breeze-gtk-5.26.5-x86_64-1.txz: Upgraded. kde/digikam-7.9.0-x86_64-2.txz: Rebuilt. Recompiled against opencv-4.7.0. kde/drkonqi-5.26.5-x86_64-1.txz: Upgraded. kde/kactivitymanagerd-5.26.5-x86_64-1.txz: Upgraded. kde/kde-cli-tools-5.26.5-x86_64-1.txz: Upgraded. kde/kde-gtk-config-5.26.5-x86_64-1.txz: Upgraded. kde/kdecoration-5.26.5-x86_64-1.txz: Upgraded. kde/kdeplasma-addons-5.26.5-x86_64-1.txz: Upgraded. kde/kgamma5-5.26.5-x86_64-1.txz: Upgraded. kde/khotkeys-5.26.5-x86_64-1.txz: Upgraded. kde/kinfocenter-5.26.5-x86_64-1.txz: Upgraded. kde/kmenuedit-5.26.5-x86_64-1.txz: Upgraded. kde/kpipewire-5.26.5-x86_64-1.txz: Upgraded. kde/kscreen-5.26.5-x86_64-1.txz: Upgraded. kde/kscreenlocker-5.26.5-x86_64-1.txz: Upgraded. kde/ksshaskpass-5.26.5-x86_64-1.txz: Upgraded. kde/ksystemstats-5.26.5-x86_64-1.txz: Upgraded. kde/kwallet-pam-5.26.5-x86_64-1.txz: Upgraded. kde/kwayland-integration-5.26.5-x86_64-1.txz: Upgraded. kde/kwin-5.26.5-x86_64-1.txz: Upgraded. kde/kwrited-5.26.5-x86_64-1.txz: Upgraded. kde/layer-shell-qt-5.26.5-x86_64-1.txz: Upgraded. kde/libkscreen-5.26.5-x86_64-1.txz: Upgraded. kde/libksysguard-5.26.5-x86_64-1.txz: Upgraded. kde/milou-5.26.5-x86_64-1.txz: Upgraded. kde/oxygen-5.26.5-x86_64-1.txz: Upgraded. kde/oxygen-sounds-5.26.5-x86_64-1.txz: Upgraded. kde/plasma-browser-integration-5.26.5-x86_64-1.txz: Upgraded. kde/plasma-desktop-5.26.5-x86_64-1.txz: Upgraded. kde/plasma-disks-5.26.5-x86_64-1.txz: Upgraded. kde/plasma-firewall-5.26.5-x86_64-1.txz: Upgraded. kde/plasma-integration-5.26.5-x86_64-1.txz: Upgraded. kde/plasma-nm-5.26.5-x86_64-1.txz: Upgraded. kde/plasma-pa-5.26.5-x86_64-1.txz: Upgraded. kde/plasma-sdk-5.26.5-x86_64-1.txz: Upgraded. kde/plasma-systemmonitor-5.26.5-x86_64-1.txz: Upgraded. kde/plasma-vault-5.26.5-x86_64-1.txz: Upgraded. kde/plasma-workspace-5.26.5-x86_64-1.txz: Upgraded. kde/plasma-workspace-wallpapers-5.26.5-x86_64-1.txz: Upgraded. kde/polkit-kde-agent-1-5.26.5-x86_64-1.txz: Upgraded. kde/powerdevil-5.26.5-x86_64-1.txz: Upgraded. kde/qqc2-breeze-style-5.26.5-x86_64-1.txz: Upgraded. kde/sddm-kcm-5.26.5-x86_64-1.txz: Upgraded. kde/systemsettings-5.26.5-x86_64-1.txz: Upgraded. kde/xdg-desktop-portal-kde-5.26.5-x86_64-1.txz: Upgraded. l/SDL2-2.26.2-x86_64-1.txz: Upgraded. l/gst-plugins-bad-free-1.20.5-x86_64-2.txz: Rebuilt. Recompiled against opencv-4.7.0. l/imagemagick-7.1.0_57-x86_64-1.txz: Upgraded. l/libpcap-1.10.2-x86_64-1.txz: Upgraded. l/libpsl-0.21.2-x86_64-1.txz: Upgraded. l/librevenge-0.0.5-x86_64-1.txz: Upgraded. l/libsndfile-1.2.0-x86_64-1.txz: Upgraded. l/libtiff-4.4.0-x86_64-2.txz: Rebuilt. Patched various security bugs. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-2056 https://www.cve.org/CVERecord?id=CVE-2022-2057 https://www.cve.org/CVERecord?id=CVE-2022-2058 https://www.cve.org/CVERecord?id=CVE-2022-3970 https://www.cve.org/CVERecord?id=CVE-2022-34526 (* Security fix ) l/netpbm-11.01.00-x86_64-1.txz: Upgraded. l/opencv-4.7.0-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/poppler-23.01.0-x86_64-1.txz: Upgraded. n/getmail-6.18.11-x86_64-1.txz: Upgraded. n/tcpdump-4.99.2-x86_64-1.txz: Upgraded. n/whois-5.5.15-x86_64-1.txz: Upgraded. Updated the .bd, .nz and .tv TLD servers. Added the .llyw.cymru, .gov.scot and .gov.wales SLD servers. Updated the .ac.uk and .gov.uk SLD servers. Recursion has been enabled for whois.nic.tv. Updated the list of new gTLDs with four generic TLDs assigned in October 2013 which were missing due to a bug. Removed 4 new gTLDs which are no longer active. Added the Georgian translation, contributed by Temuri Doghonadze. Updated the Finnish translation, contributed by Lauri Nurmi. xap/pidgin-2.14.12-x86_64-1.txz: Upgraded. xap/rxvt-unicode-9.26-x86_64-4.txz: Rebuilt. When the "background" extension was loaded, an attacker able to control the data written to the terminal would be able to execute arbitrary code as the terminal's user. Thanks to David Leadbeater and Ben Collver. For more information, see: https://www.openwall.com/lists/oss-security/2022/12/05/1 https://www.cve.org/CVERecord?id=CVE-2022-4170 ( Security fix *) 2023-01-04 02:18:08 +00:00			`From 227500897dfb07fb7d27f7aa570050e62617e3be Mon Sep 17 00:00:00 2001`
			`From: Even Rouault <even.rouault@spatialys.com>`
			`Date: Tue, 8 Nov 2022 15:16:58 +0100`
			`Subject: [PATCH] TIFFReadRGBATileExt(): fix (unsigned) integer overflow on`
			`strips/tiles > 2 GB`

			`Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137`
			`---`
			`libtiff/tif_getimage.c \| 8 ++++----`
			`1 file changed, 4 insertions(+), 4 deletions(-)`

			`diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c`
			`index a4d0c1d6..60b94d8e 100644`
			`--- a/libtiff/tif_getimage.c`
			`+++ b/libtiff/tif_getimage.c`
			`@@ -3016,15 +3016,15 @@ TIFFReadRGBATileExt(TIFF* tif, uint32_t col, uint32_t row, uint32_t * raster, in`
			`return( ok );`

			`for( i_row = 0; i_row < read_ysize; i_row++ ) {`
			`- memmove( raster + (tile_ysize - i_row - 1) * tile_xsize,`
			`- raster + (read_ysize - i_row - 1) * read_xsize,`
			`+ memmove( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize,`
			`+ raster + (size_t)(read_ysize - i_row - 1) * read_xsize,`
			`read_xsize * sizeof(uint32_t) );`
			`- _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize+read_xsize,`
			`+ _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize+read_xsize,`
			`0, sizeof(uint32_t) * (tile_xsize - read_xsize) );`
			`}`

			`for( i_row = read_ysize; i_row < tile_ysize; i_row++ ) {`
			`- _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize,`
			`+ _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize,`
			`0, sizeof(uint32_t) * tile_xsize );`
			`}`

			`--`
			`GitLab`