From 9fe1f2e918d39031852805f1add23125c061d3c3 Mon Sep 17 00:00:00 2001
From: Eirik Aavitsland <eirik.aavitsland@qt.io>
Date: Wed, 23 Oct 2019 10:00:23 +0200
Subject: Tiff: Include two upstream CVE fixes in bundled libtiff

For issues CVE-2019-17546 and CVE-2019-14973, the following commits
were merged into the bundled libtiff:

4bb584a35f87af42d6cf09d15e9ce8909a839145 RGBA interface: fix integer
overflow potentially causing write heap buffer overflow, especially on
32 bit builds. Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443. Credit to
OSS Fuzz

1b5e3b6a23827c33acf19ad50ce5ce78f12b3773 Fix integer overflow in
_TIFFCheckMalloc() and other implementation-defined behaviour
(CVE-2019-14973)

Fixes: QTBUG-79397
Change-Id: I29257e6dbfbd816224d3dbaefdbe8afecd25f288
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
---
 dist/changes-5.13.2 | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'dist')

diff --git a/dist/changes-5.13.2 b/dist/changes-5.13.2
index e3bb833..9d79031 100644
--- a/dist/changes-5.13.2
+++ b/dist/changes-5.13.2
@@ -17,4 +17,9 @@ https://bugreports.qt.io/
 Each of these identifiers can be entered in the bug tracker to obtain more
 information about a particular change.
 
- - This release contains only minor code improvements.
+****************************************************************************
+*                                   TIFF                                   *
+****************************************************************************
+
+ - Two security-related upstream patches has been applied to the
+   bundled libtiff
-- 
cgit v1.2.1