From cee0d49ecfb6facff4ca7f9a8a9bbc95c2ccda88 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Tue, 5 Nov 2019 14:03:30 -0500
Subject: [PATCH] import libtiff-4.0.9-15.el8

---
 SOURCES/libtiff-CVE-2018-12900.patch | 47 ++++++++++++++++++++++++++++
 SPECS/libtiff.spec                   | 10 +++++-
 2 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/libtiff-CVE-2018-12900.patch

diff --git a/SOURCES/libtiff-CVE-2018-12900.patch b/SOURCES/libtiff-CVE-2018-12900.patch
new file mode 100644
index 0000000..c7c3d30
--- /dev/null
+++ b/SOURCES/libtiff-CVE-2018-12900.patch
@@ -0,0 +1,47 @@
+From 775b0d85eab499ccf577e72ec202eb4c6fb37197 Mon Sep 17 00:00:00 2001
+From: Thomas Bernard <miniupnp@free.fr>
+Date: Mon, 11 Feb 2019 10:05:33 +0100
+Subject: [PATCH] check that (Tile Width)*(Samples/Pixel) do no overflow
+
+fixes bug 2833
+---
+ tools/tiffcp.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 489459a..0c66229 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -43,6 +43,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <limits.h>
+ 
+ #include <ctype.h>
+ 
+@@ -1391,7 +1392,7 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
+ 	int status = 1;
+ 	uint32 imagew = TIFFRasterScanlineSize(in);
+ 	uint32 tilew = TIFFTileRowSize(in);
+-	int iskew  = imagew - tilew*spp;
++	int iskew;
+ 	tsize_t tilesize = TIFFTileSize(in);
+ 	tdata_t tilebuf;
+ 	uint8* bufp = (uint8*) buf;
+@@ -1399,6 +1400,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
+ 	uint32 row;
+ 	uint16 bps = 0, bytes_per_sample;
+ 
++	if (tilew && spp > (INT_MAX / tilew))
++	{
++		TIFFError(TIFFFileName(in), "Error, cannot handle that much samples per tile row (Tile Width * Samples/Pixel)");
++		return 0;
++	}
++	iskew = imagew - tilew*spp;
+ 	tilebuf = _TIFFmalloc(tilesize);
+ 	if (tilebuf == 0)
+ 		return 0;
+-- 
+2.21.0
+
diff --git a/SPECS/libtiff.spec b/SPECS/libtiff.spec
index 1c0ca25..42dd6a0 100644
--- a/SPECS/libtiff.spec
+++ b/SPECS/libtiff.spec
@@ -1,7 +1,7 @@
 Summary:       Library of functions for manipulating TIFF format image files
 Name:          libtiff
 Version:       4.0.9
-Release:       13%{?dist}
+Release:       15%{?dist}
 License:       libtiff
 Group:         System Environment/Libraries
 URL:           http://www.simplesystems.org/libtiff/
@@ -20,6 +20,7 @@ Patch8:        libtiff-CVE-2018-17100.patch
 Patch9:        libtiff-coverity.patch
 Patch10:       libtiff-CVE-2018-18557.patch
 Patch11:       libtiff-CVE-2018-18661.patch
+Patch12:       libtiff-CVE-2018-12900.patch
 
 BuildRequires: gcc, gcc-c++
 BuildRequires: zlib-devel libjpeg-devel jbigkit-devel
@@ -83,6 +84,7 @@ image files using the libtiff library.
 %patch9 -p1
 %patch10 -p1
 %patch11 -p1
+%patch12 -p1
 
 # Use build system's libtool.m4, not the one in the package.
 rm -f libtool.m4
@@ -186,6 +188,12 @@ find html -name 'Makefile*' | xargs rm
 %{_mandir}/man1/*
 
 %changelog
+* Wed Jun 12 2019 Nikola Forró <nforro@redhat.com> - 4.0.9-15
+- Fix DIVIDE_BY_ZERO in patch for CVE-2018-12900 (#1595579)
+
+* Thu Jun 06 2019 Nikola Forró <nforro@redhat.com> - 4.0.9-14
+- Fix CVE-2018-12900 (#1595579)
+
 * Thu Dec 13 2018 Nikola Forró <nforro@redhat.com> - 4.0.9-13
 - Fix compiler warning introduced by patch for CVE-2018-18661