From 27285c783eaae9d3b9dda94833003ec7475515a3 Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Fri, 21 Jun 2019 09:22:47 -0400
Subject: user/tiff: patch for CVE-2019-6128 and CVE-2019-7663

---
 user/tiff/APKBUILD | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'user/tiff/APKBUILD')

diff --git a/user/tiff/APKBUILD b/user/tiff/APKBUILD
index 7bb89ee3e..babef1cec 100644
--- a/user/tiff/APKBUILD
+++ b/user/tiff/APKBUILD
@@ -13,8 +13,13 @@ depends_dev="zlib-dev libjpeg-turbo-dev"
 makedepends="libtool autoconf automake $depends_dev"
 subpackages="$pkgname-doc $pkgname-dev $pkgname-tools"
 source="http://download.osgeo.org/libtiff/$pkgname-$pkgver.tar.gz
+	CVE-2019-6128.patch
+	CVE-2019-7663.patch
 	"
-# secfixes:
+# secfixes: libtiff
+#   4.0.10-r1:
+#     - CVE-2019-6128
+#     - CVE-2019-7663
 #   4.0.9-r1:
 #     - CVE-2017-18013
 #   4.0.9-r0:
@@ -64,4 +69,6 @@ tools() {
 	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
 }
 
-sha512sums="d213e5db09fd56b8977b187c5a756f60d6e3e998be172550c2892dbdb4b2a8e8c750202bc863fe27d0d1c577ab9de1710d15e9f6ed665aadbfd857525a81eea8  tiff-4.0.10.tar.gz"
+sha512sums="d213e5db09fd56b8977b187c5a756f60d6e3e998be172550c2892dbdb4b2a8e8c750202bc863fe27d0d1c577ab9de1710d15e9f6ed665aadbfd857525a81eea8  tiff-4.0.10.tar.gz
+8dc336e6c863524e3622f61ec6583eebe13fde55649cd8c812e3f6752242a23ff72cfb680dfcbe47d1503a058f5f9001415ae112220729e4ab50fe81190e327e  CVE-2019-6128.patch
+6fb7e9aa0afbae96fd6e78c2401262e496f5d62980ea02712bc43f8749341d030df3625f10413f5ed3e130e88d609c2374ae69807a1f9e54ed91cbd8411aab62  CVE-2019-7663.patch"
-- 
cgit v1.2.3-60-g2f50