We omit the ChangeLog changes below, since they do not apply cleanly.


From 6ee5059cd3ac8d82714a1ab1321399b88539abf0 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 30 Nov 2020 16:26:59 +0000
Subject: [PATCH] possible TIFF related-heap buffer overflow (alert & POC by
 Hardik Shah)

---
 ChangeLog     | 6 ++++++
 coders/tiff.c | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/coders/tiff.c b/coders/tiff.c
index e98f927ab..1eecf17ae 100644
--- a/coders/tiff.c
+++ b/coders/tiff.c
@@ -1975,7 +1975,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
         extent+=image->columns*sizeof(uint32);
 #endif
         strip_pixels=(unsigned char *) AcquireQuantumMemory(extent,
-          sizeof(*strip_pixels));
+          2*sizeof(*strip_pixels));
         if (strip_pixels == (unsigned char *) NULL)
           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
         (void) memset(strip_pixels,0,extent*sizeof(*strip_pixels));
s='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=7f77e5d5fa0c4669efa1012fc526868229821912'>refs</a><a class='active' href='/guix/log/gnu/system/locale.scm?showmsg=1'>log</a><a href='/guix/tree/gnu/system/locale.scm?id=7f77e5d5fa0c4669efa1012fc526868229821912'>tree</a><a href='/guix/commit/gnu/system/locale.scm?id=7f77e5d5fa0c4669efa1012fc526868229821912'>commit</a><a href='/guix/diff/gnu/system/locale.scm?id=7f77e5d5fa0c4669efa1012fc526868229821912'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/system/locale.scm'>
<input type='hidden' name='id' value='7f77e5d5fa0c4669efa1012fc526868229821912'/><input type='hidden' name='showmsg' value='1'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=7f77e5d5fa0c4669efa1012fc526868229821912&amp;showmsg=1'>root</a>/<a href='/guix/log/gnu?id=7f77e5d5fa0c4669efa1012fc526868229821912&amp;showmsg=1'>gnu</a>/<a href='/guix/log/gnu/system?id=7f77e5d5fa0c4669efa1012fc526868229821912&amp;showmsg=1'>system</a>/<a href='/guix/log/gnu/system/locale.scm?id=7f77e5d5fa0c4669efa1012fc526868229821912&amp;showmsg=1'>locale.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/system/locale.scm?id=7f77e5d5fa0c4669efa1012fc526868229821912'>Collapse</a>)</th><th class='left'>Author</th></tr>
<tr class='logheader'><td><span title='2018-01-24 11:18:49 -0500'>2018-01-24</span></td><td class='logsubject'><a href='/guix/commit/gnu/system/locale.scm?id=6d5a65de7fba53ca1160844550d261f540f110e1'>system: Put locales where libc will find them.</a></td><td>Mark H Weaver</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
* gnu/system/locale.scm (localedef-command, single-locale-directory): Use only
the major+minor part of the libc version number in the locale directory name.


</td></tr>
<tr class='logheader'><td><span title='2017-07-17 23:41:36 +0200'>2017-07-17</span></td><td class='logsubject'><a href='/guix/commit/gnu/system/locale.scm?id=b19a49d015070f9109c157bc39b47574a8dad481'>locale: Demonadify the locale creation API.</a></td><td>Ludovic Courtès</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
* gnu/system/locale.scm (single-locale-directory): Use 'computed-file'
instead of 'gexp-&gt;derivation'.
(locale-directory): Adjust accordingly and do the same.
* gnu/system.scm (operating-system-directory-base-entries): Adjust
accordingly.


</td></tr>
<tr class='logheader'><td><span title='2017-07-17 23:41:36 +0200'>2017-07-17</span></td><td class='logsubject'><a href='/guix/commit/gnu/system/locale.scm?id=6d833b13b77f6b4fb76acab932fd9cec601b71ac'>gnu: Remove glibc@2.21 and its traces.</a></td><td>Ludovic Courtès</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
* gnu/packages/base.scm (glibc-2.21): Remove.
* gnu/system/locale.scm (localedef-command)[maybe-version-directory]:
Remove.  Replace call with use of 'package-version'.
(single-locale-directory): Remove 'version&gt;=' conditional.


</td></tr>
<tr class='logheader'><td><span title='2017-07-11 22:47:08 +0200'>2017-07-11</span></td><td class='logsubject'><a href='/guix/commit/gnu/system/locale.scm?id=4ddb64f57d0e9133f8083ee5c6398fa829ed0eab'>system: Refer to native packages when appropriate.</a></td><td>Ludovic Courtès</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
* gnu/system/locale.scm (localedef-command): Use the native LIBC.
* gnu/system/shadow.scm (default-skeletons): Use the native GUILE-WM.


</td></tr>

Age	Commit message (Collapse)	Author
2018-01-24	system: Put locales where libc will find them.	Mark H Weaver
	* gnu/system/locale.scm (localedef-command, single-locale-directory): Use only the major+minor part of the libc version number in the locale directory name.
2017-07-17	locale: Demonadify the locale creation API.	Ludovic Courtès
	* gnu/system/locale.scm (single-locale-directory): Use 'computed-file' instead of 'gexp->derivation'. (locale-directory): Adjust accordingly and do the same. * gnu/system.scm (operating-system-directory-base-entries): Adjust accordingly.
2017-07-17	gnu: Remove glibc@2.21 and its traces.	Ludovic Courtès
	* gnu/packages/base.scm (glibc-2.21): Remove. * gnu/system/locale.scm (localedef-command)[maybe-version-directory]: Remove. Replace call with use of 'package-version'. (single-locale-directory): Remove 'version>=' conditional.
2017-07-11	system: Refer to native packages when appropriate.	Ludovic Courtès
	* gnu/system/locale.scm (localedef-command): Use the native LIBC. * gnu/system/shadow.scm (default-skeletons): Use the native GUILE-WM.