Fix CVE-2022-22844 (#2042604)

2022-01-20 09:33:19 +01:00 · 2022-01-20 09:33:19 +01:00 · 2612345bea
commit 2612345bea
parent 8a29af9fe1
2 changed files with 46 additions and 1 deletions
--- a/libtiff-CVE-2022-22844.patch
+++ b/libtiff-CVE-2022-22844.patch
@ -0,0 +1,39 @@
+From 49b81e99704bd199a24ccce65f974cc2d78cccc4 Mon Sep 17 00:00:00 2001
+From: 4ugustus <wangdw.augustus@qq.com>
+Date: Tue, 4 Jan 2022 11:01:37 +0000
+Subject: [PATCH] fixing global-buffer-overflow in tiffset
+
+---
+ tools/tiffset.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/tools/tiffset.c b/tools/tiffset.c
+index 8c9e23c5..b7badd93 100644
+--- a/tools/tiffset.c
+++ b/tools/tiffset.c
+@@ -146,9 +146,19 @@ main(int argc, char* argv[])
+ 
+             arg_index++;
+             if (TIFFFieldDataType(fip) == TIFF_ASCII) {
+-                if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1)
+-                    fprintf( stderr, "Failed to set %s=%s\n",
+-                             TIFFFieldName(fip), argv[arg_index] );
+                if(TIFFFieldPassCount( fip )) {
+                    size_t len;
+                    len = (uint32_t)(strlen(argv[arg_index] + 1));
+                    if (TIFFSetField(tiff, TIFFFieldTag(fip),
+                            (uint16_t)len, argv[arg_index]) != 1)
+                        fprintf( stderr, "Failed to set %s=%s",
+                            TIFFFieldName(fip), argv[arg_index] );
+                } else {
+                    if (TIFFSetField(tiff, TIFFFieldTag(fip),
+                            argv[arg_index]) != 1)
+                        fprintf( stderr, "Failed to set %s=%s",
+                            TIFFFieldName(fip), argv[arg_index] );
+                }
+             } else if (TIFFFieldWriteCount(fip) > 0
+ 		       || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) {
+                 int     ret = 1;
+-- 
+GitLab
+
--- a/libtiff.spec
+++ b/libtiff.spec
@ -1,7 +1,7 @@
 Summary:       Library of functions for manipulating TIFF format image files
 Name:          libtiff
 Version:       4.3.0
-Release:       2%{?dist}
+Release:       3%{?dist}
 License:       libtiff
 URL:           http://www.simplesystems.org/libtiff/

@ -9,6 +9,8 @@ Source:        http://download.osgeo.org/libtiff/tiff-%{version}.tar.gz

 Patch0:        libtiff-am-version.patch
 Patch1:        libtiff-make-check.patch
+# https://gitlab.com/libtiff/libtiff/-/merge_requests/287
+Patch2:        libtiff-CVE-2022-22844.patch

 BuildRequires: gcc, gcc-c++
 BuildRequires: zlib-devel libjpeg-devel jbigkit-devel libzstd-devel libwebp-devel
@ -60,6 +62,7 @@ image files using the libtiff library.

 %patch0 -p1
 %patch1 -p1
+%patch2 -p1

 # Use build system's libtool.m4, not the one in the package.
 rm -f libtool.m4
@ -164,6 +167,9 @@ find html -name 'Makefile*' | xargs rm
 %{_mandir}/man1/*

 %changelog
+* Thu Jan 20 2022 Nikola Forró <nforro@redhat.com> - 4.3.0-3
+- Fix CVE-2022-22844 (#2042604)
+
 * Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild