rpms/libtiff
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2022-22844 (#2042604)

Browse Source
This commit is contained in:
Nikola Forró 2022-01-20 09:33:19 +01:00
parent 8a29af9fe1
commit 2612345bea
2 changed files with 46 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
libtiff-CVE-2022-22844.patch Normal file
View File

@ -0,0 +1,39 @@
From 49b81e99704bd199a24ccce65f974cc2d78cccc4 Mon Sep 17 00:00:00 2001
From: 4ugustus <wangdw.augustus@qq.com>
Date: Tue, 4 Jan 2022 11:01:37 +0000
Subject: [PATCH] fixing global-buffer-overflow in tiffset
---
tools/tiffset.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/tools/tiffset.c b/tools/tiffset.c
index 8c9e23c5..b7badd93 100644
--- a/tools/tiffset.c
+++ b/tools/tiffset.c
@@ -146,9 +146,19 @@ main(int argc, char* argv[])
arg_index++;
if (TIFFFieldDataType(fip) == TIFF_ASCII) {
- if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1)
- fprintf( stderr, "Failed to set %s=%s\n",
- TIFFFieldName(fip), argv[arg_index] );
+ if(TIFFFieldPassCount( fip )) {
+ size_t len;
+ len = (uint32_t)(strlen(argv[arg_index] + 1));
+ if (TIFFSetField(tiff, TIFFFieldTag(fip),
+ (uint16_t)len, argv[arg_index]) != 1)
+ fprintf( stderr, "Failed to set %s=%s",
+ TIFFFieldName(fip), argv[arg_index] );
+ } else {
+ if (TIFFSetField(tiff, TIFFFieldTag(fip),
+ argv[arg_index]) != 1)
+ fprintf( stderr, "Failed to set %s=%s",
+ TIFFFieldName(fip), argv[arg_index] );
+ }
} else if (TIFFFieldWriteCount(fip) > 0
|| TIFFFieldWriteCount(fip) == TIFF_VARIABLE) {
int ret = 1;
--
GitLab

8
libtiff.spec
View File

@ -1,7 +1,7 @@
Summary: Library of functions for manipulating TIFF format image files Summary: Library of functions for manipulating TIFF format image files
Name: libtiff Name: libtiff
Version: 4.3.0 Version: 4.3.0
Release: 2%{?dist} Release: 3%{?dist}
License: libtiff License: libtiff
URL: http://www.simplesystems.org/libtiff/ URL: http://www.simplesystems.org/libtiff/
@ -9,6 +9,8 @@ Source: http://download.osgeo.org/libtiff/tiff-%{version}.tar.gz
Patch0: libtiff-am-version.patch Patch0: libtiff-am-version.patch
Patch1: libtiff-make-check.patch Patch1: libtiff-make-check.patch
# https://gitlab.com/libtiff/libtiff/-/merge_requests/287
Patch2: libtiff-CVE-2022-22844.patch
BuildRequires: gcc, gcc-c++ BuildRequires: gcc, gcc-c++
BuildRequires: zlib-devel libjpeg-devel jbigkit-devel libzstd-devel libwebp-devel BuildRequires: zlib-devel libjpeg-devel jbigkit-devel libzstd-devel libwebp-devel
@ -60,6 +62,7 @@ image files using the libtiff library.
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p1
# Use build system's libtool.m4, not the one in the package. # Use build system's libtool.m4, not the one in the package.
rm -f libtool.m4 rm -f libtool.m4
@ -164,6 +167,9 @@ find html -name 'Makefile*' | xargs rm
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Thu Jan 20 2022 Nikola Forró <nforro@redhat.com> - 4.3.0-3
- Fix CVE-2022-22844 (#2042604)
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.0-2 * Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild