From 4c7233d20bf1c296db2512e5df5cc533f8dfbe67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Mu=C5=BEila?= Date: Mon, 29 Jan 2024 12:46:23 +0100 Subject: [PATCH] New upstream release 4.6.0 (#2153870) --- .gitignore | 1 + libtiff-CVE-2023-0804.patch | 128 ------------------------------------ libtiff.spec | 9 +-- sources | 2 +- 4 files changed, 7 insertions(+), 133 deletions(-) delete mode 100644 libtiff-CVE-2023-0804.patch diff --git a/.gitignore b/.gitignore index 9a429ea..9bb5c6b 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ /tiff-4.3.0.tar.gz /tiff-4.4.0.tar.gz /tiff-4.5.0.tar.gz +/tiff-4.6.0.tar.gz diff --git a/libtiff-CVE-2023-0804.patch b/libtiff-CVE-2023-0804.patch deleted file mode 100644 index 5434c4c..0000000 --- a/libtiff-CVE-2023-0804.patch +++ /dev/null @@ -1,128 +0,0 @@ -From 82a7fbb1fa7228499ffeb3a57a1d106a9626d57c Mon Sep 17 00:00:00 2001 -From: Su Laus -Date: Sun, 5 Feb 2023 15:53:15 +0000 -Subject: [PATCH] tiffcrop: added check for assumption on composite images - (fixes #496) - -tiffcrop: For composite images with more than one region, the combined_length or combined_width always needs to be equal, respectively. Otherwise, even the first section/region copy action might cause buffer overrun. This is now checked before the first copy action. - -Closes #496, #497, #498, #500, #501. ---- - tools/tiffcrop.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 66 insertions(+), 2 deletions(-) - -diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c -index 84e26ac6..480b927c 100644 ---- a/tools/tiffcrop.c -+++ b/tools/tiffcrop.c -@@ -5935,18 +5935,40 @@ static int computeInputPixelOffsets(struct crop_mask *crop, - - crop->regionlist[i].buffsize = buffsize; - crop->bufftotal += buffsize; -+ -+ /* For composite images with more than one region, the -+ * combined_length or combined_width always needs to be equal, -+ * respectively. -+ * Otherwise, even the first section/region copy -+ * action might cause buffer overrun. */ - if (crop->img_mode == COMPOSITE_IMAGES) - { - switch (crop->edge_ref) - { - case EDGE_LEFT: - case EDGE_RIGHT: -+ if (i > 0 && zlength != crop->combined_length) -+ { -+ TIFFError( -+ "computeInputPixelOffsets", -+ "Only equal length regions can be combined for " -+ "-E left or right"); -+ return (-1); -+ } - crop->combined_length = zlength; - crop->combined_width += zwidth; - break; - case EDGE_BOTTOM: - case EDGE_TOP: /* width from left, length from top */ - default: -+ if (i > 0 && zwidth != crop->combined_width) -+ { -+ TIFFError("computeInputPixelOffsets", -+ "Only equal width regions can be " -+ "combined for -E " -+ "top or bottom"); -+ return (-1); -+ } - crop->combined_width = zwidth; - crop->combined_length += zlength; - break; -@@ -7301,6 +7323,46 @@ static int extractCompositeRegions(struct image_data *image, - crop->combined_width = 0; - crop->combined_length = 0; - -+ /* If there is more than one region, check beforehand whether all the width -+ * and length values of the regions are the same, respectively. */ -+ switch (crop->edge_ref) -+ { -+ default: -+ case EDGE_TOP: -+ case EDGE_BOTTOM: -+ for (i = 1; i < crop->selections; i++) -+ { -+ uint32_t crop_width0 = -+ crop->regionlist[i - 1].x2 - crop->regionlist[i - 1].x1 + 1; -+ uint32_t crop_width1 = -+ crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1; -+ if (crop_width0 != crop_width1) -+ { -+ TIFFError("extractCompositeRegions", -+ "Only equal width regions can be combined for -E " -+ "top or bottom"); -+ return (1); -+ } -+ } -+ break; -+ case EDGE_LEFT: -+ case EDGE_RIGHT: -+ for (i = 1; i < crop->selections; i++) -+ { -+ uint32_t crop_length0 = -+ crop->regionlist[i - 1].y2 - crop->regionlist[i - 1].y1 + 1; -+ uint32_t crop_length1 = -+ crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1; -+ if (crop_length0 != crop_length1) -+ { -+ TIFFError("extractCompositeRegions", -+ "Only equal length regions can be combined for " -+ "-E left or right"); -+ return (1); -+ } -+ } -+ } -+ - for (i = 0; i < crop->selections; i++) - { - /* rows, columns, width, length are expressed in pixels */ -@@ -7325,7 +7387,8 @@ static int extractCompositeRegions(struct image_data *image, - default: - case EDGE_TOP: - case EDGE_BOTTOM: -- if ((i > 0) && (crop_width != crop->regionlist[i - 1].width)) -+ if ((crop->selections > i + 1) && -+ (crop_width != crop->regionlist[i + 1].width)) - { - TIFFError("extractCompositeRegions", - "Only equal width regions can be combined for -E " -@@ -7418,7 +7481,8 @@ static int extractCompositeRegions(struct image_data *image, - case EDGE_LEFT: /* splice the pieces of each row together, side by - side */ - case EDGE_RIGHT: -- if ((i > 0) && (crop_length != crop->regionlist[i - 1].length)) -+ if ((crop->selections > i + 1) && -+ (crop_length != crop->regionlist[i + 1].length)) - { - TIFFError("extractCompositeRegions", - "Only equal length regions can be combined for " --- -2.38.1 - diff --git a/libtiff.spec b/libtiff.spec index d6864fd..d551854 100644 --- a/libtiff.spec +++ b/libtiff.spec @@ -1,14 +1,13 @@ Summary: Library of functions for manipulating TIFF format image files Name: libtiff -Version: 4.5.0 -Release: 5%{?dist} +Version: 4.6.0 +Release: 1%{?dist} License: libtiff URL: http://www.simplesystems.org/libtiff/ Source: http://download.osgeo.org/libtiff/tiff-%{version}.tar.gz Patch0: libtiff-am-version.patch -Patch4: libtiff-CVE-2023-0804.patch BuildRequires: gcc, gcc-c++ BuildRequires: zlib-devel libjpeg-devel jbigkit-devel libzstd-devel libwebp-devel liblerc-devel @@ -62,7 +61,6 @@ image files using the libtiff library. %autosetup -n tiff-%{version} -N %patch0 -p1 -b .backup -%patch4 -p1 -b .backup # Use build system's libtool.m4, not the one in the package. rm -f libtool.m4 @@ -166,6 +164,9 @@ LD_LIBRARY_PATH=$PWD:$LD_LIBRARY_PATH make check %{_mandir}/man1/* %changelog +* Mon Jan 29 2024 Matej Mužila - 4.6.0-1 +- New upstream release 4.6.0 (#2153870) + * Thu Jan 25 2024 Fedora Release Engineering - 4.5.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild diff --git a/sources b/sources index ec00fc2..2c37446 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (tiff-4.5.0.tar.gz) = 02b94e355ac96ac2ecce717aff2b1e04b1bfe95bcd0cfa72e09cbd580c45de0afe341170daad0cf560064b5a8910b3e56ef260484c69919bb0545df90abe7fa9 +SHA512 (tiff-4.6.0.tar.gz) = 80a117780fe5e2519b5c6661efa90a8a1e4591eb6300068b611ff9887285641c0782d9835482f589d6d109c3be6ffab8831c3561bb40e2456258deb1e896f08e