Fix CVE-2022-34526 (#2112760)
This commit is contained in:
Nikola Forró
parent
b32705e3cb
commit
a2b0acdb53
28
libtiff-CVE-2022-34526.patch
Normal file
28
libtiff-CVE-2022-34526.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From 275735d0354e39c0ac1dc3c0db2120d6f31d1990 Mon Sep 17 00:00:00 2001
|
||||
From: Even Rouault <even.rouault@spatialys.com>
|
||||
Date: Mon, 27 Jun 2022 16:09:43 +0200
|
||||
Subject: [PATCH] _TIFFCheckFieldIsValidForCodec(): return FALSE when passed a
|
||||
codec-specific tag and the codec is not configured (fixes #433)
|
||||
|
||||
This avoids crashes when querying such tags
|
||||
---
|
||||
libtiff/tif_dirinfo.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c
|
||||
index c30f569b..3371cb5c 100644
|
||||
--- a/libtiff/tif_dirinfo.c
|
||||
+++ b/libtiff/tif_dirinfo.c
|
||||
@@ -1191,6 +1191,9 @@ _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag)
|
||||
default:
|
||||
return 1;
|
||||
}
|
||||
+ if( !TIFFIsCODECConfigured(tif->tif_dir.td_compression) ) {
|
||||
+ return 0;
|
||||
+ }
|
||||
/* Check if codec specific tags are allowed for the current
|
||||
* compression scheme (codec) */
|
||||
switch (tif->tif_dir.td_compression) {
|
||||
--
|
||||
GitLab
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: Library of functions for manipulating TIFF format image files
|
||||
Name: libtiff
|
||||
Version: 4.4.0
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: libtiff
|
||||
URL: http://www.simplesystems.org/libtiff/
|
||||
|
||||
@ -10,6 +10,7 @@ Source: http://download.osgeo.org/libtiff/tiff-%{version}.tar.gz
|
||||
Patch0: libtiff-am-version.patch
|
||||
Patch1: libtiff-make-check.patch
|
||||
Patch2: libtiff-CVE-2022-2056_2057_2058.patch
|
||||
Patch3: libtiff-CVE-2022-34526.patch
|
||||
|
||||
BuildRequires: gcc, gcc-c++
|
||||
BuildRequires: zlib-devel libjpeg-devel jbigkit-devel libzstd-devel libwebp-devel
|
||||
@ -62,6 +63,7 @@ image files using the libtiff library.
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
|
||||
# Use build system's libtool.m4, not the one in the package.
|
||||
rm -f libtool.m4
|
||||
@ -166,6 +168,9 @@ find html -name 'Makefile*' | xargs rm
|
||||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Mon Aug 01 2022 Nikola Forró <nforro@redhat.com> - 4.4.0-4
|
||||
- Fix CVE-2022-34526 (#2112760)
|
||||
|
||||
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user