From a2b0acdb533440925183a13e76175531a3b4b37c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
Date: Mon, 1 Aug 2022 09:12:11 +0200
Subject: [PATCH] Fix CVE-2022-34526 (#2112760)

---
 libtiff-CVE-2022-34526.patch | 28 ++++++++++++++++++++++++++++
 libtiff.spec                 |  7 ++++++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 libtiff-CVE-2022-34526.patch

diff --git a/libtiff-CVE-2022-34526.patch b/libtiff-CVE-2022-34526.patch
new file mode 100644
index 0000000..cb3a4d3
--- /dev/null
+++ b/libtiff-CVE-2022-34526.patch
@@ -0,0 +1,28 @@
+From 275735d0354e39c0ac1dc3c0db2120d6f31d1990 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Mon, 27 Jun 2022 16:09:43 +0200
+Subject: [PATCH] _TIFFCheckFieldIsValidForCodec(): return FALSE when passed a
+ codec-specific tag and the codec is not configured (fixes #433)
+
+This avoids crashes when querying such tags
+---
+ libtiff/tif_dirinfo.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c
+index c30f569b..3371cb5c 100644
+--- a/libtiff/tif_dirinfo.c
++++ b/libtiff/tif_dirinfo.c
+@@ -1191,6 +1191,9 @@ _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag)
+ 	    default:
+ 		return 1;
+ 	}
++	if( !TIFFIsCODECConfigured(tif->tif_dir.td_compression) ) {
++		return 0;
++	}
+ 	/* Check if codec specific tags are allowed for the current
+ 	 * compression scheme (codec) */
+ 	switch (tif->tif_dir.td_compression) {
+-- 
+GitLab
+
diff --git a/libtiff.spec b/libtiff.spec
index 3face3d..d52fc91 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,7 +1,7 @@
 Summary:       Library of functions for manipulating TIFF format image files
 Name:          libtiff
 Version:       4.4.0
-Release:       3%{?dist}
+Release:       4%{?dist}
 License:       libtiff
 URL:           http://www.simplesystems.org/libtiff/
 
@@ -10,6 +10,7 @@ Source:        http://download.osgeo.org/libtiff/tiff-%{version}.tar.gz
 Patch0:        libtiff-am-version.patch
 Patch1:        libtiff-make-check.patch
 Patch2:        libtiff-CVE-2022-2056_2057_2058.patch
+Patch3:        libtiff-CVE-2022-34526.patch
 
 BuildRequires: gcc, gcc-c++
 BuildRequires: zlib-devel libjpeg-devel jbigkit-devel libzstd-devel libwebp-devel
@@ -62,6 +63,7 @@ image files using the libtiff library.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 # Use build system's libtool.m4, not the one in the package.
 rm -f libtool.m4
@@ -166,6 +168,9 @@ find html -name 'Makefile*' | xargs rm
 %{_mandir}/man1/*
 
 %changelog
+* Mon Aug 01 2022 Nikola Forró <nforro@redhat.com> - 4.4.0-4
+- Fix CVE-2022-34526 (#2112760)
+
 * Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild