rpms/libtiff
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2022-34526 (#2112760)

Browse Source
This commit is contained in:
Nikola Forró 2022-08-01 09:12:11 +02:00
parent b32705e3cb
commit a2b0acdb53
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
libtiff-CVE-2022-34526.patch Normal file
View File

@ -0,0 +1,28 @@
From 275735d0354e39c0ac1dc3c0db2120d6f31d1990 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Mon, 27 Jun 2022 16:09:43 +0200
Subject: [PATCH] _TIFFCheckFieldIsValidForCodec(): return FALSE when passed a
codec-specific tag and the codec is not configured (fixes #433)
This avoids crashes when querying such tags
---
libtiff/tif_dirinfo.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c
index c30f569b..3371cb5c 100644
--- a/libtiff/tif_dirinfo.c
+++ b/libtiff/tif_dirinfo.c
@@ -1191,6 +1191,9 @@ _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag)
default:
return 1;
}
+ if( !TIFFIsCODECConfigured(tif->tif_dir.td_compression) ) {
+ return 0;
+ }
/* Check if codec specific tags are allowed for the current
* compression scheme (codec) */
switch (tif->tif_dir.td_compression) {
--
GitLab

7
libtiff.spec
View File

@ -1,7 +1,7 @@
Summary: Library of functions for manipulating TIFF format image files Summary: Library of functions for manipulating TIFF format image files
Name: libtiff Name: libtiff
Version: 4.4.0 Version: 4.4.0
Release: 3%{?dist} Release: 4%{?dist}
License: libtiff License: libtiff
URL: http://www.simplesystems.org/libtiff/ URL: http://www.simplesystems.org/libtiff/
@ -10,6 +10,7 @@ Source: http://download.osgeo.org/libtiff/tiff-%{version}.tar.gz
Patch0: libtiff-am-version.patch Patch0: libtiff-am-version.patch
Patch1: libtiff-make-check.patch Patch1: libtiff-make-check.patch
Patch2: libtiff-CVE-2022-2056_2057_2058.patch Patch2: libtiff-CVE-2022-2056_2057_2058.patch
Patch3: libtiff-CVE-2022-34526.patch
BuildRequires: gcc, gcc-c++ BuildRequires: gcc, gcc-c++
BuildRequires: zlib-devel libjpeg-devel jbigkit-devel libzstd-devel libwebp-devel BuildRequires: zlib-devel libjpeg-devel jbigkit-devel libzstd-devel libwebp-devel
@ -62,6 +63,7 @@ image files using the libtiff library.
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1
# Use build system's libtool.m4, not the one in the package. # Use build system's libtool.m4, not the one in the package.
rm -f libtool.m4 rm -f libtool.m4
@ -166,6 +168,9 @@ find html -name 'Makefile*' | xargs rm
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Mon Aug 01 2022 Nikola Forró <nforro@redhat.com> - 4.4.0-4
- Fix CVE-2022-34526 (#2112760)
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-3 * Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild