import UBI libtiff-4.4.0-12.el9_4.1

2024-11-05 20:30:23 +00:00 · 2024-11-05 20:30:23 +00:00 · e8e37d6348
commit e8e37d6348
parent 9321e4aced
2 changed files with 54 additions and 1 deletions
--- a/SOURCES/libtiff-4.6.0-CVE-2024-7006.patch
+++ b/SOURCES/libtiff-4.6.0-CVE-2024-7006.patch
@ -0,0 +1,46 @@
 diff -up tiff-4.4.0/libtiff/tif_dirinfo.c.CVE-2024-7006 tiff-4.4.0/libtiff/tif_dirinfo.c
 --- tiff-4.4.0/libtiff/tif_dirinfo.c.CVE-2024-7006	2024-08-16 00:35:35.339965778 +0200
 +++ tiff-4.4.0/libtiff/tif_dirinfo.c	2024-08-16 00:54:58.255221954 +0200
@@ -824,7 +824,7 @@ _TIFFFindOrRegisterField(TIFF *tif, uint
 	fld = TIFFFindField(tif, tag, dt);
 	if (fld == NULL) {
 		fld = _TIFFCreateAnonField(tif, tag, dt);
 -		if (!_TIFFMergeFields(tif, fld, 1))
 +		if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
 			return NULL;
 	}
 diff -up tiff-4.4.0/libtiff/tif_dirread.c.CVE-2024-7006 tiff-4.4.0/libtiff/tif_dirread.c
 --- tiff-4.4.0/libtiff/tif_dirread.c.CVE-2024-7006	2024-08-16 00:35:35.341965797 +0200
 +++ tiff-4.4.0/libtiff/tif_dirread.c	2024-08-16 00:59:02.455017380 +0200
@@ -4038,11 +4038,10 @@ TIFFReadDirectory(TIFF* tif)
 				    dp->tdir_tag,dp->tdir_tag);
 				/* the following knowingly leaks the 
 				   anonymous field structure */
 -				if (!_TIFFMergeFields(tif,
 -					_TIFFCreateAnonField(tif,
 -						dp->tdir_tag,
 -						(TIFFDataType) dp->tdir_type),
 -					1)) {
 +				const TIFFField *fld = _TIFFCreateAnonField(
 +					tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
 +				if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
 +				{
 					TIFFWarningExt(tif->tif_clientdata,
 					    module,
 					    "Registering anonymous field with tag %"PRIu16" (0x%"PRIx16") failed",
@@ -4805,10 +4804,10 @@ TIFFReadCustomDirectory(TIFF* tif, toff_
 			TIFFWarningExt(tif->tif_clientdata, module,
 			    "Unknown field with tag %"PRIu16" (0x%"PRIx16") encountered",
 			    dp->tdir_tag, dp->tdir_tag);
 -			if (!_TIFFMergeFields(tif, _TIFFCreateAnonField(tif,
 -						dp->tdir_tag,
 -						(TIFFDataType) dp->tdir_type),
 -					     1)) {
 +			const TIFFField *fld = _TIFFCreateAnonField(
 +				tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
 +			if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
 +			{
 				TIFFWarningExt(tif->tif_clientdata, module,
 				    "Registering anonymous field with tag %"PRIu16" (0x%"PRIx16") failed",
 				    dp->tdir_tag, dp->tdir_tag);
--- a/SPECS/libtiff.spec
+++ b/SPECS/libtiff.spec
@ -1,7 +1,7 @@
 Summary:       Library of functions for manipulating TIFF format image files
 Name:          libtiff
 Version:       4.4.0
-Release:       12%{?dist}
+Release:       12%{?dist}.1
 License:       libtiff
 URL:           http://www.simplesystems.org/libtiff/
@ -36,6 +36,10 @@ Patch0020: 0020-CVE-2023-3618-tiffcrop-fix-553-by-considering-error-.patch
 Patch0021: 0021-CVE-2023-40745-CVE-2023-41175-raw2tiff-fix-integer-o.patch
 Patch0022: 0022-CVE-2023-6228-Merge-branch-fix_606_tiffcp_check_also.patch
 # from upstream, for <=4.6.0, RHEL-52931
 # https://gitlab.com/libtiff/libtiff/-/commit/3705f82b6483c7906cf08cd6b9dcdcd59c61d779
 Patch23:       libtiff-4.6.0-CVE-2024-7006.patch
 BuildRequires: gcc, gcc-c++
 BuildRequires: zlib-devel libjpeg-devel jbigkit-devel libzstd-devel libwebp-devel
 BuildRequires: libtool automake autoconf pkgconfig
@ -187,6 +191,9 @@ find html -name 'Makefile*' | xargs rm
 %{_mandir}/man1/*
 %changelog
 * Wed Aug 21 2024 Michal Hlavinka <mhlavink@redhat.com> - 4.4.0-12.1
 - fix CVE-2024-7006 a null pointer dereference in tif_dirinfo (RHEL-52931)
 * Thu Nov 23 2023 Matej Mužila <mmuzila@redhat.com> - 4.4.0-12
 - Fix CVE-2023-6228
 - Resolves: RHEL-10084