diff --git a/backport-0001-CVE-2022-22844.patch b/backport-0001-CVE-2022-22844.patch new file mode 100644 index 0000000..1cd1069 --- /dev/null +++ b/backport-0001-CVE-2022-22844.patch @@ -0,0 +1,42 @@ +From 49b81e99704bd199a24ccce65f974cc2d78cccc4 Mon Sep 17 00:00:00 2001 +From: 4ugustus +Date: Tue, 4 Jan 2022 11:01:37 +0000 +Subject: [PATCH] fixing global-buffer-overflow in tiffset + +Conflict:NA +Reference:https://gitlab.com/libtiff/libtiff/-/commit/49b81e99704bd199a24ccce65f974cc2d78cccc4 + +--- + tools/tiffset.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/tools/tiffset.c b/tools/tiffset.c +index 8c9e23c..b7badd9 100644 +--- a/tools/tiffset.c ++++ b/tools/tiffset.c +@@ -146,9 +146,19 @@ main(int argc, char* argv[]) + + arg_index++; + if (TIFFFieldDataType(fip) == TIFF_ASCII) { +- if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1) +- fprintf( stderr, "Failed to set %s=%s\n", +- TIFFFieldName(fip), argv[arg_index] ); ++ if(TIFFFieldPassCount( fip )) { ++ size_t len; ++ len = (uint32_t)(strlen(argv[arg_index] + 1)); ++ if (TIFFSetField(tiff, TIFFFieldTag(fip), ++ (uint16_t)len, argv[arg_index]) != 1) ++ fprintf( stderr, "Failed to set %s=%s", ++ TIFFFieldName(fip), argv[arg_index] ); ++ } else { ++ if (TIFFSetField(tiff, TIFFFieldTag(fip), ++ argv[arg_index]) != 1) ++ fprintf( stderr, "Failed to set %s=%s", ++ TIFFFieldName(fip), argv[arg_index] ); ++ } + } else if (TIFFFieldWriteCount(fip) > 0 + || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) { + int ret = 1; +-- +2.33.0 + diff --git a/backport-0002-CVE-2022-22844.patch b/backport-0002-CVE-2022-22844.patch new file mode 100644 index 0000000..015de92 --- /dev/null +++ b/backport-0002-CVE-2022-22844.patch @@ -0,0 +1,39 @@ +From 0cf67888e32e36b45828dd467920684c93f2b22d Mon Sep 17 00:00:00 2001 +From: Timothy Lyanguzov +Date: Tue, 25 Jan 2022 04:27:28 +0000 +Subject: [PATCH] Apply 4 suggestion(s) to 1 file(s) + +Conflict:NA +Reference:https://gitlab.com/libtiff/libtiff/-/commit/0cf67888e32e36b45828dd467920684c93f2b22d + +--- + tools/tiffset.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/tools/tiffset.c b/tools/tiffset.c +index b7badd9..b8b52c0 100644 +--- a/tools/tiffset.c ++++ b/tools/tiffset.c +@@ -148,15 +148,15 @@ main(int argc, char* argv[]) + if (TIFFFieldDataType(fip) == TIFF_ASCII) { + if(TIFFFieldPassCount( fip )) { + size_t len; +- len = (uint32_t)(strlen(argv[arg_index] + 1)); +- if (TIFFSetField(tiff, TIFFFieldTag(fip), ++ len = strlen(argv[arg_index] + 1); ++ if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip), + (uint16_t)len, argv[arg_index]) != 1) +- fprintf( stderr, "Failed to set %s=%s", ++ fprintf( stderr, "Failed to set %s=%s\n", + TIFFFieldName(fip), argv[arg_index] ); + } else { + if (TIFFSetField(tiff, TIFFFieldTag(fip), + argv[arg_index]) != 1) +- fprintf( stderr, "Failed to set %s=%s", ++ fprintf( stderr, "Failed to set %s=%s\n", + TIFFFieldName(fip), argv[arg_index] ); + } + } else if (TIFFFieldWriteCount(fip) > 0 +-- +2.33.0 + diff --git a/backport-0003-CVE-2022-22844.patch b/backport-0003-CVE-2022-22844.patch new file mode 100644 index 0000000..bb5b5c3 --- /dev/null +++ b/backport-0003-CVE-2022-22844.patch @@ -0,0 +1,28 @@ +From 0a827a985f891d6df481a6f581c723640fad7874 Mon Sep 17 00:00:00 2001 +From: 4ugustus +Date: Tue, 25 Jan 2022 04:30:38 +0000 +Subject: [PATCH] fix a small typo in strlen + +Conflict:NA +Reference:https://gitlab.com/libtiff/libtiff/-/commit/0a827a985f891d6df481a6f581c723640fad7874 + +--- + tools/tiffset.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/tiffset.c b/tools/tiffset.c +index b8b52c0..e7a88c0 100644 +--- a/tools/tiffset.c ++++ b/tools/tiffset.c +@@ -148,7 +148,7 @@ main(int argc, char* argv[]) + if (TIFFFieldDataType(fip) == TIFF_ASCII) { + if(TIFFFieldPassCount( fip )) { + size_t len; +- len = strlen(argv[arg_index] + 1); ++ len = strlen(argv[arg_index]) + 1; + if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip), + (uint16_t)len, argv[arg_index]) != 1) + fprintf( stderr, "Failed to set %s=%s\n", +-- +2.33.0 + diff --git a/libtiff.spec b/libtiff.spec index 70ed087..f1f27e0 100644 --- a/libtiff.spec +++ b/libtiff.spec @@ -1,6 +1,6 @@ Name: libtiff Version: 4.3.0 -Release: 3 +Release: 4 Summary: TIFF Library and Utilities License: libtiff URL: https://www.simplesystems.org/libtiff/ @@ -8,6 +8,9 @@ Source0: https://download.osgeo.org/libtiff/tiff-%{version}.tar.gz Patch6000: backport-CVE-2022-0561.patch Patch6001: backport-CVE-2022-0562.patch +Patch6002: backport-0001-CVE-2022-22844.patch +Patch6003: backport-0002-CVE-2022-22844.patch +Patch6004: backport-0003-CVE-2022-22844.patch BuildRequires: gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel BuildRequires: libtool automake autoconf pkgconfig @@ -128,6 +131,12 @@ find html -name 'Makefile*' | xargs rm %exclude %{_datadir}/html/man/tiffgt.1.html %changelog +* Tue Mar 08 2022 dongyuzhen - 4.3.0-4 +- Type:cves +- ID:CVE-2022-22844 +- SUG:NA +- DESC:fix CVE-2022-22844 + * Wed Feb 23 2022 liuyumeng -4.3.0-3 - Type:cves - ID:CVE-2022-0561CVE-2022-0562