From 2a498060bf35813bfef07d00f08aea0f1139dc93 Mon Sep 17 00:00:00 2001 From: aadhar-agarwal <108542189+aadhar-agarwal@users.noreply.github.com> Date: Thu, 15 Aug 2024 10:15:32 -0700 Subject: [PATCH 1/2] Patch CVE-2024-7006 in libtiff (#10136) (cherry picked from commit 99483fc7e13a96e7cf7cf331976a971c5b393249) --- SPECS/libtiff/CVE-2024-7006.patch | 61 +++++++++++++++++++++++++++++++ SPECS/libtiff/libtiff.spec | 9 +++++ 2 files changed, 70 insertions(+) create mode 100644 SPECS/libtiff/CVE-2024-7006.patch diff --git a/SPECS/libtiff/CVE-2024-7006.patch b/SPECS/libtiff/CVE-2024-7006.patch new file mode 100644 index 00000000000..9483210cdf2 --- /dev/null +++ b/SPECS/libtiff/CVE-2024-7006.patch @@ -0,0 +1,61 @@ +From 818fb8ce881cf839fbc710f6690aadb992aa0f9e Mon Sep 17 00:00:00 2001 +From: Su_Laus +Date: Fri, 1 Dec 2023 20:12:25 +0100 +Subject: [PATCH] Check return value of _TIFFCreateAnonField(). + +Fixes #624 +--- + libtiff/tif_dirinfo.c | 2 +- + libtiff/tif_dirread.c | 16 ++++++---------- + 2 files changed, 7 insertions(+), 11 deletions(-) + +diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c +index 0e705e8..4cfdaad 100644 +--- a/libtiff/tif_dirinfo.c ++++ b/libtiff/tif_dirinfo.c +@@ -887,7 +887,7 @@ const TIFFField *_TIFFFindOrRegisterField(TIFF *tif, uint32_t tag, + if (fld == NULL) + { + fld = _TIFFCreateAnonField(tif, tag, dt); +- if (!_TIFFMergeFields(tif, fld, 1)) ++ if (fld == NULL || !_TIFFMergeFields(tif, fld, 1)) + return NULL; + } + +diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c +index 2c49dc6..78396c4 100644 +--- a/libtiff/tif_dirread.c ++++ b/libtiff/tif_dirread.c +@@ -4260,11 +4260,9 @@ int TIFFReadDirectory(TIFF *tif) + dp->tdir_tag, dp->tdir_tag); + /* the following knowingly leaks the + anonymous field structure */ +- if (!_TIFFMergeFields( +- tif, +- _TIFFCreateAnonField(tif, dp->tdir_tag, +- (TIFFDataType)dp->tdir_type), +- 1)) ++ const TIFFField *fld = _TIFFCreateAnonField( ++ tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type); ++ if (fld == NULL || !_TIFFMergeFields(tif, fld, 1)) + { + TIFFWarningExtR( + tif, module, +@@ -5138,11 +5136,9 @@ int TIFFReadCustomDirectory(TIFF *tif, toff_t diroff, + "Unknown field with tag %" PRIu16 " (0x%" PRIx16 + ") encountered", + dp->tdir_tag, dp->tdir_tag); +- if (!_TIFFMergeFields( +- tif, +- _TIFFCreateAnonField(tif, dp->tdir_tag, +- (TIFFDataType)dp->tdir_type), +- 1)) ++ const TIFFField *fld = _TIFFCreateAnonField( ++ tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type); ++ if (fld == NULL || !_TIFFMergeFields(tif, fld, 1)) + { + TIFFWarningExtR(tif, module, + "Registering anonymous field with tag %" PRIu16 +-- +2.34.1 + diff --git a/SPECS/libtiff/libtiff.spec b/SPECS/libtiff/libtiff.spec index 1e5a583c60a..84a3619e3a8 100644 --- a/SPECS/libtiff/libtiff.spec +++ b/SPECS/libtiff/libtiff.spec @@ -9,7 +9,11 @@ Group: System Environment/Libraries URL: https://gitlab.com/libtiff/libtiff Source0: https://gitlab.com/libtiff/libtiff/-/archive/v%{version}/libtiff-v%{version}.tar.gz Patch0: CVE-2023-52356.patch +<<<<<<< HEAD Patch1: CVE-2023-6277.patch +======= +Patch1: CVE-2024-7006.patch +>>>>>>> 99483fc7e (Patch CVE-2024-7006 in libtiff (#10136)) BuildRequires: autoconf BuildRequires: automake BuildRequires: libjpeg-turbo-devel @@ -62,8 +66,13 @@ make %{?_smp_mflags} -k check %{_docdir}/* %changelog +<<<<<<< HEAD * Wed Aug 07 2024 Sumedh Sharma - 4.6.0-3 - Add patch to resolve CVE-2023-6277 +======= +* Tue Aug 13 2024 Aadhar Agarwal - 4.6.0-3 +- Add patch for CVE-2024-7006 +>>>>>>> 99483fc7e (Patch CVE-2024-7006 in libtiff (#10136)) * Thu Mar 7 2024 Xiaohong Deng - 4.6.0-2 - Add patches for CVE-2023-52356 From 76fcc54bd5f01f72bd620b489da98cd61dcb2fca Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Mon, 19 Aug 2024 09:34:42 -0700 Subject: [PATCH 2/2] Resolving merge conflicts. --- SPECS/libtiff/libtiff.spec | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/SPECS/libtiff/libtiff.spec b/SPECS/libtiff/libtiff.spec index 84a3619e3a8..2cce57eca61 100644 --- a/SPECS/libtiff/libtiff.spec +++ b/SPECS/libtiff/libtiff.spec @@ -1,7 +1,7 @@ Summary: TIFF libraries and associated utilities. Name: libtiff Version: 4.6.0 -Release: 3%{?dist} +Release: 4%{?dist} License: libtiff Vendor: Microsoft Corporation Distribution: Mariner @@ -9,11 +9,8 @@ Group: System Environment/Libraries URL: https://gitlab.com/libtiff/libtiff Source0: https://gitlab.com/libtiff/libtiff/-/archive/v%{version}/libtiff-v%{version}.tar.gz Patch0: CVE-2023-52356.patch -<<<<<<< HEAD -Patch1: CVE-2023-6277.patch -======= Patch1: CVE-2024-7006.patch ->>>>>>> 99483fc7e (Patch CVE-2024-7006 in libtiff (#10136)) +Patch2: CVE-2023-6277.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libjpeg-turbo-devel @@ -66,13 +63,11 @@ make %{?_smp_mflags} -k check %{_docdir}/* %changelog -<<<<<<< HEAD -* Wed Aug 07 2024 Sumedh Sharma - 4.6.0-3 +* Mon Aug 19 2024 Sumedh Sharma - 4.6.0-4 - Add patch to resolve CVE-2023-6277 -======= + * Tue Aug 13 2024 Aadhar Agarwal - 4.6.0-3 - Add patch for CVE-2024-7006 ->>>>>>> 99483fc7e (Patch CVE-2024-7006 in libtiff (#10136)) * Thu Mar 7 2024 Xiaohong Deng - 4.6.0-2 - Add patches for CVE-2023-52356