Accepting request 992028 from graphics

- security update:
  * CVE-2022-34526 [bsc#1202026]
    + tiff-CVE-2022-34526.patch

OBS-URL: https://build.opensuse.org/request/show/992028
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tiff?expand=0&rev=85

tiff-CVE-2022-34526.patch

@@ -0,0 +1,14 @@
+Index: tiff-4.4.0/libtiff/tif_dirinfo.c
+===================================================================
+--- tiff-4.4.0.orig/libtiff/tif_dirinfo.c
++++ tiff-4.4.0/libtiff/tif_dirinfo.c
+@@ -1191,6 +1191,9 @@ _TIFFCheckFieldIsValidForCodec(TIFF *tif
+ 	    default:
+ 		return 1;
+ 	}
++	if( !TIFFIsCODECConfigured(tif->tif_dir.td_compression) ) {
++		return 0;
++	}
+ 	/* Check if codec specific tags are allowed for the current
+ 	 * compression scheme (codec) */
+ 	switch (tif->tif_dir.td_compression) {

tiff.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Aug  1 12:06:01 UTC 2022 - Michael Vetter <mvetter@suse.com>
+
+- security update:
+  * CVE-2022-34526 [bsc#1202026]
+    + tiff-CVE-2022-34526.patch
+
 -------------------------------------------------------------------
 Wed Jul  6 07:55:09 UTC 2022 - Michael Vetter <mvetter@suse.com>
 

tiff.spec

@@ -34,6 +34,7 @@ Patch0:         tiff-4.0.3-seek.patch
 # http://bugzilla.maptools.org/show_bug.cgi?id=2442
 Patch1:         tiff-4.0.3-compress-warning.patch
 Patch2:         tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch
+Patch3:         tiff-CVE-2022-34526.patch
 BuildRequires:  gcc-c++
 BuildRequires:  libjbig-devel
 BuildRequires:  libjpeg-devel
@@ -74,6 +75,7 @@ the libtiff library.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 %build
 CFLAGS="%{optflags} -fPIE"