- security update:

* CVE-2022-34526 [bsc#1202026] + tiff-CVE-2022-34526.patch OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=157
2022-08-01 12:17:33 +00:00 · 2022-08-01 12:17:33 +00:00 · c20d284a28
commit c20d284a28
parent 2513c77eae
3 changed files with 23 additions and 0 deletions
--- a/tiff-CVE-2022-34526.patch
+++ b/tiff-CVE-2022-34526.patch
@ -0,0 +1,14 @@
+Index: tiff-4.4.0/libtiff/tif_dirinfo.c
+===================================================================
+--- tiff-4.4.0.orig/libtiff/tif_dirinfo.c
+++ tiff-4.4.0/libtiff/tif_dirinfo.c
+@@ -1191,6 +1191,9 @@ _TIFFCheckFieldIsValidForCodec(TIFF *tif
+ 	    default:
+ 		return 1;
+ 	}
+	if( !TIFFIsCODECConfigured(tif->tif_dir.td_compression) ) {
+		return 0;
+	}
+ 	/* Check if codec specific tags are allowed for the current
+ 	 * compression scheme (codec) */
+ 	switch (tif->tif_dir.td_compression) {
--- a/tiff.changes
+++ b/tiff.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Aug  1 12:06:01 UTC 2022 - Michael Vetter <mvetter@suse.com>
+
+- security update:
+  * CVE-2022-34526 [bsc#1202026]
+    + tiff-CVE-2022-34526.patch
+
 -------------------------------------------------------------------
 Wed Jul  6 07:55:09 UTC 2022 - Michael Vetter <mvetter@suse.com>

--- a/tiff.spec
+++ b/tiff.spec
@ -34,6 +34,7 @@ Patch0:         tiff-4.0.3-seek.patch
 # http://bugzilla.maptools.org/show_bug.cgi?id=2442
 Patch1:         tiff-4.0.3-compress-warning.patch
 Patch2:         tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch
+Patch3:         tiff-CVE-2022-34526.patch
 BuildRequires:  gcc-c++
 BuildRequires:  libjbig-devel
 BuildRequires:  libjpeg-devel
@ -74,6 +75,7 @@ the libtiff library.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1

 %build
 CFLAGS="%{optflags} -fPIE"