diff --git a/libtiff-CVE-2022-48281.patch b/libtiff-CVE-2022-48281.patch new file mode 100644 index 0000000000000000000000000000000000000000..d3cf3cc110d98551ce1bb9b96f941aacd20cc9a6 --- /dev/null +++ b/libtiff-CVE-2022-48281.patch @@ -0,0 +1,25 @@ +From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001 +From: Su Laus +Date: Sat, 21 Jan 2023 15:58:10 +0000 +Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488. + +--- + tools/tiffcrop.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index 14fa18da..7db69883 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -8591,7 +8591,7 @@ static int processCropSelections(struct image_data *image, + cropsize + NUM_BUFF_OVERSIZE_BYTES); + else + { +- prev_cropsize = seg_buffs[0].size; ++ prev_cropsize = seg_buffs[i].size; + if (prev_cropsize < cropsize) + { + next_buff = _TIFFrealloc( +-- +GitLab + diff --git a/libtiff.spec b/libtiff.spec index b45e07fd1438e0a905061a9372115270c4804473..b478acc5207c1f775fc2137e6cda6289eb8d0930 100644 --- a/libtiff.spec +++ b/libtiff.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 2 Summary: Library of functions for manipulating TIFF format image files Name: libtiff Version: 4.5.0 @@ -7,7 +7,8 @@ License: libtiff URL: http://www.simplesystems.org/libtiff/ Source: http://download.osgeo.org/libtiff/tiff-%{version}.tar.xz - +# https://gitlab.com/libtiff/libtiff/-/issues/488 +Patch0: libtiff-CVE-2022-48281.patch BuildRequires: gcc, gcc-c++ BuildRequires: zlib-devel libjpeg-devel jbigkit-devel libzstd-devel libwebp-devel glut-devel xz-devel BuildRequires: python3-sphinx @@ -169,6 +170,9 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/ %{_mandir}/man1/tiffgt.1* %changelog +* Sat Feb 18 2023 Funda Wang - 4.5.0-2 +- Add patch fixing CVE-2022-48281 + * Wed Jan 18 2023 Funda Wang - 4.5.0-1 - New version 4.5.0 - Build using cmake