[AUTO-CHERRYPICK] Patch CVE-2024-7006 in libtiff - branch main (#10154)

Co-authored-by: aadhar-agarwal <108542189+aadhar-agarwal@users.noreply.github.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>

Author: 3 people

SPECS/libtiff/CVE-2024-7006.patch

@@ -0,0 +1,61 @@
+From 818fb8ce881cf839fbc710f6690aadb992aa0f9e Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Fri, 1 Dec 2023 20:12:25 +0100
+Subject: [PATCH] Check return value of _TIFFCreateAnonField().
+
+Fixes #624
+---
+ libtiff/tif_dirinfo.c |  2 +-
+ libtiff/tif_dirread.c | 16 ++++++----------
+ 2 files changed, 7 insertions(+), 11 deletions(-)
+
+diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c
+index 0e705e8..4cfdaad 100644
+--- a/libtiff/tif_dirinfo.c
++++ b/libtiff/tif_dirinfo.c
+@@ -887,7 +887,7 @@ const TIFFField *_TIFFFindOrRegisterField(TIFF *tif, uint32_t tag,
+     if (fld == NULL)
+     {
+         fld = _TIFFCreateAnonField(tif, tag, dt);
+-        if (!_TIFFMergeFields(tif, fld, 1))
++        if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
+             return NULL;
+     }
+ 
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 2c49dc6..78396c4 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -4260,11 +4260,9 @@ int TIFFReadDirectory(TIFF *tif)
+                                 dp->tdir_tag, dp->tdir_tag);
+                 /* the following knowingly leaks the
+                    anonymous field structure */
+-                if (!_TIFFMergeFields(
+-                        tif,
+-                        _TIFFCreateAnonField(tif, dp->tdir_tag,
+-                                             (TIFFDataType)dp->tdir_type),
+-                        1))
++                const TIFFField *fld = _TIFFCreateAnonField(
++                    tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
++                if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
+                 {
+                     TIFFWarningExtR(
+                         tif, module,
+@@ -5138,11 +5136,9 @@ int TIFFReadCustomDirectory(TIFF *tif, toff_t diroff,
+                             "Unknown field with tag %" PRIu16 " (0x%" PRIx16
+                             ") encountered",
+                             dp->tdir_tag, dp->tdir_tag);
+-            if (!_TIFFMergeFields(
+-                    tif,
+-                    _TIFFCreateAnonField(tif, dp->tdir_tag,
+-                                         (TIFFDataType)dp->tdir_type),
+-                    1))
++            const TIFFField *fld = _TIFFCreateAnonField(
++                tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
++            if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
+             {
+                 TIFFWarningExtR(tif, module,
+                                 "Registering anonymous field with tag %" PRIu16
+-- 
+2.34.1
+

SPECS/libtiff/libtiff.spec

@@ -1,15 +1,16 @@
 Summary:        TIFF libraries and associated utilities.
 Name:           libtiff
 Version:        4.6.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        libtiff
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          System Environment/Libraries
 URL:            https://gitlab.com/libtiff/libtiff
 Source0:        https://gitlab.com/libtiff/libtiff/-/archive/v%{version}/libtiff-v%{version}.tar.gz
 Patch0:         CVE-2023-52356.patch
-Patch1:         CVE-2023-6277.patch
+Patch1:         CVE-2024-7006.patch
+Patch2:         CVE-2023-6277.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libjpeg-turbo-devel
@@ -62,9 +63,12 @@ make %{?_smp_mflags} -k check
 %{_docdir}/*
 
 %changelog
-* Wed Aug 07 2024 Sumedh Sharma <sumsharma@microsoft.com> - 4.6.0-3
+* Mon Aug 19 2024 Sumedh Sharma <sumsharma@microsoft.com> - 4.6.0-4
 - Add patch to resolve CVE-2023-6277
 
+* Tue Aug 13 2024 Aadhar Agarwal <aadagarwal@microsoft.com> - 4.6.0-3
+- Add patch for CVE-2024-7006
+
 * Thu Mar 7 2024 Xiaohong Deng <xiaohongdeng@microsoft.com> - 4.6.0-2
 - Add patches for CVE-2023-52356