!30 [sync] PR-29: fix CVE-2022-0561 CVE-2022-0562

From: @openeuler-sync-bot 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng

backport-CVE-2022-0561.patch

@@ -0,0 +1,29 @@
+From eecb0712f4c3a5b449f70c57988260a667ddbdef Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 6 Feb 2022 13:08:38 +0100
+Subject: [PATCH] TIFFFetchStripThing(): avoid calling memcpy() with a null
+ source pointer and size of zero (fixes #362)
+
+---
+ libtiff/tif_dirread.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 6f90941..627bf48 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -5682,8 +5682,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp)
+ 			_TIFFfree(data);
+ 			return(0);
+ 		}
+-                _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64));
+-                _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64));
++		if( dir->tdir_count )
++			_TIFFmemcpy(resizeddata,data, (uint32)dir->tdir_count * sizeof(uint64));
++		_TIFFmemset(resizeddata+(uint32)dir->tdir_count, 0, (nstrips - (uint32)dir->tdir_count) * sizeof(uint64));
+ 		_TIFFfree(data);
+ 		data=resizeddata;
+ 	}
+-- 
+2.27.0
+

backport-CVE-2022-0562.patch

@@ -0,0 +1,29 @@
+From 561599c99f987dc32ae110370cfdd7df7975586b Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 5 Feb 2022 20:36:41 +0100
+Subject: [PATCH] TIFFReadDirectory(): avoid calling memcpy() with a null
+ source pointer and size of zero (fixes #362)
+
+---
+ libtiff/tif_dirread.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 627bf48..8a0e951 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -4126,8 +4126,9 @@ TIFFReadDirectory(TIFF* tif)
+                     goto bad;
+                 }
+ 
+-                memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
+-                _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
++                if (old_extrasamples > 0)
++                    memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
++		_TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
+                 _TIFFfree(new_sampleinfo);
+         }
+ 
+-- 
+2.27.0
+

libtiff.spec

@@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.1.0
-Release:        3
+Release:        4
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://www.simplesystems.org/libtiff/
@@ -9,6 +9,8 @@ Source0:        https://download.osgeo.org/libtiff/tiff-%{version}.tar.gz
 Patch6000:      backport-CVE-2020-35521_CVE-2020-35522.patch
 Patch6001:      backport-CVE-2020-35523.patch
 Patch6002:      backport-CVE-2020-35524.patch
+Patch6003:	backport-CVE-2022-0561.patch
+Patch6004:	backport-CVE-2022-0562.patch
 
 BuildRequires:  gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel
 BuildRequires:  libtool automake autoconf pkgconfig git
@@ -115,6 +117,12 @@ find html -name 'Makefile*' | xargs rm
 %exclude %{_datadir}/html/man/tiffgt.1.html
 
 %changelog
+* Wed Feb 23 2022 liuyumeng <liuyumeng5@h-partners.com> -4.1.0-4
+- Type:cves
+- ID:CVE-2022-0561 CVE-2022-0562
+- SUG:NA
+- DESC: fix CVE-2022-0561 CVE-2022-0562
+
 * Mon Mar 22 2021 wangye <wangye70@huawei.com> - 4.1.0-3
 - Type:cves
 - ID:CVE-2020-35523 CVE-2020-35524