From 625960b341df4a0693bf9155498a75660f4edade Mon Sep 17 00:00:00 2001
From: zhangpan <zp1224248514@163.com>
Date: Wed, 24 May 2023 09:01:51 +0000
Subject: [PATCH] fix CVE-2023-2731

(cherry picked from commit a194ef6e717d1e13f7b283ecc3e5d63e2b9fa5bc)
---
 backport-CVE-2023-2731.patch | 37 ++++++++++++++++++++++++++++++++++++
 libtiff.spec                 |  6 +++++-
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2023-2731.patch

diff --git a/backport-CVE-2023-2731.patch b/backport-CVE-2023-2731.patch
new file mode 100644
index 0000000..012b4c1
--- /dev/null
+++ b/backport-CVE-2023-2731.patch
@@ -0,0 +1,37 @@
+From 9be22b639ea69e102d3847dca4c53ef025e9527b Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 29 Apr 2023 12:20:46 +0200
+Subject: [PATCH] LZWDecode(): avoid crash when trying to read again from a
+ strip whith a missing end-of-information marker (fixes #548)
+
+Reference:https://github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b
+Conflict:Adaptation Context
+---
+ libtiff/tif_lzw.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
+index 1f255d9..c0ef99c 100644
+--- a/libtiff/tif_lzw.c
++++ b/libtiff/tif_lzw.c
+@@ -404,6 +404,10 @@ LZWDecode(TIFF* tif, uint8_t* op0, tmsize_t occ0, uint16_t s)
+ 	assert(sp->dec_codetab != NULL);
+ 
+ 	if (sp->read_error) {
++		TIFFErrorExt(tif->tif_clientdata, module,
++                      "LZWDecode: Scanline %" PRIu32 " cannot be read due to "
++                      "previous error",
++                      tif->tif_row);
+ 		return 0;
+ 	}
+ 
+@@ -712,6 +716,7 @@ after_loop:
+ 	return (1);
+ 
+ no_eoi:
++    sp->read_error = 1;
+     TIFFErrorExt(tif->tif_clientdata, module,
+                     "LZWDecode: Strip %"PRIu32" not terminated with EOI code",
+                     tif->tif_curstrip);
+-- 
+2.33.0
diff --git a/libtiff.spec b/libtiff.spec
index 52e4883..73bced9 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.3.0
-Release:        24
+Release:        25
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://www.simplesystems.org/libtiff/
@@ -35,6 +35,7 @@ Patch6025:      backport-CVE-2022-48281.patch
 Patch6026:      backport-0001-CVE-2023-0795-0796-0797-0798-0799.patch
 Patch6027:      backport-0002-CVE-2023-0795-0796-0797-0798-0799.patch
 Patch6028:      backport-CVE-2023-0800-0801-0802-0803-0804.patch
+Patch6029:      backport-CVE-2023-2731.patch
 
 Patch9000:	fix-raw2tiff-floating-point-exception.patch
 
@@ -158,6 +159,9 @@ find html -name 'Makefile*' | xargs rm
 %exclude %{_datadir}/html/man/tiffgt.1.html
 
 %changelog
+* Wed May 24 2023 zhangpan <zhangpan103@h-partners.com> - 4.3.0-25
+- fix CVE-2023-2731
+
 * Mon Feb 20 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 4.3.0-24
 - modified backport-CVE-2022-48281.patch