!180 [sync] PR-177: fix CVE-2023-3576

From: @openeuler-sync-bot 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng

backport-CVE-2023-3576.patch

@@ -0,0 +1,34 @@
+From 881a070194783561fd209b7c789a4e75566f7f37 Mon Sep 17 00:00:00 2001
+From: zhailiangliang <zhailiangliang@loongson.cn>
+Date: Tue, 7 Mar 2023 15:02:08 +0800
+Subject: [PATCH] Fix memory leak in tiffcrop.c
+
+Reference:https://gitlab.com/libtiff/libtiff/-/merge_requests/475/diffs
+Conflict:Adaptation Context
+
+---
+ tools/tiffcrop.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index e2f8b83..39156b5 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -7917,8 +7917,13 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ 
+   read_buff = *read_buff_ptr;
+ 
++  /* Memory is freed before crop_buff_ptr is overwritten */
++  if (*crop_buff_ptr != NULL)
++  {
++    _TIFFfree(*crop_buff_ptr);
++  }
++
+   /* process full image, no crop buffer needed */
+-  crop_buff = read_buff;
+   *crop_buff_ptr = read_buff;
+   crop->combined_width = image->width;
+   crop->combined_length = image->length;
+-- 
+2.27.0
+

libtiff.spec

@@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.3.0
-Release:        28
+Release:        29
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://www.simplesystems.org/libtiff/
@@ -41,6 +41,7 @@ Patch6031:      backport-CVE-2023-3316.patch
 Patch6032:      backport-CVE-2023-25433.patch
 Patch6033:      backport-CVE-2023-26966.patch
 Patch6034:      backport-CVE-2023-2908.patch
+Patch6035:      backport-CVE-2023-3576.patch
 
 Patch9000:	fix-raw2tiff-floating-point-exception.patch
 
@@ -164,6 +165,9 @@ find html -name 'Makefile*' | xargs rm
 %exclude %{_datadir}/html/man/tiffgt.1.html
 
 %changelog
+* Thu Jul 13 2023 zhangpan <zhangpan103@h-partners.com> - 4.3.0-29
+- fix CVE-2023-3576
+
 * Tue Jul 04 2023 zhangpan <zhangpan103@h-partners.com> - 4.3.0-28
 - fix CVE-2023-25433 CVE-2023-26966 CVE-2023-2908