From 930d926f26b3e04fdde7fbcdae921aa0f4d80c68 Mon Sep 17 00:00:00 2001
From: liningjie <liningjie@xfusion.com>
Date: Tue, 21 Nov 2023 16:33:25 +0800
Subject: [PATCH] fix CVE-2023-6228

(cherry picked from commit 680716ea2c39399e269e593191434a74fde9bfe2)
---
 backport-CVE-2023-6228.patch | 27 +++++++++++++++++++++++++++
 libtiff.spec                 |  6 +++++-
 2 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2023-6228.patch

diff --git a/backport-CVE-2023-6228.patch b/backport-CVE-2023-6228.patch
new file mode 100644
index 0000000..cb8f2f1
--- /dev/null
+++ b/backport-CVE-2023-6228.patch
@@ -0,0 +1,27 @@
+From a239f91e7146d35082ffb594c1d6a279020cc8b4 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Tue, 21 Nov 2023 16:58:05 +0800
+Subject: [PATCH] Check also if codec of input image is available,
+ independently from codec check of output image and return with error if not.
+ Fixes #606.
+
+---
+ tools/tiffcp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 7120837..5b2e879 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -724,6 +724,8 @@ tiffcp(TIFF* in, TIFF* out)
+ 	else
+ 		CopyField(TIFFTAG_COMPRESSION, compression);
+ 	TIFFGetFieldDefaulted(in, TIFFTAG_COMPRESSION, &input_compression);
++    if (!TIFFIsCODECConfigured(input_compression))
++        return FALSE;
+ 	TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric);
+ 	if (input_compression == COMPRESSION_JPEG) {
+ 		/* Force conversion to RGB */
+-- 
+2.27.0
+
diff --git a/libtiff.spec b/libtiff.spec
index f574817..e7f9d91 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.3.0
-Release:        33
+Release:        34
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://www.simplesystems.org/libtiff/
@@ -47,6 +47,7 @@ Patch6037:      backport-CVE-2023-38289.patch
 Patch6038:      backport-CVE-2023-3618.patch
 Patch6039:      backport-CVE-2022-40090.patch
 Patch6040:      backport-CVE-2022-34526.patch
+Patch6041:      backport-CVE-2023-6228.patch
 
 Patch9000:	fix-raw2tiff-floating-point-exception.patch
 
@@ -170,6 +171,9 @@ find html -name 'Makefile*' | xargs rm
 %exclude %{_datadir}/html/man/tiffgt.1.html
 
 %changelog
+* Tue Nov 21 2023 liningjie <liningjie@xfusion.com> - 4.3.0-34
+- fix CVE-2023-6228
+
 * Thu Sep 07 2023 zhangpan <zhangpan103@h-partners.com> - 4.3.0-33
 - fix CVE-2022-34526