From 8d2bbd40ebfdfe3065a10f69f81dc0e63bddb6a7 Mon Sep 17 00:00:00 2001
From: yangcheng1203 <yangcheng1203@163.com>
Date: Tue, 29 Mar 2022 15:56:57 +0800
Subject: [PATCH] fix CVE-2022-0865

---
 backport-CVE-2022-0865.patch | 34 ++++++++++++++++++++++++++++++++++
 libtiff.spec                 |  6 +++++-
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2022-0865.patch

diff --git a/backport-CVE-2022-0865.patch b/backport-CVE-2022-0865.patch
new file mode 100644
index 0000000..a95a071
--- /dev/null
+++ b/backport-CVE-2022-0865.patch
@@ -0,0 +1,34 @@
+From a1c933dabd0e1c54a412f3f84ae0aa58115c6067 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Thu, 24 Feb 2022 22:26:02 +0100
+Subject: [PATCH] tif_jbig.c: fix crash when reading a file with multiple IFD
+ in memory-mapped mode and when bit reversal is needed (fixes #385)
+
+---
+ libtiff/tif_jbig.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/libtiff/tif_jbig.c b/libtiff/tif_jbig.c
+index 7408633..8bfa4ce 100644
+--- a/libtiff/tif_jbig.c
++++ b/libtiff/tif_jbig.c
+@@ -209,6 +209,16 @@ int TIFFInitJBIG(TIFF* tif, int scheme)
+ 	 */
+ 	tif->tif_flags |= TIFF_NOBITREV;
+ 	tif->tif_flags &= ~TIFF_MAPPED;
++	/* We may have read from a previous IFD and thus set TIFF_BUFFERMMAP and
++	 * cleared TIFF_MYBUFFER. It is necessary to restore them to their initial
++	 * value to be consistent with the state of a non-memory mapped file.
++	 */
++	if (tif->tif_flags&TIFF_BUFFERMMAP) {
++		tif->tif_rawdata = NULL;
++		tif->tif_rawdatasize = 0;
++		tif->tif_flags &= ~TIFF_BUFFERMMAP;
++		tif->tif_flags |= TIFF_MYBUFFER;
++	}
+ 
+ 	/* Setup the function pointers for encode, decode, and cleanup. */
+ 	tif->tif_setupdecode = JBIGSetupDecode;
+-- 
+2.35.1
+
diff --git a/libtiff.spec b/libtiff.spec
index 88ba576..e417da9 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.3.0
-Release:        7
+Release:        8
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://www.simplesystems.org/libtiff/
@@ -14,6 +14,7 @@ Patch6004:	backport-0003-CVE-2022-22844.patch
 Patch6005:	backport-CVE-2022-0891.patch
 Patch6006:      backport-CVE-2022-0907.patch
 Patch6007:      backport-CVE-2022-0908.patch
+Patch6008:      backport-CVE-2022-0865.patch
 
 BuildRequires:  gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel
 BuildRequires:  libtool automake autoconf pkgconfig 
@@ -134,6 +135,9 @@ find html -name 'Makefile*' | xargs rm
 %exclude %{_datadir}/html/man/tiffgt.1.html
 
 %changelog
+* Tue Mar 29 2022 yangcheng <yangcheng87@h-partners.com> - 4.3.0-8
+- fix CVE-2022-0865
+
 * Mon Mar 28 2022 yangcheng <yangcheng87@h-partners.com> - 4.3.0-7
 - fix CVE-2022-0907