From dce98561859505c16a6930a926df797d5722991e Mon Sep 17 00:00:00 2001
From: liningjie <liningjie@xfusion.com>
Date: Tue, 21 Nov 2023 16:42:03 +0800
Subject: [PATCH] fix CVE-2023-6228

---
 backport-CVE-2023-6228.patch | 27 +++++++++++++++++++++++++++
 libtiff.spec                 |  6 +++++-
 2 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2023-6228.patch

diff --git a/backport-CVE-2023-6228.patch b/backport-CVE-2023-6228.patch
new file mode 100644
index 0000000..2efcaae
--- /dev/null
+++ b/backport-CVE-2023-6228.patch
@@ -0,0 +1,27 @@
+From 1e7d217a323eac701b134afc4ae39b6bdfdbc96a Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Sat, 9 Sep 2023 15:45:47 +0200
+Subject: [PATCH] Check also if codec of input image is available,
+ independently from codec check of output image and return with error if not.
+ Fixes #606.
+
+---
+ tools/tiffcp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index aff06260..2628bdbb 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -846,6 +846,8 @@ static int tiffcp(TIFF *in, TIFF *out)
+     if (!TIFFIsCODECConfigured(compression))
+         return FALSE;
+     TIFFGetFieldDefaulted(in, TIFFTAG_COMPRESSION, &input_compression);
++    if (!TIFFIsCODECConfigured(input_compression))
++        return FALSE;
+     TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric);
+     if (input_compression == COMPRESSION_JPEG)
+     {
+-- 
+GitLab
+
diff --git a/libtiff.spec b/libtiff.spec
index 6dc3d27..5b8f978 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.5.1
-Release:        1
+Release:        2
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://www.simplesystems.org/libtiff/
@@ -8,6 +8,7 @@ Source0:        https://download.osgeo.org/libtiff/tiff-%{version}.tar.gz
 
 Patch6000:      backport-CVE-2023-38288.patch
 Patch6001:      backport-CVE-2023-38289.patch
+Patch6002:      backport-CVE-2023-6228.patch
 
 BuildRequires:  gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel
 BuildRequires:  libtool automake autoconf pkgconfig
@@ -127,6 +128,9 @@ find doc -name 'Makefile*' | xargs rm
 %exclude %{_mandir}/man1/*
 
 %changelog
+* Tue Nov 21 2023 liningjie <liningjie@xfusion.com> - 4.5.1-2
+- fix CVE-2023-6228
+
 * Mon Jul 24 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 4.5.1-1
 - update 4.5.1