From 57ff85b5bb0e4a2949d74d329347227ace80940e Mon Sep 17 00:00:00 2001
From: zhangpan <zp1224248514@163.com>
Date: Wed, 24 May 2023 09:15:38 +0000
Subject: [PATCH] fix CVE-2023-2731

(cherry picked from commit aa85be7853e1d0b2929d5eacfb055ce054c88468)
---
 backport-CVE-2023-2731.patch | 37 ++++++++++++++++++++++++++++++++++++
 libtiff.spec                 |  6 +++++-
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2023-2731.patch

diff --git a/backport-CVE-2023-2731.patch b/backport-CVE-2023-2731.patch
new file mode 100644
index 0000000..012b4c1
--- /dev/null
+++ b/backport-CVE-2023-2731.patch
@@ -0,0 +1,37 @@
+From 9be22b639ea69e102d3847dca4c53ef025e9527b Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 29 Apr 2023 12:20:46 +0200
+Subject: [PATCH] LZWDecode(): avoid crash when trying to read again from a
+ strip whith a missing end-of-information marker (fixes #548)
+
+Reference:https://github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b
+Conflict:Adaptation Context
+---
+ libtiff/tif_lzw.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
+index 1f255d9..c0ef99c 100644
+--- a/libtiff/tif_lzw.c
++++ b/libtiff/tif_lzw.c
+@@ -404,6 +404,10 @@ LZWDecode(TIFF* tif, uint8_t* op0, tmsize_t occ0, uint16_t s)
+ 	assert(sp->dec_codetab != NULL);
+ 
+ 	if (sp->read_error) {
++		TIFFErrorExt(tif->tif_clientdata, module,
++                      "LZWDecode: Scanline %" PRIu32 " cannot be read due to "
++                      "previous error",
++                      tif->tif_row);
+ 		return 0;
+ 	}
+ 
+@@ -712,6 +716,7 @@ after_loop:
+ 	return (1);
+ 
+ no_eoi:
++    sp->read_error = 1;
+     TIFFErrorExt(tif->tif_clientdata, module,
+                     "LZWDecode: Strip %"PRIu32" not terminated with EOI code",
+                     tif->tif_curstrip);
+-- 
+2.33.0
diff --git a/libtiff.spec b/libtiff.spec
index 8eb8830..dd4d3cb 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.3.0
-Release:        10
+Release:        11
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://www.simplesystems.org/libtiff/
@@ -35,6 +35,7 @@ Patch6025:      backport-CVE-2022-48281.patch
 Patch6026:      backport-0001-CVE-2023-0795-0796-0797-0798-0799.patch
 Patch6027:      backport-0002-CVE-2023-0795-0796-0797-0798-0799.patch
 Patch6028:      backport-CVE-2023-0800-0801-0802-0803-0804.patch
+Patch6029:      backport-CVE-2023-2731.patch
 
 Patch9000:	fix-raw2tiff-floating-point-exception.patch
 
@@ -137,6 +138,9 @@ find html -name 'Makefile*' | xargs rm
 %exclude %{_datadir}/html/man/tiffgt.1.html
 
 %changelog
+* Wed May 24 2023 zhangpan <zhangpan103@h-partners.com> - 4.3.0-11
+- fix CVE-2023-2731
+
 * Mon Feb 20 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 4.3.0-10
 - modified backport-CVE-2022-48281.patch