From a072af5141cca3e47d5ad9d53c9564db8b4f233c Mon Sep 17 00:00:00 2001 From: mgb01105731 Date: Thu, 4 Jan 2024 18:09:50 +0800 Subject: [PATCH] fix CVE-2023-6228 --- CVE-2023-6228.patch | 12 ++++++++++++ libtiff.spec | 6 +++++- 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 CVE-2023-6228.patch diff --git a/CVE-2023-6228.patch b/CVE-2023-6228.patch new file mode 100644 index 0000000..09f2592 --- /dev/null +++ b/CVE-2023-6228.patch @@ -0,0 +1,12 @@ +diff -Nurw tiff-4.5.1/tools/tiffcp.c tiff-4.5.1_new/tools/tiffcp.c +--- tiff-4.5.1/tools/tiffcp.c 2023-05-22 21:49:02.000000000 +0800 ++++ tiff-4.5.1_new/tools/tiffcp.c 2024-01-04 18:06:46.495692411 +0800 +@@ -850,6 +850,8 @@ + if (!TIFFIsCODECConfigured(compression)) + return FALSE; + TIFFGetFieldDefaulted(in, TIFFTAG_COMPRESSION, &input_compression); ++ if (!TIFFIsCODECConfigured(input_compression)) ++ return FALSE; + TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric); + if (input_compression == COMPRESSION_JPEG) + { diff --git a/libtiff.spec b/libtiff.spec index baff3c8..ab8c381 100644 --- a/libtiff.spec +++ b/libtiff.spec @@ -1,4 +1,4 @@ -%define anolis_release 4 +%define anolis_release 5 Summary: Library of functions for manipulating TIFF format image files Name: libtiff Version: 4.5.1 @@ -16,6 +16,7 @@ Patch0: Fix-CVE-2023-40745.patch Patch1: Fix-CVE-2023-41175.patch Patch2: Fix-CVE-2023-1916.patch Patch3: CVE-2023-6277.patch +Patch4: CVE-2023-6228.patch %description The libtiff package contains a library of functions for manipulating @@ -173,6 +174,9 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/ %{_mandir}/man1/tiffgt.1* %changelog +* Thu Jan 04 2024 mgb01105731 - 4.5.1-5 +- Fix CVE-2023-6228 + * Tue Nov 28 2023 Funda Wang - 4.5.1-4 - Fix CVE-2023-6277 -- Gitee