1 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-6228.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-6228.patch
new file mode 100644
index 0000000000..a777dea9b0
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-6228.patch
@@ -0,0 +1,30 @@
+From 1e7d217a323eac701b134afc4ae39b6bdfdbc96a Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Sat, 9 Sep 2023 15:45:47 +0200
+Subject: [PATCH] Check also if codec of input image is available,
+ independently from codec check of output image and return with error if not.
+ Fixes #606.
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/1e7d217a323eac701b134afc4ae39b6bdfdbc96a]
+CVE: CVE-2023-6228
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ tools/tiffcp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 007bd05..d2f7b66 100644
+--- a/tools/tiffcp.c
+++ b/tools/tiffcp.c
+@@ -628,6 +628,8 @@ tiffcp(TIFF* in, TIFF* out)
+        else
+                CopyField(TIFFTAG_COMPRESSION, compression);
+        TIFFGetFieldDefaulted(in, TIFFTAG_COMPRESSION, &input_compression);
+       if (!TIFFIsCODECConfigured(input_compression))
+           return FALSE;
+        TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric);
+        if (input_compression == COMPRESSION_JPEG) {
+                /* Force conversion to RGB */
+-- 
+2.25.1

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-6228.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-6228.patch new file mode 100644 index 0000000000..a777dea9b0 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-6228.patch
@@ -0,0 +1,30 @@
	1	From 1e7d217a323eac701b134afc4ae39b6bdfdbc96a Mon Sep 17 00:00:00 2001
	2	From: Su_Laus <sulau@freenet.de>
	3	Date: Sat, 9 Sep 2023 15:45:47 +0200
	4	Subject: [PATCH] Check also if codec of input image is available,
	5	independently from codec check of output image and return with error if not.
	6	Fixes #606.
	7
	8	Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/1e7d217a323eac701b134afc4ae39b6bdfdbc96a]
	9	CVE: CVE-2023-6228
	10	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
	11	---
	12	tools/tiffcp.c \| 2 ++
	13	1 file changed, 2 insertions(+)
	14
	15	diff --git a/tools/tiffcp.c b/tools/tiffcp.c
	16	index 007bd05..d2f7b66 100644
	17	--- a/tools/tiffcp.c
	18	+++ b/tools/tiffcp.c
	19	@@ -628,6 +628,8 @@ tiffcp(TIFF* in, TIFF* out)
	20	else
	21	CopyField(TIFFTAG_COMPRESSION, compression);
	22	TIFFGetFieldDefaulted(in, TIFFTAG_COMPRESSION, &input_compression);
	23	+ if (!TIFFIsCODECConfigured(input_compression))
	24	+ return FALSE;
	25	TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric);
	26	if (input_compression == COMPRESSION_JPEG) {
	27	/* Force conversion to RGB */
	28	--
	29	2.25.1
	30