.compat-libtiff3.metadata

@@ -0,0 +1 @@
+a4e32d55afbbcabd0391a9c89995e8e8a19961de SOURCES/tiff-3.9.4.tar.gz

.fmf/version

@@ -1 +0,0 @@
-1

.gitignore

@@ -1,2 +1 @@
 SOURCES/tiff-3.9.4.tar.gz
-/tiff-3.9.4.tar.gz

SPECS/compat-libtiff3.spec

@@ -1,7 +1,7 @@
 Summary: Compatibility package for libtiff 3
 Name: compat-libtiff3
 Version: 3.9.4
-Release: 14%{?dist}
+Release: 13%{?dist}
 
 License: libtiff
 Group: System Environment/Libraries
@@ -38,9 +38,6 @@ Patch31: libtiff-CVE-2013-4244.patch
 Patch32: libtiff-CVE-2013-4243.patch
 Patch33: libtiff-CVE-2018-7456.patch
 Patch34: libtiff-coverity.patch
-# from upstream, for <= 4.7.0, RHEL-112528
-# https://gitlab.com/libtiff/libtiff/-/merge_requests/732.patch
-Patch35: libtiff-3.9.4-CVE-2025-9900.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: zlib-devel libjpeg-devel
@@ -57,37 +54,36 @@ to use the current version of libtiff.
 %prep
 %setup -q -n tiff-%{version}
 
-%patch -P 1 -p1
+%patch1 -p1
-%patch -P 2 -p1
+%patch2 -p1
-%patch -P 3 -p1
+%patch3 -p1
-%patch -P 4 -p1
+%patch4 -p1
-%patch -P 5 -p1
+%patch5 -p1
-%patch -P 6 -p1
+%patch6 -p1
-%patch -P 7 -p1
+%patch7 -p1
-%patch -P 8 -p1
+%patch8 -p1
-%patch -P 9 -p1
+%patch9 -p1
-%patch -P 10 -p1
+%patch10 -p1
-%patch -P 11 -p1
+%patch11 -p1
-%patch -P 12 -p1
+%patch12 -p1
-%patch -P 13 -p1
+%patch13 -p1
-%patch -P 14 -p1
+%patch14 -p1
-%patch -P 15 -p1
+%patch15 -p1
-%patch -P 16 -p1
+%patch16 -p1
-%patch -P 17 -p1
+%patch17 -p1
-%patch -P 18 -p1
+%patch18 -p1
-%patch -P 19 -p1
+%patch19 -p1
-%patch -P 20 -p1
+%patch20 -p1
-%patch -P 21 -p1
+%patch21 -p1
-%patch -P 22 -p1
+%patch22 -p1
-%patch -P 27 -p1
+%patch27 -p1
-%patch -P 28 -p1
+%patch28 -p1
-%patch -P 29 -p1
+%patch29 -p1
-%patch -P 30 -p1
+%patch30 -p1
-%patch -P 31 -p1
+%patch31 -p1
-%patch -P 32 -p1
+%patch32 -p1
-%patch -P 33 -p1
+%patch33 -p1
-%patch -P 34 -p1
+%patch34 -p1
-%patch -P 35 -p1 -b .CVE-2025-9900
 
 # Use build system's libtool.m4, not the one in the package.
 rm -f libtool.m4
@@ -132,9 +128,6 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/libtiffxx.so.*
 
 %changelog
-* Thu Sep 25 2025 Michal Hlavinka <mhlavink@redhat.com> - 3.9.4-14
-- fix CVE-2025-9900: Write-What-Where via TIFFReadRGBAImageOriented (RHEL-112528)
-
 * Wed Jun 12 2019 Nikola Forró <nforro@redhat.com> - 3.9.4-13
 - Fix important Covscan defects
   related: #1687584

gating.yaml

@@ -1,6 +0,0 @@
---- !Policy
-product_versions:
-  - rhel-8
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

libtiff-3.9.4-CVE-2025-9900.patch

@@ -1,36 +0,0 @@
-diff -up tiff-3.9.4/libtiff/tif_getimage.c.CVE-2025-9900 tiff-3.9.4/libtiff/tif_getimage.c
---- tiff-3.9.4/libtiff/tif_getimage.c.CVE-2025-9900	2025-09-25 11:57:46.726133686 +0200
-+++ tiff-3.9.4/libtiff/tif_getimage.c	2025-09-25 12:03:23.139263767 +0200
-@@ -458,6 +458,22 @@ TIFFRGBAImageGet(TIFFRGBAImage* img, uin
- 		"No \"put\" routine setupl; probably can not handle image format");
- 		return (0);
-     }
-+    /* Verify raster width and height against image width and height. */
-+    if (h > img->height)
-+    {
-+        /* Adapt parameters to read only available lines and put image at
-+         * the bottom of the raster. */
-+		raster += (size_t)(h - img->height) * w;
-+		h = img->height;
-+    }
-+    if (w > img->width)
-+    {
-+        TIFFWarningExt(img->tif->tif_clientdata, TIFFFileName(img->tif),
-+                        "Raster width of %d shall not be larger than image "
-+                        "width of %d -> raster width adapted for reading",
-+                        w, img->width);
-+        w = img->width;
-+    }
-     return (*img->get)(img, raster, w, h);
- }
- 
-@@ -477,8 +493,7 @@ TIFFReadRGBAImageOriented(TIFF* tif,
- 	if (TIFFRGBAImageOK(tif, emsg) && TIFFRGBAImageBegin(&img, tif, stop, emsg)) {
- 		img.req_orientation = orientation;
- 		/* XXX verify rwidth and rheight against width and height */
--		ok = TIFFRGBAImageGet(&img, raster+(rheight-img.height)*rwidth,
--			rwidth, img.height);
-+		ok = TIFFRGBAImageGet(&img, raster, rwidth, rheight);
- 		TIFFRGBAImageEnd(&img);
- 	} else {
- 		TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "%s", emsg);

plans/tier1.fmf

@@ -1,39 +0,0 @@
----
-
-summary: Tier1 plan for compat-libtiff3
-
-discover:
-  how: fmf
-  url: https://pkgs.devel.redhat.com/git/tests/compat-libtiff3
-  ref: master
-  filter: tier:1
-
-prepare:
-  - how: shell
-    script: |
-      set -euxo pipefail
-
-      ENABLE_REPO_CMD="yum-config-manager --enable"
-      if command -v dnf >/dev/null 2>&1; then
-        ENABLE_REPO_CMD="dnf config-manager --set-enabled"
-      fi
-
-      ${ENABLE_REPO_CMD} beaker-tasks || :
-  - how: shell
-    script: |
-        set -exuo pipefail
-
-        if [[ -f /etc/os-release ]]; then
-          . /etc/os-release
-          if [[ "${ID:-}" == "rhel" && "${VERSION_ID%%.*}" -ge 8 ]]; then
-            dnf config-manager --enable rhel-CRB
-          fi
-        fi
-
-execute:
-  how: tmt
-
-adjust:
-    enabled: false
-    when: distro == centos-stream or distro == fedora
-

sources

@@ -1 +0,0 @@
-SHA512 (tiff-3.9.4.tar.gz) = 928502edaf67a6565b0cc451d5105e4de17978f35aed6b95d21765c2a47102560ca38cd2f91f475e1073141172a0aa616e17000e78e14eb79a8ef9ba4a55b756