import UBI libtiff-4.6.0-8.el10_2.1

2026-05-19 19:35:05 -04:00 · 2026-05-19 19:35:05 -04:00 · fe9f458bdb
commit fe9f458bdb
parent 9ac8ac46f6
2 changed files with 13 additions and 13 deletions
--- a/libtiff-4.6.0-cve-2025-9900.patch
+++ b/libtiff-4.6.0-cve-2025-9900.patch
--- a/libtiff.spec
+++ b/libtiff.spec
@ -1,7 +1,7 @@
 Summary:       Library of functions for manipulating TIFF format image files
 Name:          libtiff
 Version:       4.6.0
-Release:       6%{?dist}.3
+Release:       8%{?dist}.1
 License:       libtiff
 URL:           http://www.simplesystems.org/libtiff/

@ -12,12 +12,13 @@ Patch0:        libtiff-am-version.patch
 # from upstream, for <=4.6.0, RHEL-52926
 # https://gitlab.com/libtiff/libtiff/-/commit/3705f82b6483c7906cf08cd6b9dcdcd59c61d779
 Patch1:        libtiff-4.6.0-CVE-2024-7006.patch
-# Resolves: RHEL-112524
-Patch2:        RHEL-112524.patch
-# from upstream, for <=4.6.0, RHEL-148254
+# from upstream, for < 4.7.1, RHEL-112523
+# https://gitlab.com/libtiff/libtiff/-/merge_requests/732.diff
+Patch2:        libtiff-4.6.0-cve-2025-9900.patch
+# from upstream, for <=4.6.0, RHEL-148253
 # https://gitlab.com/libtiff/libtiff/-/merge_requests/546.patch
 Patch3:        libtiff-4.6.0-CVE-2023-52356.patch
-# from upstream, for <= 4.7.1, RHEL-159309
+# from upstream, for <= 4.7.1, RHEL-159310
 # https://gitlab.com/libtiff/libtiff/-/commit/782a11d6b5b61c6dc21e714950a4af5bf89f023c
 Patch4:        libtiff-4.6.0-CVE-2026-4775.patch

@ -72,7 +73,7 @@ image files using the libtiff library.

 %patch -P 0 -p1 -b .backup
 %patch -P 1 -p1 -b .CVE-2024-7006
-%patch -P 2 -p1 -b .RHEL-112524
+%patch -P 2 -p1 -b .cve-2025-9900
 %patch -P 3 -p1 -b .CVE-2023-52356
 %patch -P 4 -p1 -b .CVE-2026-4775

@ -173,15 +174,14 @@ LD_LIBRARY_PATH=$PWD:$LD_LIBRARY_PATH make check
 %{_mandir}/man1/*

 %changelog
-* Mon Apr 20 2026 Michal Hlavinka <mhlavink@redhat.com> - 4.6.0-6.3
- fix CVE-2026-4775: signed integer overflow in putcontig8bitYCbCr44tile (RHEL-159309)
+* Mon May 11 2026 Michal Hlavinka <mhlavink@redhat.com> - 4.6.0-8.1
+- fix CVE-2026-4775: signed integer overflow in putcontig8bitYCbCr44tile (RHEL-159310)

-* Wed Mar 11 2026 Michal Hlavinka <mhlavink@redhat.com> - 4.6.0-6.2
- fix CVE-2023-52356: libtiff could crash in TIFFReadRGBATileExt when parsing crafted tiff file (RHEL-148254)
+* Fri Feb 20 2026 Michal Hlavinka <mhlavink@redhat.com> - 4.6.0-8
+- fix CVE-2023-52356: libtiff could crash in TIFFReadRGBATileExt when parsing crafted tiff file (RHEL-148253)

-* Wed Oct 08 2025 RHEL Packaging Agent <jotnar@redhat.com> - 4.6.0-6.1
- Fix buffer underflow in TIFFReadRGBAImageOriented().
- Resolves: RHEL-112524
+* Thu Jan 15 2026 Michal Hlavinka <mhlavink@redhat.com> - 4.6.0-7
+- fix CVE-2025-9900: Out-of-Bounds Write in TIFFReadRGBAImageOriented (RHEL-112523)

 * Mon Mar 31 2025 Michal Hlavinka <mhlavink@redhat.com> - 4.6.0-6
 - drop unused compat libtiff.so.5 (RHEL-85372)