From fe9f458bdbe97532608ede896763e02cde5d1f19 Mon Sep 17 00:00:00 2001
From: AlmaLinux RelEng Bot <eabdullin@almalinux.org>
Date: Tue, 19 May 2026 19:35:05 -0400
Subject: [PATCH] import UBI libtiff-4.6.0-8.el10_2.1

---
 ...patch => libtiff-4.6.0-cve-2025-9900.patch |  0
 libtiff.spec                                  | 26 +++++++++----------
 2 files changed, 13 insertions(+), 13 deletions(-)
 rename RHEL-112524.patch => libtiff-4.6.0-cve-2025-9900.patch (100%)

diff --git a/RHEL-112524.patch b/libtiff-4.6.0-cve-2025-9900.patch
similarity index 100%
rename from RHEL-112524.patch
rename to libtiff-4.6.0-cve-2025-9900.patch
diff --git a/libtiff.spec b/libtiff.spec
index 55996dd..40e58f8 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,7 +1,7 @@
 Summary:       Library of functions for manipulating TIFF format image files
 Name:          libtiff
 Version:       4.6.0
-Release:       6%{?dist}.3
+Release:       8%{?dist}.1
 License:       libtiff
 URL:           http://www.simplesystems.org/libtiff/
 
@@ -12,12 +12,13 @@ Patch0:        libtiff-am-version.patch
 # from upstream, for <=4.6.0, RHEL-52926
 # https://gitlab.com/libtiff/libtiff/-/commit/3705f82b6483c7906cf08cd6b9dcdcd59c61d779
 Patch1:        libtiff-4.6.0-CVE-2024-7006.patch
-# Resolves: RHEL-112524
-Patch2:        RHEL-112524.patch
-# from upstream, for <=4.6.0, RHEL-148254
+# from upstream, for < 4.7.1, RHEL-112523
+# https://gitlab.com/libtiff/libtiff/-/merge_requests/732.diff
+Patch2:        libtiff-4.6.0-cve-2025-9900.patch
+# from upstream, for <=4.6.0, RHEL-148253
 # https://gitlab.com/libtiff/libtiff/-/merge_requests/546.patch
 Patch3:        libtiff-4.6.0-CVE-2023-52356.patch
-# from upstream, for <= 4.7.1, RHEL-159309
+# from upstream, for <= 4.7.1, RHEL-159310
 # https://gitlab.com/libtiff/libtiff/-/commit/782a11d6b5b61c6dc21e714950a4af5bf89f023c
 Patch4:        libtiff-4.6.0-CVE-2026-4775.patch
 
@@ -72,7 +73,7 @@ image files using the libtiff library.
 
 %patch -P 0 -p1 -b .backup
 %patch -P 1 -p1 -b .CVE-2024-7006
-%patch -P 2 -p1 -b .RHEL-112524
+%patch -P 2 -p1 -b .cve-2025-9900
 %patch -P 3 -p1 -b .CVE-2023-52356
 %patch -P 4 -p1 -b .CVE-2026-4775
 
@@ -173,15 +174,14 @@ LD_LIBRARY_PATH=$PWD:$LD_LIBRARY_PATH make check
 %{_mandir}/man1/*
 
 %changelog
-* Mon Apr 20 2026 Michal Hlavinka <mhlavink@redhat.com> - 4.6.0-6.3
-- fix CVE-2026-4775: signed integer overflow in putcontig8bitYCbCr44tile (RHEL-159309)
+* Mon May 11 2026 Michal Hlavinka <mhlavink@redhat.com> - 4.6.0-8.1
+- fix CVE-2026-4775: signed integer overflow in putcontig8bitYCbCr44tile (RHEL-159310)
 
-* Wed Mar 11 2026 Michal Hlavinka <mhlavink@redhat.com> - 4.6.0-6.2
-- fix CVE-2023-52356: libtiff could crash in TIFFReadRGBATileExt when parsing crafted tiff file (RHEL-148254)
+* Fri Feb 20 2026 Michal Hlavinka <mhlavink@redhat.com> - 4.6.0-8
+- fix CVE-2023-52356: libtiff could crash in TIFFReadRGBATileExt when parsing crafted tiff file (RHEL-148253)
 
-* Wed Oct 08 2025 RHEL Packaging Agent <jotnar@redhat.com> - 4.6.0-6.1
-- Fix buffer underflow in TIFFReadRGBAImageOriented().
-- Resolves: RHEL-112524
+* Thu Jan 15 2026 Michal Hlavinka <mhlavink@redhat.com> - 4.6.0-7
+- fix CVE-2025-9900: Out-of-Bounds Write in TIFFReadRGBAImageOriented (RHEL-112523)
 
 * Mon Mar 31 2025 Michal Hlavinka <mhlavink@redhat.com> - 4.6.0-6
 - drop unused compat libtiff.so.5 (RHEL-85372)