import CS git mingw-libtiff-4.0.9-4.el8_10

2026-05-07 17:14:59 -04:00 · 2026-05-07 17:14:59 -04:00 · 8627709ff7
commit 8627709ff7
parent aec1c1d0dd
2 changed files with 45 additions and 1 deletions
--- a/SOURCES/libtiff-4.4.0-CVE-2026-4775.patch
+++ b/SOURCES/libtiff-4.4.0-CVE-2026-4775.patch
@ -0,0 +1,39 @@
+diff -up tiff-4.0.9/libtiff/tif_getimage.c.CVE-2026-4775 tiff-4.0.9/libtiff/tif_getimage.c
+--- tiff-4.0.9/libtiff/tif_getimage.c.CVE-2026-4775	2026-04-20 14:46:44.329742232 +0200
+++ tiff-4.0.9/libtiff/tif_getimage.c	2026-04-20 14:46:44.337742095 +0200
+@@ -1900,7 +1900,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr4
+     uint32* cp1 = cp+w+toskew;
+     uint32* cp2 = cp1+w+toskew;
+     uint32* cp3 = cp2+w+toskew;
+-    int32 incr = 3*w+4*toskew;
+	const tmsize_t incr = 3 * (tmsize_t)w + 4 * (tmsize_t)toskew;
+ 
+     (void) y;
+     /* adjust fromskew */
+@@ -2004,7 +2004,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr4
+ DECLAREContigPutFunc(putcontig8bitYCbCr42tile)
+ {
+     uint32* cp1 = cp+w+toskew;
+-    int32 incr = 2*toskew+w;
+    const tmsize_t incr = 2 * (tmsize_t)toskew + w;
+ 
+     (void) y;
+     fromskew = (fromskew / 4) * (4*2+2);
+@@ -2130,7 +2130,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr4
+ DECLAREContigPutFunc(putcontig8bitYCbCr22tile)
+ {
+ 	uint32* cp2;
+-	int32 incr = 2*toskew+w;
+	const tmsize_t incr = 2 * (tmsize_t)toskew + w;
+ 	(void) y;
+ 	fromskew = (fromskew / 2) * (2*2+2);
+ 	cp2 = cp+w+toskew;
+@@ -2225,7 +2225,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr2
+ DECLAREContigPutFunc(putcontig8bitYCbCr12tile)
+ {
+ 	uint32* cp2;
+-	int32 incr = 2*toskew+w;
+	const tmsize_t incr = 2 * (tmsize_t)toskew + w;
+ 	(void) y;
+ 	fromskew = (fromskew / 1) * (1 * 2 + 2);
+ 	cp2 = cp+w+toskew;
--- a/SPECS/mingw-libtiff.spec
+++ b/SPECS/mingw-libtiff.spec
@ -3,7 +3,7 @@
 Summary:        MinGW Windows port of the LibTIFF library
 Name:           mingw-libtiff
 Version:        4.0.9
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        libtiff
 Group:          System Environment/Libraries
 URL:            http://www.simplesystems.org/libtiff/
@ -56,6 +56,7 @@ Patch44:       libtiff-4.6.0-CVE-2024-7006.patch
 Patch45:       libtiff-4.0.9-CVE-2017-17095.patch
 Patch46:       RHEL-112533.patch
 Patch47:       RHEL-120230.patch
+Patch48:       libtiff-4.4.0-CVE-2026-4775.patch

 BuildArch:      noarch
 ExclusiveArch:  %{ix86} x86_64
@ -199,6 +200,10 @@ find $RPM_BUILD_ROOT -name "*.la" -delete


 %changelog
+* Thu Apr 23 2026 Uri Lublin <uril@redhat.com> - 4.0.9-4
+- fix CVE-2026-4775: signed integer overflow in putcontig8bitYCbCr44tile
+  Resolves: RHEL-159337
+
 * Tue Nov 04 2025 Lili Zhu <lizhu@redhat.com> - 4.0.9-3
 - Fix CVE-2018-5784 CVE-2018-7456 CVE-2017-9935 CVE-2017-9935
 - Fix CVE-2017-18013 CVE-2018-8905 CVE-2018-10963 CVE-2018-17100