Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package tiff for openSUSE:Factory checked in
at 2025-09-10 17:29:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tiff (Old)
and /work/SRC/openSUSE:Factory/.tiff.new.1977 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tiff"
Wed Sep 10 17:29:36 2025 rev:105 rq:1303201 version:4.7.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/tiff/tiff.changes 2025-08-22
17:47:26.175077630 +0200
+++ /work/SRC/openSUSE:Factory/.tiff.new.1977/tiff.changes 2025-09-10
17:29:41.192132455 +0200
@@ -1,0 +2,8 @@
+Mon Sep 8 12:34:59 UTC 2025 - Michael Vetter <mvet...@suse.com>
+
+- security update:
+ * CVE-2025-8961 [bsc#1248117]
+ Fix segmentation fault via main function of tiffcrop utility
+ + tiff-CVE-2025-8961.patch
+
+-------------------------------------------------------------------
New:
----
tiff-CVE-2025-8961.patch
----------(New B)----------
New: Fix segmentation fault via main function of tiffcrop utility
+ tiff-CVE-2025-8961.patch
----------(New E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tiff.spec ++++++
--- /var/tmp/diff_new_pack.7AiJzQ/_old 2025-09-10 17:29:42.248176861 +0200
+++ /var/tmp/diff_new_pack.7AiJzQ/_new 2025-09-10 17:29:42.252177029 +0200
@@ -52,6 +52,7 @@
Patch5: tiff-CVE-2025-8534.patch
Patch6: tiff-CVE-2025-9165.patch
Patch7: tiff-CVE-2024-13978.patch
+Patch8: tiff-CVE-2025-8961.patch
%if %{with tiff_manpages}
BuildRequires: python3-Sphinx
%endif
++++++ tiff-CVE-2025-8961.patch ++++++
https://gitlab.com/libtiff/libtiff/-/merge_requests/753
Index: tiff-4.7.0/tools/tiffcrop.c
===================================================================
--- tiff-4.7.0.orig/tools/tiffcrop.c
+++ tiff-4.7.0/tools/tiffcrop.c
@@ -1072,6 +1072,7 @@ static int readContigTilesIntoBuffer(TIF
"Unable to extract row %" PRIu32
" from tile %" PRIu32,
row, TIFFCurrentTile(in));
+
_TIFFfree(tilebuf);
return 1;
}
break;
@@ -1086,6 +1087,7 @@ static int readContigTilesIntoBuffer(TIF
"Unable to extract row %" PRIu32
" from tile %" PRIu32,
row, TIFFCurrentTile(in));
+
_TIFFfree(tilebuf);
return 1;
}
break;
@@ -1098,6 +1100,7 @@ static int readContigTilesIntoBuffer(TIF
"Unable to extract row %" PRIu32
" from tile %" PRIu32,
row, TIFFCurrentTile(in));
+
_TIFFfree(tilebuf);
return 1;
}
break;
@@ -1110,6 +1113,7 @@ static int readContigTilesIntoBuffer(TIF
"Unable to extract row %" PRIu32
" from tile %" PRIu32,
row, TIFFCurrentTile(in));
+
_TIFFfree(tilebuf);
return 1;
}
break;
@@ -1124,12 +1128,14 @@ static int readContigTilesIntoBuffer(TIF
"Unable to extract row %" PRIu32
" from tile %" PRIu32,
row, TIFFCurrentTile(in));
+
_TIFFfree(tilebuf);
return 1;
}
break;
default:
TIFFError("readContigTilesIntoBuffer",
"Unsupported bit depth %" PRIu16, bps);
+ _TIFFfree(tilebuf);
return 1;
}
}
@@ -2901,7 +2907,7 @@ int main(int argc, char *argv[])
}
/* If we did not use the read buffer as the crop buffer */
- if (read_buff)
+ if (read_buff && read_buff != crop_buff)
_TIFFfree(read_buff);
if (crop_buff)
