Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tiff for openSUSE:Factory checked in at 2026-04-28 14:29:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tiff (Old) and /work/SRC/openSUSE:Factory/.tiff.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tiff" Tue Apr 28 14:29:42 2026 rev:110 rq:1349534 version:4.7.1 Changes: -------- --- /work/SRC/openSUSE:Factory/tiff/tiff.changes 2026-02-06 19:06:30.174395433 +0100 +++ /work/SRC/openSUSE:Factory/.tiff.new.11940/tiff.changes 2026-04-28 14:30:34.666988105 +0200 @@ -1,0 +2,6 @@ +Mon Apr 27 08:58:56 UTC 2026 - Michael Vetter <[email protected]> + +- * CVE-2026-4775: Signed integer overflow in putcontig8bitYCbCr44tile (bsc#1260411) + Add tiff-CVE-2026-4775.patch + +------------------------------------------------------------------- New: ---- tiff-CVE-2026-4775.patch ----------(New B)---------- New:- * CVE-2026-4775: Signed integer overflow in putcontig8bitYCbCr44tile (bsc#1260411) Add tiff-CVE-2026-4775.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tiff.spec ++++++ --- /var/tmp/diff_new_pack.Xhomvg/_old 2026-04-28 14:30:35.595025542 +0200 +++ /var/tmp/diff_new_pack.Xhomvg/_new 2026-04-28 14:30:35.599025703 +0200 @@ -44,6 +44,7 @@ Source3: baselibs.conf Source99: tiff.keyring Patch0: tiff-4.0.3-seek.patch +Patch1: tiff-CVE-2026-4775.patch %if %{with tiff_manpages} BuildRequires: python3-Sphinx %endif ++++++ tiff-CVE-2026-4775.patch ++++++ https://gitlab.com/libtiff/libtiff/-/commit/782a11d6b5b61c6dc21e714950a4af5bf89f023c Index: tiff-4.7.1/libtiff/tif_getimage.c =================================================================== --- tiff-4.7.1.orig/libtiff/tif_getimage.c +++ tiff-4.7.1/libtiff/tif_getimage.c @@ -2216,7 +2216,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr4 uint32_t *cp1 = cp + w + toskew; uint32_t *cp2 = cp1 + w + toskew; uint32_t *cp3 = cp2 + w + toskew; - int32_t incr = 3 * w + 4 * toskew; + const tmsize_t incr = 3 * (tmsize_t)w + 4 * (tmsize_t)toskew; (void)y; /* adjust fromskew */ @@ -2356,7 +2356,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr4 DECLAREContigPutFunc(putcontig8bitYCbCr42tile) { uint32_t *cp1 = cp + w + toskew; - int32_t incr = 2 * toskew + w; + const tmsize_t incr = 2 * (tmsize_t)toskew + w; (void)y; fromskew = (fromskew / 4) * (4 * 2 + 2); @@ -2512,7 +2512,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr4 DECLAREContigPutFunc(putcontig8bitYCbCr22tile) { uint32_t *cp2; - int32_t incr = 2 * toskew + w; + const tmsize_t incr = 2 * (tmsize_t)toskew + w; (void)y; fromskew = (fromskew / 2) * (2 * 2 + 2); cp2 = cp + w + toskew; @@ -2615,7 +2615,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr2 DECLAREContigPutFunc(putcontig8bitYCbCr12tile) { uint32_t *cp2; - int32_t incr = 2 * toskew + w; + const tmsize_t incr = 2 * (tmsize_t)toskew + w; (void)y; fromskew = (fromskew / 1) * (1 * 2 + 2); cp2 = cp + w + toskew;
