[arch-commits] Commit in libtiff/trunk (PKGBUILD)
David Runge
dvzrv at gemini.archlinux.org
Mon Aug 15 17:12:51 UTC 2022
Date: Monday, August 15, 2022 @ 17:12:50
Author: dvzrv
Revision: 452826
upgpkg: libtiff 4.4.0-4: Rebuild to apply fix for CVE-2022-34526.
Apply upstream patch for CVE-2022-34526: https://bugs.archlinux.org/task/75608
Modified:
libtiff/trunk/PKGBUILD
----------+
PKGBUILD | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2022-08-15 17:12:35 UTC (rev 452825)
+++ PKGBUILD 2022-08-15 17:12:50 UTC (rev 452826)
@@ -3,7 +3,7 @@
pkgname=libtiff
pkgver=4.4.0
-pkgrel=3
+pkgrel=4
pkgdesc='Library for manipulation of TIFF images'
url='http://www.simplesystems.org/libtiff/'
arch=('x86_64')
@@ -17,13 +17,17 @@
https://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz{,.sig}
# fix CVE-2022-2056 / CVE-2022-2057 / CVE-2022-2058: https://bugs.archlinux.org/task/75360
$pkgname-4.4.0-fpe_tiffcrop.patch::https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab.patch
+ # fix CVE-2022-34526: https://bugs.archlinux.org/task/75608
+ $pkgname-4.4.0-CVE-2022-34526.patch::https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990.patch
)
sha256sums=('917223b37538959aca3b790d2d73aa6e626b688e02dcda272aec24c2f498abed'
'SKIP'
- '049875c6eddef8d0d653ad069fea7483f7b9b1dc2aad8780784301fb3e34b561')
+ '049875c6eddef8d0d653ad069fea7483f7b9b1dc2aad8780784301fb3e34b561'
+ '10220d1eecc00f830a1814c0b74388e68c4f0a38ec173038d6e5e8a6ad3cc97f')
b2sums=('1480aca5f9b3d4509229fb6c1b967bdeb2053c4100f21d486d9f4a375742249aa7f54d6b5ab27679075499c226a011bc65988e22c064b3986d89f2cf5b0200dc'
'SKIP'
- '2dc47541b05e6c674c3fa3f7109528d7001a494af937fc57f1862ce75dc467dd4acd6892de1bd017d182b1dcbb80242cffa27f0f3ebde3ed57ee13df5b733821')
+ '2dc47541b05e6c674c3fa3f7109528d7001a494af937fc57f1862ce75dc467dd4acd6892de1bd017d182b1dcbb80242cffa27f0f3ebde3ed57ee13df5b733821'
+ '13eaf64bd306cb1b26ac643d56d3cb9a115a0994efb2853020825a503e2dc948c7a672b05586f148b243173b45a915d2282523cf465e9d02e9b8415ed0bfcd22')
validpgpkeys=(
'EBDFDB21B020EE8FD151A88DE301047DE1198975' # Bob Friesenhahn <bfriesen at simple.dallas.tx.us>
'B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D' # Even Rouault <even.rouault at spatialys.com>
More information about the arch-commits
mailing list