[arch-commits] Commit in libtiff/trunk (5 files)
David Runge
dvzrv at gemini.archlinux.org
Fri Jul 29 12:04:09 UTC 2022
Date: Friday, July 29, 2022 @ 12:04:09
Author: dvzrv
Revision: 451738
upgpkg: libtiff 4.4.0-2: Rebuild to apply upstream patch for vulnerabilities.
Apply upstream fix for CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058: https://bugs.archlinux.org/task/75360
Added:
libtiff/trunk/keys/
libtiff/trunk/keys/pgp/
libtiff/trunk/keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc
libtiff/trunk/keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc
Modified:
libtiff/trunk/PKGBUILD
-------------------------------------------------------+
PKGBUILD | 16 +++++++++++-----
keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc | 1 +
keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc | 1 +
3 files changed, 13 insertions(+), 5 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2022-07-29 08:58:44 UTC (rev 451737)
+++ PKGBUILD 2022-07-29 12:04:09 UTC (rev 451738)
@@ -3,20 +3,26 @@
pkgname=libtiff
pkgver=4.4.0
-pkgrel=1
+pkgrel=2
pkgdesc='Library for manipulation of TIFF images'
url='http://www.simplesystems.org/libtiff/'
arch=('x86_64')
license=('custom')
-depends=('glibc' 'libjpeg' 'libjpeg.so' 'zlib' 'xz' 'zstd')
+depends=('glibc' 'libjpeg-turbo' 'libjpeg.so' 'zlib' 'xz' 'zstd')
makedepends=('freeglut' 'glu' 'mesa' 'jbigkit')
optdepends=('freeglut: for using tiffgt')
provides=('libtiff.so' 'libtiffxx.so')
-source=(https://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz{,.sig})
+source=(
+ https://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz{,.sig}
+ # fix CVE-2022-2056 / CVE-2022-2057 / CVE-2022-2058: https://bugs.archlinux.org/task/75360
+ $pkgname-4.4.0-fpe_tiffcrop.patch::https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab.patch
+)
sha256sums=('917223b37538959aca3b790d2d73aa6e626b688e02dcda272aec24c2f498abed'
- 'SKIP')
+ 'SKIP'
+ '049875c6eddef8d0d653ad069fea7483f7b9b1dc2aad8780784301fb3e34b561')
b2sums=('1480aca5f9b3d4509229fb6c1b967bdeb2053c4100f21d486d9f4a375742249aa7f54d6b5ab27679075499c226a011bc65988e22c064b3986d89f2cf5b0200dc'
- 'SKIP')
+ 'SKIP'
+ '2dc47541b05e6c674c3fa3f7109528d7001a494af937fc57f1862ce75dc467dd4acd6892de1bd017d182b1dcbb80242cffa27f0f3ebde3ed57ee13df5b733821')
validpgpkeys=(
'EBDFDB21B020EE8FD151A88DE301047DE1198975' # Bob Friesenhahn <bfriesen at simple.dallas.tx.us>
'B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D' # Even Rouault <even.rouault at spatialys.com>
Added: keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc
===================================================================
(Binary files differ)
Index: libtiff/trunk/keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc
===================================================================
--- keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc 2022-07-29 08:58:44 UTC (rev 451737)
+++ keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc 2022-07-29 12:04:09 UTC (rev 451738)
Property changes on: libtiff/trunk/keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/pgp-keys
\ No newline at end of property
Added: keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc
===================================================================
(Binary files differ)
Index: libtiff/trunk/keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc
===================================================================
--- keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc 2022-07-29 08:58:44 UTC (rev 451737)
+++ keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc 2022-07-29 12:04:09 UTC (rev 451738)
Property changes on: libtiff/trunk/keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/pgp-keys
\ No newline at end of property
More information about the arch-commits
mailing list