[arch-commits] Commit in lib32-libtiff/trunk (5 files)
David Runge
dvzrv at gemini.archlinux.org
Fri Jul 29 12:19:39 UTC 2022
Date: Friday, July 29, 2022 @ 12:19:38
Author: dvzrv
Revision: 1259083
upgpkg: lib32-libtiff 4.4.0-2: Rebuild to apply upstream patch for vulnerabilities.
Apply upstream fix for CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058: https://bugs.archlinux.org/task/75360
Added:
lib32-libtiff/trunk/keys/
lib32-libtiff/trunk/keys/pgp/
lib32-libtiff/trunk/keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc
lib32-libtiff/trunk/keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc
Modified:
lib32-libtiff/trunk/PKGBUILD
-------------------------------------------------------+
PKGBUILD | 16 +++++++++++-----
keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc | 1 +
keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc | 1 +
3 files changed, 13 insertions(+), 5 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2022-07-29 12:11:46 UTC (rev 1259082)
+++ PKGBUILD 2022-07-29 12:19:38 UTC (rev 1259083)
@@ -5,17 +5,23 @@
_pkgname=libtiff
pkgname=lib32-${_pkgname}
pkgver=4.4.0
-pkgrel=1
+pkgrel=2
pkgdesc='Library for manipulation of TIFF images (32-bit)'
url='http://www.simplesystems.org/libtiff/'
arch=('x86_64')
license=('custom')
-depends=('libtiff' 'lib32-glibc' 'lib32-gcc-libs' 'lib32-libjpeg' 'lib32-zlib' 'lib32-xz' 'lib32-zstd')
-source=(https://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz{,.sig})
+depends=('libtiff' 'lib32-glibc' 'lib32-gcc-libs' 'lib32-libjpeg-turbo' 'lib32-zlib' 'lib32-xz' 'lib32-zstd')
+source=(
+ https://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz{,.sig}
+ # fix CVE-2022-2056 / CVE-2022-2057 / CVE-2022-2058: https://bugs.archlinux.org/task/75360
+ $pkgname-4.4.0-fpe_tiffcrop.patch::https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab.patch
+)
sha512sums=('78ffab7667d0feb8d38571bc482390fc6dd20b93a798ab3a8b5cc7d5ab00b44a37f67eb8f19421e4ab33ad89ab40e382128f8a4bbdf097e0efb6d9fca5ac6f9e'
- 'SKIP')
+ 'SKIP'
+ '5e36f443bbbfdd1270cb1f4d3ce4b0b415d658fe7e14764b315db73606ea28e854661cda74f1c5ccb00a2247431b966b9ac5271a1e3204837f79cb6fc50bf5bf')
b2sums=('1480aca5f9b3d4509229fb6c1b967bdeb2053c4100f21d486d9f4a375742249aa7f54d6b5ab27679075499c226a011bc65988e22c064b3986d89f2cf5b0200dc'
- 'SKIP')
+ 'SKIP'
+ '2dc47541b05e6c674c3fa3f7109528d7001a494af937fc57f1862ce75dc467dd4acd6892de1bd017d182b1dcbb80242cffa27f0f3ebde3ed57ee13df5b733821')
validpgpkeys=(
'EBDFDB21B020EE8FD151A88DE301047DE1198975' # Bob Friesenhahn <bfriesen at simple.dallas.tx.us>
'B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D' # Even Rouault <even.rouault at spatialys.com>
Added: keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc
===================================================================
(Binary files differ)
Index: lib32-libtiff/trunk/keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc
===================================================================
--- keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc 2022-07-29 12:11:46 UTC (rev 1259082)
+++ keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc 2022-07-29 12:19:38 UTC (rev 1259083)
Property changes on: lib32-libtiff/trunk/keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/pgp-keys
\ No newline at end of property
Added: keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc
===================================================================
(Binary files differ)
Index: lib32-libtiff/trunk/keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc
===================================================================
--- keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc 2022-07-29 12:11:46 UTC (rev 1259082)
+++ keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc 2022-07-29 12:19:38 UTC (rev 1259083)
Property changes on: lib32-libtiff/trunk/keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/pgp-keys
\ No newline at end of property
More information about the arch-commits
mailing list