[arch-commits] Commit in lib32-libtiff/trunk (5 files)

David Runge dvzrv at gemini.archlinux.org
Fri Jul 29 12:19:39 UTC 2022 

    Date: Friday, July 29, 2022 @ 12:19:38
  Author: dvzrv
Revision: 1259083

upgpkg: lib32-libtiff 4.4.0-2: Rebuild to apply upstream patch for vulnerabilities.

Apply upstream fix for CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058: https://bugs.archlinux.org/task/75360

Added:
  lib32-libtiff/trunk/keys/
  lib32-libtiff/trunk/keys/pgp/
  lib32-libtiff/trunk/keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc
  lib32-libtiff/trunk/keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc
Modified:
  lib32-libtiff/trunk/PKGBUILD

-------------------------------------------------------+
 PKGBUILD                                              |   16 +++++++++++-----
 keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc |    1 +
 keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc |    1 +
 3 files changed, 13 insertions(+), 5 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2022-07-29 12:11:46 UTC (rev 1259082)
+++ PKGBUILD	2022-07-29 12:19:38 UTC (rev 1259083)
@@ -5,17 +5,23 @@
 _pkgname=libtiff
 pkgname=lib32-${_pkgname}
 pkgver=4.4.0
-pkgrel=1
+pkgrel=2
 pkgdesc='Library for manipulation of TIFF images (32-bit)'
 url='http://www.simplesystems.org/libtiff/'
 arch=('x86_64')
 license=('custom')
-depends=('libtiff' 'lib32-glibc' 'lib32-gcc-libs' 'lib32-libjpeg' 'lib32-zlib' 'lib32-xz' 'lib32-zstd')
-source=(https://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz{,.sig})
+depends=('libtiff' 'lib32-glibc' 'lib32-gcc-libs' 'lib32-libjpeg-turbo' 'lib32-zlib' 'lib32-xz' 'lib32-zstd')
+source=(
+  https://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz{,.sig}
+  # fix CVE-2022-2056 / CVE-2022-2057 / CVE-2022-2058: https://bugs.archlinux.org/task/75360
+  $pkgname-4.4.0-fpe_tiffcrop.patch::https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab.patch
+)
 sha512sums=('78ffab7667d0feb8d38571bc482390fc6dd20b93a798ab3a8b5cc7d5ab00b44a37f67eb8f19421e4ab33ad89ab40e382128f8a4bbdf097e0efb6d9fca5ac6f9e'
-            'SKIP')
+            'SKIP'
+            '5e36f443bbbfdd1270cb1f4d3ce4b0b415d658fe7e14764b315db73606ea28e854661cda74f1c5ccb00a2247431b966b9ac5271a1e3204837f79cb6fc50bf5bf')
 b2sums=('1480aca5f9b3d4509229fb6c1b967bdeb2053c4100f21d486d9f4a375742249aa7f54d6b5ab27679075499c226a011bc65988e22c064b3986d89f2cf5b0200dc'
-        'SKIP')
+        'SKIP'
+        '2dc47541b05e6c674c3fa3f7109528d7001a494af937fc57f1862ce75dc467dd4acd6892de1bd017d182b1dcbb80242cffa27f0f3ebde3ed57ee13df5b733821')
 validpgpkeys=(
   'EBDFDB21B020EE8FD151A88DE301047DE1198975' # Bob Friesenhahn <bfriesen at simple.dallas.tx.us>
   'B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D' # Even Rouault <even.rouault at spatialys.com>

Added: keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc
===================================================================
(Binary files differ)

Index: lib32-libtiff/trunk/keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc
===================================================================
--- keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc	2022-07-29 12:11:46 UTC (rev 1259082)
+++ keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc	2022-07-29 12:19:38 UTC (rev 1259083)

Property changes on: lib32-libtiff/trunk/keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/pgp-keys
\ No newline at end of property
Added: keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc
===================================================================
(Binary files differ)

Index: lib32-libtiff/trunk/keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc
===================================================================
--- keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc	2022-07-29 12:11:46 UTC (rev 1259082)
+++ keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc	2022-07-29 12:19:38 UTC (rev 1259083)

Property changes on: lib32-libtiff/trunk/keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/pgp-keys
\ No newline at end of property

More information about the arch-commits mailing list