Date: Friday, July 29, 2022 @ 12:19:38 Author: dvzrv Revision: 1259083
upgpkg: lib32-libtiff 4.4.0-2: Rebuild to apply upstream patch for vulnerabilities. Apply upstream fix for CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058: https://bugs.archlinux.org/task/75360 Added: lib32-libtiff/trunk/keys/ lib32-libtiff/trunk/keys/pgp/ lib32-libtiff/trunk/keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc lib32-libtiff/trunk/keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc Modified: lib32-libtiff/trunk/PKGBUILD -------------------------------------------------------+ PKGBUILD | 16 +++++++++++----- keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc | 1 + keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc | 1 + 3 files changed, 13 insertions(+), 5 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2022-07-29 12:11:46 UTC (rev 1259082) +++ PKGBUILD 2022-07-29 12:19:38 UTC (rev 1259083) @@ -5,17 +5,23 @@ _pkgname=libtiff pkgname=lib32-${_pkgname} pkgver=4.4.0 -pkgrel=1 +pkgrel=2 pkgdesc='Library for manipulation of TIFF images (32-bit)' url='http://www.simplesystems.org/libtiff/' arch=('x86_64') license=('custom') -depends=('libtiff' 'lib32-glibc' 'lib32-gcc-libs' 'lib32-libjpeg' 'lib32-zlib' 'lib32-xz' 'lib32-zstd') -source=(https://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz{,.sig}) +depends=('libtiff' 'lib32-glibc' 'lib32-gcc-libs' 'lib32-libjpeg-turbo' 'lib32-zlib' 'lib32-xz' 'lib32-zstd') +source=( + https://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz{,.sig} + # fix CVE-2022-2056 / CVE-2022-2057 / CVE-2022-2058: https://bugs.archlinux.org/task/75360 + $pkgname-4.4.0-fpe_tiffcrop.patch::https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab.patch +) sha512sums=('78ffab7667d0feb8d38571bc482390fc6dd20b93a798ab3a8b5cc7d5ab00b44a37f67eb8f19421e4ab33ad89ab40e382128f8a4bbdf097e0efb6d9fca5ac6f9e' - 'SKIP') + 'SKIP' + '5e36f443bbbfdd1270cb1f4d3ce4b0b415d658fe7e14764b315db73606ea28e854661cda74f1c5ccb00a2247431b966b9ac5271a1e3204837f79cb6fc50bf5bf') b2sums=('1480aca5f9b3d4509229fb6c1b967bdeb2053c4100f21d486d9f4a375742249aa7f54d6b5ab27679075499c226a011bc65988e22c064b3986d89f2cf5b0200dc' - 'SKIP') + 'SKIP' + '2dc47541b05e6c674c3fa3f7109528d7001a494af937fc57f1862ce75dc467dd4acd6892de1bd017d182b1dcbb80242cffa27f0f3ebde3ed57ee13df5b733821') validpgpkeys=( 'EBDFDB21B020EE8FD151A88DE301047DE1198975' # Bob Friesenhahn <[email protected]> 'B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D' # Even Rouault <[email protected]> Added: keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc =================================================================== (Binary files differ) Index: lib32-libtiff/trunk/keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc =================================================================== --- keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc 2022-07-29 12:11:46 UTC (rev 1259082) +++ keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc 2022-07-29 12:19:38 UTC (rev 1259083) Property changes on: lib32-libtiff/trunk/keys/pgp/B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D.asc ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +application/pgp-keys \ No newline at end of property Added: keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc =================================================================== (Binary files differ) Index: lib32-libtiff/trunk/keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc =================================================================== --- keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc 2022-07-29 12:11:46 UTC (rev 1259082) +++ keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc 2022-07-29 12:19:38 UTC (rev 1259083) Property changes on: lib32-libtiff/trunk/keys/pgp/EBDFDB21B020EE8FD151A88DE301047DE1198975.asc ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +application/pgp-keys \ No newline at end of property
