Date: Sunday, March 5, 2023 @ 16:00:51 Author: dvzrv Revision: 1413970
upgpkg: lib32-libtiff 4.5.0-3: Rebuild to apply patches for numerous CVEs. Add patches for CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804 (https://bugs.archlinux.org/task/77589). Upstream progress for a bugfix release is tracked in https://gitlab.com/libtiff/libtiff/-/issues/533. Modified: lib32-libtiff/trunk/PKGBUILD ----------+ PKGBUILD | 58 ++++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 44 insertions(+), 14 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2023-03-05 15:51:49 UTC (rev 1413969) +++ PKGBUILD 2023-03-05 16:00:51 UTC (rev 1413970) @@ -5,21 +5,48 @@ _pkgname=libtiff pkgname=lib32-${_pkgname} pkgver=4.5.0 -pkgrel=2 +pkgrel=3 pkgdesc='Library for manipulation of TIFF images (32-bit)' url='http://www.simplesystems.org/libtiff/' arch=('x86_64') license=('custom') -depends=(libtiff=$pkgver 'lib32-glibc' 'lib32-gcc-libs' 'lib32-libjpeg-turbo' 'lib32-zlib' 'lib32-xz' 'lib32-zstd') +depends=( + libtiff=$pkgver + 'lib32-glibc' + 'lib32-gcc-libs' + 'lib32-libjpeg-turbo' + 'lib32-xz' + 'lib32-zlib' + 'lib32-zstd' +) provides=('libtiff.so' 'libtiffxx.so') -source=("https://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz"{,.sig} - 'libtiff-CVE-2022-48281.patch::https://gitlab.com/libtiff/libtiff/-/commit/97d65859b.patch') +source=( + "https://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz"{,.sig} + # fix CVE-2022-48281 + https://gitlab.com/libtiff/libtiff/-/commit/97d65859bc29ee334012e9c73022d8a8e55ed586.patch + # correctly update buffersize after rotateImage() + https://gitlab.com/libtiff/libtiff/-/commit/9c22495e5eeeae9e00a1596720c969656bb8d678.patch + # TIFFClose() avoid NULL pointer dereference + https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536.patch + # fix CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799 + https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38.patch + # fix CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804 + https://gitlab.com/libtiff/libtiff/-/commit/82a7fbb1fa7228499ffeb3a57a1d106a9626d57c.patch +) sha512sums=('02b94e355ac96ac2ecce717aff2b1e04b1bfe95bcd0cfa72e09cbd580c45de0afe341170daad0cf560064b5a8910b3e56ef260484c69919bb0545df90abe7fa9' 'SKIP' - 'b0444621e2e52ae80f893a88e43813e779839a869a2d4af3a83765ae5e9fce212e579797da52a3a7133cfb7c22a6d6b567e038ef56adb12b565ce31b7976dacd') + 'b0444621e2e52ae80f893a88e43813e779839a869a2d4af3a83765ae5e9fce212e579797da52a3a7133cfb7c22a6d6b567e038ef56adb12b565ce31b7976dacd' + '57b296e616f8192f2704036f273b3dd109ae46a48beaf0c76175de60f8a6b2434023ecda580894d8d1f229d9b52958d62e6e354e823ba5e2903ed163c6f0a4b3' + '9f5988ce62318d819212e4dc6cc0e20858951dbb68b11e3aefb909c3d7d12095bdaf3f8276191b0d5ac0b6b3f5f872f5af9720c09b099ac53f89e5062a389e86' + '51186c803ebe3e328ba04c54f01fc43467917014519d6dcdbe537704b5a273e02d92f64c3b6785d97e94875c2eafda1e3ad36ea410d798a576bb215ec0cdfbdf' + 'e0f011f145523bbf1729c8c754c6609620b6dea75788b9cfb876707fa5fc29dec543b79a6c8814f199b9e527fd9af4a63df36570cfbc415abac732c9b293df40') b2sums=('732556614886678435781bc91796eda17aae03dc8eb2b488d297e2700a51fd93d9cc8d2b895fd9b14dbed9a992d6a7f59d2f260ff60cf6344da1e1478f9bb4f0' 'SKIP' - 'a2001b5fa5531c52dee71301ae43efc56d1f8a654b0f1e367560a5818d5449c1ff7b8aa327392475935d93fe3f7298af0c1abf5c3995f23fe25907d2b2350e8c') + 'a2001b5fa5531c52dee71301ae43efc56d1f8a654b0f1e367560a5818d5449c1ff7b8aa327392475935d93fe3f7298af0c1abf5c3995f23fe25907d2b2350e8c' + '5e6710313ece577b6838aa864e2e9d5a1c3d444dddfbe483163a601524789874f6463c56d1cebfa759201939550fc87079cf626ff569a929e761ed1ae4e0c046' + '604899f28ca3251edc755aff4ae911987fc1d33a2717be19c2c62f7a0f3e2556de55b17f9b9a2a1d1cc8cf9843d38e750d55d9a7cbdc5f8a63e8b35ee09c650e' + '89d8f50fb8380ad11251b3f8c3f9837fcf05d679fabc56f76f1af5f246a6eae2e464dc3d968a45d25130501ff9b7204f1ba4acd739e4b075bed1742a1d335021' + '948b94b9a4289156301b8685efdc7f2a6e3f9699a4e1972dbe5f94744444b18f58c7b7de645ba93a1a9df7d94b1b73dd685f097947e52a1d5ad897970176eab0') validpgpkeys=( 'EBDFDB21B020EE8FD151A88DE301047DE1198975' # Bob Friesenhahn <[email protected]> 'B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D' # Even Rouault <[email protected]> @@ -39,19 +66,22 @@ } build() { + local configure_options=( + --prefix=/usr + --sysconfdir=/etc + --enable-ld-version-script + --mandir=/usr/share/man + --with-docdir=/usr/share/doc/${pkgname} + --libdir=/usr/lib32 + --includedir=/usr/include/libtiff32 + ) + export CC="gcc -m32" export CXX="g++ -m32" export PKG_CONFIG_PATH="/usr/lib32/pkgconfig" cd tiff-${pkgver} - ./configure \ - --prefix=/usr \ - --sysconfdir=/etc \ - --enable-ld-version-script \ - --mandir=/usr/share/man \ - --with-docdir=/usr/share/doc/${pkgname} \ - --libdir=/usr/lib32 \ - --includedir=/usr/include/libtiff32 + ./configure "${configure_options[@]}" sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool make }
