265164 – graphics/tiff: Update to 4.4.0

Bug 265164 - graphics/tiff: Update to 4.4.0

Summary: graphics/tiff: Update to 4.4.0

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Daniel Engberg

URL:	https://gitlab.com/libtiff/libtiff/-/...
Keywords:

Depends on:
Blocks:

Reported:	2022-07-12 08:09 UTC by Daniel Engberg
Modified:	2022-08-16 21:47 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	antoine: maintainer-feedback+ antoine: exp-run+

Attachments
Patch for tiff (9.99 KB, patch) 2022-07-12 08:09 UTC, Daniel Engberg	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Engberg freebsd_committer

2022-07-12 08:09:54 UTC

Created attachment 235208 [details]
Patch for tiff

Update (lib)tiff to 4.4.0
Add libdeflate for improved performance as dependency
Add zstd as dependency, this is the default in Alpine, Arch Linux, Debian, Fedora and OpenSUSE
Backport upstream commit dd1bcc7abb26094e93636e85520f0d8f81ab0fab to fix CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058

Compile and run tested on 13.1-STABLE #0 stable/13-n250920-9171b8068b9 (amd64) (make, make check-plist, make test)
Poudriere testport OK 12.3-RELEASE (amd64)
Poudriere testport OK 13.0-RELEASE (i386)

Comment 1 Daniel Engberg freebsd_committer

2022-07-12 08:10:59 UTC

Reference: https://groups.google.com/g/linux.debian.bugs.dist/c/vIE8ouG4GLc

Comment 2 Antoine Brodin freebsd_committer

2022-07-21 07:21:13 UTC

New failure log:

http://package18.nyi.freebsd.org/data/123amd64-default-foo/2022-07-18_07h06m38s/logs/hylafax-6.0.7.log

Did you run make test on i386 and arm?

Comment 3 Daniel Engberg freebsd_committer

2022-07-21 14:12:10 UTC

Compile and run tested on 13.1-RELEASE (arm64) (make, make check-plist, make test)

Don't have any i386 and arm (32-bit) boxes available right now unfortunately

Comment 4 Daniel Engberg freebsd_committer

2022-08-09 22:52:57 UTC

comms/hylafax fixed in commit 72841f7448e5280fb59aa8e9596ba374c7b0fb2c

Comment 5 Antoine Brodin freebsd_committer

2022-08-10 07:34:32 UTC

Approved.
FYI for i386 and armv7,  you can create an i386 jail on amd64 and an armv7 jail on arm64 (using poudriere for instance).

Comment 6 Daniel Engberg freebsd_committer

2022-08-16 21:29:04 UTC

Compile and run tested on 13.1-RELEASE (i386) (make, make check-plist, make test)

Comment 7 commit-hook freebsd_committer

2022-08-16 21:46:26 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=a52fed3d45da977bbd6a1ef7e2c4ea338433ad0b

commit a52fed3d45da977bbd6a1ef7e2c4ea338433ad0b
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2022-08-16 21:20:07 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2022-08-16 21:45:38 +0000

    graphics/tiff: Update to 4.4.0

    * Add libdeflate for improved performance as dependency
    * Add zstd as dependency, this is the default in Alpine, Arch Linux,
      Debian, Fedora and OpenSUSE
    * Backport upstream commit dd1bcc7abb26094e93636e85520f0d8f81ab0fab to
      fix CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058
    * Backport upstream commit 275735d0354e39c0ac1dc3c0db2120d6f31d1990 to
      fix CVE-2022-34526

    PR:             265164
    Approved by:    portmgr (antoine)
    Exp-run by:     antoine

 graphics/tiff/Makefile                             |  13 +-
 graphics/tiff/distinfo                             |   6 +-
 ...-dd1bcc7abb26094e93636e85520f0d8f81ab0fab (new) | 180 +++++++++++++++++++++
 ...-275735d0354e39c0ac1dc3c0db2120d6f31d1990 (new) |  28 ++++
 graphics/tiff/pkg-plist                            |   4 +-
 5 files changed, 219 insertions(+), 12 deletions(-)

Comment 8 Daniel Engberg freebsd_committer

2022-08-16 21:47:30 UTC

Commit, thanks!