Bug 265164

Summary: graphics/tiff: Update to 4.4.0
Product: Ports & Packages Reporter: Daniel Engberg <diizzy>
Component: Individual Port(s)Assignee: Daniel Engberg <diizzy>
Status: Closed FIXED    
Severity: Affects Only Me CC: diizzy
Priority: --- Flags: antoine: maintainer-feedback+
antoine: exp-run+
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://gitlab.com/libtiff/libtiff/-/blob/b6a17e567f143fab49734a9e09e5bafeb6f97354/ChangeLog
Attachments:
Description Flags
Patch for tiff none

Description Daniel Engberg freebsd_committer freebsd_triage 2022-07-12 08:09:54 UTC 
Created attachment 235208 [details]
Patch for tiff

Update (lib)tiff to 4.4.0
Add libdeflate for improved performance as dependency
Add zstd as dependency, this is the default in Alpine, Arch Linux, Debian, Fedora and OpenSUSE
Backport upstream commit dd1bcc7abb26094e93636e85520f0d8f81ab0fab to fix CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058

Compile and run tested on 13.1-STABLE #0 stable/13-n250920-9171b8068b9 (amd64) (make, make check-plist, make test)
Poudriere testport OK 12.3-RELEASE (amd64)
Poudriere testport OK 13.0-RELEASE (i386)
Comment 1 Daniel Engberg freebsd_committer freebsd_triage 2022-07-12 08:10:59 UTC 
Reference: https://groups.google.com/g/linux.debian.bugs.dist/c/vIE8ouG4GLc
Comment 2 Antoine Brodin freebsd_committer freebsd_triage 2022-07-21 07:21:13 UTC 
New failure log:

http://package18.nyi.freebsd.org/data/123amd64-default-foo/2022-07-18_07h06m38s/logs/hylafax-6.0.7.log

Did you run make test on i386 and arm?
Comment 3 Daniel Engberg freebsd_committer freebsd_triage 2022-07-21 14:12:10 UTC 
Compile and run tested on 13.1-RELEASE (arm64) (make, make check-plist, make test)

Don't have any i386 and arm (32-bit) boxes available right now unfortunately
Comment 4 Daniel Engberg freebsd_committer freebsd_triage 2022-08-09 22:52:57 UTC 
comms/hylafax fixed in commit 72841f7448e5280fb59aa8e9596ba374c7b0fb2c
Comment 5 Antoine Brodin freebsd_committer freebsd_triage 2022-08-10 07:34:32 UTC 
Approved.
FYI for i386 and armv7,  you can create an i386 jail on amd64 and an armv7 jail on arm64 (using poudriere for instance).
Comment 6 Daniel Engberg freebsd_committer freebsd_triage 2022-08-16 21:29:04 UTC 
Compile and run tested on 13.1-RELEASE (i386) (make, make check-plist, make test)
Comment 7 commit-hook freebsd_committer freebsd_triage 2022-08-16 21:46:26 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=a52fed3d45da977bbd6a1ef7e2c4ea338433ad0b

commit a52fed3d45da977bbd6a1ef7e2c4ea338433ad0b
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2022-08-16 21:20:07 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2022-08-16 21:45:38 +0000

    graphics/tiff: Update to 4.4.0

    * Add libdeflate for improved performance as dependency
    * Add zstd as dependency, this is the default in Alpine, Arch Linux,
      Debian, Fedora and OpenSUSE
    * Backport upstream commit dd1bcc7abb26094e93636e85520f0d8f81ab0fab to
      fix CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058
    * Backport upstream commit 275735d0354e39c0ac1dc3c0db2120d6f31d1990 to
      fix CVE-2022-34526

    PR:             265164
    Approved by:    portmgr (antoine)
    Exp-run by:     antoine

 graphics/tiff/Makefile                             |  13 +-
 graphics/tiff/distinfo                             |   6 +-
 ...-dd1bcc7abb26094e93636e85520f0d8f81ab0fab (new) | 180 +++++++++++++++++++++
 ...-275735d0354e39c0ac1dc3c0db2120d6f31d1990 (new) |  28 ++++
 graphics/tiff/pkg-plist                            |   4 +-
 5 files changed, 219 insertions(+), 12 deletions(-)
Comment 8 Daniel Engberg freebsd_committer freebsd_triage 2022-08-16 21:47:30 UTC 
Commit, thanks!