package/tiff: security bump to version 4.7.0

For the release note, see: http://www.simplesystems.org/libtiff/releases/v4.7.0.html This commit also adds the _SOURCE variable, to switch to the xz archive, which saves ~1.5MB. The _SITE url is also updated to switch to the https protocol. This commit also adds a comment in the hash file about pgp signature veritication. Fixes: - https://nvd.nist.gov/vuln/detail/CVE-2023-6277 - https://nvd.nist.gov/vuln/detail/CVE-2023-52356 - https://nvd.nist.gov/vuln/detail/CVE-2024-7006 Signed-off-by: Julien Olivain <ju.o@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-11-23 05:23:39 +08:00 · 2024-11-13 22:15:22 +01:00 · 2024-11-13 22:15:22 +01:00 · d571951c67
commit d571951c67
parent ed4348d1c5
2 changed files with 7 additions and 4 deletions
--- a/package/tiff/tiff.hash
+++ b/package/tiff/tiff.hash
@ -1,3 +1,5 @@
-# Locally computed
-sha256  88b3979e6d5c7e32b50d7ec72fb15af724f6ab2cbf7e10880c360a77e4b5d99a  tiff-4.6.0.tar.gz
+# Locally computed after checking pgp signature
+# https://download.osgeo.org/libtiff/tiff-4.7.0.tar.xz.sig
+# with key: B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D
+sha256  273a0a73b1f0bed640afee4a5df0337357ced5b53d3d5d1c405b936501f71017  tiff-4.7.0.tar.xz
 sha256  0780558a8bfba0af1160ec1ff11ade4f41c0d7deafd6ecfc796b492a788e380d  LICENSE.md
--- a/package/tiff/tiff.mk
+++ b/package/tiff/tiff.mk
@ -4,8 +4,9 @@
 #
 ################################################################################

-TIFF_VERSION = 4.6.0
-TIFF_SITE = http://download.osgeo.org/libtiff
+TIFF_VERSION = 4.7.0
+TIFF_SOURCE = tiff-$(TIFF_VERSION).tar.xz
+TIFF_SITE = https://download.osgeo.org/libtiff
 TIFF_LICENSE = tiff license
 TIFF_LICENSE_FILES = LICENSE.md
 TIFF_CPE_ID_VENDOR = libtiff