Le 22/05/2022 à 02:21, Greg Troxel a écrit :
I locally updated the pkgsrc package to 4.4.0rc1. That builds with
autoconf, and that seems right because README.md documents autoconf as
the build system.
It looks like patches for the following were applied (as the pkgsrc
patches show as reversed and I dropped them):
patches/patch-CVE-2022-0561
patches/patch-CVE-2022-0907
patches/patch-CVE-2022-0909
patches/patch-CVE-2022-0924
patches/patch-CVE-2022-22844
I don't find "CVE" in ChangeLog and there is no NEWS so it's hard to be
sure.
Noting in the news which commit fixes which CVE would be a super painful
exercice, since there are not mentioned in commit messages, so we'd have
to go back to each ticket/merge request and look if someone mentioned a
CVE number.
The build was uneventful. There's no shlib major bump, which is nice.
Installed in /usr/pkg/share/doc/tiff/html I see v4.3.0.html (as before)
but no file for v4.4.0. I don't see it in html/ in the distfile (not a
big deal but surprising).
Ah I missed a step in the release procedure. Now fixed in master. I
don't see this as a blocker either.
--
http://www.spatialys.com
My software is free, but my time generally not.
_______________________________________________
Tiff mailing list
[email protected]
https://lists.osgeo.org/mailman/listinfo/tiff
