2022.05.22 10:05 "Re: [Tiff] libtiff v4.4.0 RC1 available", by Even Rouault
I locally updated the pkgsrc package to 4.4.0rc1. That builds with autoconf, and that seems right because README.md documents autoconf as the build system.
It looks like patches for the following were applied (as the pkgsrc patches show as reversed and I dropped them):
patches/patch-CVE-2022-0561
patches/patch-CVE-2022-0907
patches/patch-CVE-2022-0909
patches/patch-CVE-2022-0924
patches/patch-CVE-2022-22844I don't find "CVE" in ChangeLog and there is no NEWS so it's hard to be sure.
Noting in the news which commit fixes which CVE would be a super painful exercice, since there are not mentioned in commit messages, so we'd have to go back to each ticket/merge request and look if someone mentioned a CVE number.
The build was uneventful. There's no shlib major bump, which is nice.
Installed in /usr/pkg/share/doc/tiff/html I see v4.3.0.html (as before) but no file for v4.4.0. I don't see it in html/ in the distfile (not a big deal but surprising).
Ah I missed a step in the release procedure. Now fixed in master. I don't see this as a blocker either.
http://www.spatialys.com
My software is free, but my time generally not.