package/tiff: security bump to version 4.7.0

For the release note, see:
http://www.simplesystems.org/libtiff/releases/v4.7.0.html

This commit also adds the _SOURCE variable, to switch to the xz
archive, which saves ~1.5MB. The _SITE url is also updated to switch
to the https protocol.

This commit also adds a comment in the hash file about pgp signature
veritication.

Fixes:
- https://nvd.nist.gov/vuln/detail/CVE-2023-6277
- https://nvd.nist.gov/vuln/detail/CVE-2023-52356
- https://nvd.nist.gov/vuln/detail/CVE-2024-7006

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tiff/tiff.hash

@@ -1,3 +1,5 @@
-# Locally computed
-sha256  88b3979e6d5c7e32b50d7ec72fb15af724f6ab2cbf7e10880c360a77e4b5d99a  tiff-4.6.0.tar.gz
+# Locally computed after checking pgp signature
+# https://download.osgeo.org/libtiff/tiff-4.7.0.tar.xz.sig
+# with key: B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D
+sha256  273a0a73b1f0bed640afee4a5df0337357ced5b53d3d5d1c405b936501f71017  tiff-4.7.0.tar.xz
 sha256  0780558a8bfba0af1160ec1ff11ade4f41c0d7deafd6ecfc796b492a788e380d  LICENSE.md

package/tiff/tiff.mk

@@ -4,8 +4,9 @@
 #
 ################################################################################
 
-TIFF_VERSION = 4.6.0
-TIFF_SITE = http://download.osgeo.org/libtiff
+TIFF_VERSION = 4.7.0
+TIFF_SOURCE = tiff-$(TIFF_VERSION).tar.xz
+TIFF_SITE = https://download.osgeo.org/libtiff
 TIFF_LICENSE = tiff license
 TIFF_LICENSE_FILES = LICENSE.md
 TIFF_CPE_ID_VENDOR = libtiff