mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-28 08:33:54 +00:00
f57a4b0ac1
With the update to libtiff 4.6 in
0a74a54ac2
,
many tiff-processing utility executables got dropped:
http://www.simplesystems.org/libtiff/releases/v4.6.0.html
Some of these executables can still be "restored" with
the configure switch `--enable-tools-unsupported`,
but unfortunatelly,
at least hylafaxplus (maybe more packages) relies on
utilities that even cannot be restored with this switch.
The commit at hand reintroduces the old libtiff
version 4.5.1 as `libtiff_4_5` into nixpkgs.
It restores the old build recipe with the following changes:
* passthru.updateScript is dropped as it is of no use here
* passthru.tests is dropped as it only contains
packages that now build with the new libtiff version
* patches are applied for the two CVEs that are fixed in 4.6.0
As libtiff 4.5 is no longer supported by libtiff developers,
new vulnerabilities will likely go unnoticed
unless they also affect the current version.
To not disable hydra builds, we don't add
`knownVulnerabilities` *for now*, but add comments to alert
updaters of the current libtiff version so patches can
be backported or the situation be reevaluated as a whole.
87 lines
2.3 KiB
Nix
87 lines
2.3 KiB
Nix
{ lib
|
|
, stdenv
|
|
, fetchFromGitLab
|
|
, fetchpatch
|
|
|
|
, autoreconfHook
|
|
, pkg-config
|
|
, sphinx
|
|
|
|
, libdeflate
|
|
, libjpeg
|
|
, xz
|
|
, zlib
|
|
}:
|
|
|
|
stdenv.mkDerivation rec {
|
|
pname = "libtiff";
|
|
version = "4.5.1";
|
|
|
|
src = fetchFromGitLab {
|
|
owner = "libtiff";
|
|
repo = "libtiff";
|
|
rev = "v${version}";
|
|
hash = "sha256-qQEthy6YhNAQmdDMyoCIvK8f3Tx25MgqhJZW74CB93E=";
|
|
};
|
|
|
|
patches = [
|
|
# cf. https://bugzilla.redhat.com/2224974
|
|
(fetchpatch {
|
|
name = "CVE-2023-40745.patch";
|
|
url = "https://gitlab.com/libtiff/libtiff/-/commit/bdf7b2621c62e04d0408391b7d5611502a752cd0.diff";
|
|
hash = "sha256-HdU02YJ1/T3dnCT+yG03tUyAHkgeQt1yjZx/auCQxyw=";
|
|
})
|
|
# cf. https://bugzilla.redhat.com/2224971
|
|
(fetchpatch {
|
|
name = "CVE-2023-41175.patch";
|
|
url = "https://gitlab.com/libtiff/libtiff/-/commit/965fa243004e012adc533ae8e38db3055f101a7f.diff";
|
|
hash = "sha256-Pvg6JfJWOIaTrfFF0YSREZkS9saTG9IsXnsXtcyKILA=";
|
|
})
|
|
# FreeImage needs this patch
|
|
./headers-4.5.patch
|
|
# libc++abi 11 has an `#include <version>`, this picks up files name
|
|
# `version` in the project's include paths
|
|
./rename-version-4.5.patch
|
|
];
|
|
|
|
postPatch = ''
|
|
mv VERSION VERSION.txt
|
|
'';
|
|
|
|
outputs = [ "bin" "dev" "dev_private" "out" "man" "doc" ];
|
|
|
|
postFixup = ''
|
|
moveToOutput include/tif_config.h $dev_private
|
|
moveToOutput include/tif_dir.h $dev_private
|
|
moveToOutput include/tif_hash_set.h $dev_private
|
|
moveToOutput include/tiffiop.h $dev_private
|
|
'';
|
|
|
|
# If you want to change to a different build system, please make
|
|
# sure cross-compilation works first!
|
|
nativeBuildInputs = [ autoreconfHook pkg-config sphinx ];
|
|
|
|
propagatedBuildInputs = [
|
|
libdeflate
|
|
libjpeg
|
|
xz
|
|
zlib
|
|
];
|
|
|
|
enableParallelBuilding = true;
|
|
|
|
doCheck = true;
|
|
|
|
meta = with lib; {
|
|
description = "Library and utilities for working with the TIFF image file format";
|
|
homepage = "https://libtiff.gitlab.io/libtiff";
|
|
changelog = "https://libtiff.gitlab.io/libtiff/v${version}.html";
|
|
# XXX not enabled for now to keep hydra builds running,
|
|
# but we have to keep an eye on security updates in supported version
|
|
#knownVulnerabilities = [ "support for version 4.5 ended in Sept 2023" ];
|
|
maintainers = with maintainers; [ yarny ];
|
|
license = licenses.libtiff;
|
|
platforms = platforms.unix;
|
|
};
|
|
}
|