pyrox.dev / nixpkgs
lol
fork atom

libtiff: introduce libtiff_4_5

With the update to libtiff 4.6 in
0a74a54ac2600656cd0b640d5ea1c8efb5c35d68 ,
many tiff-processing utility executables got dropped:

http://www.simplesystems.org/libtiff/releases/v4.6.0.html

Some of these executables can still be "restored" with
the configure switch `--enable-tools-unsupported`,
but unfortunatelly,
at least hylafaxplus (maybe more packages) relies on
utilities that even cannot be restored with this switch.

The commit at hand reintroduces the old libtiff
version 4.5.1 as `libtiff_4_5` into nixpkgs.
It restores the old build recipe with the following changes:

* passthru.updateScript is dropped as it is of no use here
* passthru.tests is dropped as it only contains
packages that now build with the new libtiff version
* patches are applied for the two CVEs that are fixed in 4.6.0

As libtiff 4.5 is no longer supported by libtiff developers,
new vulnerabilities will likely go unnoticed
unless they also affect the current version.
To not disable hydra builds, we don't add
`knownVulnerabilities` *for now*, but add comments to alert
updaters of the current libtiff version so patches can
be backported or the situation be reevaluated as a whole.

Yarny0 f57a4b0a 3f274c73

+127
unified split
+86
pkgs/development/libraries/libtiff/4.5.nix
··· 1 + { lib 2 + , stdenv 3 + , fetchFromGitLab 4 + , fetchpatch 5 + 6 + , autoreconfHook 7 + , pkg-config 8 + , sphinx 9 + 10 + , libdeflate 11 + , libjpeg 12 + , xz 13 + , zlib 14 + }: 15 + 16 + stdenv.mkDerivation rec { 17 + pname = "libtiff"; 18 + version = "4.5.1"; 19 + 20 + src = fetchFromGitLab { 21 + owner = "libtiff"; 22 + repo = "libtiff"; 23 + rev = "v${version}"; 24 + hash = "sha256-qQEthy6YhNAQmdDMyoCIvK8f3Tx25MgqhJZW74CB93E="; 25 + }; 26 + 27 + patches = [ 28 + # cf. https://bugzilla.redhat.com/2224974 29 + (fetchpatch { 30 + name = "CVE-2023-40745.patch"; 31 + url = "https://gitlab.com/libtiff/libtiff/-/commit/bdf7b2621c62e04d0408391b7d5611502a752cd0.diff"; 32 + hash = "sha256-HdU02YJ1/T3dnCT+yG03tUyAHkgeQt1yjZx/auCQxyw="; 33 + }) 34 + # cf. https://bugzilla.redhat.com/2224971 35 + (fetchpatch { 36 + name = "CVE-2023-41175.patch"; 37 + url = "https://gitlab.com/libtiff/libtiff/-/commit/965fa243004e012adc533ae8e38db3055f101a7f.diff"; 38 + hash = "sha256-Pvg6JfJWOIaTrfFF0YSREZkS9saTG9IsXnsXtcyKILA="; 39 + }) 40 + # FreeImage needs this patch 41 + ./headers-4.5.patch 42 + # libc++abi 11 has an `#include <version>`, this picks up files name 43 + # `version` in the project's include paths 44 + ./rename-version-4.5.patch 45 + ]; 46 + 47 + postPatch = '' 48 + mv VERSION VERSION.txt 49 + ''; 50 + 51 + outputs = [ "bin" "dev" "dev_private" "out" "man" "doc" ]; 52 + 53 + postFixup = '' 54 + moveToOutput include/tif_config.h $dev_private 55 + moveToOutput include/tif_dir.h $dev_private 56 + moveToOutput include/tif_hash_set.h $dev_private 57 + moveToOutput include/tiffiop.h $dev_private 58 + ''; 59 + 60 + # If you want to change to a different build system, please make 61 + # sure cross-compilation works first! 62 + nativeBuildInputs = [ autoreconfHook pkg-config sphinx ]; 63 + 64 + propagatedBuildInputs = [ 65 + libdeflate 66 + libjpeg 67 + xz 68 + zlib 69 + ]; 70 + 71 + enableParallelBuilding = true; 72 + 73 + doCheck = true; 74 + 75 + meta = with lib; { 76 + description = "Library and utilities for working with the TIFF image file format"; 77 + homepage = "https://libtiff.gitlab.io/libtiff"; 78 + changelog = "https://libtiff.gitlab.io/libtiff/v${version}.html"; 79 + # XXX not enabled for now to keep hydra builds running, 80 + # but we have to keep an eye on security updates in supported version 81 + #knownVulnerabilities = [ "support for version 4.5 ended in Sept 2023" ]; 82 + maintainers = with maintainers; [ yarny ]; 83 + license = licenses.libtiff; 84 + platforms = platforms.unix; 85 + }; 86 + }
+3
pkgs/development/libraries/libtiff/default.nix
··· 26 26 pname = "libtiff"; 27 27 version = "4.6.0"; 28 28 29 + # if you update this, please consider adding patches and/or 30 + # setting `knownVulnerabilities` in libtiff `4.5.nix` 31 + 29 32 src = fetchFromGitLab { 30 33 owner = "libtiff"; 31 34 repo = "libtiff";
+16
pkgs/development/libraries/libtiff/headers-4.5.patch
··· 1 + export private headers for freeimage 2 + --- i/libtiff/Makefile.am 3 + +++ w/libtiff/Makefile.am 4 + @@ -36,8 +36,12 @@ EXTRA_DIST = \ 5 + tiffconf.h.cmake.in 6 + 7 + libtiffinclude_HEADERS = \ 8 + + tif_config.h \ 9 + + tif_dir.h \ 10 + + tif_hash_set.h \ 11 + tiff.h \ 12 + tiffio.h \ 13 + + tiffiop.h \ 14 + tiffvers.h 15 + 16 + if HAVE_CXX
+21
pkgs/development/libraries/libtiff/rename-version-4.5.patch
··· 1 + fix case-insensitive build 2 + --- a/Makefile.am 3 + +++ b/Makefile.am 4 + @@ -34,7 +34,7 @@ docfiles = \ 5 + README.md \ 6 + RELEASE-DATE \ 7 + TODO \ 8 + - VERSION 9 + + VERSION.txt 10 + 11 + EXTRA_DIST = \ 12 + cmake \ 13 + @@ -61,7 +61,7 @@ SUBDIRS = port libtiff tools build contrib test doc 14 + 15 + release: 16 + (rm -f $(top_srcdir)/RELEASE-DATE && echo $(LIBTIFF_RELEASE_DATE) > $(top_srcdir)/RELEASE-DATE) 17 + - (rm -f $(top_srcdir)/VERSION && echo $(LIBTIFF_VERSION) > $(top_srcdir)/VERSION) 18 + + (rm -f $(top_srcdir)/VERSION.txt && echo $(LIBTIFF_VERSION) > $(top_srcdir)/VERSION.txt) 19 + (rm -f $(top_srcdir)/libtiff/tiffvers.h && sed 's,LIBTIFF_VERSION,$(LIBTIFF_VERSION),;s,LIBTIFF_RELEASE_DATE,$(LIBTIFF_RELEASE_DATE),;s,LIBTIFF_MAJOR_VERSION,$(LIBTIFF_MAJOR_VERSION),;s,LIBTIFF_MINOR_VERSION,$(LIBTIFF_MINOR_VERSION),;s,LIBTIFF_MICRO_VERSION,$(LIBTIFF_MICRO_VERSION),' $(top_srcdir)/libtiff/tiffvers.h.in > $(top_srcdir)/libtiff/tiffvers.h) 20 + 21 + pkgconfigdir = $(libdir)/pkgconfig
+1
pkgs/top-level/all-packages.nix
··· 23537 23537 libtifiles2 = callPackage ../development/libraries/libtifiles2 { }; 23538 23538 23539 23539 libtiff = callPackage ../development/libraries/libtiff { }; 23540 + libtiff_4_5 = callPackage ../development/libraries/libtiff/4.5.nix { }; 23540 23541 23541 23542 libtiger = callPackage ../development/libraries/libtiger { }; 23542 23543