jasper: remove, abandoned upstream.

Jasper has been marked insecure for a while, and upstream has not
been responsive to CVEs for over a year.

Fixes #55388.

Signed-off-by: David Anderson <dave@natulte.net>
This commit is contained in:
David Anderson 2020-03-14 01:30:31 -07:00
parent 9c11454182
commit 3a38cef8f9
12 changed files with 9 additions and 83 deletions

View file

@ -448,11 +448,6 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
free = false;
};
jasper = spdx {
spdxId = "JasPer-2.0";
fullName = "JasPer License";
};
lgpl2Only = spdx {
spdxId = "LGPL-2.0-only";
fullName = "GNU Library General Public License v2 only";

View file

@ -26,7 +26,6 @@
, exiv2
, ffmpeg
, flex
, jasper ? null, withJpeg2k ? false # disable JPEG2000 support, jasper has unfixed CVE
, lcms2
, lensfun
, libgphoto2
@ -98,8 +97,7 @@ mkDerivation rec {
marble
oxygen
threadweaver
]
++ lib.optionals withJpeg2k [ jasper ];
];
enableParallelBuilding = true;

View file

@ -3,7 +3,6 @@
, enableGSL ? true, gsl
, enableGhostScript ? true, ghostscript
, enableMuPDF ? true, mupdf
, enableJPEG2K ? false, jasper ? null # disabled by default, jasper has unfixed CVE
, enableDJVU ? true, djvulibre
, enableGOCR ? false, gocr # Disabled by default due to crashes
, enableTesseract ? true, leptonica, tesseract4
@ -144,7 +143,6 @@ in stdenv.mkDerivation rec {
optional enableGSL gsl ++
optional enableGhostScript ghostscript ++
optional enableMuPDF mupdf_modded ++
optional enableJPEG2K jasper ++
optional enableDJVU djvulibre ++
optional enableGOCR gocr ++
optionals enableTesseract [ leptonica_modded tesseract_modded ];

View file

@ -1,51 +0,0 @@
{ stdenv, fetchFromGitHub, fetchpatch, libjpeg, cmake }:
stdenv.mkDerivation rec {
pname = "jasper";
version = "2.0.16";
src = fetchFromGitHub {
repo = "jasper";
owner = "mdadams";
rev = "version-${version}";
sha256 = "05l75yd1zsxwv25ykwwwjs8961szv7iywf16nc6vc6qpby27ckv6";
};
patches = [
(fetchpatch {
name = "CVE-2018-9055.patch";
url = "http://paste.opensuse.org/view/raw/330751ce";
sha256 = "0m798m6c4v9yyhql7x684j5kppcm6884n1rrb9ljz8p9aqq2jqnm";
})
];
# newer reconf to recognize a multiout flag
nativeBuildInputs = [ cmake ];
propagatedBuildInputs = [ libjpeg ];
configureFlags = [ "--enable-shared" ];
outputs = [ "bin" "dev" "out" "man" ];
enableParallelBuilding = true;
doCheck = false; # fails
postInstall = ''
moveToOutput bin "$bin"
'';
meta = with stdenv.lib; {
homepage = "https://www.ece.uvic.ca/~frodo/jasper/";
description = "JPEG2000 Library";
platforms = platforms.unix;
license = licenses.jasper;
maintainers = with maintainers; [ pSub ];
knownVulnerabilities = [
"Numerous CVE unsolved upstream"
"See: https://github.com/NixOS/nixpkgs/pull/57681#issuecomment-475857499"
"See: https://github.com/mdadams/jasper/issues/208"
];
};
}

View file

@ -1,7 +1,4 @@
{ stdenv, fetchurl, lcms2, pkgconfig
, jasper ? null, withJpeg2k ? false
# disable JPEG2000 support by default as jasper has many CVE
}:
{ stdenv, fetchurl, lcms2, pkgconfig }:
stdenv.mkDerivation rec {
pname = "libraw";
@ -14,8 +11,6 @@ stdenv.mkDerivation rec {
outputs = [ "out" "lib" "dev" "doc" ];
buildInputs = stdenv.lib.optionals withJpeg2k [ jasper ];
propagatedBuildInputs = [ lcms2 ];
nativeBuildInputs = [ pkgconfig ];

View file

@ -9,7 +9,6 @@
, enableTIFF ? true, libtiff
, enableWebP ? true, libwebp
, enableEXR ? !stdenv.isDarwin, openexr, ilmbase
, enableJPEG2K ? false, jasper # disable jasper by default (many CVE)
, enableEigen ? true, eigen
, enableOpenblas ? true, openblas, blas, lapack
, enableContrib ? true
@ -187,7 +186,6 @@ stdenv.mkDerivation {
++ lib.optional enableTIFF libtiff
++ lib.optional enableWebP libwebp
++ lib.optionals enableEXR [ openexr ilmbase ]
++ lib.optional enableJPEG2K jasper
++ lib.optional enableFfmpeg ffmpeg_3
++ lib.optionals (enableFfmpeg && stdenv.isDarwin)
[ VideoDecodeAcceleration bzip2 ]
@ -225,7 +223,6 @@ stdenv.mkDerivation {
"-DBUILD_DOCS=${printEnabled enableDocs}"
(opencvFlag "IPP" enableIpp)
(opencvFlag "TIFF" enableTIFF)
(opencvFlag "JASPER" enableJPEG2K)
(opencvFlag "WEBP" enableWebP)
(opencvFlag "JPEG" enableJPEG)
(opencvFlag "PNG" enablePNG)

View file

@ -9,7 +9,6 @@
, enableTIFF ? true, libtiff
, enableWebP ? true, libwebp
, enableEXR ? !stdenv.isDarwin, openexr, ilmbase
, enableJPEG2K ? false, jasper # disable jasper by default (many CVE)
, enableEigen ? true, eigen
, enableOpenblas ? true, openblas, blas, lapack
, enableContrib ? true
@ -203,7 +202,6 @@ stdenv.mkDerivation {
++ lib.optional enableTIFF libtiff
++ lib.optional enableWebP libwebp
++ lib.optionals enableEXR [ openexr ilmbase ]
++ lib.optional enableJPEG2K jasper
++ lib.optional enableFfmpeg ffmpeg_3
++ lib.optionals (enableFfmpeg && stdenv.isDarwin)
[ VideoDecodeAcceleration bzip2 ]
@ -242,7 +240,6 @@ stdenv.mkDerivation {
"-DBUILD_DOCS=${printEnabled enableDocs}"
(opencvFlag "IPP" enableIpp)
(opencvFlag "TIFF" enableTIFF)
(opencvFlag "JASPER" enableJPEG2K)
(opencvFlag "WEBP" enableWebP)
(opencvFlag "JPEG" enableJPEG)
(opencvFlag "PNG" enablePNG)

View file

@ -6,7 +6,6 @@
, enablePNG ? true, libpng
, enableTIFF ? true, libtiff
, enableEXR ? (!stdenv.isDarwin), openexr, ilmbase
, enableJPEG2K ? false, jasper # disable jasper by default (many CVE)
, enableFfmpeg ? false, ffmpeg_3
, enableGStreamer ? false, gst_all_1
, enableEigen ? true, eigen
@ -50,7 +49,6 @@ stdenv.mkDerivation rec {
++ lib.optional enablePNG libpng
++ lib.optional enableTIFF libtiff
++ lib.optionals enableEXR [ openexr ilmbase ]
++ lib.optional enableJPEG2K jasper
++ lib.optional enableFfmpeg ffmpeg_3
++ lib.optionals enableGStreamer (with gst_all_1; [ gstreamer gst-plugins-base ])
++ lib.optional enableEigen eigen
@ -65,7 +63,6 @@ stdenv.mkDerivation rec {
cmakeFlags = [
(opencvFlag "TIFF" enableTIFF)
(opencvFlag "JASPER" enableJPEG2K)
(opencvFlag "JPEG" enableJPEG)
(opencvFlag "PNG" enablePNG)
(opencvFlag "OPENEXR" enableEXR)

View file

@ -2,7 +2,6 @@
libX11, libXinerama, libXrandr, libGLU, libGL,
glib, ilmbase, libxml2, pcre, zlib,
jpegSupport ? true, libjpeg,
jasperSupport ? false, jasper, # disable jasper by default (many CVE)
exrSupport ? false, openexr,
gifSupport ? true, giflib,
pngSupport ? true, libpng,
@ -42,7 +41,6 @@ stdenv.mkDerivation rec {
libX11 libXinerama libXrandr libGLU libGL
glib ilmbase libxml2 pcre zlib
] ++ lib.optional jpegSupport libjpeg
++ lib.optional jasperSupport jasper
++ lib.optional exrSupport openexr
++ lib.optional gifSupport giflib
++ lib.optional pngSupport libpng

View file

@ -1,4 +1,4 @@
{stdenv, fetchurl, libjpeg, lcms2, gettext, jasper, libiconv }:
{stdenv, fetchurl, libjpeg, lcms2, gettext, libiconv }:
stdenv.mkDerivation rec {
name = "dcraw-9.28.0";
@ -9,12 +9,15 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = stdenv.lib.optional stdenv.isDarwin libiconv;
buildInputs = [ libjpeg lcms2 gettext jasper ];
buildInputs = [ libjpeg lcms2 gettext ];
# Jasper is disabled because the library is abandoned and has many
# CVEs.
patchPhase = ''
substituteInPlace install \
--replace 'prefix=/usr/local' 'prefix=$out' \
--replace gcc '$CC'
--replace gcc '$CC' \
--replace '-ljasper' '-DNO_JASPER=1'
'';
buildPhase = ''

View file

@ -211,6 +211,7 @@ mapAliases ({
idea = jetbrains; # added 2017-04-03
infiniband-diags = rdma-core; # added 2019-08-09
inotifyTools = inotify-tools;
jasper = throw "jasper has been removed: abandoned upstream with many vulnerabilities";
jbuilder = dune; # added 2018-09-09
jikes = throw "deprecated in 2019-10-07: jikes was abandoned by upstream";
joseki = apache-jena-fuseki; # added 2016-02-28

View file

@ -12996,8 +12996,6 @@ in
inherit (darwin.apple_sdk.frameworks) Cocoa;
};
jasper = callPackage ../development/libraries/jasper { };
jama = callPackage ../development/libraries/jama { };
jansson = callPackage ../development/libraries/jansson { };