jasper: remove, abandoned upstream.
Jasper has been marked insecure for a while, and upstream has not been responsive to CVEs for over a year. Fixes #55388. Signed-off-by: David Anderson <dave@natulte.net>
This commit is contained in:
parent
9c11454182
commit
3a38cef8f9
12 changed files with 9 additions and 83 deletions
|
@ -448,11 +448,6 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
|
|||
free = false;
|
||||
};
|
||||
|
||||
jasper = spdx {
|
||||
spdxId = "JasPer-2.0";
|
||||
fullName = "JasPer License";
|
||||
};
|
||||
|
||||
lgpl2Only = spdx {
|
||||
spdxId = "LGPL-2.0-only";
|
||||
fullName = "GNU Library General Public License v2 only";
|
||||
|
|
|
@ -26,7 +26,6 @@
|
|||
, exiv2
|
||||
, ffmpeg
|
||||
, flex
|
||||
, jasper ? null, withJpeg2k ? false # disable JPEG2000 support, jasper has unfixed CVE
|
||||
, lcms2
|
||||
, lensfun
|
||||
, libgphoto2
|
||||
|
@ -98,8 +97,7 @@ mkDerivation rec {
|
|||
marble
|
||||
oxygen
|
||||
threadweaver
|
||||
]
|
||||
++ lib.optionals withJpeg2k [ jasper ];
|
||||
];
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
, enableGSL ? true, gsl
|
||||
, enableGhostScript ? true, ghostscript
|
||||
, enableMuPDF ? true, mupdf
|
||||
, enableJPEG2K ? false, jasper ? null # disabled by default, jasper has unfixed CVE
|
||||
, enableDJVU ? true, djvulibre
|
||||
, enableGOCR ? false, gocr # Disabled by default due to crashes
|
||||
, enableTesseract ? true, leptonica, tesseract4
|
||||
|
@ -144,7 +143,6 @@ in stdenv.mkDerivation rec {
|
|||
optional enableGSL gsl ++
|
||||
optional enableGhostScript ghostscript ++
|
||||
optional enableMuPDF mupdf_modded ++
|
||||
optional enableJPEG2K jasper ++
|
||||
optional enableDJVU djvulibre ++
|
||||
optional enableGOCR gocr ++
|
||||
optionals enableTesseract [ leptonica_modded tesseract_modded ];
|
||||
|
|
|
@ -1,51 +0,0 @@
|
|||
{ stdenv, fetchFromGitHub, fetchpatch, libjpeg, cmake }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "jasper";
|
||||
version = "2.0.16";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
repo = "jasper";
|
||||
owner = "mdadams";
|
||||
rev = "version-${version}";
|
||||
sha256 = "05l75yd1zsxwv25ykwwwjs8961szv7iywf16nc6vc6qpby27ckv6";
|
||||
};
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "CVE-2018-9055.patch";
|
||||
url = "http://paste.opensuse.org/view/raw/330751ce";
|
||||
sha256 = "0m798m6c4v9yyhql7x684j5kppcm6884n1rrb9ljz8p9aqq2jqnm";
|
||||
})
|
||||
];
|
||||
|
||||
|
||||
# newer reconf to recognize a multiout flag
|
||||
nativeBuildInputs = [ cmake ];
|
||||
propagatedBuildInputs = [ libjpeg ];
|
||||
|
||||
configureFlags = [ "--enable-shared" ];
|
||||
|
||||
outputs = [ "bin" "dev" "out" "man" ];
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
doCheck = false; # fails
|
||||
|
||||
postInstall = ''
|
||||
moveToOutput bin "$bin"
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = "https://www.ece.uvic.ca/~frodo/jasper/";
|
||||
description = "JPEG2000 Library";
|
||||
platforms = platforms.unix;
|
||||
license = licenses.jasper;
|
||||
maintainers = with maintainers; [ pSub ];
|
||||
knownVulnerabilities = [
|
||||
"Numerous CVE unsolved upstream"
|
||||
"See: https://github.com/NixOS/nixpkgs/pull/57681#issuecomment-475857499"
|
||||
"See: https://github.com/mdadams/jasper/issues/208"
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,7 +1,4 @@
|
|||
{ stdenv, fetchurl, lcms2, pkgconfig
|
||||
, jasper ? null, withJpeg2k ? false
|
||||
# disable JPEG2000 support by default as jasper has many CVE
|
||||
}:
|
||||
{ stdenv, fetchurl, lcms2, pkgconfig }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "libraw";
|
||||
|
@ -14,8 +11,6 @@ stdenv.mkDerivation rec {
|
|||
|
||||
outputs = [ "out" "lib" "dev" "doc" ];
|
||||
|
||||
buildInputs = stdenv.lib.optionals withJpeg2k [ jasper ];
|
||||
|
||||
propagatedBuildInputs = [ lcms2 ];
|
||||
|
||||
nativeBuildInputs = [ pkgconfig ];
|
||||
|
|
|
@ -9,7 +9,6 @@
|
|||
, enableTIFF ? true, libtiff
|
||||
, enableWebP ? true, libwebp
|
||||
, enableEXR ? !stdenv.isDarwin, openexr, ilmbase
|
||||
, enableJPEG2K ? false, jasper # disable jasper by default (many CVE)
|
||||
, enableEigen ? true, eigen
|
||||
, enableOpenblas ? true, openblas, blas, lapack
|
||||
, enableContrib ? true
|
||||
|
@ -187,7 +186,6 @@ stdenv.mkDerivation {
|
|||
++ lib.optional enableTIFF libtiff
|
||||
++ lib.optional enableWebP libwebp
|
||||
++ lib.optionals enableEXR [ openexr ilmbase ]
|
||||
++ lib.optional enableJPEG2K jasper
|
||||
++ lib.optional enableFfmpeg ffmpeg_3
|
||||
++ lib.optionals (enableFfmpeg && stdenv.isDarwin)
|
||||
[ VideoDecodeAcceleration bzip2 ]
|
||||
|
@ -225,7 +223,6 @@ stdenv.mkDerivation {
|
|||
"-DBUILD_DOCS=${printEnabled enableDocs}"
|
||||
(opencvFlag "IPP" enableIpp)
|
||||
(opencvFlag "TIFF" enableTIFF)
|
||||
(opencvFlag "JASPER" enableJPEG2K)
|
||||
(opencvFlag "WEBP" enableWebP)
|
||||
(opencvFlag "JPEG" enableJPEG)
|
||||
(opencvFlag "PNG" enablePNG)
|
||||
|
|
|
@ -9,7 +9,6 @@
|
|||
, enableTIFF ? true, libtiff
|
||||
, enableWebP ? true, libwebp
|
||||
, enableEXR ? !stdenv.isDarwin, openexr, ilmbase
|
||||
, enableJPEG2K ? false, jasper # disable jasper by default (many CVE)
|
||||
, enableEigen ? true, eigen
|
||||
, enableOpenblas ? true, openblas, blas, lapack
|
||||
, enableContrib ? true
|
||||
|
@ -203,7 +202,6 @@ stdenv.mkDerivation {
|
|||
++ lib.optional enableTIFF libtiff
|
||||
++ lib.optional enableWebP libwebp
|
||||
++ lib.optionals enableEXR [ openexr ilmbase ]
|
||||
++ lib.optional enableJPEG2K jasper
|
||||
++ lib.optional enableFfmpeg ffmpeg_3
|
||||
++ lib.optionals (enableFfmpeg && stdenv.isDarwin)
|
||||
[ VideoDecodeAcceleration bzip2 ]
|
||||
|
@ -242,7 +240,6 @@ stdenv.mkDerivation {
|
|||
"-DBUILD_DOCS=${printEnabled enableDocs}"
|
||||
(opencvFlag "IPP" enableIpp)
|
||||
(opencvFlag "TIFF" enableTIFF)
|
||||
(opencvFlag "JASPER" enableJPEG2K)
|
||||
(opencvFlag "WEBP" enableWebP)
|
||||
(opencvFlag "JPEG" enableJPEG)
|
||||
(opencvFlag "PNG" enablePNG)
|
||||
|
|
|
@ -6,7 +6,6 @@
|
|||
, enablePNG ? true, libpng
|
||||
, enableTIFF ? true, libtiff
|
||||
, enableEXR ? (!stdenv.isDarwin), openexr, ilmbase
|
||||
, enableJPEG2K ? false, jasper # disable jasper by default (many CVE)
|
||||
, enableFfmpeg ? false, ffmpeg_3
|
||||
, enableGStreamer ? false, gst_all_1
|
||||
, enableEigen ? true, eigen
|
||||
|
@ -50,7 +49,6 @@ stdenv.mkDerivation rec {
|
|||
++ lib.optional enablePNG libpng
|
||||
++ lib.optional enableTIFF libtiff
|
||||
++ lib.optionals enableEXR [ openexr ilmbase ]
|
||||
++ lib.optional enableJPEG2K jasper
|
||||
++ lib.optional enableFfmpeg ffmpeg_3
|
||||
++ lib.optionals enableGStreamer (with gst_all_1; [ gstreamer gst-plugins-base ])
|
||||
++ lib.optional enableEigen eigen
|
||||
|
@ -65,7 +63,6 @@ stdenv.mkDerivation rec {
|
|||
|
||||
cmakeFlags = [
|
||||
(opencvFlag "TIFF" enableTIFF)
|
||||
(opencvFlag "JASPER" enableJPEG2K)
|
||||
(opencvFlag "JPEG" enableJPEG)
|
||||
(opencvFlag "PNG" enablePNG)
|
||||
(opencvFlag "OPENEXR" enableEXR)
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
libX11, libXinerama, libXrandr, libGLU, libGL,
|
||||
glib, ilmbase, libxml2, pcre, zlib,
|
||||
jpegSupport ? true, libjpeg,
|
||||
jasperSupport ? false, jasper, # disable jasper by default (many CVE)
|
||||
exrSupport ? false, openexr,
|
||||
gifSupport ? true, giflib,
|
||||
pngSupport ? true, libpng,
|
||||
|
@ -42,7 +41,6 @@ stdenv.mkDerivation rec {
|
|||
libX11 libXinerama libXrandr libGLU libGL
|
||||
glib ilmbase libxml2 pcre zlib
|
||||
] ++ lib.optional jpegSupport libjpeg
|
||||
++ lib.optional jasperSupport jasper
|
||||
++ lib.optional exrSupport openexr
|
||||
++ lib.optional gifSupport giflib
|
||||
++ lib.optional pngSupport libpng
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{stdenv, fetchurl, libjpeg, lcms2, gettext, jasper, libiconv }:
|
||||
{stdenv, fetchurl, libjpeg, lcms2, gettext, libiconv }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "dcraw-9.28.0";
|
||||
|
@ -9,12 +9,15 @@ stdenv.mkDerivation rec {
|
|||
};
|
||||
|
||||
nativeBuildInputs = stdenv.lib.optional stdenv.isDarwin libiconv;
|
||||
buildInputs = [ libjpeg lcms2 gettext jasper ];
|
||||
buildInputs = [ libjpeg lcms2 gettext ];
|
||||
|
||||
# Jasper is disabled because the library is abandoned and has many
|
||||
# CVEs.
|
||||
patchPhase = ''
|
||||
substituteInPlace install \
|
||||
--replace 'prefix=/usr/local' 'prefix=$out' \
|
||||
--replace gcc '$CC'
|
||||
--replace gcc '$CC' \
|
||||
--replace '-ljasper' '-DNO_JASPER=1'
|
||||
'';
|
||||
|
||||
buildPhase = ''
|
||||
|
|
|
@ -211,6 +211,7 @@ mapAliases ({
|
|||
idea = jetbrains; # added 2017-04-03
|
||||
infiniband-diags = rdma-core; # added 2019-08-09
|
||||
inotifyTools = inotify-tools;
|
||||
jasper = throw "jasper has been removed: abandoned upstream with many vulnerabilities";
|
||||
jbuilder = dune; # added 2018-09-09
|
||||
jikes = throw "deprecated in 2019-10-07: jikes was abandoned by upstream";
|
||||
joseki = apache-jena-fuseki; # added 2016-02-28
|
||||
|
|
|
@ -12996,8 +12996,6 @@ in
|
|||
inherit (darwin.apple_sdk.frameworks) Cocoa;
|
||||
};
|
||||
|
||||
jasper = callPackage ../development/libraries/jasper { };
|
||||
|
||||
jama = callPackage ../development/libraries/jama { };
|
||||
|
||||
jansson = callPackage ../development/libraries/jansson { };
|
||||
|
|
Loading…
Reference in a new issue