nixpkgs/pkgs/development/libraries/libtiff/4.5.nix
Yarny0 f57a4b0ac1 libtiff: introduce libtiff_4_5
With the update to libtiff 4.6 in
0a74a54ac2 ,
many tiff-processing utility executables got dropped:

http://www.simplesystems.org/libtiff/releases/v4.6.0.html

Some of these executables can still be "restored" with
the configure switch `--enable-tools-unsupported`,
but unfortunatelly,
at least hylafaxplus (maybe more packages) relies on
utilities that even cannot be restored with this switch.

The commit at hand reintroduces the old libtiff
version 4.5.1 as `libtiff_4_5` into nixpkgs.
It restores the old build recipe with the following changes:

* passthru.updateScript is dropped as it is of no use here
* passthru.tests is dropped as it only contains
  packages that now build with the new libtiff version
* patches are applied for the two CVEs that are fixed in 4.6.0

As libtiff 4.5 is no longer supported by libtiff developers,
new vulnerabilities will likely go unnoticed
unless they also affect the current version.
To not disable hydra builds, we don't add
`knownVulnerabilities` *for now*, but add comments to alert
updaters of the current libtiff version so patches can
be backported or the situation be reevaluated as a whole.
2023-11-01 07:32:25 +01:00

86 lines
2.3 KiB
Nix

{ lib
, stdenv
, fetchFromGitLab
, fetchpatch
, autoreconfHook
, pkg-config
, sphinx
, libdeflate
, libjpeg
, xz
, zlib
}:
stdenv.mkDerivation rec {
pname = "libtiff";
version = "4.5.1";
src = fetchFromGitLab {
owner = "libtiff";
repo = "libtiff";
rev = "v${version}";
hash = "sha256-qQEthy6YhNAQmdDMyoCIvK8f3Tx25MgqhJZW74CB93E=";
};
patches = [
# cf. https://bugzilla.redhat.com/2224974
(fetchpatch {
name = "CVE-2023-40745.patch";
url = "https://gitlab.com/libtiff/libtiff/-/commit/bdf7b2621c62e04d0408391b7d5611502a752cd0.diff";
hash = "sha256-HdU02YJ1/T3dnCT+yG03tUyAHkgeQt1yjZx/auCQxyw=";
})
# cf. https://bugzilla.redhat.com/2224971
(fetchpatch {
name = "CVE-2023-41175.patch";
url = "https://gitlab.com/libtiff/libtiff/-/commit/965fa243004e012adc533ae8e38db3055f101a7f.diff";
hash = "sha256-Pvg6JfJWOIaTrfFF0YSREZkS9saTG9IsXnsXtcyKILA=";
})
# FreeImage needs this patch
./headers-4.5.patch
# libc++abi 11 has an `#include <version>`, this picks up files name
# `version` in the project's include paths
./rename-version-4.5.patch
];
postPatch = ''
mv VERSION VERSION.txt
'';
outputs = [ "bin" "dev" "dev_private" "out" "man" "doc" ];
postFixup = ''
moveToOutput include/tif_config.h $dev_private
moveToOutput include/tif_dir.h $dev_private
moveToOutput include/tif_hash_set.h $dev_private
moveToOutput include/tiffiop.h $dev_private
'';
# If you want to change to a different build system, please make
# sure cross-compilation works first!
nativeBuildInputs = [ autoreconfHook pkg-config sphinx ];
propagatedBuildInputs = [
libdeflate
libjpeg
xz
zlib
];
enableParallelBuilding = true;
doCheck = true;
meta = with lib; {
description = "Library and utilities for working with the TIFF image file format";
homepage = "https://libtiff.gitlab.io/libtiff";
changelog = "https://libtiff.gitlab.io/libtiff/v${version}.html";
# XXX not enabled for now to keep hydra builds running,
# but we have to keep an eye on security updates in supported version
#knownVulnerabilities = [ "support for version 4.5 ended in Sept 2023" ];
maintainers = with maintainers; [ yarny ];
license = licenses.libtiff;
platforms = platforms.unix;
};
}