From f57a4b0ac1b954eec0c8def2a99e2a464ac6ff7a Mon Sep 17 00:00:00 2001 From: Yarny0 <41838844+Yarny0@users.noreply.github.com> Date: Sun, 29 Oct 2023 09:56:26 +0100 Subject: [PATCH] libtiff: introduce libtiff_4_5 With the update to libtiff 4.6 in 0a74a54ac2600656cd0b640d5ea1c8efb5c35d68 , many tiff-processing utility executables got dropped: http://www.simplesystems.org/libtiff/releases/v4.6.0.html Some of these executables can still be "restored" with the configure switch `--enable-tools-unsupported`, but unfortunatelly, at least hylafaxplus (maybe more packages) relies on utilities that even cannot be restored with this switch. The commit at hand reintroduces the old libtiff version 4.5.1 as `libtiff_4_5` into nixpkgs. It restores the old build recipe with the following changes: * passthru.updateScript is dropped as it is of no use here * passthru.tests is dropped as it only contains packages that now build with the new libtiff version * patches are applied for the two CVEs that are fixed in 4.6.0 As libtiff 4.5 is no longer supported by libtiff developers, new vulnerabilities will likely go unnoticed unless they also affect the current version. To not disable hydra builds, we don't add `knownVulnerabilities` *for now*, but add comments to alert updaters of the current libtiff version so patches can be backported or the situation be reevaluated as a whole. --- pkgs/development/libraries/libtiff/4.5.nix | 86 +++++++++++++++++++ .../development/libraries/libtiff/default.nix | 3 + .../libraries/libtiff/headers-4.5.patch | 16 ++++ .../libtiff/rename-version-4.5.patch | 21 +++++ pkgs/top-level/all-packages.nix | 1 + 5 files changed, 127 insertions(+) create mode 100644 pkgs/development/libraries/libtiff/4.5.nix create mode 100644 pkgs/development/libraries/libtiff/headers-4.5.patch create mode 100644 pkgs/development/libraries/libtiff/rename-version-4.5.patch diff --git a/pkgs/development/libraries/libtiff/4.5.nix b/pkgs/development/libraries/libtiff/4.5.nix new file mode 100644 index 000000000000..3b24c6f1a2e1 --- /dev/null +++ b/pkgs/development/libraries/libtiff/4.5.nix @@ -0,0 +1,86 @@ +{ lib +, stdenv +, fetchFromGitLab +, fetchpatch + +, autoreconfHook +, pkg-config +, sphinx + +, libdeflate +, libjpeg +, xz +, zlib +}: + +stdenv.mkDerivation rec { + pname = "libtiff"; + version = "4.5.1"; + + src = fetchFromGitLab { + owner = "libtiff"; + repo = "libtiff"; + rev = "v${version}"; + hash = "sha256-qQEthy6YhNAQmdDMyoCIvK8f3Tx25MgqhJZW74CB93E="; + }; + + patches = [ + # cf. https://bugzilla.redhat.com/2224974 + (fetchpatch { + name = "CVE-2023-40745.patch"; + url = "https://gitlab.com/libtiff/libtiff/-/commit/bdf7b2621c62e04d0408391b7d5611502a752cd0.diff"; + hash = "sha256-HdU02YJ1/T3dnCT+yG03tUyAHkgeQt1yjZx/auCQxyw="; + }) + # cf. https://bugzilla.redhat.com/2224971 + (fetchpatch { + name = "CVE-2023-41175.patch"; + url = "https://gitlab.com/libtiff/libtiff/-/commit/965fa243004e012adc533ae8e38db3055f101a7f.diff"; + hash = "sha256-Pvg6JfJWOIaTrfFF0YSREZkS9saTG9IsXnsXtcyKILA="; + }) + # FreeImage needs this patch + ./headers-4.5.patch + # libc++abi 11 has an `#include `, this picks up files name + # `version` in the project's include paths + ./rename-version-4.5.patch + ]; + + postPatch = '' + mv VERSION VERSION.txt + ''; + + outputs = [ "bin" "dev" "dev_private" "out" "man" "doc" ]; + + postFixup = '' + moveToOutput include/tif_config.h $dev_private + moveToOutput include/tif_dir.h $dev_private + moveToOutput include/tif_hash_set.h $dev_private + moveToOutput include/tiffiop.h $dev_private + ''; + + # If you want to change to a different build system, please make + # sure cross-compilation works first! + nativeBuildInputs = [ autoreconfHook pkg-config sphinx ]; + + propagatedBuildInputs = [ + libdeflate + libjpeg + xz + zlib + ]; + + enableParallelBuilding = true; + + doCheck = true; + + meta = with lib; { + description = "Library and utilities for working with the TIFF image file format"; + homepage = "https://libtiff.gitlab.io/libtiff"; + changelog = "https://libtiff.gitlab.io/libtiff/v${version}.html"; + # XXX not enabled for now to keep hydra builds running, + # but we have to keep an eye on security updates in supported version + #knownVulnerabilities = [ "support for version 4.5 ended in Sept 2023" ]; + maintainers = with maintainers; [ yarny ]; + license = licenses.libtiff; + platforms = platforms.unix; + }; +} diff --git a/pkgs/development/libraries/libtiff/default.nix b/pkgs/development/libraries/libtiff/default.nix index 8055704b0890..22b0f8af2043 100644 --- a/pkgs/development/libraries/libtiff/default.nix +++ b/pkgs/development/libraries/libtiff/default.nix @@ -26,6 +26,9 @@ stdenv.mkDerivation rec { pname = "libtiff"; version = "4.6.0"; + # if you update this, please consider adding patches and/or + # setting `knownVulnerabilities` in libtiff `4.5.nix` + src = fetchFromGitLab { owner = "libtiff"; repo = "libtiff"; diff --git a/pkgs/development/libraries/libtiff/headers-4.5.patch b/pkgs/development/libraries/libtiff/headers-4.5.patch new file mode 100644 index 000000000000..49af1abb0a54 --- /dev/null +++ b/pkgs/development/libraries/libtiff/headers-4.5.patch @@ -0,0 +1,16 @@ +export private headers for freeimage +--- i/libtiff/Makefile.am ++++ w/libtiff/Makefile.am +@@ -36,8 +36,12 @@ EXTRA_DIST = \ + tiffconf.h.cmake.in + + libtiffinclude_HEADERS = \ ++ tif_config.h \ ++ tif_dir.h \ ++ tif_hash_set.h \ + tiff.h \ + tiffio.h \ ++ tiffiop.h \ + tiffvers.h + + if HAVE_CXX diff --git a/pkgs/development/libraries/libtiff/rename-version-4.5.patch b/pkgs/development/libraries/libtiff/rename-version-4.5.patch new file mode 100644 index 000000000000..3e93569d4245 --- /dev/null +++ b/pkgs/development/libraries/libtiff/rename-version-4.5.patch @@ -0,0 +1,21 @@ +fix case-insensitive build +--- a/Makefile.am ++++ b/Makefile.am +@@ -34,7 +34,7 @@ docfiles = \ + README.md \ + RELEASE-DATE \ + TODO \ +- VERSION ++ VERSION.txt + + EXTRA_DIST = \ + cmake \ +@@ -61,7 +61,7 @@ SUBDIRS = port libtiff tools build contrib test doc + + release: + (rm -f $(top_srcdir)/RELEASE-DATE && echo $(LIBTIFF_RELEASE_DATE) > $(top_srcdir)/RELEASE-DATE) +- (rm -f $(top_srcdir)/VERSION && echo $(LIBTIFF_VERSION) > $(top_srcdir)/VERSION) ++ (rm -f $(top_srcdir)/VERSION.txt && echo $(LIBTIFF_VERSION) > $(top_srcdir)/VERSION.txt) + (rm -f $(top_srcdir)/libtiff/tiffvers.h && sed 's,LIBTIFF_VERSION,$(LIBTIFF_VERSION),;s,LIBTIFF_RELEASE_DATE,$(LIBTIFF_RELEASE_DATE),;s,LIBTIFF_MAJOR_VERSION,$(LIBTIFF_MAJOR_VERSION),;s,LIBTIFF_MINOR_VERSION,$(LIBTIFF_MINOR_VERSION),;s,LIBTIFF_MICRO_VERSION,$(LIBTIFF_MICRO_VERSION),' $(top_srcdir)/libtiff/tiffvers.h.in > $(top_srcdir)/libtiff/tiffvers.h) + + pkgconfigdir = $(libdir)/pkgconfig diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b100c5c3633a..9ad483982cbd 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23537,6 +23537,7 @@ with pkgs; libtifiles2 = callPackage ../development/libraries/libtifiles2 { }; libtiff = callPackage ../development/libraries/libtiff { }; + libtiff_4_5 = callPackage ../development/libraries/libtiff/4.5.nix { }; libtiger = callPackage ../development/libraries/libtiger { };