Commit f57a4b0a authored by Yarny0's avatar Yarny0
Browse files

libtiff: introduce libtiff_4_5 

With the update to libtiff 4.6 in
0a74a54a ,
many tiff-processing utility executables got dropped:

http://www.simplesystems.org/libtiff/releases/v4.6.0.html

Some of these executables can still be "restored" with
the configure switch `--enable-tools-unsupported`,
but unfortunatelly,
at least hylafaxplus (maybe more packages) relies on
utilities that even cannot be restored with this switch.

The commit at hand reintroduces the old libtiff
version 4.5.1 as `libtiff_4_5` into nixpkgs.
It restores the old build recipe with the following changes:

* passthru.updateScript is dropped as it is of no use here
* passthru.tests is dropped as it only contains
  packages that now build with the new libtiff version
* patches are applied for the two CVEs that are fixed in 4.6.0

As libtiff 4.5 is no longer supported by libtiff developers,
new vulnerabilities will likely go unnoticed
unless they also affect the current version.
To not disable hydra builds, we don't add
`knownVulnerabilities` *for now*, but add comments to alert
updaters of the current libtiff version so patches can
be backported or the situation be reevaluated as a whole.
parent 3f274c73

pkgs/development/libraries/libtiff/4.5.nix

0 → 100644
+86 −0
Original line number Diff line number Diff line 
{ lib

, stdenv

, fetchFromGitLab

, fetchpatch



, autoreconfHook

, pkg-config

, sphinx



, libdeflate

, libjpeg

, xz

, zlib

}:



stdenv.mkDerivation rec {

  pname = "libtiff";

  version = "4.5.1";



  src = fetchFromGitLab {

    owner = "libtiff";

    repo = "libtiff";

    rev = "v${version}";

    hash = "sha256-qQEthy6YhNAQmdDMyoCIvK8f3Tx25MgqhJZW74CB93E=";

  };



  patches = [

    # cf. https://bugzilla.redhat.com/2224974

    (fetchpatch {

      name = "CVE-2023-40745.patch";

      url = "https://gitlab.com/libtiff/libtiff/-/commit/bdf7b2621c62e04d0408391b7d5611502a752cd0.diff";

      hash = "sha256-HdU02YJ1/T3dnCT+yG03tUyAHkgeQt1yjZx/auCQxyw=";

    })

    # cf. https://bugzilla.redhat.com/2224971

    (fetchpatch {

      name = "CVE-2023-41175.patch";

      url = "https://gitlab.com/libtiff/libtiff/-/commit/965fa243004e012adc533ae8e38db3055f101a7f.diff";

      hash = "sha256-Pvg6JfJWOIaTrfFF0YSREZkS9saTG9IsXnsXtcyKILA=";

    })

    # FreeImage needs this patch

    ./headers-4.5.patch

    # libc++abi 11 has an `#include <version>`, this picks up files name

    # `version` in the project's include paths

    ./rename-version-4.5.patch

  ];



  postPatch = ''

    mv VERSION VERSION.txt

  '';



  outputs = [ "bin" "dev" "dev_private" "out" "man" "doc" ];



  postFixup = ''

    moveToOutput include/tif_config.h $dev_private

    moveToOutput include/tif_dir.h $dev_private

    moveToOutput include/tif_hash_set.h $dev_private

    moveToOutput include/tiffiop.h $dev_private

  '';



  # If you want to change to a different build system, please make

  # sure cross-compilation works first!

  nativeBuildInputs = [ autoreconfHook pkg-config sphinx ];



  propagatedBuildInputs = [

    libdeflate

    libjpeg

    xz

    zlib

  ];



  enableParallelBuilding = true;



  doCheck = true;



  meta = with lib; {

    description = "Library and utilities for working with the TIFF image file format";

    homepage = "https://libtiff.gitlab.io/libtiff";

    changelog = "https://libtiff.gitlab.io/libtiff/v${version}.html";

    # XXX not enabled for now to keep hydra builds running,

    # but we have to keep an eye on security updates in supported version

    #knownVulnerabilities = [ "support for version 4.5 ended in Sept 2023" ];

    maintainers = with maintainers; [ yarny ];

    license = licenses.libtiff;

    platforms = platforms.unix;

  };

}

pkgs/development/libraries/libtiff/default.nix

+3 −0
Original line number Diff line number Diff line
@@ -26,6 +26,9 @@ stdenv.mkDerivation rec { 
  pname = "libtiff";

  version = "4.6.0";



  # if you update this, please consider adding patches and/or

  # setting `knownVulnerabilities` in libtiff `4.5.nix`



  src = fetchFromGitLab {

    owner = "libtiff";

    repo = "libtiff";

pkgs/development/libraries/libtiff/headers-4.5.patch

0 → 100644
+16 −0
Original line number Diff line number Diff line 
export private headers for freeimage

--- i/libtiff/Makefile.am

+++ w/libtiff/Makefile.am

@@ -36,8 +36,12 @@ EXTRA_DIST = \

 	tiffconf.h.cmake.in



 libtiffinclude_HEADERS = \

+	tif_config.h \

+	tif_dir.h \

+	tif_hash_set.h \

 	tiff.h \

 	tiffio.h \

+	tiffiop.h \

 	tiffvers.h



 if HAVE_CXX

pkgs/development/libraries/libtiff/rename-version-4.5.patch

0 → 100644
+21 −0
Original line number Diff line number Diff line 
fix case-insensitive build

--- a/Makefile.am

+++ b/Makefile.am

@@ -34,7 +34,7 @@ docfiles = \

 	README.md \

 	RELEASE-DATE \

 	TODO \

-	VERSION

+	VERSION.txt



 EXTRA_DIST = \

 	cmake \

@@ -61,7 +61,7 @@ SUBDIRS = port libtiff tools build contrib test doc



 release:

	(rm -f $(top_srcdir)/RELEASE-DATE && echo $(LIBTIFF_RELEASE_DATE) > $(top_srcdir)/RELEASE-DATE)

-	(rm -f $(top_srcdir)/VERSION && echo $(LIBTIFF_VERSION) > $(top_srcdir)/VERSION)

+	(rm -f $(top_srcdir)/VERSION.txt && echo $(LIBTIFF_VERSION) > $(top_srcdir)/VERSION.txt)

	(rm -f $(top_srcdir)/libtiff/tiffvers.h && sed 's,LIBTIFF_VERSION,$(LIBTIFF_VERSION),;s,LIBTIFF_RELEASE_DATE,$(LIBTIFF_RELEASE_DATE),;s,LIBTIFF_MAJOR_VERSION,$(LIBTIFF_MAJOR_VERSION),;s,LIBTIFF_MINOR_VERSION,$(LIBTIFF_MINOR_VERSION),;s,LIBTIFF_MICRO_VERSION,$(LIBTIFF_MICRO_VERSION),' $(top_srcdir)/libtiff/tiffvers.h.in > $(top_srcdir)/libtiff/tiffvers.h)



 pkgconfigdir = $(libdir)/pkgconfig

pkgs/top-level/all-packages.nix

+1 −0
Original line number Diff line number Diff line
@@ -23537,6 +23537,7 @@ with pkgs; 
  libtifiles2 = callPackage ../development/libraries/libtifiles2 { };















  libtiff = callPackage ../development/libraries/libtiff { };













  libtiff_4_5 = callPackage ../development/libraries/libtiff/4.5.nix { };





























  libtiger = callPackage ../development/libraries/libtiger { };