Merge pull request #264226 from Yarny0/hylafaxplus-libtiff-fix

2024-12-28 14:22:50 +03:00 · 2023-11-19 19:07:16 +02:00 · 2023-11-19 19:07:16 +02:00 · 0734225742
commit 0734225742
parent 38b1656c2d cd3771c709
5 changed files with 131 additions and 1 deletions
--- a/pkgs/development/libraries/libtiff/4.5.nix
+++ b/pkgs/development/libraries/libtiff/4.5.nix
@ -0,0 +1,86 @@
+{ lib
+, stdenv
+, fetchFromGitLab
+, fetchpatch
+
+, autoreconfHook
+, pkg-config
+, sphinx
+
+, libdeflate
+, libjpeg
+, xz
+, zlib
+}:
+
+stdenv.mkDerivation rec {
+  pname = "libtiff";
+  version = "4.5.1";
+
+  src = fetchFromGitLab {
+    owner = "libtiff";
+    repo = "libtiff";
+    rev = "v${version}";
+    hash = "sha256-qQEthy6YhNAQmdDMyoCIvK8f3Tx25MgqhJZW74CB93E=";
+  };
+
+  patches = [
+    # cf. https://bugzilla.redhat.com/2224974
+    (fetchpatch {
+      name = "CVE-2023-40745.patch";
+      url = "https://gitlab.com/libtiff/libtiff/-/commit/bdf7b2621c62e04d0408391b7d5611502a752cd0.diff";
+      hash = "sha256-HdU02YJ1/T3dnCT+yG03tUyAHkgeQt1yjZx/auCQxyw=";
+    })
+    # cf. https://bugzilla.redhat.com/2224971
+    (fetchpatch {
+      name = "CVE-2023-41175.patch";
+      url = "https://gitlab.com/libtiff/libtiff/-/commit/965fa243004e012adc533ae8e38db3055f101a7f.diff";
+      hash = "sha256-Pvg6JfJWOIaTrfFF0YSREZkS9saTG9IsXnsXtcyKILA=";
+    })
+    # FreeImage needs this patch
+    ./headers-4.5.patch
+    # libc++abi 11 has an `#include <version>`, this picks up files name
+    # `version` in the project's include paths
+    ./rename-version-4.5.patch
+  ];
+
+  postPatch = ''
+    mv VERSION VERSION.txt
+  '';
+
+  outputs = [ "bin" "dev" "dev_private" "out" "man" "doc" ];
+
+  postFixup = ''
+    moveToOutput include/tif_config.h $dev_private
+    moveToOutput include/tif_dir.h $dev_private
+    moveToOutput include/tif_hash_set.h $dev_private
+    moveToOutput include/tiffiop.h $dev_private
+  '';
+
+  # If you want to change to a different build system, please make
+  # sure cross-compilation works first!
+  nativeBuildInputs = [ autoreconfHook pkg-config sphinx ];
+
+  propagatedBuildInputs = [
+    libdeflate
+    libjpeg
+    xz
+    zlib
+  ];
+
+  enableParallelBuilding = true;
+
+  doCheck = true;
+
+  meta = with lib; {
+    description = "Library and utilities for working with the TIFF image file format";
+    homepage = "https://libtiff.gitlab.io/libtiff";
+    changelog = "https://libtiff.gitlab.io/libtiff/v${version}.html";
+    # XXX not enabled for now to keep hydra builds running,
+    # but we have to keep an eye on security updates in supported version
+    #knownVulnerabilities = [ "support for version 4.5 ended in Sept 2023" ];
+    maintainers = with maintainers; [ yarny ];
+    license = licenses.libtiff;
+    platforms = platforms.unix;
+  };
+}
--- a/pkgs/development/libraries/libtiff/default.nix
+++ b/pkgs/development/libraries/libtiff/default.nix
@ -26,6 +26,9 @@ stdenv.mkDerivation rec {
  pname = "libtiff";
  version = "4.6.0";

+  # if you update this, please consider adding patches and/or
+  # setting `knownVulnerabilities` in libtiff `4.5.nix`
+
  src = fetchFromGitLab {
    owner = "libtiff";
    repo = "libtiff";
--- a/pkgs/development/libraries/libtiff/headers-4.5.patch
+++ b/pkgs/development/libraries/libtiff/headers-4.5.patch
@ -0,0 +1,16 @@
+export private headers for freeimage
+--- i/libtiff/Makefile.am
+++ w/libtiff/Makefile.am
+@@ -36,8 +36,12 @@ EXTRA_DIST = \
+ 	tiffconf.h.cmake.in
+
+ libtiffinclude_HEADERS = \
+	tif_config.h \
+	tif_dir.h \
+	tif_hash_set.h \
+ 	tiff.h \
+ 	tiffio.h \
+	tiffiop.h \
+ 	tiffvers.h
+
+ if HAVE_CXX
--- a/pkgs/development/libraries/libtiff/rename-version-4.5.patch
+++ b/pkgs/development/libraries/libtiff/rename-version-4.5.patch
@ -0,0 +1,21 @@
+fix case-insensitive build
+--- a/Makefile.am
+++ b/Makefile.am
+@@ -34,7 +34,7 @@ docfiles = \
+ 	README.md \
+ 	RELEASE-DATE \
+ 	TODO \
+-	VERSION
+	VERSION.txt
+
+ EXTRA_DIST = \
+ 	cmake \
+@@ -61,7 +61,7 @@ SUBDIRS = port libtiff tools build contrib test doc
+
+ release:
+	(rm -f $(top_srcdir)/RELEASE-DATE && echo $(LIBTIFF_RELEASE_DATE) > $(top_srcdir)/RELEASE-DATE)
+-	(rm -f $(top_srcdir)/VERSION && echo $(LIBTIFF_VERSION) > $(top_srcdir)/VERSION)
+	(rm -f $(top_srcdir)/VERSION.txt && echo $(LIBTIFF_VERSION) > $(top_srcdir)/VERSION.txt)
+	(rm -f $(top_srcdir)/libtiff/tiffvers.h && sed 's,LIBTIFF_VERSION,$(LIBTIFF_VERSION),;s,LIBTIFF_RELEASE_DATE,$(LIBTIFF_RELEASE_DATE),;s,LIBTIFF_MAJOR_VERSION,$(LIBTIFF_MAJOR_VERSION),;s,LIBTIFF_MINOR_VERSION,$(LIBTIFF_MINOR_VERSION),;s,LIBTIFF_MICRO_VERSION,$(LIBTIFF_MICRO_VERSION),' $(top_srcdir)/libtiff/tiffvers.h.in > $(top_srcdir)/libtiff/tiffvers.h)
+
+ pkgconfigdir = $(libdir)/pkgconfig
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -9304,7 +9304,10 @@ with pkgs;
    stdenv = gcc8Stdenv;
  };

-  hylafaxplus = callPackage ../servers/hylafaxplus { };
+  hylafaxplus = callPackage ../servers/hylafaxplus {
+    # libtiff >= 4.6 dropped many executables needed by hylafaxplus
+    libtiff = libtiff_4_5;
+  };

  hyphen = callPackage ../development/libraries/hyphen { };

@ -23503,6 +23506,7 @@ with pkgs;
  libtifiles2 = callPackage ../development/libraries/libtifiles2 { };

  libtiff = callPackage ../development/libraries/libtiff { };
+  libtiff_4_5 = callPackage ../development/libraries/libtiff/4.5.nix { };

  libtiger = callPackage ../development/libraries/libtiger { };