diff --git a/pkgs/development/libraries/libtiff/4.5.nix b/pkgs/development/libraries/libtiff/4.5.nix new file mode 100644 index 000000000000..3b24c6f1a2e1 --- /dev/null +++ b/pkgs/development/libraries/libtiff/4.5.nix @@ -0,0 +1,86 @@ +{ lib +, stdenv +, fetchFromGitLab +, fetchpatch + +, autoreconfHook +, pkg-config +, sphinx + +, libdeflate +, libjpeg +, xz +, zlib +}: + +stdenv.mkDerivation rec { + pname = "libtiff"; + version = "4.5.1"; + + src = fetchFromGitLab { + owner = "libtiff"; + repo = "libtiff"; + rev = "v${version}"; + hash = "sha256-qQEthy6YhNAQmdDMyoCIvK8f3Tx25MgqhJZW74CB93E="; + }; + + patches = [ + # cf. https://bugzilla.redhat.com/2224974 + (fetchpatch { + name = "CVE-2023-40745.patch"; + url = "https://gitlab.com/libtiff/libtiff/-/commit/bdf7b2621c62e04d0408391b7d5611502a752cd0.diff"; + hash = "sha256-HdU02YJ1/T3dnCT+yG03tUyAHkgeQt1yjZx/auCQxyw="; + }) + # cf. https://bugzilla.redhat.com/2224971 + (fetchpatch { + name = "CVE-2023-41175.patch"; + url = "https://gitlab.com/libtiff/libtiff/-/commit/965fa243004e012adc533ae8e38db3055f101a7f.diff"; + hash = "sha256-Pvg6JfJWOIaTrfFF0YSREZkS9saTG9IsXnsXtcyKILA="; + }) + # FreeImage needs this patch + ./headers-4.5.patch + # libc++abi 11 has an `#include `, this picks up files name + # `version` in the project's include paths + ./rename-version-4.5.patch + ]; + + postPatch = '' + mv VERSION VERSION.txt + ''; + + outputs = [ "bin" "dev" "dev_private" "out" "man" "doc" ]; + + postFixup = '' + moveToOutput include/tif_config.h $dev_private + moveToOutput include/tif_dir.h $dev_private + moveToOutput include/tif_hash_set.h $dev_private + moveToOutput include/tiffiop.h $dev_private + ''; + + # If you want to change to a different build system, please make + # sure cross-compilation works first! + nativeBuildInputs = [ autoreconfHook pkg-config sphinx ]; + + propagatedBuildInputs = [ + libdeflate + libjpeg + xz + zlib + ]; + + enableParallelBuilding = true; + + doCheck = true; + + meta = with lib; { + description = "Library and utilities for working with the TIFF image file format"; + homepage = "https://libtiff.gitlab.io/libtiff"; + changelog = "https://libtiff.gitlab.io/libtiff/v${version}.html"; + # XXX not enabled for now to keep hydra builds running, + # but we have to keep an eye on security updates in supported version + #knownVulnerabilities = [ "support for version 4.5 ended in Sept 2023" ]; + maintainers = with maintainers; [ yarny ]; + license = licenses.libtiff; + platforms = platforms.unix; + }; +} diff --git a/pkgs/development/libraries/libtiff/default.nix b/pkgs/development/libraries/libtiff/default.nix index 8055704b0890..22b0f8af2043 100644 --- a/pkgs/development/libraries/libtiff/default.nix +++ b/pkgs/development/libraries/libtiff/default.nix @@ -26,6 +26,9 @@ stdenv.mkDerivation rec { pname = "libtiff"; version = "4.6.0"; + # if you update this, please consider adding patches and/or + # setting `knownVulnerabilities` in libtiff `4.5.nix` + src = fetchFromGitLab { owner = "libtiff"; repo = "libtiff"; diff --git a/pkgs/development/libraries/libtiff/headers-4.5.patch b/pkgs/development/libraries/libtiff/headers-4.5.patch new file mode 100644 index 000000000000..49af1abb0a54 --- /dev/null +++ b/pkgs/development/libraries/libtiff/headers-4.5.patch @@ -0,0 +1,16 @@ +export private headers for freeimage +--- i/libtiff/Makefile.am ++++ w/libtiff/Makefile.am +@@ -36,8 +36,12 @@ EXTRA_DIST = \ + tiffconf.h.cmake.in + + libtiffinclude_HEADERS = \ ++ tif_config.h \ ++ tif_dir.h \ ++ tif_hash_set.h \ + tiff.h \ + tiffio.h \ ++ tiffiop.h \ + tiffvers.h + + if HAVE_CXX diff --git a/pkgs/development/libraries/libtiff/rename-version-4.5.patch b/pkgs/development/libraries/libtiff/rename-version-4.5.patch new file mode 100644 index 000000000000..3e93569d4245 --- /dev/null +++ b/pkgs/development/libraries/libtiff/rename-version-4.5.patch @@ -0,0 +1,21 @@ +fix case-insensitive build +--- a/Makefile.am ++++ b/Makefile.am +@@ -34,7 +34,7 @@ docfiles = \ + README.md \ + RELEASE-DATE \ + TODO \ +- VERSION ++ VERSION.txt + + EXTRA_DIST = \ + cmake \ +@@ -61,7 +61,7 @@ SUBDIRS = port libtiff tools build contrib test doc + + release: + (rm -f $(top_srcdir)/RELEASE-DATE && echo $(LIBTIFF_RELEASE_DATE) > $(top_srcdir)/RELEASE-DATE) +- (rm -f $(top_srcdir)/VERSION && echo $(LIBTIFF_VERSION) > $(top_srcdir)/VERSION) ++ (rm -f $(top_srcdir)/VERSION.txt && echo $(LIBTIFF_VERSION) > $(top_srcdir)/VERSION.txt) + (rm -f $(top_srcdir)/libtiff/tiffvers.h && sed 's,LIBTIFF_VERSION,$(LIBTIFF_VERSION),;s,LIBTIFF_RELEASE_DATE,$(LIBTIFF_RELEASE_DATE),;s,LIBTIFF_MAJOR_VERSION,$(LIBTIFF_MAJOR_VERSION),;s,LIBTIFF_MINOR_VERSION,$(LIBTIFF_MINOR_VERSION),;s,LIBTIFF_MICRO_VERSION,$(LIBTIFF_MICRO_VERSION),' $(top_srcdir)/libtiff/tiffvers.h.in > $(top_srcdir)/libtiff/tiffvers.h) + + pkgconfigdir = $(libdir)/pkgconfig diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 385cb3a0ce27..501fab51e9e6 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9304,7 +9304,10 @@ with pkgs; stdenv = gcc8Stdenv; }; - hylafaxplus = callPackage ../servers/hylafaxplus { }; + hylafaxplus = callPackage ../servers/hylafaxplus { + # libtiff >= 4.6 dropped many executables needed by hylafaxplus + libtiff = libtiff_4_5; + }; hyphen = callPackage ../development/libraries/hyphen { }; @@ -23503,6 +23506,7 @@ with pkgs; libtifiles2 = callPackage ../development/libraries/libtifiles2 { }; libtiff = callPackage ../development/libraries/libtiff { }; + libtiff_4_5 = callPackage ../development/libraries/libtiff/4.5.nix { }; libtiger = callPackage ../development/libraries/libtiger { };