diff options
| author | David Anderson <dave@natulte.net> | 2020-03-14 01:30:31 -0700 |
|---|---|---|
| committer | David Anderson <dave@natulte.net> | 2020-09-09 18:29:42 +0000 |
| commit | 3a38cef8f9108bcbf024c05dc89dd80561f7e62b (patch) | |
| tree | a7d9b0b6b7b2c13deb6053fa7900f2feb1679f44 | |
| parent | 9c11454182fdd8d17dfc8178d995899b843111f2 (diff) | |
| download | nixpkgs-3a38cef8f9108bcbf024c05dc89dd80561f7e62b.tar nixpkgs-3a38cef8f9108bcbf024c05dc89dd80561f7e62b.tar.gz nixpkgs-3a38cef8f9108bcbf024c05dc89dd80561f7e62b.tar.bz2 nixpkgs-3a38cef8f9108bcbf024c05dc89dd80561f7e62b.tar.lz nixpkgs-3a38cef8f9108bcbf024c05dc89dd80561f7e62b.tar.xz nixpkgs-3a38cef8f9108bcbf024c05dc89dd80561f7e62b.tar.zst nixpkgs-3a38cef8f9108bcbf024c05dc89dd80561f7e62b.zip | |
jasper: remove, abandoned upstream.
Jasper has been marked insecure for a while, and upstream has not been responsive to CVEs for over a year. Fixes #55388. Signed-off-by: David Anderson <dave@natulte.net>
| -rw-r--r-- | lib/licenses.nix | 5 | ||||
| -rw-r--r-- | pkgs/applications/graphics/digikam/default.nix | 4 | ||||
| -rw-r--r-- | pkgs/applications/misc/k2pdfopt/default.nix | 2 | ||||
| -rw-r--r-- | pkgs/development/libraries/jasper/default.nix | 51 | ||||
| -rw-r--r-- | pkgs/development/libraries/libraw/default.nix | 7 | ||||
| -rw-r--r-- | pkgs/development/libraries/opencv/3.x.nix | 3 | ||||
| -rw-r--r-- | pkgs/development/libraries/opencv/4.x.nix | 3 | ||||
| -rw-r--r-- | pkgs/development/libraries/opencv/default.nix | 3 | ||||
| -rw-r--r-- | pkgs/development/libraries/openscenegraph/default.nix | 2 | ||||
| -rw-r--r-- | pkgs/tools/graphics/dcraw/default.nix | 9 | ||||
| -rw-r--r-- | pkgs/top-level/aliases.nix | 1 | ||||
| -rw-r--r-- | pkgs/top-level/all-packages.nix | 2 |
12 files changed, 9 insertions, 83 deletions
diff --git a/lib/licenses.nix b/lib/licenses.nix index ee11966b0d5..8492cf2495b 100644 --- a/lib/licenses.nix +++ b/lib/licenses.nix @@ -448,11 +448,6 @@ lib.mapAttrs (n: v: v // { shortName = n; }) { free = false; }; - jasper = spdx { - spdxId = "JasPer-2.0"; - fullName = "JasPer License"; - }; - lgpl2Only = spdx { spdxId = "LGPL-2.0-only"; fullName = "GNU Library General Public License v2 only"; diff --git a/pkgs/applications/graphics/digikam/default.nix b/pkgs/applications/graphics/digikam/default.nix index b2a03965601..2c0dbd5f3f0 100644 --- a/pkgs/applications/graphics/digikam/default.nix +++ b/pkgs/applications/graphics/digikam/default.nix @@ -26,7 +26,6 @@ , exiv2 , ffmpeg , flex -, jasper ? null, withJpeg2k ? false # disable JPEG2000 support, jasper has unfixed CVE , lcms2 , lensfun , libgphoto2 @@ -98,8 +97,7 @@ mkDerivation rec { marble oxygen threadweaver - ] - ++ lib.optionals withJpeg2k [ jasper ]; + ]; enableParallelBuilding = true; diff --git a/pkgs/applications/misc/k2pdfopt/default.nix b/pkgs/applications/misc/k2pdfopt/default.nix index 431426e55fb..75e467d4cdf 100644 --- a/pkgs/applications/misc/k2pdfopt/default.nix +++ b/pkgs/applications/misc/k2pdfopt/default.nix @@ -3,7 +3,6 @@ , enableGSL ? true, gsl , enableGhostScript ? true, ghostscript , enableMuPDF ? true, mupdf -, enableJPEG2K ? false, jasper ? null # disabled by default, jasper has unfixed CVE , enableDJVU ? true, djvulibre , enableGOCR ? false, gocr # Disabled by default due to crashes , enableTesseract ? true, leptonica, tesseract4 @@ -144,7 +143,6 @@ in stdenv.mkDerivation rec { optional enableGSL gsl ++ optional enableGhostScript ghostscript ++ optional enableMuPDF mupdf_modded ++ - optional enableJPEG2K jasper ++ optional enableDJVU djvulibre ++ optional enableGOCR gocr ++ optionals enableTesseract [ leptonica_modded tesseract_modded ]; diff --git a/pkgs/development/libraries/jasper/default.nix b/pkgs/development/libraries/jasper/default.nix deleted file mode 100644 index cd7b1cf4fd1..00000000000 --- a/pkgs/development/libraries/jasper/default.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ stdenv, fetchFromGitHub, fetchpatch, libjpeg, cmake }: - -stdenv.mkDerivation rec { - pname = "jasper"; - version = "2.0.16"; - - src = fetchFromGitHub { - repo = "jasper"; - owner = "mdadams"; - rev = "version-${version}"; - sha256 = "05l75yd1zsxwv25ykwwwjs8961szv7iywf16nc6vc6qpby27ckv6"; - }; - - patches = [ - (fetchpatch { - name = "CVE-2018-9055.patch"; - url = "http://paste.opensuse.org/view/raw/330751ce"; - sha256 = "0m798m6c4v9yyhql7x684j5kppcm6884n1rrb9ljz8p9aqq2jqnm"; - }) - ]; - - - # newer reconf to recognize a multiout flag - nativeBuildInputs = [ cmake ]; - propagatedBuildInputs = [ libjpeg ]; - - configureFlags = [ "--enable-shared" ]; - - outputs = [ "bin" "dev" "out" "man" ]; - - enableParallelBuilding = true; - - doCheck = false; # fails - - postInstall = '' - moveToOutput bin "$bin" - ''; - - meta = with stdenv.lib; { - homepage = "https://www.ece.uvic.ca/~frodo/jasper/"; - description = "JPEG2000 Library"; - platforms = platforms.unix; - license = licenses.jasper; - maintainers = with maintainers; [ pSub ]; - knownVulnerabilities = [ - "Numerous CVE unsolved upstream" - "See: https://github.com/NixOS/nixpkgs/pull/57681#issuecomment-475857499" - "See: https://github.com/mdadams/jasper/issues/208" - ]; - }; -} diff --git a/pkgs/development/libraries/libraw/default.nix b/pkgs/development/libraries/libraw/default.nix index f20810801d9..b190d36acb5 100644 --- a/pkgs/development/libraries/libraw/default.nix +++ b/pkgs/development/libraries/libraw/default.nix @@ -1,7 +1,4 @@ -{ stdenv, fetchurl, lcms2, pkgconfig -, jasper ? null, withJpeg2k ? false -# disable JPEG2000 support by default as jasper has many CVE -}: +{ stdenv, fetchurl, lcms2, pkgconfig }: stdenv.mkDerivation rec { pname = "libraw"; @@ -14,8 +11,6 @@ stdenv.mkDerivation rec { outputs = [ "out" "lib" "dev" "doc" ]; - buildInputs = stdenv.lib.optionals withJpeg2k [ jasper ]; - propagatedBuildInputs = [ lcms2 ]; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/development/libraries/opencv/3.x.nix b/pkgs/development/libraries/opencv/3.x.nix index 1597eb7913a..2ad2d016c9f 100644 --- a/pkgs/development/libraries/opencv/3.x.nix +++ b/pkgs/development/libraries/opencv/3.x.nix @@ -9,7 +9,6 @@ , enableTIFF ? true, libtiff , enableWebP ? true, libwebp , enableEXR ? !stdenv.isDarwin, openexr, ilmbase -, enableJPEG2K ? false, jasper # disable jasper by default (many CVE) , enableEigen ? true, eigen , enableOpenblas ? true, openblas, blas, lapack , enableContrib ? true @@ -187,7 +186,6 @@ stdenv.mkDerivation { ++ lib.optional enableTIFF libtiff ++ lib.optional enableWebP libwebp ++ lib.optionals enableEXR [ openexr ilmbase ] - ++ lib.optional enableJPEG2K jasper ++ lib.optional enableFfmpeg ffmpeg_3 ++ lib.optionals (enableFfmpeg && stdenv.isDarwin) [ VideoDecodeAcceleration bzip2 ] @@ -225,7 +223,6 @@ stdenv.mkDerivation { "-DBUILD_DOCS=${printEnabled enableDocs}" (opencvFlag "IPP" enableIpp) (opencvFlag "TIFF" enableTIFF) - (opencvFlag "JASPER" enableJPEG2K) (opencvFlag "WEBP" enableWebP) (opencvFlag "JPEG" enableJPEG) (opencvFlag "PNG" enablePNG) diff --git a/pkgs/development/libraries/opencv/4.x.nix b/pkgs/development/libraries/opencv/4.x.nix index dd71b10728d..a2cd75093ce 100644 --- a/pkgs/development/libraries/opencv/4.x.nix +++ b/pkgs/development/libraries/opencv/4.x.nix @@ -9,7 +9,6 @@ , enableTIFF ? true, libtiff , enableWebP ? true, libwebp , enableEXR ? !stdenv.isDarwin, openexr, ilmbase -, enableJPEG2K ? false, jasper # disable jasper by default (many CVE) , enableEigen ? true, eigen , enableOpenblas ? true, openblas, blas, lapack , enableContrib ? true @@ -203,7 +202,6 @@ stdenv.mkDerivation { ++ lib.optional enableTIFF libtiff ++ lib.optional enableWebP libwebp ++ lib.optionals enableEXR [ openexr ilmbase ] - ++ lib.optional enableJPEG2K jasper ++ lib.optional enableFfmpeg ffmpeg_3 ++ lib.optionals (enableFfmpeg && stdenv.isDarwin) [ VideoDecodeAcceleration bzip2 ] @@ -242,7 +240,6 @@ stdenv.mkDerivation { "-DBUILD_DOCS=${printEnabled enableDocs}" (opencvFlag "IPP" enableIpp) (opencvFlag "TIFF" enableTIFF) - (opencvFlag "JASPER" enableJPEG2K) (opencvFlag "WEBP" enableWebP) (opencvFlag "JPEG" enableJPEG) (opencvFlag "PNG" enablePNG) diff --git a/pkgs/development/libraries/opencv/default.nix b/pkgs/development/libraries/opencv/default.nix index 06a3d5f194f..d71c210fb6f 100644 --- a/pkgs/development/libraries/opencv/default.nix +++ b/pkgs/development/libraries/opencv/default.nix @@ -6,7 +6,6 @@ , enablePNG ? true, libpng , enableTIFF ? true, libtiff , enableEXR ? (!stdenv.isDarwin), openexr, ilmbase -, enableJPEG2K ? false, jasper # disable jasper by default (many CVE) , enableFfmpeg ? false, ffmpeg_3 , enableGStreamer ? false, gst_all_1 , enableEigen ? true, eigen @@ -50,7 +49,6 @@ stdenv.mkDerivation rec { ++ lib.optional enablePNG libpng ++ lib.optional enableTIFF libtiff ++ lib.optionals enableEXR [ openexr ilmbase ] - ++ lib.optional enableJPEG2K jasper ++ lib.optional enableFfmpeg ffmpeg_3 ++ lib.optionals enableGStreamer (with gst_all_1; [ gstreamer gst-plugins-base ]) ++ lib.optional enableEigen eigen @@ -65,7 +63,6 @@ stdenv.mkDerivation rec { cmakeFlags = [ (opencvFlag "TIFF" enableTIFF) - (opencvFlag "JASPER" enableJPEG2K) (opencvFlag "JPEG" enableJPEG) (opencvFlag "PNG" enablePNG) (opencvFlag "OPENEXR" enableEXR) diff --git a/pkgs/development/libraries/openscenegraph/default.nix b/pkgs/development/libraries/openscenegraph/default.nix index a8617185216..4ded4770fc8 100644 --- a/pkgs/development/libraries/openscenegraph/default.nix +++ b/pkgs/development/libraries/openscenegraph/default.nix @@ -2,7 +2,6 @@ libX11, libXinerama, libXrandr, libGLU, libGL, glib, ilmbase, libxml2, pcre, zlib, jpegSupport ? true, libjpeg, - jasperSupport ? false, jasper, # disable jasper by default (many CVE) exrSupport ? false, openexr, gifSupport ? true, giflib, pngSupport ? true, libpng, @@ -42,7 +41,6 @@ stdenv.mkDerivation rec { libX11 libXinerama libXrandr libGLU libGL glib ilmbase libxml2 pcre zlib ] ++ lib.optional jpegSupport libjpeg - ++ lib.optional jasperSupport jasper ++ lib.optional exrSupport openexr ++ lib.optional gifSupport giflib ++ lib.optional pngSupport libpng diff --git a/pkgs/tools/graphics/dcraw/default.nix b/pkgs/tools/graphics/dcraw/default.nix index f8e78d01712..a43c7a16d97 100644 --- a/pkgs/tools/graphics/dcraw/default.nix +++ b/pkgs/tools/graphics/dcraw/default.nix @@ -1,4 +1,4 @@ -{stdenv, fetchurl, libjpeg, lcms2, gettext, jasper, libiconv }: +{stdenv, fetchurl, libjpeg, lcms2, gettext, libiconv }: stdenv.mkDerivation rec { name = "dcraw-9.28.0"; @@ -9,12 +9,15 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = stdenv.lib.optional stdenv.isDarwin libiconv; - buildInputs = [ libjpeg lcms2 gettext jasper ]; + buildInputs = [ libjpeg lcms2 gettext ]; + # Jasper is disabled because the library is abandoned and has many + # CVEs. patchPhase = '' substituteInPlace install \ --replace 'prefix=/usr/local' 'prefix=$out' \ - --replace gcc '$CC' + --replace gcc '$CC' \ + --replace '-ljasper' '-DNO_JASPER=1' ''; buildPhase = '' diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index a9832c6841e..0acab223547 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -211,6 +211,7 @@ mapAliases ({ idea = jetbrains; # added 2017-04-03 infiniband-diags = rdma-core; # added 2019-08-09 inotifyTools = inotify-tools; + jasper = throw "jasper has been removed: abandoned upstream with many vulnerabilities"; jbuilder = dune; # added 2018-09-09 jikes = throw "deprecated in 2019-10-07: jikes was abandoned by upstream"; joseki = apache-jena-fuseki; # added 2016-02-28 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index fff6dd98b46..3c6f6539a3e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -12996,8 +12996,6 @@ in inherit (darwin.apple_sdk.frameworks) Cocoa; }; - jasper = callPackage ../development/libraries/jasper { }; - jama = callPackage ../development/libraries/jama { }; jansson = callPackage ../development/libraries/jansson { }; |