jasper: remove, abandoned upstream.

Jasper has been marked insecure for a while, and upstream has not been responsive to CVEs for over a year. Fixes #55388. Signed-off-by: David Anderson <dave@natulte.net>
author: David Anderson <dave@natulte.net> 2020-03-14 01:30:31 -0700
committer: David Anderson <dave@natulte.net> 2020-09-09 18:29:42 +0000
commit: 3a38cef8f9108bcbf024c05dc89dd80561f7e62b (patch)
tree: a7d9b0b6b7b2c13deb6053fa7900f2feb1679f44 /pkgs/tools/graphics
parent: 9c11454182fdd8d17dfc8178d995899b843111f2 (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/pkgs/tools/graphics/dcraw/default.nix b/pkgs/tools/graphics/dcraw/default.nix
index f8e78d017120..a43c7a16d97e 100644
--- a/pkgs/tools/graphics/dcraw/default.nix
+++ b/pkgs/tools/graphics/dcraw/default.nix
@@ -1,4 +1,4 @@
-{stdenv, fetchurl, libjpeg, lcms2, gettext, jasper, libiconv }:
+{stdenv, fetchurl, libjpeg, lcms2, gettext, libiconv }:
 
 stdenv.mkDerivation rec {
   name = "dcraw-9.28.0";
@@ -9,12 +9,15 @@ stdenv.mkDerivation rec {
   };
 
   nativeBuildInputs = stdenv.lib.optional stdenv.isDarwin libiconv;
-  buildInputs = [ libjpeg lcms2 gettext jasper ];
+  buildInputs = [ libjpeg lcms2 gettext ];
 
+  # Jasper is disabled because the library is abandoned and has many
+  # CVEs.
   patchPhase = ''
     substituteInPlace install \
       --replace 'prefix=/usr/local' 'prefix=$out' \
-      --replace gcc '$CC'
+      --replace gcc '$CC' \
+      --replace '-ljasper' '-DNO_JASPER=1'
   '';
 
   buildPhase = ''
author	David Anderson <dave@natulte.net>	2020-03-14 01:30:31 -0700
committer	David Anderson <dave@natulte.net>	2020-09-09 18:29:42 +0000
commit	3a38cef8f9108bcbf024c05dc89dd80561f7e62b (patch)
tree	a7d9b0b6b7b2c13deb6053fa7900f2feb1679f44 /pkgs/tools/graphics
parent	9c11454182fdd8d17dfc8178d995899b843111f2 (diff)