exiv2: 0.28.0 -> 0.28.1

[6t8k]

Description of changes

https://github.com/Exiv2/exiv2/blob/v0.28.1/doc/ChangeLog

Fixes CVE-2023-44398 (High).

Exiv2/exiv2#2762 is now fixed upstream, so make checkPhase run unconditionally again.

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 23.11 Release Notes (or backporting 23.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

[6t8k]

Build does not yet succeed. On x86_64-linux:

$ nix build .#exiv2 -L --debug:

<snip>
building of '/nix/store/m1f6hpxnx8nlqxahyd8ig52lcf1v1l5j-exiv2-0.28.1.drv^man,out' from .drv file: got EOF
building of '/nix/store/m1f6hpxnx8nlqxahyd8ig52lcf1v1l5j-exiv2-0.28.1.drv^man,out' from .drv file: woken up
building of '/nix/store/m1f6hpxnx8nlqxahyd8ig52lcf1v1l5j-exiv2-0.28.1.drv^man,out' from .drv file: build done
killing process 20957
builder process for '/nix/store/m1f6hpxnx8nlqxahyd8ig52lcf1v1l5j-exiv2-0.28.1.drv' finished
killing all processes running under uid '30001'
scanning for references for output 'dev' in temp location '/nix/store/m1f6hpxnx8nlqxahyd8ig52lcf1v1l5j-exiv2-0.28.1.drv.chroot/nix/store/1z03dgk82md5zvgaid4m2438682spmgw-exiv2-0.28.1-dev'
found reference to 'md7my7c0ikc2c4n3sz5lcm7j398c7a9v' at offset '18'
found reference to 'rvr5igdbzrnzmyjk0s2vl7skj1smk2il' at offset '104'
found reference to '1z03dgk82md5zvgaid4m2438682spmgw' at offset '180'
found reference to 'pac274s4q2znz5mha3102gw4zfg1f8s2' at offset '11'
found reference to '4rrd2p4db74nf732nm98bhd47zqg5k2d' at offset '72'
found reference to 'gk9785yw44w60bpya3bj8il5lc971d2n' at offset '132'
found reference to '686lhcz4bwg3wk09pi1xxjgzbxv7ys5q' at offset '184'
scanning for references for output 'doc' in temp location '/nix/store/m1f6hpxnx8nlqxahyd8ig52lcf1v1l5j-exiv2-0.28.1.drv.chroot/nix/store/xywxl6j0brwykc6hqh0m0rlbry2pj7p9-exiv2-0.28.1-doc'
scanning for references for output 'lib' in temp location '/nix/store/m1f6hpxnx8nlqxahyd8ig52lcf1v1l5j-exiv2-0.28.1.drv.chroot/nix/store/rvr5igdbzrnzmyjk0s2vl7skj1smk2il-exiv2-0.28.1-lib'
found reference to '8py3bfw4k5b6lpxlwi3nmnakihxa63jp' at offset '19133'
found reference to '4zb4ivz3y2sx8xvjbv1wwqzrsbcp3jai' at offset '19198'
found reference to 'gk9785yw44w60bpya3bj8il5lc971d2n' at offset '19258'
found reference to 's5gzrzha72q79v92wqq61x9ir8xiwbxk' at offset '19314'
found reference to 'gqghjch4p1s69sv4mcjksb2kb65rwqjy' at offset '19371'
found reference to '9fy9zzhf613xp0c3jsjxbjq6yp8afrsv' at offset '19433'
found reference to 'rvr5igdbzrnzmyjk0s2vl7skj1smk2il' at offset '1923'
scanning for references for output 'man' in temp location '/nix/store/m1f6hpxnx8nlqxahyd8ig52lcf1v1l5j-exiv2-0.28.1.drv.chroot/nix/store/9n0cnx6yqbslfxjjpgxn4x1k7nl4ypkc-exiv2-0.28.1-man'
scanning for references for output 'out' in temp location '/nix/store/m1f6hpxnx8nlqxahyd8ig52lcf1v1l5j-exiv2-0.28.1.drv.chroot/nix/store/md7my7c0ikc2c4n3sz5lcm7j398c7a9v-exiv2-0.28.1'
found reference to 'gqghjch4p1s69sv4mcjksb2kb65rwqjy' at offset '803'
found reference to 'rvr5igdbzrnzmyjk0s2vl7skj1smk2il' at offset '37687'
found reference to '9fy9zzhf613xp0c3jsjxbjq6yp8afrsv' at offset '37814'
found reference to '1z03dgk82md5zvgaid4m2438682spmgw' at offset '2572'
lock released on '/nix/store/1z03dgk82md5zvgaid4m2438682spmgw-exiv2-0.28.1-dev.lock'
lock released on '/nix/store/9n0cnx6yqbslfxjjpgxn4x1k7nl4ypkc-exiv2-0.28.1-man.lock'
lock released on '/nix/store/md7my7c0ikc2c4n3sz5lcm7j398c7a9v-exiv2-0.28.1.lock'
lock released on '/nix/store/rvr5igdbzrnzmyjk0s2vl7skj1smk2il-exiv2-0.28.1-lib.lock'
lock released on '/nix/store/xywxl6j0brwykc6hqh0m0rlbry2pj7p9-exiv2-0.28.1-doc.lock'
building of '/nix/store/m1f6hpxnx8nlqxahyd8ig52lcf1v1l5j-exiv2-0.28.1.drv^man,out' from .drv file: goal destroyed
error: cycle detected in build of '/nix/store/m1f6hpxnx8nlqxahyd8ig52lcf1v1l5j-exiv2-0.28.1.drv' in the references of output 'dev' from output 'out'

Unsure how to best debug this - help appreciated.

[6t8k]

Thank you!

[6t8k]

Basic functionality of bin/exiv2 works on x86_64-linux.

[risicle]

@ofborg build photoqt

New breakage for me on macos 10.15

[risicle]

@ofborg build digikam

[6t8k]

On x86_64-linux, I can reproduce the issue for (at least) photoqt.
The build works if you replace the string exiv2lib with exiv2 in CMakeLists.txt.

[wegank]

Yes, this PR needs to provide patches for digikam, kphotoalbum and photoqt.

[6t8k]

Going to look into digikam separately as above step isn't enough to please it.

[6t8k]

@ofborg build kphotoalbum photoqt

[wegank]

https://invent.kde.org/graphics/digikam/-/commit/f5ea91a7f6c1926815ec68f3e0176d6c15b83051 could probably help.

[6t8k]

Thank you for the generous help :D

There was also an upstream commit for kphotoalbum that applies and fixes the build against exiv2 0.28.1.
With photoqt, I could only find luspi/photoqt@23e0336, but the repo is labelled as a mirror, and the patch does not apply to our version. So I kept using substituteInPlace for that.

[wegank]

No more regression on x86_64-linux.

[wegank]

Result of nixpkgs-review pr 266341 run on aarch64-darwin 1

38 packages marked as broken and skipped:

• cataract
• cataract-unstable
• entangle
• gimp-with-plugins
• gnome.nautilus-python
• gnome.nautilus-python.dev
• gnome.nautilus-python.devdoc
• gnome.nautilus-python.doc
• kphotoalbum
• krename
• latte-dock
• libsForQt5.arianna
• libsForQt5.bismuth
• libsForQt5.krohnkite
• libsForQt5.kwin-dynamic-workspaces
• libsForQt5.kwin-tiling
• libsForQt5.kzones
• libsForQt5.parachute
• lightly-boehs
• lightly-qt
• nordic
• nordic.sddm
• plasma5Packages.arianna
• plasma5Packages.bismuth
• plasma5Packages.krohnkite
• plasma5Packages.kwin-dynamic-workspaces
• plasma5Packages.kwin-tiling
• plasma5Packages.kzones
• plasma5Packages.parachute
• python310Packages.py3exiv2
• python310Packages.py3exiv2.dist
• python311Packages.py3exiv2
• python311Packages.py3exiv2.dist
• toppler
• variety
• variety.dist
• vimiv-qt
• vimiv-qt.dist

29 packages built:

• darktable
• exiv2
• exiv2.dev
• exiv2.doc
• exiv2.lib
• exiv2.man
• gegl
• gegl.dev
• gegl.devdoc
• gexiv2
• gexiv2.dev
• gexiv2.devdoc
• gimp (gimpPlugins.gimp)
• gimp.dev (gimpPlugins.gimp.dev)
• gimpPlugins.gmic
• gnunet
• gnunet-gtk
• gpscorrelate
• gramps
• gramps.dist
• libextractor
• libsForQt5.kfilemetadata (plasma5Packages.kfilemetadata)
• libsForQt5.kfilemetadata.bin (plasma5Packages.kfilemetadata.bin)
• libsForQt5.kfilemetadata.dev (plasma5Packages.kfilemetadata.dev)
• merkaartor
• nomacs
• photoqt
• tracker-miners
• viking