Bug#1002876: darktable: embeds libraw
Package: darktable Version: 4.6.0-1 Followup-For: Bug #1002876 Hi David, the attached patch removes src/external/LibRaw and builds the package using the system libraw. Regards, Tino -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.6.1 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_UNSIGNED_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages darktable depends on: ii libavif161.0.3-1 ii libc62.37-7 ii libcairo21.16.0-7 ii libcolord-gtk1 0.3.0-4 ii libcolord2 1.4.6-2.2 ii libcups2 2.4.2-5 ii libcurl3-gnutls 8.2.1-2 ii libexiv2-27 0.27.6-1 ii libgcc-s113.2.0-3 ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1 ii libglib2.0-0 2.77.3-1 ii libgomp1 13.2.0-3 ii libgphoto2-6 2.5.30-1 ii libgphoto2-port122.5.30-1 ii libgraphicsmagick-q16-3 1.4+really1.3.41-1 ii libgtk-3-0 3.24.38-4 ii libheif1 1.17.1-1+b1 ii libicu72 72.1-3 ii libimath-3-1-29 3.1.9-3 ii libjpeg62-turbo 1:2.1.5-2 ii libjson-glib-1.0-0 1.6.6-1 ii libjxl0.70.7.0-10 ii liblcms2-2 2.14-2 ii liblensfun1 0.3.4-1 ii liblua5.4-0 5.4.6-1 ii libopenexr-3-1-303.1.5-5.1 ii libopenjp2-7 2.5.0-2 ii libosmgpsmap-1.0-1 1.2.0-2 ii libpango-1.0-0 1.51.0+ds-2 ii libpangocairo-1.0-0 1.51.0+ds-2 ii libpng16-16 1.6.40-1 ii libportmidi0 1:217-6.1 ii libpugixml1v51.13-0.2 ii libraw23 0.21.1-7 ii librsvg2-2 2.54.7+dfsg-2 ii libsdl2-2.0-02.28.3+dfsg-1 ii libsecret-1-00.21.0-1 ii libsqlite3-0 3.43.0-1 ii libstdc++6 13.2.0-3 ii libtiff6 4.5.1+git230720-1 ii libwebp7 1.3.2-0.3 ii libwebpmux3 1.3.2-0.3 ii libx11-6 2:1.8.6-1 ii libxml2 2.9.14+dfsg-1.3 ii libxrandr2 2:1.5.2-2+b1 ii zlib1g 1:1.2.13.dfsg-3 darktable recommends no packages. darktable suggests no packages. -- no debconf information diff --git a/debian/clean b/debian/clean index 1293eb533..279b62423 100644 --- a/debian/clean +++ b/debian/clean @@ -2,3 +2,4 @@ doc/usermanual/profiled_final.fo doc/usermanual/profiled_final.xml doc/usermanual/usermanual.pdf src/external/lua/ +src/external/LibRaw/ diff --git a/debian/control b/debian/control index 9d8ca2306..8f2b9d266 100644 --- a/debian/control +++ b/debian/control @@ -31,6 +31,7 @@ Build-Depends: cmake, libportmidi-dev, libpugixml-dev, libsdl2-dev, + libraw-dev, librsvg2-dev, libsecret-1-dev, libsoup2.4-dev, diff --git a/debian/rules b/debian/rules index 24268394a..35abb0e1a 100755 --- a/debian/rules +++ b/debian/rules @@ -20,7 +20,11 @@ endif dh $@ override_dh_auto_configure: cmake/version.cmake - dh_auto_configure -- -DBINARY_PACKAGE_BUILD=1 -DCMAKE_BUILD_TYPE=Release -DRAWSPEED_ENABLE_LTO=ON + dh_auto_configure -- \ + -DBINARY_PACKAGE_BUILD=1 \ + -DCMAKE_BUILD_TYPE=Release \ + -DRAWSPEED_ENABLE_LTO=ON \ + -DDONT_USE_INTERNAL_LIBRAW=ON describe-current-version: git describe --tags upstream | sed 's,^release-,,;s,-,+,;s,-,~,;'
Bug#1002876: darktable: embeds libraw
Package: darktable Version: 3.8.0-1 Severity: important -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 As of version 3.8.0, darkatable is again embedding libraw. I decided to open a new bug rather than reopen #682980, since the situation this time is somewhat different, and I'm not sure anyone getting up to speed on the bug is well served by reading the 100 or so previous messages. Previously (i.e. #682980), darktable was using a forked copy of libraw (although the change was textually small). Currently darktable is using a git submodule of upstream libraw, which means that it is at least possible in principle that upstream will release a sufficiently recent version that we can build against it. Or I guess we could package a git snapshot of libraw in Debian. As far as I understand, the snapshot of libraw is needed for Canon CR3 support. I guess the other thing that has changed since #682980 was closed is that libraw acquired a number of CVEs. Darktable already appears in the embedded copies list for libraw [1], but I'm not sure if "modified-embed" is still the right term. [1]: https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/embedded-code-copies - -- System Information: Debian Release: bookworm/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.15.0-2-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages darktable depends on: ii libc62.33-1 ii libcairo21.16.0-5 ii libcolord-gtk1 0.1.26-2+b1 ii libcolord2 1.4.5-3 ii libcups2 2.3.3op2-7 ii libcurl3-gnutls 7.79.1-2 ii libexiv2-27 0.27.3-3.1 ii libgcc-s111.2.0-13 ii libgdk-pixbuf-2.0-0 2.42.6+dfsg-2 ii libglib2.0-0 2.70.2-1 ii libgomp1 11.2.0-13 ii libgphoto2-6 2.5.27-1 ii libgphoto2-port122.5.27-1 ii libgraphicsmagick-q16-3 1.4+really1.3.37-1 ii libgtk-3-0 3.24.31-1 ii libicu67 67.1-7 ii libilmbase25 2.5.7-2 ii libjpeg62-turbo 1:2.1.2-1 ii libjson-glib-1.0-0 1.6.6-1 ii liblcms2-2 2.12~rc1-2 ii liblensfun1 0.3.2-6 ii libopenexr25 2.5.7-1 ii libopenjp2-7 2.4.0-3 ii libosmgpsmap-1.0-1 1.2.0-1 ii libpango-1.0-0 1.48.10+ds1-1 ii libpangocairo-1.0-0 1.48.10+ds1-1 ii libpng16-16 1.6.37-3 ii libpugixml1v51.11.4-1 ii librsvg2-2 2.50.7+dfsg-2 ii libsecret-1-00.20.4-2 ii libsoup2.4-1 2.74.2-3 ii libsqlite3-0 3.36.0-2 ii libstdc++6 11.2.0-13 ii libtiff5 4.3.0-2 ii libwebp6 0.6.1-2.1 ii libx11-6 2:1.7.2-2+b1 ii libxml2 2.9.12+dfsg-5+b1 ii libxrandr2 2:1.5.2-1 ii zlib1g 1:1.2.11.dfsg-2 darktable recommends no packages. darktable suggests no packages. - -- no debconf information -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEkiyHYXwaY0SiY6fqA0U5G1WqFSEFAmHN/VYACgkQA0U5G1Wq FSHOnw/+J+O8sR5k+UBBjLLf01STow0Sz8bX+yiSjLTf9p/XYHsFP0t0Ov7iFCco Po+2lprkIuotFo+9114yc5rDgE8MKLctTM98CN6YbM5tMRTtTqUdQFhnty8T+qLO tGlcozdHftzIT9nOKaAPWAVqS0uKNfFVGksHLQIDSJeIBSfn7sZiwYzHyNeXNIft aaEOtrCp8adWq6L2QhIYqSY1C2rfvE41hG/FTkBNkAUB36sdOiBpGy+MRPmxxd3E k/KIP70EBzY0SPdYEAPjE1uMpB8gnNBa8c5A1YDGUzwWfMxx9RYVkIkPvL/PS8uu OzkOc7sWnfZnzhdC6rhLEXxpwTB2GlNxXfrqRd++4c9pLT8rEEJHcmQsxl+NYIpK zV0gRI54TAbsAcLIltoJHDrERruBvgi4GkCQismRFQyvSCn1iECBbvYyiKcOMA+1 iEwPLWaEkJgNlO4ek2IruerSDcP7x2eFgFhWZliQPf+Rm+plbM79arJBVlpRonMf QaELwCsuCgOIXszLV4zg+POBO3hdwNQ1qnUDXyx8OxmWMXeuGDZQB/AlYyMbKv6x Nj8Mk1Tmh7lYE5luBJShw1rdXA5mPd1XFb+3UkNZIeM7WKwMGEeTafxIIyz/fBb0 ULDzzmAD13Uz/7Ufk0laGEAishuvIkZ+jXB0EqhkxkX0IisBj6Y= =zxHR -END PGP SIGNATURE-