commit d089679c701bd6de3785d7ebfda68c0ba36221f7 · pyrox.dev/nixpkgs

+93 -11

pkgs/applications/graphics/opentoonz/default.nix

··· 1 - { boost, cmake, fetchFromGitHub, freeglut, freetype, glew, libjpeg, libmypaint 2 - , libpng, libtiff, libusb1, lz4, xz, lzo, openblas, opencv, pkg-config, qtbase 3 - , qtmultimedia, qtscript, qtserialport, lib, stdenv, superlu, wrapQtAppsHook, }: 4 - let source = import ./source.nix { inherit fetchFromGitHub; }; 5 - in stdenv.mkDerivation rec { 6 - inherit (source) src; 1 + { boost 2 + , cmake 3 + , fetchFromGitHub 4 + , freeglut 5 + , freetype 6 + , glew 7 + , libjpeg 8 + , libmypaint 9 + , libpng 10 + , libusb1 11 + , lz4 12 + , xz 13 + , lzo 14 + , openblas 15 + , opencv 16 + , pkg-config 17 + , qtbase 18 + , qtmultimedia 19 + , qtscript 20 + , qtserialport 21 + , lib 22 + , stdenv 23 + , superlu 24 + , wrapQtAppsHook 25 + , libtiff 26 + , zlib 27 + }: 28 + let 29 + libtiff-ver = "4.0.3"; # The version in thirdparty/tiff-* 30 + opentoonz-ver = "1.7.1"; 31 + 32 + src = fetchFromGitHub { 33 + owner = "opentoonz"; 34 + repo = "opentoonz"; 35 + rev = "v${opentoonz-ver}"; 36 + hash = "sha256-5iXOvh4QTv+G0fjEHU62u7QCee+jbvKhK0+fQXbdJis="; 37 + }; 38 + 39 + opentoonz-opencv = opencv.override { 40 + inherit libtiff; 41 + }; 42 + 43 + opentoonz-libtiff = stdenv.mkDerivation { 44 + pname = "libtiff"; 45 + version = "${libtiff-ver}-opentoonz"; 46 + 47 + inherit src; 48 + outputs = [ "bin" "dev" "out" "man" "doc" ]; 49 + 50 + nativeBuildInputs = [ pkg-config ]; 51 + propagatedBuildInputs = [ zlib libjpeg xz ]; 52 + 53 + postUnpack = '' 54 + sourceRoot="$sourceRoot/thirdparty/tiff-${libtiff-ver}" 55 + ''; 56 + 57 + # opentoonz uses internal libtiff headers 58 + postInstall = '' 59 + cp libtiff/{tif_config,tif_dir,tiffiop}.h $dev/include 60 + ''; 61 + 62 + meta = libtiff.meta // { 63 + knownVulnerabilities = [ 64 + '' 65 + Do not open untrusted files with Opentoonz: 66 + Opentoonz uses an old custom fork of tibtiff from 2012 that is known to 67 + be affected by at least these 50 vulnerabilities: 68 + CVE-2012-4564 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 CVE-2014-8127 69 + CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2015-1547 70 + CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2015-8870 71 + CVE-2016-3620 CVE-2016-3621 CVE-2016-3623 CVE-2016-3624 CVE-2016-3625 72 + CVE-2016-3631 CVE-2016-3632 CVE-2016-3633 CVE-2016-3634 CVE-2016-3658 73 + CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5102 CVE-2016-5314 74 + CVE-2016-5315 CVE-2016-5316 CVE-2016-5318 CVE-2016-5319 CVE-2016-5321 75 + CVE-2016-5322 CVE-2016-5323 CVE-2016-6223 CVE-2016-9453 CVE-2016-9532 76 + CVE-2017-9935 CVE-2017-9937 CVE-2018-10963 CVE-2018-5360 77 + CVE-2019-14973 CVE-2019-17546 CVE-2020-35521 CVE-2020-35522 78 + CVE-2020-35523 CVE-2020-35524 79 + More info at https://github.com/opentoonz/opentoonz/issues/4193 80 + '' 81 + ]; 82 + maintainers = with lib.maintainers; [ chkno ]; 83 + }; 84 + }; 85 + in 86 + stdenv.mkDerivation { 87 + inherit src; 7 88 8 89 pname = "opentoonz"; 9 - version = source.versions.opentoonz; 90 + version = opentoonz-ver; 10 91 11 92 nativeBuildInputs = [ cmake pkg-config wrapQtAppsHook ]; 12 93 ··· 18 99 libjpeg 19 100 libmypaint 20 101 libpng 21 - libtiff 102 + opentoonz-libtiff 22 103 libusb1 23 104 lz4 24 105 xz 25 106 lzo 26 107 openblas 27 - opencv 108 + opentoonz-opencv 28 109 qtbase 29 110 qtmultimedia 30 111 qtscript ··· 37 118 cmakeDir = "../sources"; 38 119 cmakeFlags = [ 39 120 "-DCMAKE_SKIP_BUILD_RPATH=ON" 40 - "-DTIFF_INCLUDE_DIR=${libtiff.dev}/include" 41 - "-DTIFF_LIBRARY=${libtiff.out}/lib/libtiff.so" 121 + "-DTIFF_INCLUDE_DIR=${opentoonz-libtiff.dev}/include" 122 + "-DTIFF_LIBRARY=${opentoonz-libtiff.out}/lib/libtiff.so" 123 + (lib.cmakeBool "CMAKE_SKIP_BUILD_RPATH" true) 42 124 ]; 43 125 44 126 postInstall = ''

-56

pkgs/applications/graphics/opentoonz/libtiff.nix

··· 1 - # Per https://github.com/opentoonz/opentoonz/blob/master/doc/how_to_build_linux.md , 2 - # opentoonz requires its own modified version of libtiff. We still build it as 3 - # a separate package 4 - # 1. For visibility for tools like vulnix, and 5 - # 2. To avoid a diamond-dependency problem with opencv linking the normal libtiff 6 - # and opentoonz linking opencv and this modified libtiff, we build an opencv 7 - # against this modified libtiff as well. 8 - # 9 - # We use a separate mkDerivation rather than a minimal libtiff.overrideAttrs 10 - # because the main libtiff builds with cmake and this version of libtiff was 11 - # forked before libtiff gained CMake build capability (added in libtiff-4.0.5). 12 - 13 - { lib, fetchFromGitHub, stdenv, pkg-config, zlib, libjpeg, xz, libtiff, }: 14 - 15 - let source = import ./source.nix { inherit fetchFromGitHub; }; 16 - 17 - in stdenv.mkDerivation { 18 - pname = "libtiff"; 19 - version = source.versions.libtiff + "-opentoonz"; 20 - 21 - inherit (source) src; 22 - outputs = [ "bin" "dev" "out" "man" "doc" ]; 23 - 24 - nativeBuildInputs = [ pkg-config ]; 25 - propagatedBuildInputs = [ zlib libjpeg xz ]; 26 - 27 - postUnpack = '' 28 - sourceRoot="$sourceRoot/thirdparty/tiff-${source.versions.libtiff}" 29 - ''; 30 - 31 - # opentoonz uses internal libtiff headers 32 - postInstall = '' 33 - cp libtiff/{tif_config,tif_dir,tiffiop}.h $dev/include 34 - ''; 35 - 36 - meta = libtiff.meta // { 37 - knownVulnerabilities = ['' 38 - Do not open untrusted files with Opentoonz: 39 - Opentoonz uses an old custom fork of tibtiff from 2012 that is known to 40 - be affected by at least these 50 vulnerabilities: 41 - CVE-2012-4564 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 CVE-2014-8127 42 - CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2015-1547 43 - CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2015-8870 44 - CVE-2016-3620 CVE-2016-3621 CVE-2016-3623 CVE-2016-3624 CVE-2016-3625 45 - CVE-2016-3631 CVE-2016-3632 CVE-2016-3633 CVE-2016-3634 CVE-2016-3658 46 - CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5102 CVE-2016-5314 47 - CVE-2016-5315 CVE-2016-5316 CVE-2016-5318 CVE-2016-5319 CVE-2016-5321 48 - CVE-2016-5322 CVE-2016-5323 CVE-2016-6223 CVE-2016-9453 CVE-2016-9532 49 - CVE-2017-9935 CVE-2017-9937 CVE-2018-10963 CVE-2018-5360 50 - CVE-2019-14973 CVE-2019-17546 CVE-2020-35521 CVE-2020-35522 51 - CVE-2020-35523 CVE-2020-35524 52 - More info at https://github.com/opentoonz/opentoonz/issues/4193 53 - '']; 54 - maintainers = with lib.maintainers; [ chkno ]; 55 - }; 56 - }

-16

pkgs/applications/graphics/opentoonz/source.nix

··· 1 - # opentoonz's source archive contains both opentoonz's source and a modified 2 - # version of libtiff that opentoonz requires. 3 - 4 - { fetchFromGitHub, }: rec { 5 - versions = { 6 - opentoonz = "1.7.1"; 7 - libtiff = "4.0.3"; # The version in thirdparty/tiff-* 8 - }; 9 - 10 - src = fetchFromGitHub { 11 - owner = "opentoonz"; 12 - repo = "opentoonz"; 13 - rev = "v${versions.opentoonz}"; 14 - hash = "sha256-5iXOvh4QTv+G0fjEHU62u7QCee+jbvKhK0+fQXbdJis="; 15 - }; 16 - }

+1 -6

pkgs/top-level/all-packages.nix

··· 33833 33833 33834 33834 opentimestamps-client = python3Packages.callPackage ../tools/misc/opentimestamps-client { }; 33835 33835 33836 - opentoonz = let 33837 - opentoonz-libtiff = callPackage ../applications/graphics/opentoonz/libtiff.nix { }; 33838 - in qt5.callPackage ../applications/graphics/opentoonz { 33839 - libtiff = opentoonz-libtiff; 33840 - opencv = opencv.override { libtiff = opentoonz-libtiff; }; 33841 - }; 33836 + opentoonz = libsForQt5.callPackage ../applications/graphics/opentoonz { }; 33842 33837 33843 33838 opentabletdriver = callPackage ../tools/X11/opentabletdriver { }; 33844 33839