Merge #151500: opentoonz: 1.4.0 -> 1.5.0

2024-11-19 12:11:28 +00:00 · 2022-01-05 19:14:50 +01:00 · 2022-01-05 19:14:50 +01:00 · 2f8299f321
parent 1a4a216bf5 920c5cd2b4
commit 2f8299f321
4 changed files with 57 additions and 17 deletions
--- a/pkgs/applications/graphics/opentoonz/default.nix
+++ b/pkgs/applications/graphics/opentoonz/default.nix
@ -1,6 +1,6 @@
 { boost, cmake, fetchFromGitHub, freeglut, freetype, glew, libjpeg, libmypaint
-, libpng, libtiff, libusb1, lz4, xz, lzo, openblas, pkg-config, qtbase
-, qtmultimedia, qtscript, lib, stdenv, superlu, wrapQtAppsHook, }:
+, libpng, libtiff, libusb1, lz4, xz, lzo, openblas, opencv, pkg-config, qtbase
+, qtmultimedia, qtscript, qtserialport, lib, stdenv, superlu, wrapQtAppsHook, }:
 let source = import ./source.nix { inherit fetchFromGitHub; };
 in stdenv.mkDerivation rec {
  inherit (source) src;
@ -24,9 +24,11 @@ in stdenv.mkDerivation rec {
    xz
    lzo
    openblas
+    opencv
    qtbase
    qtmultimedia
    qtscript
+    qtserialport
    superlu
  ];

--- a/pkgs/applications/graphics/opentoonz/libtiff.nix
+++ b/pkgs/applications/graphics/opentoonz/libtiff.nix
@ -2,20 +2,55 @@
 # opentoonz requires its own modified version of libtiff.  We still build it as
 # a separate package
 #  1. For visibility for tools like vulnix, and
-#  2. To avoid a diamond-dependency problem with qt linking the normal libtiff
-#     and opentoonz linking qt and this modified libtiff, we build a qt against
-#     this modified libtiff as well.
+#  2. To avoid a diamond-dependency problem with opencv linking the normal libtiff
+#     and opentoonz linking opencv and this modified libtiff, we build an opencv
+#     against this modified libtiff as well.
+#
+# We use a separate mkDerivation rather than a minimal libtiff.overrideAttrs
+# because the main libtiff builds with cmake and this version of libtiff was
+# forked before libtiff gained CMake build capability (added in libtiff-4.0.5).
+
+{ lib, fetchFromGitHub, stdenv, pkg-config, zlib, libjpeg, xz, libtiff, }:

-{ fetchFromGitHub, libtiff }:
 let source = import ./source.nix { inherit fetchFromGitHub; };
-in libtiff.overrideAttrs (old: {
-  inherit (source) src;
+
+in stdenv.mkDerivation {
+  pname = "libtiff";
  version = source.versions.libtiff + "-opentoonz";
-  postUnpack = (old.postUnpack or "") + ''
+
+  inherit (source) src;
+  outputs = [ "bin" "dev" "out" "man" "doc" ];
+
+  nativeBuildInputs = [ pkg-config ];
+  propagatedBuildInputs = [ zlib libjpeg xz ];
+
+  postUnpack = ''
    sourceRoot="$sourceRoot/thirdparty/tiff-${source.versions.libtiff}"
  '';
+
  # opentoonz uses internal libtiff headers
-  postInstall = (old.postInstall or "") + ''
+  postInstall = ''
    cp libtiff/{tif_config,tif_dir,tiffiop}.h $dev/include
  '';
-})
+
+  meta = libtiff.meta // {
+    knownVulnerabilities = [''
+      Do not open untrusted files with Opentoonz:
+      Opentoonz uses an old custom fork of tibtiff from 2012 that is known to
+      be affected by at least these 50 vulnerabilities:
+        CVE-2012-4564 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 CVE-2014-8127
+        CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2015-1547
+        CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2015-8870
+        CVE-2016-3620 CVE-2016-3621 CVE-2016-3623 CVE-2016-3624 CVE-2016-3625
+        CVE-2016-3631 CVE-2016-3632 CVE-2016-3633 CVE-2016-3634 CVE-2016-3658
+        CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5102 CVE-2016-5314
+        CVE-2016-5315 CVE-2016-5316 CVE-2016-5318 CVE-2016-5319 CVE-2016-5321
+        CVE-2016-5322 CVE-2016-5323 CVE-2016-6223 CVE-2016-9453 CVE-2016-9532
+        CVE-2017-9935 CVE-2017-9937 CVE-2018-10963 CVE-2018-5360
+        CVE-2019-14973 CVE-2019-17546 CVE-2020-35521 CVE-2020-35522
+        CVE-2020-35523 CVE-2020-35524
+      More info at https://github.com/opentoonz/opentoonz/issues/4193
+    ''];
+    maintainers = with lib.maintainers; [ chkno ];
+  };
+}
--- a/pkgs/applications/graphics/opentoonz/source.nix
+++ b/pkgs/applications/graphics/opentoonz/source.nix
@ -3,14 +3,14 @@

 { fetchFromGitHub, }: rec {
  versions = {
-    opentoonz = "1.4.0";
-    libtiff = "4.0.3";
+    opentoonz = "1.5.0";
+    libtiff = "4.0.3";  # The version in thirdparty/tiff-*
  };

  src = fetchFromGitHub {
    owner = "opentoonz";
    repo = "opentoonz";
    rev = "v${versions.opentoonz}";
-    sha256 = "0vgclx2yydsm5i2smff3fj8m750nhf35wfhva37kywgws01s189b";
+    sha256 = "1rw30ksw3zjph1cwxkfvqj0330v8wd4333gn0fdf3cln1w0549lk";
  };
 }
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -27720,9 +27720,12 @@ with pkgs;

  opentimestamps-client = python3Packages.callPackage ../tools/misc/opentimestamps-client {};

-  opentoonz = (qt514.overrideScope' (_: _: {
-    libtiff = callPackage ../applications/graphics/opentoonz/libtiff.nix { };
-  })).callPackage ../applications/graphics/opentoonz { };
+  opentoonz = let
+    opentoonz-libtiff = callPackage ../applications/graphics/opentoonz/libtiff.nix { };
+  in qt5.callPackage ../applications/graphics/opentoonz {
+    libtiff = opentoonz-libtiff;
+    opencv = opencv.override { libtiff = opentoonz-libtiff; };
+  };

  opentabletdriver = callPackage ../tools/X11/opentabletdriver { };