From f96aa0d22f1259dd82afe94ede5ed7fa370c8fa7 Mon Sep 17 00:00:00 2001 From: Naxdy Date: Sat, 24 Feb 2024 16:33:06 +0100 Subject: [PATCH 1/2] opentoonz: 1.5.0 -> 1.7.1 --- pkgs/applications/graphics/opentoonz/default.nix | 1 + pkgs/applications/graphics/opentoonz/source.nix | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/graphics/opentoonz/default.nix b/pkgs/applications/graphics/opentoonz/default.nix index 1214d868d5c8..fd1366811d57 100644 --- a/pkgs/applications/graphics/opentoonz/default.nix +++ b/pkgs/applications/graphics/opentoonz/default.nix @@ -39,6 +39,7 @@ in stdenv.mkDerivation rec { "-DCMAKE_SKIP_BUILD_RPATH=ON" "-DTIFF_INCLUDE_DIR=${libtiff.dev}/include" "-DTIFF_LIBRARY=${libtiff.out}/lib/libtiff.so" + "-DCMAKE_SKIP_BUILD_RPATH=ON" ]; postInstall = '' diff --git a/pkgs/applications/graphics/opentoonz/source.nix b/pkgs/applications/graphics/opentoonz/source.nix index 2864dcf36088..9225412821b1 100644 --- a/pkgs/applications/graphics/opentoonz/source.nix +++ b/pkgs/applications/graphics/opentoonz/source.nix @@ -1,10 +1,10 @@ # opentoonz's source archive contains both opentoonz's source and a modified # version of libtiff that opentoonz requires. -{ fetchFromGitHub, }: rec { +{ fetchFromGitHub }: rec { versions = { opentoonz = "1.7.1"; - libtiff = "4.0.3"; # The version in thirdparty/tiff-* + libtiff = "4.0.3"; # The version in thirdparty/tiff-* }; src = fetchFromGitHub { From 40be4427ba6240119dc15acab9463b6f92ec397d Mon Sep 17 00:00:00 2001 From: Naxdy Date: Fri, 22 Mar 2024 07:39:58 +0100 Subject: [PATCH 2/2] opentoonz: refactor --- .../graphics/opentoonz/default.nix | 105 ++++++++++++++++-- .../graphics/opentoonz/libtiff.nix | 56 ---------- .../graphics/opentoonz/source.nix | 16 --- pkgs/top-level/all-packages.nix | 7 +- 4 files changed, 94 insertions(+), 90 deletions(-) delete mode 100644 pkgs/applications/graphics/opentoonz/libtiff.nix delete mode 100644 pkgs/applications/graphics/opentoonz/source.nix diff --git a/pkgs/applications/graphics/opentoonz/default.nix b/pkgs/applications/graphics/opentoonz/default.nix index fd1366811d57..1dd460c2e1d2 100644 --- a/pkgs/applications/graphics/opentoonz/default.nix +++ b/pkgs/applications/graphics/opentoonz/default.nix @@ -1,12 +1,93 @@ -{ boost, cmake, fetchFromGitHub, freeglut, freetype, glew, libjpeg, libmypaint -, libpng, libtiff, libusb1, lz4, xz, lzo, openblas, opencv, pkg-config, qtbase -, qtmultimedia, qtscript, qtserialport, lib, stdenv, superlu, wrapQtAppsHook, }: -let source = import ./source.nix { inherit fetchFromGitHub; }; -in stdenv.mkDerivation rec { - inherit (source) src; +{ boost +, cmake +, fetchFromGitHub +, freeglut +, freetype +, glew +, libjpeg +, libmypaint +, libpng +, libusb1 +, lz4 +, xz +, lzo +, openblas +, opencv +, pkg-config +, qtbase +, qtmultimedia +, qtscript +, qtserialport +, lib +, stdenv +, superlu +, wrapQtAppsHook +, libtiff +, zlib +}: +let + libtiff-ver = "4.0.3"; # The version in thirdparty/tiff-* + opentoonz-ver = "1.7.1"; + + src = fetchFromGitHub { + owner = "opentoonz"; + repo = "opentoonz"; + rev = "v${opentoonz-ver}"; + hash = "sha256-5iXOvh4QTv+G0fjEHU62u7QCee+jbvKhK0+fQXbdJis="; + }; + + opentoonz-opencv = opencv.override { + inherit libtiff; + }; + + opentoonz-libtiff = stdenv.mkDerivation { + pname = "libtiff"; + version = "${libtiff-ver}-opentoonz"; + + inherit src; + outputs = [ "bin" "dev" "out" "man" "doc" ]; + + nativeBuildInputs = [ pkg-config ]; + propagatedBuildInputs = [ zlib libjpeg xz ]; + + postUnpack = '' + sourceRoot="$sourceRoot/thirdparty/tiff-${libtiff-ver}" + ''; + + # opentoonz uses internal libtiff headers + postInstall = '' + cp libtiff/{tif_config,tif_dir,tiffiop}.h $dev/include + ''; + + meta = libtiff.meta // { + knownVulnerabilities = [ + '' + Do not open untrusted files with Opentoonz: + Opentoonz uses an old custom fork of tibtiff from 2012 that is known to + be affected by at least these 50 vulnerabilities: + CVE-2012-4564 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 CVE-2014-8127 + CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2015-1547 + CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2015-8870 + CVE-2016-3620 CVE-2016-3621 CVE-2016-3623 CVE-2016-3624 CVE-2016-3625 + CVE-2016-3631 CVE-2016-3632 CVE-2016-3633 CVE-2016-3634 CVE-2016-3658 + CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5102 CVE-2016-5314 + CVE-2016-5315 CVE-2016-5316 CVE-2016-5318 CVE-2016-5319 CVE-2016-5321 + CVE-2016-5322 CVE-2016-5323 CVE-2016-6223 CVE-2016-9453 CVE-2016-9532 + CVE-2017-9935 CVE-2017-9937 CVE-2018-10963 CVE-2018-5360 + CVE-2019-14973 CVE-2019-17546 CVE-2020-35521 CVE-2020-35522 + CVE-2020-35523 CVE-2020-35524 + More info at https://github.com/opentoonz/opentoonz/issues/4193 + '' + ]; + maintainers = with lib.maintainers; [ chkno ]; + }; + }; +in +stdenv.mkDerivation { + inherit src; pname = "opentoonz"; - version = source.versions.opentoonz; + version = opentoonz-ver; nativeBuildInputs = [ cmake pkg-config wrapQtAppsHook ]; @@ -18,13 +99,13 @@ in stdenv.mkDerivation rec { libjpeg libmypaint libpng - libtiff + opentoonz-libtiff libusb1 lz4 xz lzo openblas - opencv + opentoonz-opencv qtbase qtmultimedia qtscript @@ -37,9 +118,9 @@ in stdenv.mkDerivation rec { cmakeDir = "../sources"; cmakeFlags = [ "-DCMAKE_SKIP_BUILD_RPATH=ON" - "-DTIFF_INCLUDE_DIR=${libtiff.dev}/include" - "-DTIFF_LIBRARY=${libtiff.out}/lib/libtiff.so" - "-DCMAKE_SKIP_BUILD_RPATH=ON" + "-DTIFF_INCLUDE_DIR=${opentoonz-libtiff.dev}/include" + "-DTIFF_LIBRARY=${opentoonz-libtiff.out}/lib/libtiff.so" + (lib.cmakeBool "CMAKE_SKIP_BUILD_RPATH" true) ]; postInstall = '' diff --git a/pkgs/applications/graphics/opentoonz/libtiff.nix b/pkgs/applications/graphics/opentoonz/libtiff.nix deleted file mode 100644 index 43ba1592ccc2..000000000000 --- a/pkgs/applications/graphics/opentoonz/libtiff.nix +++ /dev/null @@ -1,56 +0,0 @@ -# Per https://github.com/opentoonz/opentoonz/blob/master/doc/how_to_build_linux.md , -# opentoonz requires its own modified version of libtiff. We still build it as -# a separate package -# 1. For visibility for tools like vulnix, and -# 2. To avoid a diamond-dependency problem with opencv linking the normal libtiff -# and opentoonz linking opencv and this modified libtiff, we build an opencv -# against this modified libtiff as well. -# -# We use a separate mkDerivation rather than a minimal libtiff.overrideAttrs -# because the main libtiff builds with cmake and this version of libtiff was -# forked before libtiff gained CMake build capability (added in libtiff-4.0.5). - -{ lib, fetchFromGitHub, stdenv, pkg-config, zlib, libjpeg, xz, libtiff, }: - -let source = import ./source.nix { inherit fetchFromGitHub; }; - -in stdenv.mkDerivation { - pname = "libtiff"; - version = source.versions.libtiff + "-opentoonz"; - - inherit (source) src; - outputs = [ "bin" "dev" "out" "man" "doc" ]; - - nativeBuildInputs = [ pkg-config ]; - propagatedBuildInputs = [ zlib libjpeg xz ]; - - postUnpack = '' - sourceRoot="$sourceRoot/thirdparty/tiff-${source.versions.libtiff}" - ''; - - # opentoonz uses internal libtiff headers - postInstall = '' - cp libtiff/{tif_config,tif_dir,tiffiop}.h $dev/include - ''; - - meta = libtiff.meta // { - knownVulnerabilities = ['' - Do not open untrusted files with Opentoonz: - Opentoonz uses an old custom fork of tibtiff from 2012 that is known to - be affected by at least these 50 vulnerabilities: - CVE-2012-4564 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 CVE-2014-8127 - CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2015-1547 - CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2015-8870 - CVE-2016-3620 CVE-2016-3621 CVE-2016-3623 CVE-2016-3624 CVE-2016-3625 - CVE-2016-3631 CVE-2016-3632 CVE-2016-3633 CVE-2016-3634 CVE-2016-3658 - CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5102 CVE-2016-5314 - CVE-2016-5315 CVE-2016-5316 CVE-2016-5318 CVE-2016-5319 CVE-2016-5321 - CVE-2016-5322 CVE-2016-5323 CVE-2016-6223 CVE-2016-9453 CVE-2016-9532 - CVE-2017-9935 CVE-2017-9937 CVE-2018-10963 CVE-2018-5360 - CVE-2019-14973 CVE-2019-17546 CVE-2020-35521 CVE-2020-35522 - CVE-2020-35523 CVE-2020-35524 - More info at https://github.com/opentoonz/opentoonz/issues/4193 - '']; - maintainers = with lib.maintainers; [ chkno ]; - }; -} diff --git a/pkgs/applications/graphics/opentoonz/source.nix b/pkgs/applications/graphics/opentoonz/source.nix deleted file mode 100644 index 9225412821b1..000000000000 --- a/pkgs/applications/graphics/opentoonz/source.nix +++ /dev/null @@ -1,16 +0,0 @@ -# opentoonz's source archive contains both opentoonz's source and a modified -# version of libtiff that opentoonz requires. - -{ fetchFromGitHub }: rec { - versions = { - opentoonz = "1.7.1"; - libtiff = "4.0.3"; # The version in thirdparty/tiff-* - }; - - src = fetchFromGitHub { - owner = "opentoonz"; - repo = "opentoonz"; - rev = "v${versions.opentoonz}"; - hash = "sha256-5iXOvh4QTv+G0fjEHU62u7QCee+jbvKhK0+fQXbdJis="; - }; -} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e88689aa7e50..acb3115b8cb6 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -33868,12 +33868,7 @@ with pkgs; opentimestamps-client = python3Packages.callPackage ../tools/misc/opentimestamps-client { }; - opentoonz = let - opentoonz-libtiff = callPackage ../applications/graphics/opentoonz/libtiff.nix { }; - in qt5.callPackage ../applications/graphics/opentoonz { - libtiff = opentoonz-libtiff; - opencv = opencv.override { libtiff = opentoonz-libtiff; }; - }; + opentoonz = libsForQt5.callPackage ../applications/graphics/opentoonz { }; opentabletdriver = callPackage ../tools/X11/opentabletdriver { };