diff options
Diffstat (limited to 'pkgs/applications/graphics/opentoonz/default.nix')
| -rw-r--r-- | pkgs/applications/graphics/opentoonz/default.nix | 104 |
1 files changed, 93 insertions, 11 deletions
diff --git a/pkgs/applications/graphics/opentoonz/default.nix b/pkgs/applications/graphics/opentoonz/default.nix index 1214d868d5c8..1dd460c2e1d2 100644 --- a/pkgs/applications/graphics/opentoonz/default.nix +++ b/pkgs/applications/graphics/opentoonz/default.nix @@ -1,12 +1,93 @@ -{ boost, cmake, fetchFromGitHub, freeglut, freetype, glew, libjpeg, libmypaint -, libpng, libtiff, libusb1, lz4, xz, lzo, openblas, opencv, pkg-config, qtbase -, qtmultimedia, qtscript, qtserialport, lib, stdenv, superlu, wrapQtAppsHook, }: -let source = import ./source.nix { inherit fetchFromGitHub; }; -in stdenv.mkDerivation rec { - inherit (source) src; +{ boost +, cmake +, fetchFromGitHub +, freeglut +, freetype +, glew +, libjpeg +, libmypaint +, libpng +, libusb1 +, lz4 +, xz +, lzo +, openblas +, opencv +, pkg-config +, qtbase +, qtmultimedia +, qtscript +, qtserialport +, lib +, stdenv +, superlu +, wrapQtAppsHook +, libtiff +, zlib +}: +let + libtiff-ver = "4.0.3"; # The version in thirdparty/tiff-* + opentoonz-ver = "1.7.1"; + + src = fetchFromGitHub { + owner = "opentoonz"; + repo = "opentoonz"; + rev = "v${opentoonz-ver}"; + hash = "sha256-5iXOvh4QTv+G0fjEHU62u7QCee+jbvKhK0+fQXbdJis="; + }; + + opentoonz-opencv = opencv.override { + inherit libtiff; + }; + + opentoonz-libtiff = stdenv.mkDerivation { + pname = "libtiff"; + version = "${libtiff-ver}-opentoonz"; + + inherit src; + outputs = [ "bin" "dev" "out" "man" "doc" ]; + + nativeBuildInputs = [ pkg-config ]; + propagatedBuildInputs = [ zlib libjpeg xz ]; + + postUnpack = '' + sourceRoot="$sourceRoot/thirdparty/tiff-${libtiff-ver}" + ''; + + # opentoonz uses internal libtiff headers + postInstall = '' + cp libtiff/{tif_config,tif_dir,tiffiop}.h $dev/include + ''; + + meta = libtiff.meta // { + knownVulnerabilities = [ + '' + Do not open untrusted files with Opentoonz: + Opentoonz uses an old custom fork of tibtiff from 2012 that is known to + be affected by at least these 50 vulnerabilities: + CVE-2012-4564 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 CVE-2014-8127 + CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2015-1547 + CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2015-8870 + CVE-2016-3620 CVE-2016-3621 CVE-2016-3623 CVE-2016-3624 CVE-2016-3625 + CVE-2016-3631 CVE-2016-3632 CVE-2016-3633 CVE-2016-3634 CVE-2016-3658 + CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5102 CVE-2016-5314 + CVE-2016-5315 CVE-2016-5316 CVE-2016-5318 CVE-2016-5319 CVE-2016-5321 + CVE-2016-5322 CVE-2016-5323 CVE-2016-6223 CVE-2016-9453 CVE-2016-9532 + CVE-2017-9935 CVE-2017-9937 CVE-2018-10963 CVE-2018-5360 + CVE-2019-14973 CVE-2019-17546 CVE-2020-35521 CVE-2020-35522 + CVE-2020-35523 CVE-2020-35524 + More info at https://github.com/opentoonz/opentoonz/issues/4193 + '' + ]; + maintainers = with lib.maintainers; [ chkno ]; + }; + }; +in +stdenv.mkDerivation { + inherit src; pname = "opentoonz"; - version = source.versions.opentoonz; + version = opentoonz-ver; nativeBuildInputs = [ cmake pkg-config wrapQtAppsHook ]; @@ -18,13 +99,13 @@ in stdenv.mkDerivation rec { libjpeg libmypaint libpng - libtiff + opentoonz-libtiff libusb1 lz4 xz lzo openblas - opencv + opentoonz-opencv qtbase qtmultimedia qtscript @@ -37,8 +118,9 @@ in stdenv.mkDerivation rec { cmakeDir = "../sources"; cmakeFlags = [ "-DCMAKE_SKIP_BUILD_RPATH=ON" - "-DTIFF_INCLUDE_DIR=${libtiff.dev}/include" - "-DTIFF_LIBRARY=${libtiff.out}/lib/libtiff.so" + "-DTIFF_INCLUDE_DIR=${opentoonz-libtiff.dev}/include" + "-DTIFF_LIBRARY=${opentoonz-libtiff.out}/lib/libtiff.so" + (lib.cmakeBool "CMAKE_SKIP_BUILD_RPATH" true) ]; postInstall = '' |