Skip to content

opentoonz: 1.4.0 -> 1.5.0#151500

Merged
vcunat merged 2 commits intoNixOS:masterfrom
chkno:opentoonz15
Jan 5, 2022
Merged

opentoonz: 1.4.0 -> 1.5.0#151500
vcunat merged 2 commits intoNixOS:masterfrom
chkno:opentoonz15

Conversation

@chkno
Copy link
Member

@chkno chkno commented Dec 21, 2021

Motivation for this change

Fix opentoonz build.

Fixes #132964.

Addresses #151469 for opentoonz (I verified that opentoonz works in staging-next after this version bump).

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.05 Release Notes (or backporting 21.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@chkno
Copy link
Member Author

chkno commented Dec 21, 2021

(I fixed the spelling of pkgconfig to pkg-config to appease the release checks.)

@ofborg ofborg bot added 8.has: package (new) This PR adds a new package 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Dec 21, 2021
@veprbl veprbl mentioned this pull request Dec 21, 2021
Closed
54 tasks
risicle
risicle reviewed Dec 21, 2021
View reviewed changes
pkgs/applications/graphics/opentoonz/libtiff.nix Outdated
Copy link
Contributor

@risicle risicle Dec 21, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to see it include upstream's patches if possible. Even though we don't have any security patches in there right now, when they get added I'd like to be sure we're not leaving this variant unpatched. ain't gonna apply to a libtiff from 2012

Copy link
Contributor

@risicle risicle Dec 21, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Further to that, have we looked at what vulnerabilities libtiff 4.0.3 is open to?

Copy link
Contributor

@risicle risicle Dec 21, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basically almost everything after approx CVE-2012-4447 in http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libtiff

Which is approx 30?

Copy link
Member Author

@chkno chkno Dec 22, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup. vulnix $(nix-build . -A opentoonz-libtiff) counts 35. An NVD search counts 50. I opened https://github.com/opentoonz/opentoonz/issues/4193 about it.

Copy link
Contributor

@risicle risicle Dec 22, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's "fine" as long as we add a knownVulnerabilities listing them, or perhaps rather than a definitive list, general advice "don't open untrusted files with opentoonz.

Copy link
Member Author

@chkno chkno Dec 23, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I added a knownVulnerabilities.

risicle
risicle reviewed Jan 2, 2022
View reviewed changes
pkgs/top-level/all-packages.nix Outdated
Copy link
Contributor

@risicle risicle Jan 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
opentoonz = qt5.callPackage ../applications/graphics/opentoonz {
opentoonz = let
opentoonz-libtiff = callPackage ../applications/graphics/opentoonz/libtiff.nix { };
in qt5.callPackage ../applications/graphics/opentoonz {

Copy link
Contributor

@risicle risicle Jan 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd really suggest not exposing this overridden version in the main package set unless there's an explicit reason to do so.

Copy link
Member Author

@chkno chkno Jan 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. Done. Thanks!

chkno added 2 commits January 2, 2022 15:31
@chkno
opentoonz: 1.4.0 -> 1.5.0
a20e31b 
(The qtbase diamond-dependency problem was resolved in 4bac8a7)
@chkno
opentoonz-libtiff: Note knownVulnerabilities
920c5cd
@ofborg ofborg bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. and removed 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. labels Jan 2, 2022
@vcunat vcunat merged commit 2f8299f into NixOS:master Jan 5, 2022
@github-actions github-actions bot mentioned this pull request Jan 5, 2022
Merged
1 task
@github-actions
Copy link
Contributor

github-actions bot commented Jan 5, 2022

Successfully created backport PR #153627 for release-21.11.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@risicle risicle risicle approved these changes

Assignees

No one assigned

Labels

8.has: package (new) This PR adds a new package 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

libtiff-4.0.3-opentoonz fails to build

3 participants

@chkno @risicle @vcunat