Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mupdf: 1.17.0 -> 1.18.0, pymupdf: 1.17.6 -> 1.18.0, llpp 32 -> 33 #100441

Merged
merged 5 commits into from Nov 9, 2020
Merged

mupdf: 1.17.0 -> 1.18.0, pymupdf: 1.17.6 -> 1.18.0, llpp 32 -> 33 #100441

merged 5 commits into from Nov 9, 2020

Conversation

wamserma
Copy link
Member

@wamserma wamserma commented Oct 13, 2020
edited

also drops the patch for shared libs (not needed any more)

fixes #90910
fixes #100316 (unstable)

Motivation for this change

Upstream release and security issues mentioned above.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "NIXPKGS_ALLOW_INSECURE=1 nixpkgs-review pr 100441"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@wamserma
Copy link
Member Author

wamserma commented Oct 13, 2020
edited

this bundles a number of package updates similar to #88919 to avoid a broken state on master, old version is marked insecure but kept for k2pdfopt which is currently not compatible with MuPDF 1.18 and jfbview, which needs to be updated in its own PR

@wamserma wamserma changed the title mupdf: 1.17.0 -> 1.18.0 WIP: mupdf: 1.17.0 -> 1.18.0 Oct 13, 2020
@wamserma wamserma marked this pull request as draft October 13, 2020 20:44
@wamserma wamserma changed the title WIP: mupdf: 1.17.0 -> 1.18.0 WIP: mupdf: 1.17.0 -> 1.18.0, pymupdf: 1.17.6 -> 1.18.0 Oct 13, 2020
@wamserma wamserma changed the title WIP: mupdf: 1.17.0 -> 1.18.0, pymupdf: 1.17.6 -> 1.18.0 WIP: mupdf: 1.17.0 -> 1.18.0, pymupdf: 1.17.6 -> 1.18.0, llpp 32 -> 33 Oct 14, 2020
@wamserma wamserma changed the title WIP: mupdf: 1.17.0 -> 1.18.0, pymupdf: 1.17.6 -> 1.18.0, llpp 32 -> 33 mupdf: 1.17.0 -> 1.18.0, pymupdf: 1.17.6 -> 1.18.0, llpp 32 -> 33 Oct 14, 2020
@wamserma wamserma marked this pull request as ready for review October 14, 2020 07:44
@wamserma
Copy link
Member Author

@ofborg eval
@ofborg build mupdf mupdf-1-17 pymupdf llpp k2pdfopt jfbview

@wamserma wamserma marked this pull request as draft October 17, 2020 12:33
@wamserma wamserma force-pushed the mupdf-1-18-0 branch 3 times, most recently from 450048c to cf9e181 Compare October 17, 2020 14:15
@ofborg ofborg bot requested review from pSub, Enzime, fpletz, teto and vrthra October 17, 2020 14:26
@wamserma wamserma marked this pull request as ready for review October 17, 2020 14:36
@wamserma
Copy link
Member Author

@jonringer While you're at it: Can you add the security label to the PR?

@marvin-mk2
Copy link

marvin-mk2 bot commented Nov 2, 2020

Hi! I'm an experimental bot. My goal is to guide this PR through its stages, hopefully ending with a merge. You can read up on the usage here.

@wamserma wamserma mentioned this pull request Nov 5, 2020
Open
@andir andir self-assigned this Nov 6, 2020
@andir
Copy link
Member

andir commented Nov 9, 2020

This looks good as is. Could you also add the relevant CVE identifiers (or links to our tracking issues) to the relevant commits?

@wamserma
Copy link
Member Author

wamserma commented Nov 9, 2020

This looks good as is. Could you also add the relevant CVE identifiers (or links to our tracking issues) to the relevant commits?

I'll put the CVEs, as e.g. #100316 can only be closed once this is also backported.

jonringer
jonringer approved these changes Nov 9, 2020
View reviewed changes
Copy link
Contributor

@jonringer jonringer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

diff LGTM

https://github.com/NixOS/nixpkgs/pull/100441
1 package marked as broken and skipped:
mupdf_1_17

10 packages built:
cups-filters llpp mupdf python27Packages.pymupdf python37Packages.pymupdf python38Packages.pymupdf splix system-config-printer termpdfpy zathura

@jonringer jonringer merged commit 9ed8e03 into NixOS:master Nov 9, 2020
@timokau
Copy link
Member

timokau commented Nov 13, 2020

This (commit e13120b in particular) broke the zathura pdf viewer at runtime:

$ zathura some-file.pdf
error: Could not load plugin '/nix/store/l73f0x9xwcngvmq0wngdk77if0zd3n99-zathura-with-plugins-0.4.5/lib/zathura/libpdf-mupdf.so' (/nix/store/l73f0x9xwcngvmq0wngdk77if0zd3n99-zathura-with-plugins-0.4.5/lib/zathura/libpdf-mupdf.so: undefined symbol: jpeg_resync_to_restart).
error: Could not determine file type.

zathura then displays a black window without any of the pdf's contents.

@timokau
Copy link
Member

timokau commented Nov 13, 2020

Also CC @globin, the maintainer of zathura.

@wamserma wamserma deleted the mupdf-1-18-0 branch November 14, 2020 21:40
@wamserma wamserma mentioned this pull request Nov 14, 2020
Merged
10 tasks
timokau added a commit to timokau/dotfiles that referenced this pull request Nov 17, 2020
@timokau
Revert "nixpkgs: update"
45e293d 
This reverts commit ec488c8.

The mupdf update broke zathura, reverting for now.
NixOS/nixpkgs#100441 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andir andir andir left review comments

@jonringer jonringer jonringer approved these changes

@FRidh FRidh Awaiting requested review from FRidh

@pSub pSub Awaiting requested review from pSub

@Enzime Enzime Awaiting requested review from Enzime

@fpletz fpletz Awaiting requested review from fpletz

@teto teto Awaiting requested review from teto

@vrthra vrthra Awaiting requested review from vrthra

Assignees

@andir andir

Labels
1.severity: security 6.topic: python 8.has: package (new) 10.rebuild-darwin: 1-10 10.rebuild-linux: 11-100 awaiting_reviewer marvin
Projects
None yet
Milestone
No milestone
4 participants
@wamserma @andir @timokau @jonringer