New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mupdf: 1.17.0 -> 1.18.0, pymupdf: 1.17.6 -> 1.18.0, llpp 32 -> 33 #100441
Conversation
this bundles a number of package updates similar to #88919 to avoid a broken state on master, old version is marked insecure but kept for k2pdfopt which is currently not compatible with MuPDF 1.18 and jfbview, which needs to be updated in its own PR |
b89e091
to
d263190
Compare
450048c
to
cf9e181
Compare
e184382
to
81f6d79
Compare
@jonringer While you're at it: Can you add the security label to the PR? |
81f6d79
to
76a50c1
Compare
Hi! I'm an experimental bot. My goal is to guide this PR through its stages, hopefully ending with a merge. You can read up on the usage here. |
76a50c1
to
dbca659
Compare
This looks good as is. Could you also add the relevant CVE identifiers (or links to our tracking issues) to the relevant commits? |
I'll put the CVEs, as e.g. #100316 can only be closed once this is also backported. |
fixes CVE-2017-5991 fixes CVE-2020-26519 also drops the patch for shared libs (not needed anymore)
dbca659
to
70e16bc
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
diff LGTM
https://github.com/NixOS/nixpkgs/pull/100441
1 package marked as broken and skipped:
mupdf_1_17
10 packages built:
cups-filters llpp mupdf python27Packages.pymupdf python37Packages.pymupdf python38Packages.pymupdf splix system-config-printer termpdfpy zathura
This (commit e13120b in particular) broke the
zathura then displays a black window without any of the pdf's contents. |
Also CC @globin, the maintainer of zathura. |
This reverts commit ec488c8. The mupdf update broke zathura, reverting for now. NixOS/nixpkgs#100441 (comment)
also drops the patch for shared libs (not needed any more)
fixes #90910
fixes #100316 (unstable)
Motivation for this change
Upstream release and security issues mentioned above.
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "NIXPKGS_ALLOW_INSECURE=1 nixpkgs-review pr 100441"
./result/bin/
)nix path-info -S
before and after)