commit 9ed8e03a09a127e4dfdbd00524ede239b94cac78

pyrox.dev / nixpkgs

lol

fork atom

mupdf: mark 1.17 as insecure but as still required as dependency

authored by

Markus S. Wamser and committed by

Jonathan Ringer 5 years ago 9ed8e03a a08a95ac

+139 -4

5 changed files

expand all

unified split

pkgs

applications

misc

k2pdfopt

default.nix

mupdf

1.17.nix

mupdf-1.14-shared_libs.patch

os-specific

linux

jfbview

default.nix

top-level

all-packages.nix

+2 -2

pkgs/applications/misc/k2pdfopt/default.nix

··· 2 2 , cmake, pkgconfig, zlib, libpng, makeWrapper 3 3 , enableGSL ? true, gsl 4 4 , enableGhostScript ? true, ghostscript 5 - , enableMuPDF ? true, mupdf 5 + , enableMuPDF ? true, mupdf_1_17 6 6 , enableDJVU ? true, djvulibre 7 7 , enableGOCR ? false, gocr # Disabled by default due to crashes 8 8 , enableTesseract ? true, leptonica, tesseract4 ··· 89 89 cp ${k2pdfopt_src}/mupdf_mod/pdf-* ./source/pdf/ 90 90 ''; 91 91 }; 92 - mupdf_modded = mupdf.overrideAttrs ({ patches ? [], ... }: { 92 + mupdf_modded = mupdf_1_17.overrideAttrs ({ patches ? [], ... }: { 93 93 patches = patches ++ [ mupdf_patch ]; 94 94 # This function is missing in font.c, see font-win32.c 95 95 postPatch = ''

+95

pkgs/applications/misc/mupdf/1.17.nix

··· 1 + { stdenv, lib, fetchurl, fetchpatch, pkgconfig, freetype, harfbuzz, openjpeg 2 + , jbig2dec, libjpeg , darwin 3 + , enableX11 ? true, libX11, libXext, libXi, libXrandr 4 + , enableCurl ? true, curl, openssl 5 + , enableGL ? true, freeglut, libGLU 6 + }: 7 + 8 + let 9 + 10 + # OpenJPEG version is hardcoded in package source 11 + openJpegVersion = with stdenv; 12 + lib.versions.majorMinor (lib.getVersion openjpeg); 13 + 14 + 15 + in stdenv.mkDerivation rec { 16 + version = "1.17.0"; 17 + pname = "mupdf"; 18 + 19 + src = fetchurl { 20 + url = "https://mupdf.com/downloads/archive/${pname}-${version}-source.tar.gz"; 21 + sha256 = "13nl9nrcx2awz9l83mlv2psi1lmn3hdnfwxvwgwiwbxlkjl3zqq0"; 22 + }; 23 + 24 + patches = 25 + # Use shared libraries to decrease size 26 + stdenv.lib.optional (!stdenv.isDarwin) ./mupdf-1.14-shared_libs.patch 27 + ++ stdenv.lib.optional stdenv.isDarwin ./darwin.patch 28 + ; 29 + 30 + postPatch = '' 31 + sed -i "s/__OPENJPEG__VERSION__/${openJpegVersion}/" source/fitz/load-jpx.c 32 + ''; 33 + 34 + makeFlags = [ "prefix=$(out) USE_SYSTEM_LIBS=yes" ]; 35 + nativeBuildInputs = [ pkgconfig ]; 36 + buildInputs = [ freetype harfbuzz openjpeg jbig2dec libjpeg freeglut libGLU ] 37 + ++ lib.optionals enableX11 [ libX11 libXext libXi libXrandr ] 38 + ++ lib.optionals enableCurl [ curl openssl ] 39 + ++ lib.optionals enableGL ( 40 + if stdenv.isDarwin then 41 + with darwin.apple_sdk.frameworks; [ GLUT OpenGL ] 42 + else 43 + [ freeglut libGLU ]) 44 + ; 45 + outputs = [ "bin" "dev" "out" "man" "doc" ]; 46 + 47 + preConfigure = '' 48 + # Don't remove mujs because upstream version is incompatible 49 + rm -rf thirdparty/{curl,freetype,glfw,harfbuzz,jbig2dec,libjpeg,openjpeg,zlib} 50 + ''; 51 + 52 + postInstall = '' 53 + mkdir -p "$out/lib/pkgconfig" 54 + cat >"$out/lib/pkgconfig/mupdf.pc" <<EOF 55 + prefix=$out 56 + libdir=$out/lib 57 + includedir=$out/include 58 + 59 + Name: mupdf 60 + Description: Library for rendering PDF documents 61 + Version: ${version} 62 + Libs: -L$out/lib -lmupdf -lmupdf-third 63 + Cflags: -I$dev/include 64 + EOF 65 + 66 + moveToOutput "bin" "$bin" 67 + ln -s "$bin/bin/mupdf-x11" "$bin/bin/mupdf" 68 + mkdir -p $bin/share/applications 69 + cat > $bin/share/applications/mupdf.desktop <<EOF 70 + [Desktop Entry] 71 + Type=Application 72 + Version=1.0 73 + Name=mupdf 74 + Comment=PDF viewer 75 + Exec=$bin/bin/mupdf-x11 %f 76 + Terminal=false 77 + MimeType=application/pdf;application/x-pdf;application/x-cbz;application/oxps;application/vnd.ms-xpsdocument;application/epub+zip 78 + EOF 79 + ''; 80 + 81 + enableParallelBuilding = true; 82 + 83 + meta = with stdenv.lib; { 84 + homepage = "https://mupdf.com"; 85 + repositories.git = "git://git.ghostscript.com/mupdf.git"; 86 + description = "Lightweight PDF, XPS, and E-book viewer and toolkit written in portable C"; 87 + license = licenses.agpl3Plus; 88 + maintainers = with maintainers; [ vrthra fpletz ]; 89 + platforms = platforms.unix; 90 + knownVulnerabilities = [ 91 + "CVE-2020-26519: denial of service when parsing JBIG2" 92 + "CVE-2017-5991: NULL pointer dereference" 93 + ]; 94 + }; 95 + }

+39

pkgs/applications/misc/mupdf/mupdf-1.14-shared_libs.patch

··· 1 + --- mupdf-1.14.0-source.orig/Makefile 2018-11-02 06:57:12.114012496 +0100 2 + +++ mupdf-1.14.0-source/Makefile 2018-11-02 09:57:10.067945307 +0100 3 + @@ -20,7 +20,7 @@ 4 + # Do not specify CFLAGS or LIBS on the make invocation line - specify 5 + # XCFLAGS or XLIBS instead. Make ignores any lines in the makefile that 6 + # set a variable that was set on the command line. 7 + -CFLAGS += $(XCFLAGS) -Iinclude 8 + +CFLAGS += $(XCFLAGS) -Iinclude -fPIC 9 + LIBS += $(XLIBS) -lm 10 + 11 + ifneq ($(threading),no) 12 + @@ -190,17 +190,21 @@ 13 + 14 + # --- Library --- 15 + 16 + -MUPDF_LIB = $(OUT)/libmupdf.a 17 + -THIRD_LIB = $(OUT)/libmupdf-third.a 18 + -THREAD_LIB = $(OUT)/libmupdf-threads.a 19 + -PKCS7_LIB = $(OUT)/libmupdf-pkcs7.a 20 + +MUPDF_LIB = $(OUT)/libmupdf.so 21 + +THIRD_LIB = $(OUT)/libmupdf-third.so 22 + +THREAD_LIB = $(OUT)/libmupdf-threads.so 23 + +PKCS7_LIB = $(OUT)/libmupdf-pkcs7.so 24 + 25 + -$(MUPDF_LIB) : $(MUPDF_OBJ) 26 + +$(MUPDF_LIB) : $(MUPDF_OBJ) $(THIRD_LIB) $(THREAD_LIB) 27 + + $(LINK_CMD) $(THIRD_LIBS) -shared -Wl,-soname -Wl,libmupdf.so -Wl,--no-undefined 28 + $(THIRD_LIB) : $(THIRD_OBJ) 29 + + $(LINK_CMD) -shared -Wl,-soname -Wl,libmupdf-third.so -Wl,--no-undefined 30 + $(THREAD_LIB) : $(THREAD_OBJ) 31 + + $(LINK_CMD) -shared -Wl,-soname -Wl,libmupdf-threads.so -Wl,--no-undefined -lpthread 32 + $(PKCS7_LIB) : $(PKCS7_OBJ) 33 + + $(LINK_CMD) -shared -Wl,-soname -Wl,libmupdf-pkcs7.so 34 + 35 + -INSTALL_LIBS := $(MUPDF_LIB) $(THIRD_LIB) 36 + +INSTALL_LIBS := $(MUPDF_LIB) $(THIRD_LIB) $(THREAD_LIB) $(PKCS7_LIB) 37 + 38 + # --- Main tools and viewers --- 39 +

+2 -2

pkgs/os-specific/linux/jfbview/default.nix

··· 1 1 { stdenv, fetchFromGitHub 2 - , freetype, harfbuzz, jbig2dec, libjpeg, libX11, mupdf, ncurses, openjpeg 2 + , freetype, harfbuzz, jbig2dec, libjpeg, libX11, mupdf_1_17, ncurses, openjpeg 3 3 , openssl 4 4 5 5 , imageSupport ? true, imlib2 ? null }: ··· 32 32 hardeningDisable = [ "format" ]; 33 33 34 34 buildInputs = [ 35 - freetype harfbuzz jbig2dec libjpeg libX11 mupdf ncurses openjpeg 35 + freetype harfbuzz jbig2dec libjpeg libX11 mupdf_1_17 ncurses openjpeg 36 36 openssl 37 37 ] ++ stdenv.lib.optionals imageSupport [ 38 38 imlib2

pkgs/top-level/all-packages.nix

··· 22672 22672 pdfsam-basic = callPackage ../applications/misc/pdfsam-basic { }; 22673 22673 22674 22674 mupdf = callPackage ../applications/misc/mupdf { }; 22675 + mupdf_1_17 = callPackage ../applications/misc/mupdf/1.17.nix { }; 22675 22676 22676 22677 mystem = callPackage ../applications/misc/mystem { }; 22677 22678