Message ID | 20230418105814.2982312-1-raphael.melotte@mind.be |
---|---|
State | Accepted |
Headers | show |
Series | [1/1] package: {, python-py}mupdf: bump to 1.22.0 | expand |
Raphaël, All, On 2023-04-18 12:58 +0200, Raphaël Mélotte spake thusly: > Also remove the last two '*_IGNORE_CVES', since the corresponding > patches have been removed (they are now part of upstream) in > 1fb64680bffbda1e5fb952150652f73205322707. > > Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be> > --- > package/mupdf/mupdf.hash | 4 ++-- > package/mupdf/mupdf.mk | 8 +------- > package/python-pymupdf/python-pymupdf.hash | 4 ++-- > package/python-pymupdf/python-pymupdf.mk | 4 ++-- > 4 files changed, 7 insertions(+), 13 deletions(-) > > diff --git a/package/mupdf/mupdf.hash b/package/mupdf/mupdf.hash > index ef91abee18..1f636097ed 100644 > --- a/package/mupdf/mupdf.hash > +++ b/package/mupdf/mupdf.hash > @@ -1,8 +1,8 @@ > # From https://mupdf.com/downloads/index.html: > -sha1 f759d914ec6ad6a3b96f994630ff70b75823831b mupdf-1.21.1-source.tar.lz > +sha1 b9907729d604f0bf3846b45cd5891e10d7a66e24 mupdf-1.22.0-source.tar.lz > > # Locally computed: > -sha256 66a43490676c7f7c2ff74067328ef13285506fcc758d365ae27ea3668bd5e620 mupdf-1.21.1-source.tar.lz > +sha256 bed78a0abf8496b30c523497292de979db633eca57e02f6cd0f3c7c042551c3e mupdf-1.22.0-source.tar.lz > > # Hash for license files: > sha256 57c8ff33c9c0cfc3ef00e650a1cc910d7ee479a8bc509f6c9209a7c2a11399d6 COPYING > diff --git a/package/mupdf/mupdf.mk b/package/mupdf/mupdf.mk > index d6cc407c49..08894d7980 100644 > --- a/package/mupdf/mupdf.mk > +++ b/package/mupdf/mupdf.mk > @@ -5,7 +5,7 @@ > ################################################################################ > > # python-pymupdf's version must match mupdf's version > -MUPDF_VERSION = 1.21.1 > +MUPDF_VERSION = 1.22.0 > MUPDF_SOURCE = mupdf-$(MUPDF_VERSION)-source.tar.lz > MUPDF_SITE = https://mupdf.com/downloads/archive > MUPDF_LICENSE = AGPL-3.0+ > @@ -22,12 +22,6 @@ MUPDF_DEPENDENCIES = \ > xlib_libX11 \ > zlib > > -# 0002-Bug-703366-Fix-double-free-of-object-during-linearization.patch > -MUPDF_IGNORE_CVES += CVE-2021-3407 > - > -# 0003-Bug-703791-Stay-within-hash-table-max-key-size-in-cached-color-converter.patch > -MUPDF_IGNORE_CVES += CVE-2021-37220 Dropping those exclusion should have been in a seaprate patch, because they were alreadyu incorrect even before the bump to 1.22.0 (we no longer have those two patches). So, I split that into its own patch. And so: both applied to master, thanks. Regards, Yann E. MORIN. > # The pkg-config name for gumbo-parser is `gumbo`. > MUPDF_PKG_CONFIG_PACKAGES = \ > freetype2 \ > diff --git a/package/python-pymupdf/python-pymupdf.hash b/package/python-pymupdf/python-pymupdf.hash > index bda356d905..9fd8150088 100644 > --- a/package/python-pymupdf/python-pymupdf.hash > +++ b/package/python-pymupdf/python-pymupdf.hash > @@ -1,5 +1,5 @@ > # md5, sha256 from https://pypi.org/pypi/pymupdf/json > -md5 be10963679ac6d52b7aed2311ca7e3c5 PyMuPDF-1.21.1.tar.gz > -sha256 f815741a435c62a0036bbcbf5fa6c533567bd69c5338d413714fc57b22db93e0 PyMuPDF-1.21.1.tar.gz > +md5 468fe56375a1fca99e83fe0aa0b9f8bd PyMuPDF-1.22.0.tar.gz > +sha256 6e1694e5c0cd8b92d503a506ee8e4ba1bed768528de586889d3ec90e9dc4a7d3 PyMuPDF-1.22.0.tar.gz > # Locally computed sha256 checksums > sha256 57c8ff33c9c0cfc3ef00e650a1cc910d7ee479a8bc509f6c9209a7c2a11399d6 COPYING > diff --git a/package/python-pymupdf/python-pymupdf.mk b/package/python-pymupdf/python-pymupdf.mk > index 70448e8d90..51d955d835 100644 > --- a/package/python-pymupdf/python-pymupdf.mk > +++ b/package/python-pymupdf/python-pymupdf.mk > @@ -5,9 +5,9 @@ > ################################################################################ > > # python-pymupdf's version must match mupdf's version > -PYTHON_PYMUPDF_VERSION = 1.21.1 > +PYTHON_PYMUPDF_VERSION = 1.22.0 > PYTHON_PYMUPDF_SOURCE = PyMuPDF-$(PYTHON_PYMUPDF_VERSION).tar.gz > -PYTHON_PYMUPDF_SITE = https://files.pythonhosted.org/packages/30/44/9fce79689e5df7deebe2d17cb2b9b2a6b888439c241e71296e732aefa649 > +PYTHON_PYMUPDF_SITE = https://files.pythonhosted.org/packages/28/ba/d6bb6fd678e8396d7b944870286fb25fd6f499b8cb599b5436c8f725adbf > PYTHON_PYMUPDF_SETUP_TYPE = setuptools > PYTHON_PYMUPDF_LICENSE = AGPL-3.0+ > PYTHON_PYMUPDF_LICENSE_FILES = COPYING > -- > 2.39.1 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
>>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes: > Raphaël, All, > On 2023-04-18 12:58 +0200, Raphaël Mélotte spake thusly: >> Also remove the last two '*_IGNORE_CVES', since the corresponding >> patches have been removed (they are now part of upstream) in >> 1fb64680bffbda1e5fb952150652f73205322707. >> >> Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be> >> --- >> package/mupdf/mupdf.hash | 4 ++-- >> package/mupdf/mupdf.mk | 8 +------- >> package/python-pymupdf/python-pymupdf.hash | 4 ++-- >> package/python-pymupdf/python-pymupdf.mk | 4 ++-- >> 4 files changed, 7 insertions(+), 13 deletions(-) >> >> diff --git a/package/mupdf/mupdf.hash b/package/mupdf/mupdf.hash >> index ef91abee18..1f636097ed 100644 >> --- a/package/mupdf/mupdf.hash >> +++ b/package/mupdf/mupdf.hash >> @@ -1,8 +1,8 @@ >> # From https://mupdf.com/downloads/index.html: >> -sha1 f759d914ec6ad6a3b96f994630ff70b75823831b mupdf-1.21.1-source.tar.lz >> +sha1 b9907729d604f0bf3846b45cd5891e10d7a66e24 mupdf-1.22.0-source.tar.lz >> >> # Locally computed: >> -sha256 66a43490676c7f7c2ff74067328ef13285506fcc758d365ae27ea3668bd5e620 mupdf-1.21.1-source.tar.lz >> +sha256 bed78a0abf8496b30c523497292de979db633eca57e02f6cd0f3c7c042551c3e mupdf-1.22.0-source.tar.lz >> >> # Hash for license files: >> sha256 57c8ff33c9c0cfc3ef00e650a1cc910d7ee479a8bc509f6c9209a7c2a11399d6 COPYING >> diff --git a/package/mupdf/mupdf.mk b/package/mupdf/mupdf.mk >> index d6cc407c49..08894d7980 100644 >> --- a/package/mupdf/mupdf.mk >> +++ b/package/mupdf/mupdf.mk >> @@ -5,7 +5,7 @@ >> ################################################################################ >> >> # python-pymupdf's version must match mupdf's version >> -MUPDF_VERSION = 1.21.1 >> +MUPDF_VERSION = 1.22.0 >> MUPDF_SOURCE = mupdf-$(MUPDF_VERSION)-source.tar.lz >> MUPDF_SITE = https://mupdf.com/downloads/archive >> MUPDF_LICENSE = AGPL-3.0+ >> @@ -22,12 +22,6 @@ MUPDF_DEPENDENCIES = \ >> xlib_libX11 \ >> zlib >> >> -# 0002-Bug-703366-Fix-double-free-of-object-during-linearization.patch >> -MUPDF_IGNORE_CVES += CVE-2021-3407 >> - >> -# 0003-Bug-703791-Stay-within-hash-table-max-key-size-in-cached-color-converter.patch >> -MUPDF_IGNORE_CVES += CVE-2021-37220 > Dropping those exclusion should have been in a seaprate patch, because > they were alreadyu incorrect even before the bump to 1.22.0 (we no > longer have those two patches). > So, I split that into its own patch. Committed the drop-CVE-ignore part to 2023.02.x, thanks.
diff --git a/package/mupdf/mupdf.hash b/package/mupdf/mupdf.hash index ef91abee18..1f636097ed 100644 --- a/package/mupdf/mupdf.hash +++ b/package/mupdf/mupdf.hash @@ -1,8 +1,8 @@ # From https://mupdf.com/downloads/index.html: -sha1 f759d914ec6ad6a3b96f994630ff70b75823831b mupdf-1.21.1-source.tar.lz +sha1 b9907729d604f0bf3846b45cd5891e10d7a66e24 mupdf-1.22.0-source.tar.lz # Locally computed: -sha256 66a43490676c7f7c2ff74067328ef13285506fcc758d365ae27ea3668bd5e620 mupdf-1.21.1-source.tar.lz +sha256 bed78a0abf8496b30c523497292de979db633eca57e02f6cd0f3c7c042551c3e mupdf-1.22.0-source.tar.lz # Hash for license files: sha256 57c8ff33c9c0cfc3ef00e650a1cc910d7ee479a8bc509f6c9209a7c2a11399d6 COPYING diff --git a/package/mupdf/mupdf.mk b/package/mupdf/mupdf.mk index d6cc407c49..08894d7980 100644 --- a/package/mupdf/mupdf.mk +++ b/package/mupdf/mupdf.mk @@ -5,7 +5,7 @@ ################################################################################ # python-pymupdf's version must match mupdf's version -MUPDF_VERSION = 1.21.1 +MUPDF_VERSION = 1.22.0 MUPDF_SOURCE = mupdf-$(MUPDF_VERSION)-source.tar.lz MUPDF_SITE = https://mupdf.com/downloads/archive MUPDF_LICENSE = AGPL-3.0+ @@ -22,12 +22,6 @@ MUPDF_DEPENDENCIES = \ xlib_libX11 \ zlib -# 0002-Bug-703366-Fix-double-free-of-object-during-linearization.patch -MUPDF_IGNORE_CVES += CVE-2021-3407 - -# 0003-Bug-703791-Stay-within-hash-table-max-key-size-in-cached-color-converter.patch -MUPDF_IGNORE_CVES += CVE-2021-37220 - # The pkg-config name for gumbo-parser is `gumbo`. MUPDF_PKG_CONFIG_PACKAGES = \ freetype2 \ diff --git a/package/python-pymupdf/python-pymupdf.hash b/package/python-pymupdf/python-pymupdf.hash index bda356d905..9fd8150088 100644 --- a/package/python-pymupdf/python-pymupdf.hash +++ b/package/python-pymupdf/python-pymupdf.hash @@ -1,5 +1,5 @@ # md5, sha256 from https://pypi.org/pypi/pymupdf/json -md5 be10963679ac6d52b7aed2311ca7e3c5 PyMuPDF-1.21.1.tar.gz -sha256 f815741a435c62a0036bbcbf5fa6c533567bd69c5338d413714fc57b22db93e0 PyMuPDF-1.21.1.tar.gz +md5 468fe56375a1fca99e83fe0aa0b9f8bd PyMuPDF-1.22.0.tar.gz +sha256 6e1694e5c0cd8b92d503a506ee8e4ba1bed768528de586889d3ec90e9dc4a7d3 PyMuPDF-1.22.0.tar.gz # Locally computed sha256 checksums sha256 57c8ff33c9c0cfc3ef00e650a1cc910d7ee479a8bc509f6c9209a7c2a11399d6 COPYING diff --git a/package/python-pymupdf/python-pymupdf.mk b/package/python-pymupdf/python-pymupdf.mk index 70448e8d90..51d955d835 100644 --- a/package/python-pymupdf/python-pymupdf.mk +++ b/package/python-pymupdf/python-pymupdf.mk @@ -5,9 +5,9 @@ ################################################################################ # python-pymupdf's version must match mupdf's version -PYTHON_PYMUPDF_VERSION = 1.21.1 +PYTHON_PYMUPDF_VERSION = 1.22.0 PYTHON_PYMUPDF_SOURCE = PyMuPDF-$(PYTHON_PYMUPDF_VERSION).tar.gz -PYTHON_PYMUPDF_SITE = https://files.pythonhosted.org/packages/30/44/9fce79689e5df7deebe2d17cb2b9b2a6b888439c241e71296e732aefa649 +PYTHON_PYMUPDF_SITE = https://files.pythonhosted.org/packages/28/ba/d6bb6fd678e8396d7b944870286fb25fd6f499b8cb599b5436c8f725adbf PYTHON_PYMUPDF_SETUP_TYPE = setuptools PYTHON_PYMUPDF_LICENSE = AGPL-3.0+ PYTHON_PYMUPDF_LICENSE_FILES = COPYING
Also remove the last two '*_IGNORE_CVES', since the corresponding patches have been removed (they are now part of upstream) in 1fb64680bffbda1e5fb952150652f73205322707. Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be> --- package/mupdf/mupdf.hash | 4 ++-- package/mupdf/mupdf.mk | 8 +------- package/python-pymupdf/python-pymupdf.hash | 4 ++-- package/python-pymupdf/python-pymupdf.mk | 4 ++-- 4 files changed, 7 insertions(+), 13 deletions(-)