Date: Sunday, January 10, 2021 @ 21:48:33 Author: dvzrv Revision: 817457
upgpkg: lilypond 2.22.0-1: Upgrade to 2.22.0. Switch from python2 to python. Apply upstream recommendations for deprecation of dependencies (especially the use of fonts). Remove patch for CVE-2020-17353 as it is now included. Disable the use of texihtml using configure. Remove build time copies of fonts and rely on optdepends instead. Modified: lilypond/trunk/PKGBUILD Deleted: lilypond/trunk/lilypond-2.20.0-CVE-2020-17353.patch --------------------------------------+ PKGBUILD | 42 ++++++++---------- lilypond-2.20.0-CVE-2020-17353.patch | 76 --------------------------------- 2 files changed, 20 insertions(+), 98 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2021-01-10 21:38:45 UTC (rev 817456) +++ PKGBUILD 2021-01-10 21:48:33 UTC (rev 817457) @@ -6,41 +6,37 @@ # Contributor: Robert Emil Berge <[email protected]> pkgname=lilypond -pkgver=2.20.0 -pkgrel=4 +pkgver=2.22.0 +pkgrel=1 pkgdesc="Music engraving program, devoted to producing the highest-quality sheet music possible" arch=('x86_64') url="https://lilypond.org"; license=('FDL1.3' 'GPL3' 'custom:OFL') groups=('pro-audio') -depends=('gcc-libs' 'ghostscript' 'glibc' 'guile1.8' 'ttf-dejavu') +depends=('gcc-libs' 'ghostscript' 'glibc' 'guile1.8') # TODO: package extractpdfmark -makedepends=('dblatex' 'fontconfig' 'fontforge' 'freetype2' 'glib2' -'gnu-free-fonts' 'gsfonts' 'imagemagick' 'mftrace' 'netpbm' 'pango' 'python2' -'rsync' 't1utils' 'texi2html' 'texinfo' 'texlive-core' 'tex-gyre-fonts' -'texlive-langcyrillic' 'ttf-bitstream-vera' 'ttf-liberation' -'ttf-linux-libertine' 'zip') -optdepends=('python2: for lilypond-book and other scripts') -options=('emptydirs') -source=("https://lilypond.org/downloads/sources/v${pkgver%.*}/$pkgname-$pkgver.tar.gz"; - "${pkgname}-2.20.0-CVE-2020-17353.patch") -sha512sums=('8c5749576362b8c8acaed9eed50f22fdbf986bbe1733219921e366166d9cb829ffb280bfec936647248ddc48b3441af67a4e9d4023e003fdc7522d913f83928a' - '99663585ceed5493cc25e34c85f68328254d55822d66767f8384d058218835d24179b938547d303f84b33dae328b2b9734748a1c58186a7f279695d76f5ac2b7') -b2sums=('1bf4aa1db189b6a2c4be9b9f35a0ac913533640cc2ca6327492909cf71218bba7a31ca3c5a84a94746e361e2f985fe1b73e4ad6fbea13927e465f7b7f14bd16a' - '6a5b7ab61da2a7e96aa54c411784fc7d698afdc3cfded9bfd3e50639c083aa400edf58f5c041a360a36ac418f00c851ca45a56aa2d008baa56d5422c15a42f37') +makedepends=('fontconfig' 'fontforge' 'freetype2' 'glib2' +'gsfonts' 'imagemagick' 'pango' 'python' 'rsync' 't1utils' 'texinfo' +'texlive-core' 'tex-gyre-fonts' 'texlive-langcyrillic' 'zip') +optdepends=( + 'python: for lilypond-book and other scripts' + 'tex-gyre-fonts: for extra fonts' + 'ttf-dejavu: for extra fonts' +) +source=("https://lilypond.org/downloads/sources/v${pkgver%.*}/$pkgname-$pkgver.tar.gz";) +sha512sums=('4dcc4da1bd1aa1d10ca802acbe29f2256587cd8e2643651b6d2e42cfce0b9572d0eb1139fbc59cec98ad6b86b86e7a6910becb6be7a4350ee0adfe366daa0a65') +b2sums=('a7512629be43680c6e6bda1404c9b8e4a9bfb0b65ad565aede9dba983ae8e5fb350e8a53250cd01314b4d032d1bbe7b391bb3acd411dc6665868f4cd04f15011') prepare() { cd "$pkgname-$pkgver" - # fix CVE-2020-17353: FS#67680 - patch -Np1 -i "../${pkgname}-2.20.0-CVE-2020-17353.patch" - # Remove version constraint on texi2html - sed -e 's|1.82, 1.82|1.82|g' -i configure.ac autoconf --force --verbose } build() { cd "$pkgname-$pkgver" - ./configure --prefix=/usr + export GUILE=guile1.8 + ./configure --prefix=/usr \ + --disable-texi2html make } @@ -50,6 +46,8 @@ cd "$pkgname-$pkgver" make DESTDIR="$pkgdir" vimdir="/usr/share/vim/vimfiles" install install -vDm 644 LICENSE.OFL -t "${pkgdir}/usr/share/licenses/${pkgname}/" - install -vDm 644 {AUTHORS,NEWS,README}.txt \ + install -vDm 644 {AUTHORS,NEWS}.txt README.md \ -t "${pkgdir}/usr/share/doc/${pkgname}/" + # delete copied fonts, they are relied upon as optdepends + rm "${pkgdir}/usr/share/lilypond/${pkgver}/fonts/otf/"{C059,Nimbus,texgyre}*.otf } Deleted: lilypond-2.20.0-CVE-2020-17353.patch =================================================================== --- lilypond-2.20.0-CVE-2020-17353.patch 2021-01-10 21:38:45 UTC (rev 817456) +++ lilypond-2.20.0-CVE-2020-17353.patch 2021-01-10 21:48:33 UTC (rev 817457) @@ -1,76 +0,0 @@ -diff --git a/scm/define-stencil-commands.scm b/scm/define-stencil-commands.scm -index 09a2299..e388788 100644 ---- a/scm/define-stencil-commands.scm -+++ b/scm/define-stencil-commands.scm -@@ -21,36 +21,41 @@ - (define-public (ly:all-stencil-commands) - "Return the list of stencil commands that can be - defined in the output modules (@file{output-*.scm})." -- '(blank -- char -- circle -- dashed-line -- draw-line -- ellipse -- embedded-ps -- embedded-svg -- end-group-node -- glyph-string -- grob-cause -- named-glyph -- no-origin -- page-link -- path -- partial-ellipse -- placebox -- polygon -- resetcolor -- resetrotation -- resetscale -- round-filled-box -- setcolor -- setrotation -- setscale -- start-group-node -- text -- unknown -- url-link -- utf-8-string -+ (let* -+ ((commands '(blank -+ char -+ circle -+ dashed-line -+ draw-line -+ ellipse -+ end-group-node -+ glyph-string -+ grob-cause -+ named-glyph -+ no-origin -+ page-link -+ path -+ partial-ellipse -+ placebox -+ polygon -+ resetcolor -+ resetrotation -+ resetscale -+ round-filled-box -+ setcolor -+ setrotation -+ setscale -+ start-group-node -+ text -+ unknown -+ url-link -+ utf-8-string -+ ))) -+ -+ (if (ly:get-option 'safe) -+ commands -+ (append '(embedded-ps embedded-svg) -+ commands)) - )) - - ;; TODO:
