Date: Tuesday, October 27, 2020 @ 00:30:48 Author: dvzrv Revision: 734107
archrelease: copy trunk to community-x86_64 Added: lilypond/repos/community-x86_64/PKGBUILD (from rev 734106, lilypond/trunk/PKGBUILD) lilypond/repos/community-x86_64/lilypond-2.20.0-CVE-2020-17353.patch (from rev 734106, lilypond/trunk/lilypond-2.20.0-CVE-2020-17353.patch) Deleted: lilypond/repos/community-x86_64/PKGBUILD lilypond/repos/community-x86_64/lilyfontsize.patch --------------------------------------+ PKGBUILD | 100 ++++++++++++++++++--------------- lilyfontsize.patch | 13 ---- lilypond-2.20.0-CVE-2020-17353.patch | 76 +++++++++++++++++++++++++ 3 files changed, 131 insertions(+), 58 deletions(-) Deleted: PKGBUILD =================================================================== --- PKGBUILD 2020-10-27 00:30:19 UTC (rev 734106) +++ PKGBUILD 2020-10-27 00:30:48 UTC (rev 734107) @@ -1,45 +0,0 @@ -# Maintainer: Evgeniy Alekseev <arcanis at archlinux dot org> -# Maintainer: Sergej Pupykin <pupykin.s+a...@gmail.com> -# Maintainer: Geoffroy Carrier <geoff...@archlinux.org> -# Contributor: William Rea <sillywi...@gmail.com> -# Contributor: Robert Emil Berge <filokte...@linuxophic.org> - -pkgname=lilypond -pkgver=2.20.0 -pkgrel=3 -pkgdesc="An automated music engraving system" -arch=('x86_64') -url="http://lilypond.org" -license=('GPL') -depends=('fontconfig' 'freetype2' 'guile1.8' 'ghostscript' 'glib2' 'pango') -optdepends=('python2: for lilypond-book and other scripts') -makedepends=('flex' 'bison' 'gettext' 'mftrace' 'texinfo' 'fontforge' 't1utils' - 'gsfonts' 'texi2html' 'dblatex' 'texlive-langcyrillic' 'imagemagick' - 'zip' 'rsync' 'netpbm' 'texlive-core' 'tex-gyre-fonts' 'python2') -options=('emptydirs') -source=("http://lilypond.org/downloads/sources/v${pkgver%.*}/$pkgname-$pkgver.tar.gz" - lilyfontsize.patch) -sha256sums=('595901323fbc88d3039ca4bdbc2d8c5ce46b182edcb3ea9c0940eba849bba661' - '17b86b7a0b09b73cb5cf8751464571cf6a785c0b1a23db425cc828855a9d8ae6') - -prepare() { - cd "$srcdir/$pkgname-$pkgver" - - sed -e 's|1.82, 1.82|1.82|g' -i configure.ac # Remove version constraint on texi2html - - patch -p1 -i "$srcdir/lilyfontsize.patch" - - ./autogen.sh --noconf -} - -build() { - cd "$srcdir/$pkgname-$pkgver" - ./configure \ - --prefix=/usr - make -} - -package() { - cd "$srcdir/$pkgname-$pkgver" - make DESTDIR="$pkgdir" vimdir="/usr/share/vim/vimfiles" install -} Copied: lilypond/repos/community-x86_64/PKGBUILD (from rev 734106, lilypond/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2020-10-27 00:30:48 UTC (rev 734107) @@ -0,0 +1,55 @@ +# Maintainer: David Runge <dv...@archlinux.org> +# Contributor: Evgeniy Alekseev <arcanis at archlinux dot org> +# Contributor: Sergej Pupykin <pupykin.s+a...@gmail.com> +# Contributor: Geoffroy Carrier <geoff...@archlinux.org> +# Contributor: William Rea <sillywi...@gmail.com> +# Contributor: Robert Emil Berge <filokte...@linuxophic.org> + +pkgname=lilypond +pkgver=2.20.0 +pkgrel=4 +pkgdesc="Music engraving program, devoted to producing the highest-quality sheet music possible" +arch=('x86_64') +url="https://lilypond.org" +license=('FDL1.3' 'GPL3' 'custom:OFL') +groups=('pro-audio') +depends=('gcc-libs' 'ghostscript' 'glibc' 'guile1.8' 'ttf-dejavu') +# TODO: package extractpdfmark +makedepends=('dblatex' 'fontconfig' 'fontforge' 'freetype2' 'glib2' +'gnu-free-fonts' 'gsfonts' 'imagemagick' 'mftrace' 'netpbm' 'pango' 'python2' +'rsync' 't1utils' 'texi2html' 'texinfo' 'texlive-core' 'tex-gyre-fonts' +'texlive-langcyrillic' 'ttf-bitstream-vera' 'ttf-liberation' +'ttf-linux-libertine' 'zip') +optdepends=('python2: for lilypond-book and other scripts') +options=('emptydirs') +source=("https://lilypond.org/downloads/sources/v${pkgver%.*}/$pkgname-$pkgver.tar.gz" + "${pkgname}-2.20.0-CVE-2020-17353.patch") +sha512sums=('8c5749576362b8c8acaed9eed50f22fdbf986bbe1733219921e366166d9cb829ffb280bfec936647248ddc48b3441af67a4e9d4023e003fdc7522d913f83928a' + '99663585ceed5493cc25e34c85f68328254d55822d66767f8384d058218835d24179b938547d303f84b33dae328b2b9734748a1c58186a7f279695d76f5ac2b7') +b2sums=('1bf4aa1db189b6a2c4be9b9f35a0ac913533640cc2ca6327492909cf71218bba7a31ca3c5a84a94746e361e2f985fe1b73e4ad6fbea13927e465f7b7f14bd16a' + '6a5b7ab61da2a7e96aa54c411784fc7d698afdc3cfded9bfd3e50639c083aa400edf58f5c041a360a36ac418f00c851ca45a56aa2d008baa56d5422c15a42f37') + +prepare() { + cd "$pkgname-$pkgver" + # fix CVE-2020-17353: FS#67680 + patch -Np1 -i "../${pkgname}-2.20.0-CVE-2020-17353.patch" + # Remove version constraint on texi2html + sed -e 's|1.82, 1.82|1.82|g' -i configure.ac + autoconf --force --verbose +} + +build() { + cd "$pkgname-$pkgver" + ./configure --prefix=/usr + make +} + +package() { + depends+=('libfontconfig.so' 'libfreetype.so' 'libglib-2.0.so' + 'libgobject-2.0.so' 'libpangoft2-1.0.so' 'libpango-1.0.so') + cd "$pkgname-$pkgver" + make DESTDIR="$pkgdir" vimdir="/usr/share/vim/vimfiles" install + install -vDm 644 LICENSE.OFL -t "${pkgdir}/usr/share/licenses/${pkgname}/" + install -vDm 644 {AUTHORS,NEWS,README}.txt \ + -t "${pkgdir}/usr/share/doc/${pkgname}/" +} Deleted: lilyfontsize.patch =================================================================== --- lilyfontsize.patch 2020-10-27 00:30:19 UTC (rev 734106) +++ lilyfontsize.patch 2020-10-27 00:30:48 UTC (rev 734107) @@ -1,13 +0,0 @@ -diff -wbBur lilypond-2.18.2/lily/pango-font.cc lilypond-2.18.2.fix/lily/pango-font.cc ---- lilypond-2.18.2/lily/pango-font.cc 2014-03-17 19:29:16.000000000 +0400 -+++ lilypond-2.18.2.fix/lily/pango-font.cc 2016-12-02 19:36:55.634555707 +0300 -@@ -315,7 +315,8 @@ - pango_fc_font_unlock_face (fcfont); - pango_glyph_string_free (pgs); - pgs = 0; -- PangoFontDescription *descr = pango_font_describe (pa->font); -+// PangoFontDescription *descr = pango_font_describe (pa->font); -+ PangoFontDescription *descr = pango_context_get_font_description (context_); - Real size = pango_font_description_get_size (descr) - / (Real (PANGO_SCALE)); - Copied: lilypond/repos/community-x86_64/lilypond-2.20.0-CVE-2020-17353.patch (from rev 734106, lilypond/trunk/lilypond-2.20.0-CVE-2020-17353.patch) =================================================================== --- lilypond-2.20.0-CVE-2020-17353.patch (rev 0) +++ lilypond-2.20.0-CVE-2020-17353.patch 2020-10-27 00:30:48 UTC (rev 734107) @@ -0,0 +1,76 @@ +diff --git a/scm/define-stencil-commands.scm b/scm/define-stencil-commands.scm +index 09a2299..e388788 100644 +--- a/scm/define-stencil-commands.scm ++++ b/scm/define-stencil-commands.scm +@@ -21,36 +21,41 @@ + (define-public (ly:all-stencil-commands) + "Return the list of stencil commands that can be + defined in the output modules (@file{output-*.scm})." +- '(blank +- char +- circle +- dashed-line +- draw-line +- ellipse +- embedded-ps +- embedded-svg +- end-group-node +- glyph-string +- grob-cause +- named-glyph +- no-origin +- page-link +- path +- partial-ellipse +- placebox +- polygon +- resetcolor +- resetrotation +- resetscale +- round-filled-box +- setcolor +- setrotation +- setscale +- start-group-node +- text +- unknown +- url-link +- utf-8-string ++ (let* ++ ((commands '(blank ++ char ++ circle ++ dashed-line ++ draw-line ++ ellipse ++ end-group-node ++ glyph-string ++ grob-cause ++ named-glyph ++ no-origin ++ page-link ++ path ++ partial-ellipse ++ placebox ++ polygon ++ resetcolor ++ resetrotation ++ resetscale ++ round-filled-box ++ setcolor ++ setrotation ++ setscale ++ start-group-node ++ text ++ unknown ++ url-link ++ utf-8-string ++ ))) ++ ++ (if (ly:get-option 'safe) ++ commands ++ (append '(embedded-ps embedded-svg) ++ commands)) + )) + + ;; TODO: