[20.09] mupdf: 1.17.0 -> 1.18.0, pymupdf: 1.17.6 -> 1.18.0, llpp 32 -> 33, zathura: 0.4.5 -> 0.4.7

[wamserma]

this is a squashed backport of #100441 and #103727

mupdf:
fixes CVE-2017-5991
fixes CVE-2020-26519
also drops the patch for shared libs (not needed anymore)
(cherry picked from commit 2b04dca)

mupdf: adopt post-release bugfix-patches from upstream
(cherry picked from commit 4a6235f)

pymupdf: 1.17.6 -> 1.18.0
(cherry picked from commit 5fd2f39)

llpp: 32 -> 33
(cherry picked from commit 28e63e0)

mupdf: mark 1.17 as insecure but as still required as dependency
(cherry picked from commit 70e16bc)

zathura: 0.4.5 -> 0.4.7
(cherry picked from commit 3c3f70c)

zathura-pdf-mupdf: 0.3.5 -> 0.3.6, fix linking
(cherry picked from commit 2606a28)

Motivation for this change

Things done

• Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
• Built on platform(s)
  • NixOS
  • macOS
  • other Linux distributions
• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
• Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• Determined the impact on package closure size (by running nix path-info -S before and after)
• Ensured that relevant documentation is up to date
• Fits CONTRIBUTING.md.

[wamserma]

/marvin opt-in

[marvin-mk2]

Hi! I'm an experimental bot. My goal is to guide this PR through its stages, hopefully ending with a merge. You can read up on the usage here.

[wamserma]

/status needs_reviewer

[jonringer]

usually there's a 1 to 1 correlation between commits cherry-pick, we would prefer not have them squashed.

When backporting changes, please follow https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md#backporting-changes.

Namely, you should be doing git cherry-pick -x <rev> from (a) commit(s) that has already landed in master. If the branches have diverged, you may alter the commit or add another commit to ensure that the package is able to still evaluate and build

[wamserma]

usually there's a 1 to 1 correlation between commits cherry-pick, we would prefer not have them squashed.

I deliberately deviated here as these commits all need to go together to avoid breaking things.

[jonringer]

Yes, but if there is a regression, then we can use git bisect to locate which change caused it.

From the perspective of a channel user, they shouldn't experience an intermediate commit

[wamserma]

Unsquashed and updated.

[marvin-mk2]

Reminder: Please review!

This Pull Request is awaiting review. If you are the assigned reviewer, please have a look. Try to find another reviewer if necessary. If you can't, please say so. If the status is not accurate, please change it. If nothing happens, this PR will be put back in the needs_reviewer queue in one day.

[wamserma]

ping @jonringer

[jonringer]

LGTM

Result of nixpkgs-review pr 103845 1

1 package marked as broken and skipped:

• mupdf_1_17

10 packages built:

• cups-filters
• llpp
• mupdf
• python27Packages.pymupdf
• python37Packages.pymupdf
• python38Packages.pymupdf
• splix
• system-config-printer
• termpdfpy
• zathura