From debbugs-submit-bounces@debbugs.gnu.org Sat Jul 08 12:42:57 2017 Received: (at submit) by debbugs.gnu.org; 8 Jul 2017 16:42:57 +0000 Received: from localhost ([127.0.0.1]:58072 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dTsoq-0000yC-O6 for submit@debbugs.gnu.org; Sat, 08 Jul 2017 12:42:57 -0400 Received: from eggs.gnu.org ([208.118.235.92]:47730) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dTncc-0008On-VI for submit@debbugs.gnu.org; Sat, 08 Jul 2017 07:09:59 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dTncW-0006Ik-Rz for submit@debbugs.gnu.org; Sat, 08 Jul 2017 07:09:53 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_20,FREEMAIL_FROM, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:52548) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dTncW-0006If-Op for submit@debbugs.gnu.org; Sat, 08 Jul 2017 07:09:52 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38686) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dTncV-0005tp-Tt for bug-guix@gnu.org; Sat, 08 Jul 2017 07:09:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dTncR-0006HQ-TZ for bug-guix@gnu.org; Sat, 08 Jul 2017 07:09:51 -0400 Received: from mail-pf0-x229.google.com ([2607:f8b0:400e:c00::229]:35465) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dTncR-0006Bj-Ml for bug-guix@gnu.org; Sat, 08 Jul 2017 07:09:47 -0400 Received: by mail-pf0-x229.google.com with SMTP id c73so28495888pfk.2 for ; Sat, 08 Jul 2017 04:09:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id; bh=ZkMR3GiQHzSVCQwVuGawd8OkiU1Ka9lueY9goP/Rn5U=; b=HVwV/M2T3C6Ubq5yr4DlCfe8ZYramloflj5CQP8PJdnP2+Pgb/BPTowxJBSZmUG2pL lwxgQ1M5j/X9Tc/HOb+5HMLvFyHPwN83zCyzMwuSK5UlDOrmudRsomS+jsJlJ+p6t1rp B7i9KSAURIp9Gm0WW1J/glbA+jLIM5jCheYz9nURDhOoNvmOvFGSUDL2Vg37xA5aP0AW Jmt2Kvr5vbrkog1k9DjkS+tppd/pZcA8pDlFGK+jtdarH7MQSgnQ9H+ftu50ZxHZDDHz ohl4v+6G8A1l1XOhA/Yr9SHBnxhMORv+H1zvjehCkRSAUGCfC8HdhSCRRlhCbWGQKxyY M+uQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=ZkMR3GiQHzSVCQwVuGawd8OkiU1Ka9lueY9goP/Rn5U=; b=SNJMLiEmX0Xf04TdmwEEXlq1UJa+mK8kHxcFM0v6vGN9b2ijPzCQ2ycm1ZYgCDK5+L vtpRMmjQ0b7C53/tdzsbL7MFMOVfD+UN7gSu4m3TAO6/A11LB2qkDGHsRiAD00k8ScFX xPG5j7ifFtKE3pLcEMR2wy5kOVzR24l1QDSUM83ibYXnJ0L8r2N/7+EGJYgwXAiOjWxo 86YEkYSnz3twldWHEkI8XsSNKGgWJX+rqDKOGf/siR8y9y+zwIAV9Y6zlxZSa9Hb1g4S 2cB/PNkGOeS8R8UmBgXG1LR1vp+s3w5qk2qquD5Hg7BdrEC4783UAzbKssCUQ3FCSRF/ p/cw== X-Gm-Message-State: AIVw110BAew+EcGsqfFuXtiVGX3Lh7A7M+NBQYmvtOuU/ReIpe7BtqHF akbcSu9qtbxv1i3Kp24= X-Received: by 10.84.149.197 with SMTP id a5mr7919305plh.3.1499512163002; Sat, 08 Jul 2017 04:09:23 -0700 (PDT) Received: from localhost.localdomain ([103.25.181.216]) by smtp.googlemail.com with ESMTPSA id n19sm13138241pfa.64.2017.07.08.04.09.19 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 08 Jul 2017 04:09:21 -0700 (PDT) From: Ben Woodcroft To: bug-guix@gnu.org Subject: [PATCH] gnu: inkscape: Use ungrafted poppler input. Date: Sat, 8 Jul 2017 21:08:33 +1000 Message-Id: <20170708110834.13972-1-donttrustben@gmail.com> X-Mailer: git-send-email 2.13.2 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Sat, 08 Jul 2017 12:42:55 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.0 (----) Currently Inkscape fails to start as the poppler shared library changes from libpoppler.so.66 to libpoppler.so.67 upon grafting. Is this the correct way to fix this issue? I'm not quite sure why poppler is grafted in the first place, given there are so few dependencies (26)? Should it simply be updated? Thanks, ben From debbugs-submit-bounces@debbugs.gnu.org Sat Jul 08 13:10:02 2017 Received: (at submit) by debbugs.gnu.org; 8 Jul 2017 17:10:02 +0000 Received: from localhost ([127.0.0.1]:58088 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dTtF4-0003YY-B8 for submit@debbugs.gnu.org; Sat, 08 Jul 2017 13:10:02 -0400 Received: from eggs.gnu.org ([208.118.235.92]:47732) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dTncd-0008Oo-AJ for submit@debbugs.gnu.org; Sat, 08 Jul 2017 07:10:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dTncX-0006Iw-CS for submit@debbugs.gnu.org; Sat, 08 Jul 2017 07:09:54 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_20,FREEMAIL_FROM, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:56706) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dTncX-0006Ir-93 for submit@debbugs.gnu.org; Sat, 08 Jul 2017 07:09:53 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38684) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dTncV-0005to-Ta for bug-guix@gnu.org; Sat, 08 Jul 2017 07:09:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dTncU-0006Hw-D0 for bug-guix@gnu.org; Sat, 08 Jul 2017 07:09:51 -0400 Received: from mail-pg0-x22a.google.com ([2607:f8b0:400e:c05::22a]:35459) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dTncU-0006CO-6s for bug-guix@gnu.org; Sat, 08 Jul 2017 07:09:50 -0400 Received: by mail-pg0-x22a.google.com with SMTP id j186so28434451pge.2 for ; Sat, 08 Jul 2017 04:09:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=uIgRSmjQeK7fiMadstzg3ZBAljZjm8tfcEwqZDUgLDs=; b=eA5CNVgoB08LQUcJXYqlzvsrc4ZUg0s17IBsCM9Y0Y1J7wLVGQ/H/IV9H51HKn4fXh 4Xe1Ccj/gjPunt3quMW+0xrgI7ISd3h7ea1G+STcf0i64FHrBgygJiSQqLn6XCAnZKRn i1fX/EZWSugvfb9tOdSkM6U/nQJ3c7U9bcOUypIpfOLLTuyl3iruWX5iole4JguDTTL6 5CqIJeCxULkzU6Rplup5JVHdOO0QIROHbAu55SiEhklR6AhquY3x1+YI8EmEjU8z/Nsw G/gJQtdxqg3HLyDxw8Jm7dDHR8Njf6SA8z7XyPoxK/3ftwwG4iODODtYNTk00NimGXq2 0Wjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=uIgRSmjQeK7fiMadstzg3ZBAljZjm8tfcEwqZDUgLDs=; b=fsB1u8hRzr9IPvo/A4k6ZlCS69uURxy9NAf/NMal5azB4CiECne6Fg9y10/oN1dz+e d0li4IS2Kcn6OqMIEII0B43RTJDPG4NJ5pWB8i9t+MXrvU2l4bSSEU+Z/JnNGndEVfV9 jyIWV63LP53F9ZP7GniVPpG3K/XqOQTfzq1W7mKBsC5bBIyVopVUmu6RbioBpnQ44/KI IxLwTTWm7X5gPlDW6rH77jD24FLJLUIAmwVOuG7o5JxQui6qwctv/ojKHo5uOVIv0sMS nbuGhVarLzRo75z6GZyGkw1LsVW7yue0pW7X5NM8nsW0kk/30Fjby8xogUnHRv9J3s/Z VUvg== X-Gm-Message-State: AIVw111cUE7IUWUoJyqU17mBhooKA4h5uEug4r1yGGEFatDy1OKdA14S QM/fJwmz6BD9p8AAlHs= X-Received: by 10.84.224.207 with SMTP id k15mr7850784pln.15.1499512166286; Sat, 08 Jul 2017 04:09:26 -0700 (PDT) Received: from localhost.localdomain ([103.25.181.216]) by smtp.googlemail.com with ESMTPSA id n19sm13138241pfa.64.2017.07.08.04.09.23 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 08 Jul 2017 04:09:25 -0700 (PDT) From: Ben Woodcroft To: bug-guix@gnu.org Subject: [PATCH] gnu: inkscape: Use ungrafted poppler input. Date: Sat, 8 Jul 2017 21:08:34 +1000 Message-Id: <20170708110834.13972-2-donttrustben@gmail.com> X-Mailer: git-send-email 2.13.2 In-Reply-To: <20170708110834.13972-1-donttrustben@gmail.com> References: <20170708110834.13972-1-donttrustben@gmail.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Sat, 08 Jul 2017 13:10:01 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.0 (----) Previously, inkscape failed to start, attempting to load an incorrect poppler shared library version. * gnu/packages/inkscape.scm (inkscape)[inputs]: Replace poppler with poppler-0.56.0. * gnu/packages/pdf.scm (poppler-0.56.0): Export it. --- gnu/packages/inkscape.scm | 3 ++- gnu/packages/pdf.scm | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/gnu/packages/inkscape.scm b/gnu/packages/inkscape.scm index 0f28e640a..b52c2e1a2 100644 --- a/gnu/packages/inkscape.scm +++ b/gnu/packages/inkscape.scm @@ -59,7 +59,8 @@ ("gtkmm" ,gtkmm-2) ("gtk" ,gtk+-2) ("gsl" ,gsl) - ("poppler" ,poppler) + ("poppler" ,poppler-0.56.0) ; Use an ungrafted poppler so the correct + ; library is loaded. ("libpng" ,libpng) ("libxml2" ,libxml2) ("libxslt" ,libxslt) diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index dce02a7b5..574b223ee 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -130,7 +130,7 @@ (license license:gpl2+) (home-page "https://poppler.freedesktop.org/"))) -(define poppler-0.56.0 +(define-public poppler-0.56.0 (package (inherit poppler) (version "0.56.0") (source -- 2.13.2 From debbugs-submit-bounces@debbugs.gnu.org Sat Jul 08 18:04:58 2017 Received: (at 27621) by debbugs.gnu.org; 8 Jul 2017 22:04:58 +0000 Received: from localhost ([127.0.0.1]:58225 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dTxqT-00023M-Sa for submit@debbugs.gnu.org; Sat, 08 Jul 2017 18:04:58 -0400 Received: from world.peace.net ([50.252.239.5]:43569) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dTxqR-000231-8Z; Sat, 08 Jul 2017 18:04:56 -0400 Received: from pool-72-93-34-106.bstnma.east.verizon.net ([72.93.34.106] helo=jojen) by world.peace.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1dTxqL-00022h-29; Sat, 08 Jul 2017 18:04:49 -0400 From: Mark H Weaver To: Ben Woodcroft , leo@famulari.name (Leo Famulari) Subject: bug#27621: Poppler's replacement is ABI-incompatible with the original References: <20170708110834.13972-1-donttrustben@gmail.com> Date: Sat, 08 Jul 2017 18:04:37 -0400 In-Reply-To: <20170708110834.13972-1-donttrustben@gmail.com> (Ben Woodcroft's message of "Sat, 8 Jul 2017 21:08:33 +1000") Message-ID: <87a84ea8lm.fsf@netris.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 27621 Cc: 27621@debbugs.gnu.org, control@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) retitle 27621 Poppler's replacement is ABI-incompatible with the original severity 27621 important thanks Ben Woodcroft writes: > Currently Inkscape fails to start as the poppler shared library changes from > libpoppler.so.66 to libpoppler.so.67 upon grafting. Is this the correct way > to fix this issue? The problem is that poppler's replacement is not ABI compatible with the original. This will likely break any program linked with libpoppler. This needs to be fixed in poppler. We should not work around this by changing our inkscape package. > I'm not quite sure why poppler is grafted in the first place, given there are > so few dependencies (26)? Should it simply be updated? How did you count 26? According to "guix refresh -l poppler", poppler has 1643 dependent packages per platform. That's too many. The problem originated with the following security update: leo@famulari.name (Leo Famulari) writes: > lfam pushed a commit to branch master > in repository guix. > > commit 95bbaa02aa63bc5eae36f686f1ed9915663aa4cf > Author: Leo Famulari > Date: Thu Jun 29 03:10:30 2017 -0400 > > gnu: poppler: Fix CVE-2017-{9775,9776}. > > * gnu/packages/pdf.scm (poppler)[replacement]: New field. > (poppler-0.56.0): New variable. > (poppler-qt4, poppler-qt5): Use 'package/inherit'. > --- > gnu/packages/pdf.scm | 17 +++++++++++++++-- > 1 file changed, 15 insertions(+), 2 deletions(-) > > diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm > index 5ccaa38..dce02a7 100644 > --- a/gnu/packages/pdf.scm > +++ b/gnu/packages/pdf.scm > @@ -76,6 +76,7 @@ > (define-public poppler > (package > (name "poppler") > + (replacement poppler-0.56.0) > (version "0.52.0") > (source (origin > (method url-fetch) Unfortunately, we cannot use poppler-0.56.0 to replace 0.52.0 via grafting. The shared library major version number bump indicates an ABI incompatibility. Here's what we need to do: instead of replacing 0.52.0 with 0.56.0, we need to find backported fixes for poppler-0.52.0 (or possibly some newer version that has the same ABI as 0.52.0), and apply those as patches in the replacement. Mark From debbugs-submit-bounces@debbugs.gnu.org Sun Jul 09 02:30:53 2017 Received: (at 27621) by debbugs.gnu.org; 9 Jul 2017 06:30:53 +0000 Received: from localhost ([127.0.0.1]:58310 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dU5k5-0002GM-F6 for submit@debbugs.gnu.org; Sun, 09 Jul 2017 02:30:53 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:52323) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dU5k3-0002GA-6I; Sun, 09 Jul 2017 02:30:51 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id C1BAA208CD; Sun, 9 Jul 2017 02:30:50 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Sun, 09 Jul 2017 02:30:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=RZmTTixk73w+SKxLsbtHVIEv+1nlET709qd1lq WAw7k=; b=WZ3vIVyokkUBkVlp9oAtrJjzHMcuu/9bwfl1BOqvVt3cch1xuLnSvU xj/MNW8sUK40ZznVFkgijUxSO4WaURN33Ei/0P8jPqzaMjdSz8vWFcwJCfqlIAFV jAcworenwotibFs86XPbzILmmXY4ilnzGJiEkzHQQg4Hn/2Z3VHzA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=RZmTTixk73w+SKxLsb tHVIEv+1nlET709qd1lqWAw7k=; b=KOWewYJE/h7SSgdzvW+6AKUnY4ZITL+ltY m5sHM9Wj1mwQxnF/A9o8CIvE3URr6O0sRKFClEemtE6Nbuj29UQri60HsbtIr/pH WVAgDJmqZj42r9ya11+OrFBfj38ytnr3Y3sttm2f3+uCHzpyHimo1zrinPyDDauT 0TaOTlcH0xeJQFoxQlYyjPp6nAX7q4ujEQ1mMvwMZ0TtxyxEb2W0eK7LDaajGGb3 ihMXs8yTzTUVnqv8TOoFCRQgCSp0Oqj01czqCjM4NegKCGg+zUt3n63I9g05mhBO wRuoNy+0clzXOrpVtRA/C8e1tpiYxqcYkyte016JllzZ2zV2aTwQ== X-ME-Sender: X-Sasl-enc: 2gA+Fhh1gpNj2AKj+MjAluErDWc9tH70Wc53Mp7JCrIW 1499581850 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 7E829248B6; Sun, 9 Jul 2017 02:30:50 -0400 (EDT) Date: Sun, 9 Jul 2017 02:30:49 -0400 From: Leo Famulari To: Mark H Weaver Subject: Re: bug#27621: Poppler's replacement is ABI-incompatible with the original Message-ID: <20170709063049.GA31887@jasmine.lan> References: <20170708110834.13972-1-donttrustben@gmail.com> <87a84ea8lm.fsf@netris.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="FCuugMFkClbJLl1L" Content-Disposition: inline In-Reply-To: <87a84ea8lm.fsf@netris.org> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 27621 Cc: Ben Woodcroft , control@debbugs.gnu.org, 27621@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --FCuugMFkClbJLl1L Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jul 08, 2017 at 06:04:37PM -0400, Mark H Weaver wrote: > Ben Woodcroft writes: >=20 > > Currently Inkscape fails to start as the poppler shared library changes= from > > libpoppler.so.66 to libpoppler.so.67 upon grafting. Is this the correct= way > > to fix this issue? > The problem originated with the following security update: >=20 > leo@famulari.name (Leo Famulari) writes: > > lfam pushed a commit to branch master > > in repository guix. > > > > commit 95bbaa02aa63bc5eae36f686f1ed9915663aa4cf > > Author: Leo Famulari > > Date: Thu Jun 29 03:10:30 2017 -0400 > > > > gnu: poppler: Fix CVE-2017-{9775,9776}. > > =20 > > * gnu/packages/pdf.scm (poppler)[replacement]: New field. > > (poppler-0.56.0): New variable. > > (poppler-qt4, poppler-qt5): Use 'package/inherit'. Sorry about this mistake. > Here's what we need to do: instead of replacing 0.52.0 with 0.56.0, we > need to find backported fixes for poppler-0.52.0 (or possibly some newer > version that has the same ABI as 0.52.0), and apply those as patches in > the replacement. I just pushed b3cc304b3050e89858c88947fbd7d76c108b5d67 which applies a patch for CVE-2017-9776 onto the poppler 0.52.0 source code. We'll need to write and test our own patch for CVE-2017-9775 that will apply to the source of poppler 0.52.0, or wait for someone else to do it and copy theirs. --FCuugMFkClbJLl1L Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllhzZgACgkQJkb6MLrK fwgpsxAAzrqP6CMcpNPeZrTRMH67GL6bcdlHUCDW8XYSilFU+h2H7DCzwtfp9lr7 Hrc+qm7sN2FHZ0E6Yo9xkfmMXj24xTH5+DNDPglZXaNDMp4ZjA9YAJrnkFS/qU1F ysVlsRgrAMg8oJkJyL75ysUHDcY47TETqJPX96cnJCmERlGkZOo3LdYhB9Ycp8VB tD8xt30erWg/+XK7RWSR3SEWsIzMuz/0biU53nkuAw0OUr7OS8FIgB+r9+P0JDAk wC1pO27M3xxGYbMbEteMORI4kK4gyIM86oc2eJmraR+ZwIsFvAV4jU07NNYkY1A2 c5i9j543hw6xvBnRlh3M4fLcVZ87KX3DuHkCYI2Ys/A1WnIMGlGCXQ83oHo5vMA4 Kh9k+4vaaMDdC7gSwidUuN5rSNzVfF6JdatIQPNgZ5UIPaqBl7zeiNuPjtHl5dbA nx106k0sBuXN4GQEz3QTD2mv/cicJW4uRnH0Az2WFFVKydTe77iiI5fPLgMkS1+g +69w5sDLd6wCmW6UdtFSqR5ARpfYJsv9Tyacmeioj7E7tLxhRLCP96Nbf6b8VYaD BbIaaFsjb3gwvKlOoK83LJuGV+7eBkM3UdKZwqRsiZ/p5Gi26raYYuDxw3WqJSgA +RBZVvOdsugykcRd7fJJnFfd1BygvX8dWlsBmqOqKzs+ZzS/zYE= =AuEF -----END PGP SIGNATURE----- --FCuugMFkClbJLl1L-- From debbugs-submit-bounces@debbugs.gnu.org Sun Jul 09 17:25:28 2017 Received: (at 27621-done) by debbugs.gnu.org; 9 Jul 2017 21:25:28 +0000 Received: from localhost ([127.0.0.1]:59215 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dUJho-0008GN-3M for submit@debbugs.gnu.org; Sun, 09 Jul 2017 17:25:28 -0400 Received: from world.peace.net ([50.252.239.5]:44220) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dUJhm-0008GA-Si for 27621-done@debbugs.gnu.org; Sun, 09 Jul 2017 17:25:27 -0400 Received: from pool-72-93-34-106.bstnma.east.verizon.net ([72.93.34.106] helo=jojen) by world.peace.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1dUJhg-0006b9-E5; Sun, 09 Jul 2017 17:25:20 -0400 From: Mark H Weaver To: Leo Famulari Subject: Re: bug#27621: Poppler's replacement is ABI-incompatible with the original References: <20170708110834.13972-1-donttrustben@gmail.com> <87a84ea8lm.fsf@netris.org> <20170709063049.GA31887@jasmine.lan> Date: Sun, 09 Jul 2017 17:25:07 -0400 In-Reply-To: <20170709063049.GA31887@jasmine.lan> (Leo Famulari's message of "Sun, 9 Jul 2017 02:30:49 -0400") Message-ID: <87pod98frg.fsf@netris.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 27621-done Cc: Ben Woodcroft , 27621-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Leo Famulari writes: > On Sat, Jul 08, 2017 at 06:04:37PM -0400, Mark H Weaver wrote: >> Here's what we need to do: instead of replacing 0.52.0 with 0.56.0, we >> need to find backported fixes for poppler-0.52.0 (or possibly some newer >> version that has the same ABI as 0.52.0), and apply those as patches in >> the replacement. > > I just pushed b3cc304b3050e89858c88947fbd7d76c108b5d67 which applies a > patch for CVE-2017-9776 onto the poppler 0.52.0 source code. Thank you! :) > We'll need to write and test our own patch for CVE-2017-9775 that will > apply to the source of poppler 0.52.0, or wait for someone else to do > it and copy theirs. I looked, but backporting the fix to 0.52.0 seems non-trivial. Fedora 26 uses poppler-0.52.0, but I see that they have not yet fixed either of these CVEs. http://pkgs.fedoraproject.org/cgit/rpms/poppler.git/log/?h=f26 They did, however, cherry-pick an upstream patch to fix a null pointer dereference bug in 0.52.0. I'll look into adding this patch to our poppler. FWIW, Fedora considers CVE-2017-9775 to be of low severity: https://access.redhat.com/security/cve/cve-2017-9775 Anyway, I'm closing this bug now. Thanks again for your tireless efforts to keep us safe, Leo! Mark From debbugs-submit-bounces@debbugs.gnu.org Sun Jul 09 21:48:33 2017 Received: (at 27621-done) by debbugs.gnu.org; 10 Jul 2017 01:48:33 +0000 Received: from localhost ([127.0.0.1]:59386 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dUNoP-0004aY-Lk for submit@debbugs.gnu.org; Sun, 09 Jul 2017 21:48:33 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:59865) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dUNoN-0004aQ-99 for 27621-done@debbugs.gnu.org; Sun, 09 Jul 2017 21:48:32 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 9E1FC207E6; Sun, 9 Jul 2017 21:48:30 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Sun, 09 Jul 2017 21:48:30 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=Otg3lMRxkS0C5gsXAk63ED8s4Vh8B6c7Djcl8M 8ISh0=; b=NzpbySYNcqUAeEKOwlSHrNf5cp4i4Q7rdDL+53XBRVtyeHQ3Y2wUCo +tcxfQbrDrjPwecQnCNAOT3EySBy66J9Od7/aXmlW1syXlmIB/VnUCskarC6H4jf aD4F3Vwg7RxMGQicb3GPQ/rh49aPaUwwQj3hU2bXRXBn7ViblJTLg= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=Otg3lMRxkS0C5gsXAk 63ED8s4Vh8B6c7Djcl8M8ISh0=; b=O8b51dq9XdlO+Cnfq817BBzWd5JSs7CnGE En2Z7zQwLlzxoPaZgXHO7Ku1PK+tKNIbNd9J6tdXJsSIQ2poFQdq9AIplxAGxB/+ +w8jUaZtR98cnfN9+qZbEd7b7nwR10cujjFWYDkI6Ovj7Fb42pxCsliV9cJh0cz6 IhaR8Kil7rM6XX6SlRYrKQuLAowrKahwMa16KMTrsMqxkXw/zyI1xmn8+siuIa69 EQ+i6yFDInC9OpNqYh4xKvIujzJSuzCknLfyf/nzmMUUyuTXKQ7+BRZRLC7Vnlen BdAr7weM/oXGdmch0nlLWrXA1iNNvFHhSUm6icSThEsj+w+BYk5w== X-ME-Sender: X-Sasl-enc: aF6+fxg23uLTXPPm5rAKnkQlTsi/uD2yFgjrOdQOQJXz 1499651310 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 5D36C24620; Sun, 9 Jul 2017 21:48:30 -0400 (EDT) Date: Sun, 9 Jul 2017 21:48:29 -0400 From: Leo Famulari To: Mark H Weaver Subject: Re: bug#27621: Poppler's replacement is ABI-incompatible with the original Message-ID: <20170710014829.GA11826@jasmine.lan> References: <20170708110834.13972-1-donttrustben@gmail.com> <87a84ea8lm.fsf@netris.org> <20170709063049.GA31887@jasmine.lan> <87pod98frg.fsf@netris.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="RnlQjJ0d97Da+TV1" Content-Disposition: inline In-Reply-To: <87pod98frg.fsf@netris.org> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 27621-done Cc: 27621-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --RnlQjJ0d97Da+TV1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jul 09, 2017 at 05:25:07PM -0400, Mark H Weaver wrote: > They did, however, cherry-pick an upstream patch to fix a null pointer > dereference bug in 0.52.0. I'll look into adding this patch to our > poppler. Thanks! Let us know how it goes. > FWIW, Fedora considers CVE-2017-9775 to be of low severity: >=20 > https://access.redhat.com/security/cve/cve-2017-9775 The disclosure on the freedesktop bug tracker [0] says: "Due to some restrictions in the lines after the bug, an attacker can't control the values written in the stack so it unlikely this could lead to a code execution." So, not great but, if their estimation is right, not that bad either. [0] https://bugs.freedesktop.org/show_bug.cgi?id=3D101540 --RnlQjJ0d97Da+TV1 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlli3OkACgkQJkb6MLrK fwj4UA/8DBaA60VMlM0i5pevhzQrAre7vTUOQIuI7XjMpeU5u6iktsKyzMahPLaZ BO6NQXWFlaF/JDDKR+qPNYCFNGxGC6bV3iNZtQTro3nsdyvuX94888Qmye6hGRrK n5vM9hDZCC3vNxVjVdQmmxecFEJ7fXktfLN5KqKMPVJ7TOC+M+sVCPjfOimwNQPL 7+CwnrYowPBK0r/GM1ce5acv3/SreDb2UVAPQC9PBHf5l8ERx/y2fG0ei4ViV4tk cB4Hh9y/Q5HiKqxHOrunZAXFCVH0myhPNxKI7uWk9EofNsHhE+QHNAUNUTGiIqUU CXHzh4C+A+X/P9VaWzo0HVk6yDDsnVuvNyvYPaKxABYYGEOaIqSm+Y7qeTxQvvic HNm7dx/iSQ4IJAffXmgUyrArAruQ2PIxuNwdNPC30cm5yhRdwUitxwREHiIKgY20 dqRjrWIu17ZVvIWFRCcvA+Uu1/bsYn+jrrSpcH7saMsDfi1IegM9nke5iajbfbr6 9b/v6zzMo6Y2LAwsuYuZ9m5D6t5UBlh4LZy/pQj/U132nJyzYqvb9t/lAgz63sBC Bas6AqHjVinrfPBlEsu0FjxpA7H8+BEzv2zOKzHxTi9YBpCjggXtJ2lqxRdmaW95 vrAhumNGnsju4aNgKBxXVyXPdnAUXLvl6+L2EP+pklciJtlcEDU= =1orn -----END PGP SIGNATURE----- --RnlQjJ0d97Da+TV1-- From debbugs-submit-bounces@debbugs.gnu.org Mon Jul 10 13:07:52 2017 Received: (at 27621-done) by debbugs.gnu.org; 10 Jul 2017 17:07:52 +0000 Received: from localhost ([127.0.0.1]:32896 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dUcA4-0005I4-2n for submit@debbugs.gnu.org; Mon, 10 Jul 2017 13:07:52 -0400 Received: from world.peace.net ([50.252.239.5]:45251) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dUcA1-0005Hr-Sx for 27621-done@debbugs.gnu.org; Mon, 10 Jul 2017 13:07:50 -0400 Received: from pool-72-93-34-106.bstnma.east.verizon.net ([72.93.34.106] helo=jojen) by world.peace.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1dUc9w-0002ZZ-0l; Mon, 10 Jul 2017 13:07:44 -0400 From: Mark H Weaver To: Leo Famulari Subject: Re: bug#27621: Poppler's replacement is ABI-incompatible with the original References: <20170708110834.13972-1-donttrustben@gmail.com> <87a84ea8lm.fsf@netris.org> <20170709063049.GA31887@jasmine.lan> <87pod98frg.fsf@netris.org> <20170710014829.GA11826@jasmine.lan> Date: Mon, 10 Jul 2017 13:07:32 -0400 In-Reply-To: <20170710014829.GA11826@jasmine.lan> (Leo Famulari's message of "Sun, 9 Jul 2017 21:48:29 -0400") Message-ID: <87mv8cgqzv.fsf@netris.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 27621-done Cc: 27621-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Leo Famulari writes: > On Sun, Jul 09, 2017 at 05:25:07PM -0400, Mark H Weaver wrote: >> They did, however, cherry-pick an upstream patch to fix a null pointer >> dereference bug in 0.52.0. I'll look into adding this patch to our >> poppler. > > Thanks! Let us know how it goes. Pushed to master as commit ef019092b98e1337acac51525e8e4e092267f69c. Mark From unknown Mon Jun 23 09:41:00 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Tue, 08 Aug 2017 11:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator