GNU bug report logs -
#27621
Poppler's replacement is ABI-incompatible with the original
Previous Next
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
On Sat, Jul 08, 2017 at 06:04:37PM -0400, Mark H Weaver wrote:
> Ben Woodcroft <donttrustben <at> gmail.com> writes:
>
> > Currently Inkscape fails to start as the poppler shared library changes from
> > libpoppler.so.66 to libpoppler.so.67 upon grafting. Is this the correct way
> > to fix this issue?
> The problem originated with the following security update:
>
> leo <at> famulari.name (Leo Famulari) writes:
> > lfam pushed a commit to branch master
> > in repository guix.
> >
> > commit 95bbaa02aa63bc5eae36f686f1ed9915663aa4cf
> > Author: Leo Famulari <leo <at> famulari.name>
> > Date: Thu Jun 29 03:10:30 2017 -0400
> >
> > gnu: poppler: Fix CVE-2017-{9775,9776}.
> >
> > * gnu/packages/pdf.scm (poppler)[replacement]: New field.
> > (poppler-0.56.0): New variable.
> > (poppler-qt4, poppler-qt5): Use 'package/inherit'.
Sorry about this mistake.
> Here's what we need to do: instead of replacing 0.52.0 with 0.56.0, we
> need to find backported fixes for poppler-0.52.0 (or possibly some newer
> version that has the same ABI as 0.52.0), and apply those as patches in
> the replacement.
I just pushed b3cc304b3050e89858c88947fbd7d76c108b5d67 which applies a
patch for CVE-2017-9776 onto the poppler 0.52.0 source code.
We'll need to write and test our own patch for CVE-2017-9775 that will
apply to the source of poppler 0.52.0, or wait for someone else to do
it and copy theirs.
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 7 years and 321 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.