[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#27621: Poppler's replacement is ABI-incompatible with the original
From: |
Leo Famulari |
Subject: |
bug#27621: Poppler's replacement is ABI-incompatible with the original |
Date: |
Sun, 9 Jul 2017 02:30:49 -0400 |
User-agent: |
Mutt/1.8.3 (2017-05-23) |
On Sat, Jul 08, 2017 at 06:04:37PM -0400, Mark H Weaver wrote:
> Ben Woodcroft <address@hidden> writes:
>
> > Currently Inkscape fails to start as the poppler shared library changes from
> > libpoppler.so.66 to libpoppler.so.67 upon grafting. Is this the correct way
> > to fix this issue?
> The problem originated with the following security update:
>
> address@hidden (Leo Famulari) writes:
> > lfam pushed a commit to branch master
> > in repository guix.
> >
> > commit 95bbaa02aa63bc5eae36f686f1ed9915663aa4cf
> > Author: Leo Famulari <address@hidden>
> > Date: Thu Jun 29 03:10:30 2017 -0400
> >
> > gnu: poppler: Fix CVE-2017-{9775,9776}.
> >
> > * gnu/packages/pdf.scm (poppler)[replacement]: New field.
> > (poppler-0.56.0): New variable.
> > (poppler-qt4, poppler-qt5): Use 'package/inherit'.
Sorry about this mistake.
> Here's what we need to do: instead of replacing 0.52.0 with 0.56.0, we
> need to find backported fixes for poppler-0.52.0 (or possibly some newer
> version that has the same ABI as 0.52.0), and apply those as patches in
> the replacement.
I just pushed b3cc304b3050e89858c88947fbd7d76c108b5d67 which applies a
patch for CVE-2017-9776 onto the poppler 0.52.0 source code.
We'll need to write and test our own patch for CVE-2017-9775 that will
apply to the source of poppler 0.52.0, or wait for someone else to do
it and copy theirs.
signature.asc
Description: PGP signature