Michael Gilbert <mgilb...@debian.org> writes: >> #662882 >> https://bugs.launchpad.net/ubuntu/+source/xpdf/+bug/669211 (see comment 47) > > Those are this bug, and Ubuntu developers are responsible for their > system preferring poppler's globalparams and pretty much breaking > everything. They need to find their own solution, and they did for > 12.10.
I don't follow the Ubuntu packages closely, but due to the undefined nature of the bug, I'm 100% sure that the reports that this is _unfixed_ even in 12.10 https://bugs.launchpad.net/ubuntu/+source/xpdf/+bug/943195 are real. > Saying there are potential security issues without evidence is blowing > the problem out of proportion. If there is real evidence that there > is a problem, I will certainly look at it, but guesses are not > sufficient. So analysing and verifying that there is an _undefined behaviour_ type bug here is no such evidence for you? > Also, the patch attached to this report is far too large. Any patch > should address the known problems specifically, rather than just > copying popper's globalparams. You didn't really look at the patch in much detail, did you? It is _not_ copying libpoppler's GlobalParams. It is _deriving from_ libpoppler's GlobalParams as defined in /usr/include/poppler/GlobalParams.h. Therefore, unless libpoppler's major version is bumped, it will only use its public ABI and hence continue to work even if libpoppler is upgraded. (As to Jens Stimpfle's suggestion of reverting to a poppler-less xpdf Version, yes that would be possible, but would lose all the Debian-specific work libpoppler has done. It depends on how much you value that. Personally, I am generally opposed to removing functionality which others have added.) "Far too large": there are maybe 15-20 lines of functional changes in this patch, mainly changing function signatures for error propagation. The rest is _purely mechanical_. The C++ compiler and valgrind are your friends here. All I can say from 20+ years of C/C++ experience is that this patch is a definitive fix for this grave bug. I am severely disappointed by your handling of this issue, and if the quality of your comments doesn't improve noticeably -- sorry, I have nothing more to say. Regards, Wolfram. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org