[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#27621: Poppler's replacement is ABI-incompatible with the original

From: Mark H Weaver
Subject: bug#27621: Poppler's replacement is ABI-incompatible with the original
Date: Sat, 08 Jul 2017 18:04:37 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)

retitle 27621 Poppler's replacement is ABI-incompatible with the original
severity 27621 important

Ben Woodcroft <address@hidden> writes:

> Currently Inkscape fails to start as the poppler shared library changes from
> libpoppler.so.66 to libpoppler.so.67 upon grafting. Is this the correct way
> to fix this issue?

The problem is that poppler's replacement is not ABI compatible with the
original.  This will likely break any program linked with libpoppler.
This needs to be fixed in poppler.  We should not work around this by
changing our inkscape package.

> I'm not quite sure why poppler is grafted in the first place, given there are
> so few dependencies (26)? Should it simply be updated?

How did you count 26?  According to "guix refresh -l poppler", poppler
has 1643 dependent packages per platform.  That's too many.

The problem originated with the following security update:

address@hidden (Leo Famulari) writes:
> lfam pushed a commit to branch master
> in repository guix.
> commit 95bbaa02aa63bc5eae36f686f1ed9915663aa4cf
> Author: Leo Famulari <address@hidden>
> Date:   Thu Jun 29 03:10:30 2017 -0400
>     gnu: poppler: Fix CVE-2017-{9775,9776}.
>     * gnu/packages/pdf.scm (poppler)[replacement]: New field.
>     (poppler-0.56.0): New variable.
>     (poppler-qt4, poppler-qt5): Use 'package/inherit'.
> ---
>  gnu/packages/pdf.scm | 17 +++++++++++++++--
>  1 file changed, 15 insertions(+), 2 deletions(-)
> diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
> index 5ccaa38..dce02a7 100644
> --- a/gnu/packages/pdf.scm
> +++ b/gnu/packages/pdf.scm
> @@ -76,6 +76,7 @@
>  (define-public poppler
>    (package
>     (name "poppler")
> +   (replacement poppler-0.56.0)
>     (version "0.52.0")
>     (source (origin
>              (method url-fetch)

Unfortunately, we cannot use poppler-0.56.0 to replace 0.52.0 via
grafting.  The shared library major version number bump indicates an ABI

Here's what we need to do: instead of replacing 0.52.0 with 0.56.0, we
need to find backported fixes for poppler-0.52.0 (or possibly some newer
version that has the same ABI as 0.52.0), and apply those as patches in
the replacement.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]