On Sat, 17 Jul 2010 01:56:14 +0900, Osamu Aoki wrote: > On Fri, Jul 16, 2010 at 12:10:14PM -0400, Michael Gilbert wrote: > > > Is this because you are using poppler? > > > > yes. the vulnerabilities exist only in the xpdf codebase that became > > poppler. i no longer build any of that affected code (dynamically > > linking to it in poppler instead where it is already patched), so there > > is no need to retain those patches. > > I build -8, and looking good. > > Are you contacting upstream so these patches get into the upstream? > (With so much "sed", maybe not...)
i haven't yet, but i plan to for the current bug fixes. upstream adoption of the poppler compatibility patches is rather unlikely since they have no interest in following what poppler does. the 'sed' commands are needed since poppler renamed a bunch of types from G* to Goo* (probably because of a conflict with some existing gnome G* type). those changes are also part of the poppler compatibility updates, and i don't see upstream having any interest in a big rename for no impact from their perspective. i will however send a message to see anyway. mike -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100716130711.b6263add.michael.s.gilb...@gmail.com
