[Bug 570183] New: libpoppler security upgrade breaks xpdf
http://bugzilla.novell.com/show_bug.cgi?id=570183 http://bugzilla.novell.com/show_bug.cgi?id=570183#c0 Summary: libpoppler security upgrade breaks xpdf Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: x86-64 OS/Version: openSUSE 11.2 Status: NEW Severity: Normal Priority: P5 - None Component: X11 Applications AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: daved@windclimber.id.au QAContact: qa@suse.de Found By: --- Blocker: --- Created an attachment (id=336274) --> (http://bugzilla.novell.com/attachment.cgi?id=336274) PDF file which triggers Segmentation violation User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.1.6) Gecko/20091206 SeaMonkey/2.0.1 After doing online update to libpoppler 0.12.0-3.7.1 (x86_64) xpdf reports segmentation violation when opening some pdf files, before opening a window. Reverting to /usr/lib64/libpoppler.so.5.0.0 distributed with the 11.2 release fixes problem. I will attach a file which triggers fault. This has been confirmed on two 64 bit machines. Reproducible: Always Steps to Reproduce: 1. upgrade libpoppler (on 64 bit machine) 2. open attached PDF file with xpdf 3. Actual Results: Segmentation fault Expected Results: file displayed -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c
yang xiaoyu
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c1
Li Bin
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c2
Joachim Deguara
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c3
--- Comment #3 from Li Bin
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c4
Li Bin
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c5
Thomas Biege
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c6
Li Bin
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c7
Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c8
--- Comment #8 from Li Bin
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c9
--- Comment #9 from Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c10
--- Comment #10 from Li Bin
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c11
--- Comment #11 from Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c12
Detlef Reichelt
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c13
--- Comment #13 from Li Bin
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c14
Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c15
Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c16
Li Bin
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c17
Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c18
--- Comment #18 from Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c19
--- Comment #19 from Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c20
Petr Gajdos
my question anyways. Since upstream doesn't use the safeint patch how does their fix look like?
The problem is, that our security team wanted better fix than upstream have :-). That is why the xpdf-safe-int.patch has arisen, why is so huge and why I was convinced from the beginning this patch is not upstreamable. I suggest read bug 502974 for more informations. I have talked with sbrabec and he suggested to (carefully) consider version update for poppler, if there is no ABI change and addresses said security problem sufficiently. Alternatively (for older distributions for example), original small patch from upstream -- bug 502061, comment 2 could be backported. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c21
--- Comment #21 from Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c22
--- Comment #22 from Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c23
--- Comment #23 from Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c24
--- Comment #24 from Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c
Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c25
Reinhard Max
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c26
--- Comment #26 from Li Bin
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c27
Li Bin
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c28
Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c29
Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c30
--- Comment #30 from Li Bin
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c31
--- Comment #31 from Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c32
--- Comment #32 from Li Bin
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c33
Li Bin
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c34
--- Comment #34 from Thomas Biege
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c35
Christian Boltz
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c36
Thomas Biege
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c37
Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c38
io proprioio
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c39
--- Comment #39 from Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c40
--- Comment #40 from Uwe Bonnes
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c41
--- Comment #41 from Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c42
--- Comment #42 from io proprioio
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c43
--- Comment #43 from Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c44
Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c45
Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c46
io proprioio
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c47
Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c48
Karl Eichwalder
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c49
io proprioio
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c50
--- Comment #50 from Dave Davey
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c51
--- Comment #51 from io proprioio
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c54
Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c55
Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c
Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=570183
http://bugzilla.novell.com/show_bug.cgi?id=570183#c56
--- Comment #56 from Bernhard Wiedemann
participants (2)
-
bugzilla_noreply@novell.com
-
opensuse-bugs+bounces-385816@opensuse.org