[tex-live] libpoppler security `fix' breaks PDF processing of many documents
Ken Moffat
zarniwhoop at ntlworld.com
Sat Mar 24 03:00:14 CET 2018
On Fri, Mar 23, 2018 at 07:09:22PM -0600, Nelson H. F. Beebe wrote:
> The Devuan (Dng at lists.dyne.org) developer list today contains several
> reports that recent system updates to libpoppler have broken PDF
> processing of many documents, in multiple viewers, including okular,
> evince, and xpdf. The symptom is blank pages and/or missing font
> characters.
>
> There are two postings at
>
> https://bugs.debian.org/886798
> https://bugs.debian.org/890826
>
> They suggest that a recent libpoppler security `fix' is itself broken.
>
> Thus, we need to watch for new libpoppler source updates that really
> fix the problem, and incorporate those into the TeX Live 2018 source
> tree. Alternatively, if that does not happen soon enough,
> backtracking to an older less buggy version of the library may be
> called for.
>
>From a quick look at those two bugs, they are for poppler-0.26
series (libpoppler-0.46). Is that not already very old ?
Earlier this week I built recent 2018 source against poppler-0.62 -
I see that my libpoppler version is now 73.
I take my hat off to people who manage to maintain older versions of
packages when vulnerabilities sometimes come to light years after a
particular version is released, but from time to time a fix breaks
things. Meanwhile, the version of libpoppler in texlive from a few
days ago seems to be 0.63 (from reading configure.ac) so I think the
problem will only impact linux distros who build against system
poppler *and* use that old version.
ĸen
--
Truth, in front of her huge walk-in wardrobe, selected black leather
boots with stiletto heels for such a barefaced truth.
- Unseen Academicals
More information about the tex-live
mailing list