On Wed, 2017-05-03 at 11:11 +0200, Mattia Rizzolo wrote: [..] > You LTS upload broke libpodofo ABI. The symbol > _ZNK6PoDoFo7PdfPage25GetInheritedKeyFromObjectEPKcPKNS_9PdfObjectE@Base > as present in the wheezy version (libpodofo0.9.0_0.9.0-1.1+b1_amd64.deb) > became > _ZNK6PoDoFo7PdfPage25GetInheritedKeyFromObjectEPKcPKNS_9PdfObjectEi@Base > in wheezy-security (libpodofo0.9.0_0.9.0-1.1+deb7u1_amd64.deb). > > Now, I do not know what's LTS policy about silent ABI breakage, but I > doubt you are OK with that. > > > That's in particular caused by > https://anonscm.debian.org/git/collab-maint/libpodofo.git/tree/debian/patches/CVE-2017-5852.patch?h=debian/0.9.0-1.1%2bdeb7u1#n123 > > - const PdfObject* GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject ) const; > + const PdfObject* GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject, int depth = 0 ) const; > > > ATM, I don't know how to fix that CVE without breaking the ABI. Create two overloaded functions rather than one function implementation that's overloaded through a default parameter: - const PdfObject* GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject, int depth = 0 ) const; + const PdfObject* GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject ) const; + const PdfObject* GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject, int depth ) const; ... +const PdfObject* PdfPage::GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject ) const +{ + return GetInheritedKeyFromObject(inKey, inObject, 0); +} Ben. -- Ben Hutchings friends: People who know you well, but like you anyway.
Attachment:
signature.asc
Description: This is a digitally signed message part