On Wed, 2017-05-03 at 11:11 +0200, Mattia Rizzolo wrote:
[..]
> You LTS upload broke libpodofo ABI. The symbol
> _ZNK6PoDoFo7PdfPage25GetInheritedKeyFromObjectEPKcPKNS_9PdfObjectE@Base
> as present in the wheezy version (libpodofo0.9.0_0.9.0-1.1+b1_amd64.deb)
> became
> _ZNK6PoDoFo7PdfPage25GetInheritedKeyFromObjectEPKcPKNS_9PdfObjectEi@Base
> in wheezy-security (libpodofo0.9.0_0.9.0-1.1+deb7u1_amd64.deb).
>
> Now, I do not know what's LTS policy about silent ABI breakage, but I
> doubt you are OK with that.
>
>
> That's in particular caused by
> https://anonscm.debian.org/git/collab-maint/libpodofo.git/tree/debian/patches/CVE-2017-5852.patch?h=debian/0.9.0-1.1%2bdeb7u1#n123
>
> - const PdfObject* GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject ) const;
> + const PdfObject* GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject, int depth = 0 ) const;
>
>
> ATM, I don't know how to fix that CVE without breaking the ABI.
Create two overloaded functions rather than one function implementation
that's overloaded through a default parameter:
- const PdfObject* GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject, int depth = 0 ) const;
+ const PdfObject* GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject ) const;
+ const PdfObject* GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject, int depth ) const;
...
+const PdfObject* PdfPage::GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject ) const
+{
+ return GetInheritedKeyFromObject(inKey, inObject, 0);
+}
Ben.
--
Ben Hutchings
friends: People who know you well, but like you anyway.
Attachment:
signature.asc
Description: This is a digitally signed message part