[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#529331: luatex FTBFS wih libpoppler 0.11 because ~GfxFont() is protected

Dear poppler people, dear security team

Fabrice Coutadeur <fabricesp@ubuntu.com> wrote:

> Luatex FTBFS with lipoppler 0.11, as ~GfxFont() became protectedr.
> in the log, you find the following comment:
> 2008-12-16	Make destructors private/protected since you are not supposed to use them
>
[...]
> As stated in libpoppler change log, the call to the virtual GfxFont destructor should not be done.

in the long run, what does that mean for packages that want to link
against libpoppler to avoid inclusion of a xpdf copy?  

Since this is often done in form of distro patches, not by upstream (at
least this is the case for *tex), it's the Debian maintainers who need
to adapt the patches. Thus, we diverge more and more from upstream.

As for the TeX Task Force, we are not experts in C++, not involved in
poppler development at all, and hardly familiar with code development of
our upstreams, this means that sooner or later poppler will become
unusable to us. The only alternative would be to use embedded xpdf code
again.

Is poppler upstream aware of this use of their library? What do they
think about it?


On the other hand - can you suggest a fix for the issue at hand right
now? 

Regards, Frank

P.S. I'm inclined to file a RC bug on poppler until it has been decided,
with input from the security team, how this is to be handled in the future.
-- 
Dr. Frank Küster
Debian Developer (TeXLive)
VCD Aschaffenburg-Miltenberg, ADFC Miltenberg
B90/Grüne KV Miltenberg
Reply to: