From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mark H Weaver Subject: bug#27621: Poppler's replacement is ABI-incompatible with the original Date: Sat, 08 Jul 2017 18:04:37 -0400 Message-ID: <87a84ea8lm.fsf@netris.org> References: <20170708110834.13972-1-donttrustben@gmail.com> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:40472) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dTxqd-0003Wh-P4 for bug-guix@gnu.org; Sat, 08 Jul 2017 18:05:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dTxqY-0003zT-JV for bug-guix@gnu.org; Sat, 08 Jul 2017 18:05:07 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:55548) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dTxqY-0003zJ-GA for bug-guix@gnu.org; Sat, 08 Jul 2017 18:05:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dTxqY-00023m-4M for bug-guix@gnu.org; Sat, 08 Jul 2017 18:05:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <20170708110834.13972-1-donttrustben@gmail.com> (Ben Woodcroft's message of "Sat, 8 Jul 2017 21:08:33 +1000") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ben Woodcroft , Leo Famulari Cc: 27621@debbugs.gnu.org, control@debbugs.gnu.org retitle 27621 Poppler's replacement is ABI-incompatible with the original severity 27621 important thanks Ben Woodcroft writes: > Currently Inkscape fails to start as the poppler shared library changes from > libpoppler.so.66 to libpoppler.so.67 upon grafting. Is this the correct way > to fix this issue? The problem is that poppler's replacement is not ABI compatible with the original. This will likely break any program linked with libpoppler. This needs to be fixed in poppler. We should not work around this by changing our inkscape package. > I'm not quite sure why poppler is grafted in the first place, given there are > so few dependencies (26)? Should it simply be updated? How did you count 26? According to "guix refresh -l poppler", poppler has 1643 dependent packages per platform. That's too many. The problem originated with the following security update: leo@famulari.name (Leo Famulari) writes: > lfam pushed a commit to branch master > in repository guix. > > commit 95bbaa02aa63bc5eae36f686f1ed9915663aa4cf > Author: Leo Famulari > Date: Thu Jun 29 03:10:30 2017 -0400 > > gnu: poppler: Fix CVE-2017-{9775,9776}. > > * gnu/packages/pdf.scm (poppler)[replacement]: New field. > (poppler-0.56.0): New variable. > (poppler-qt4, poppler-qt5): Use 'package/inherit'. > --- > gnu/packages/pdf.scm | 17 +++++++++++++++-- > 1 file changed, 15 insertions(+), 2 deletions(-) > > diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm > index 5ccaa38..dce02a7 100644 > --- a/gnu/packages/pdf.scm > +++ b/gnu/packages/pdf.scm > @@ -76,6 +76,7 @@ > (define-public poppler > (package > (name "poppler") > + (replacement poppler-0.56.0) > (version "0.52.0") > (source (origin > (method url-fetch) Unfortunately, we cannot use poppler-0.56.0 to replace 0.52.0 via grafting. The shared library major version number bump indicates an ABI incompatibility. Here's what we need to do: instead of replacing 0.52.0 with 0.56.0, we need to find backported fixes for poppler-0.52.0 (or possibly some newer version that has the same ABI as 0.52.0), and apply those as patches in the replacement. Mark