Bug 117495 - app-text/{poppler|xpdf} first Xpdf round this year
Bug#: 117495 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: jaervosz@gentoo.org
Component: Vulnerabilities
URL: 
Summary: app-text/{poppler|xpdf} first Xpdf round this year
Keywords:  
Status Whiteboard: B2 [glsa] jaervosz
Opened: 2006-01-02 14:52 0000
Description:   Opened: 2006-01-02 14:52 0000 
Stub for now, details will follow.

------- Comment #1 From Sune Kloppenborg Jeppesen 2006-01-03 07:46:03 0000 ------- 
See bug #117481 for details.

------- Comment #2 From Sune Kloppenborg Jeppesen 2006-01-05 11:01:11 0000 ------- 
Comment #9 From Daniel Gryniewicz 2006-01-05 10:16 PST 
poppler is bumped to poppler-0.4.3-r4 with this fix.  Xpdf is not yet done.

Arches please test and mark stable.

------- Comment #3 From Markus Rothe 2006-01-05 11:21:31 0000 ------- 
stable on ppc64

------- Comment #4 From Stefan Schweizer 2006-01-05 11:46:09 0000 ------- 
There are two problems with marking new poppler stable:

1) utils have moved from xpdf to poppler
If you mark the new poppler stable you also need to make sure that a newer xpdf
is marked stable because poppler blocks older xpdf versions.
Furthermore you should make sure that the currently stable-on-the-arch cups
should depend on the new poppler instead of xpdf.

2) bindings have been split out from poppler into poppler-bindings
You need to mark poppler-bindings stable and change the depend on poppler to
poppler-bindings in the stable kpdf and kdegraphics ebuild to make sure they
still work afterwards.

------- Comment #5 From Markus Rothe 2006-01-05 14:29:41 0000 ------- 
hmm.. I don't have poppler-bindings installed, but kpdf still works (= displays
PDFs correctly)

was I to fast in marking stable?

------- Comment #6 From Mark Loeser 2006-01-05 17:55:25 0000 ------- 
(In reply to comment #5)
> was I to fast in marking stable?
> 

Looks that way.  What are we supposed to do here?  Sounds like a bunch of other
ebuilds need to have their deps updated for poppler-bindings?  Also sounds like
all of this (xpdf, poppler, cups) needs to go stable at the same time or we get
versions going up/down.

------- Comment #7 From Stefan Schweizer 2006-01-05 18:33:32 0000 ------- 
your kpdf probably links on xpdf then, can you please check that?
linking on xpdf is not desired and it should be possible to link on
poppler/poppler-bindings

I suggest adding a || ( poppler-bindings <poppler-0.4.3-r2 ) DEPEND to the
affected ebuilds for the transition period.

------- Comment #8 From Sune Kloppenborg Jeppesen 2006-01-05 22:23:13 0000 ------- 
Handling stable marking of xpdf here as poppler and old xpdf versions are
blocking.

------- Comment #9 From Sune Kloppenborg Jeppesen 2006-01-07 23:52:02 0000 ------- 
Printing are we ready to mark stable?

------- Comment #10 From Sune Kloppenborg Jeppesen 2006-01-08 00:31:43 0000 ------- 
[09:29:03] <@genstef> jaervosz: yes we are ready for stable

Arches please test and mark stable.

------- Comment #11 From Sune Kloppenborg Jeppesen 2006-01-08 00:59:33 0000 ------- 
Back to ebuild to fix KDE deps.

------- Comment #12 From Sune Kloppenborg Jeppesen 2006-01-08 01:11:05 0000 ------- 
Adding net-print/cups-1.1.23-r7 to the list of packages that need to go stable
at the same time.

------- Comment #13 From DEMAINE Benoît-Pierre, aka DoubleHP 2006-01-09 03:46:52 0000 ------- 
after 
emerge -Cav poppler xpdf
then
emerge -av poppler xpdf

did work fine. Readed about that in an other bug. Strange fix, but works for me
on ~x86

------- Comment #14 From Jeroen Roovers 2006-01-09 08:29:16 0000 ------- 
I marked these hppa stable:

app-text/poppler-0.4.3-r4
app-text/xpdf-3.01-r5
net-print/cups-1.1.23-r7
app-text/poppler-bindings-0.4.3-r2

Is that the full list? If there are more packages to test and mark, could
someone ITK please make note of them, including category and version?

------- Comment #15 From Mike Baikov 2006-01-10 01:19:38 0000 ------- 
Guys, see follow thread, are you in course?

http://forums.gentoo.org/viewtopic-t-420682.html

------- Comment #16 From Stefan Cornelius (RETIRED) 2006-01-10 11:04:20 0000 ------- 
Michail: genstef was nice enough to help and took care of the blocking issues,
so this should work perfectly now.

------- Comment #17 From Sune Kloppenborg Jeppesen 2006-01-10 11:58:47 0000 ------- 
KDE please confirm that deps are OK with you.

------- Comment #18 From Sune Kloppenborg Jeppesen 2006-01-10 13:04:51 0000 ------- 
[21:50:57] <genstef> jaervosz: kde deps are ok

[21:57:05] <genstef> kpdf, kdegraphics just need to make sure to remove the
not-latest-unstable-or-stable versions

[22:03:37] <genstef> well, it would be of course good to mark the latest cups
stable  :)

Arches please test, mark stable and watch out for dep issues:-)

------- Comment #19 From Gustavo Zacarias (RETIRED) 2006-01-11 05:57:25 0000 ------- 
sparc done, i think :)

------- Comment #20 From Tobias Scherbaum 2006-01-11 07:56:45 0000 ------- 
app-text/poppler-0.4.3-r4
app-text/xpdf-3.01-r5
net-print/cups-1.1.23-r7
app-text/poppler-bindings-0.4.3-r2

marked ppc stable ... currently hppa and ppc64 seems to have broken deps.

------- Comment #21 From Tobias Scherbaum 2006-01-11 08:02:12 0000 ------- 
(In reply to comment #20)
> currently hppa and ppc64 seems to have broken deps.

bleh, forget about this ... i haven't cvs'upd in x11-libs/cairo :/

------- Comment #22 From Markus Rothe 2006-01-11 09:42:57 0000 ------- 
stable on ppc64 (now realy...)

------- Comment #23 From Jeroen Roovers 2006-01-11 10:04:05 0000 ------- 
Done for real.

------- Comment #24 From Mark Loeser 2006-01-11 22:02:03 0000 ------- 
Deps are still not fixed.  The poppler-bindings thing was only added to the
latest ~arch KDE ebuilds.

------- Comment #25 From Stefan Schweizer 2006-01-12 00:12:44 0000 ------- 
It is not needed by the arch(stablle)-kpdf ebuild because it depends only on
pdfinfo which is in poppler and not in poppler-bindings

------- Comment #26 From Simon Stelling (RETIRED) 2006-01-12 06:20:54 0000 ------- 
amd64 stable

------- Comment #27 From Mark Loeser 2006-01-12 17:32:55 0000 ------- 
x86 done

------- Comment #28 From Devils-Hawk 2006-01-15 05:22:23 0000 ------- 
There seems to be a weird dependency issue on x86 now:

Calculating dependencies ...done!
[blocks B     ] <app-text/xpdf-3.01-r4 (is blocking app-text/poppler-0.4.3-r4)
[ebuild     U ] app-text/poppler-0.4.3-r4 [0.4.3] -cairo +jpeg +zlib 45 kB
[ebuild     U ] app-text/xpdf-3.01-r5 [3.01-r3] +X 0 kB

U just have to unmerge xpdf-3.01-r3 before merging xpdf-3.01-r5 to fix but IMHO
portage should have handled that for me .

------- Comment #29 From Jakub Moc (RETIRED) 2006-01-15 05:35:31 0000 ------- 
(In reply to comment #28)
> U just have to unmerge xpdf-3.01-r3 before merging xpdf-3.01-r5 to fix but IMHO
> portage should have handled that for me .

Please, don't clutter security bugs with completely unrelated things, and also
search for duplicates first (Bug 116933).

------- Comment #30 From Sune Kloppenborg Jeppesen 2006-01-25 13:27:04 0000 ------- 
Alpha any news on this one?

------- Comment #31 From Bryan Østergaard (RETIRED) 2006-01-25 15:08:22 0000 ------- 
Alpha stabled.

------- Comment #32 From Sune Kloppenborg Jeppesen 2006-01-25 22:44:56 0000 ------- 
Should we wait on pdftohtml on bug #115789 ?

------- Comment #33 From Sune Kloppenborg Jeppesen 2006-01-30 14:39:40 0000 ------- 
GLSA 200601-17