Bugzilla Bug 69019

robbat2 you committed the ebuild, could you maybe verify and apply the patches
for xpdf?

If needed, patches are on bug 68058

Robin: please apply fixes and bump

Robin: in fact you might want to use patches from bug 69662

Robin seems to be away. I think either security should patch or it should be
masked.

Sorry, no time at the moment. I'm doing exams, and i'll be away this weekend at
the ACM contest.

I'd say go ahead and mask it for the moment, citing this bug. I don't believe
it's a dependancy for anything, so nothing should break.

If somebody else needs it before I have time to get to it (~2 weeks from now),
then they can leave the exact needed patches here, and I can see about applying
them.

Thx Robin.

solar/klieber please mask for now.

CC'ing devs with masking powers.

# <solar@gentoo.org> (20 Nov 2004)
# security masked per request of maintainer till
# such time as he can fix it. bug 69019
app-text/pdftohtml

Checking in package.mask;
/var/cvsroot/gentoo-x86/profiles/package.mask,v  <--  package.mask
new revision: 1.3337; previous revision: 1.3336
done

Plone 2.0.4 depends -> net-zope/portaltransforms depends-> app-text/pdftohtml.
Just FYI, no biggie:

homeserver-02 root # emerge -puD world

These are the packages that I would merge, in order:

Calculating world dependencies |
!!! All ebuilds that could satisfy "app-text/pdftohtml" have been masked.
!!! One of the following masked packages is required to complete your request:
- app-text/pdftohtml-0.36 (masked by: package.mask)
# <solar@gentoo.org> (20 Nov 2004)
# security masked per request of maintainer till 
# such time as he can fix it. bug 69019


For more information, see MASKED PACKAGES section in the emerge man page or 
section 2.2 "Software Availability" in the Gentoo Handbook.
!!!    (dependency required by "net-zope/portaltransforms-1.3.2" [ebuild])


!!! Problem with ebuild net-zope/plone-2.0.4
!!! Possibly a DEPEND/*DEPEND problem.

!!! Depgraph creation failed.

This hopefully will be fixed soon enough that we don't have to issue a temp
GLSA about it. Blocked deps users can still unmask the package, at their own
risk.

Or attach a patch here.

Re: the patch, it's the usual set of recent xpdf patches, but someone must
ensure that they apply correctly and build. I miss the time, so if someone else
can do it (scouts out there ?)

Here we go... This is an xpdf-2 so you should get :

xpdf-CESA-2004-007-xpdf2-newer.diff (http://bugs.gentoo.org/attachment.cgi?id=42169)
Applies cleanly in xpdf/ (-p0)

xpdf2-underflow.patch (http://bugs.gentoo.org/attachment.cgi?id=43034)
Applies cleanly in xpdf/ (-p2)

xpdf-goo-sizet.patch (http://bugs.gentoo.org/attachment.cgi?id=43033)
Appies cleanly in goo/ (-p2)

The patched version is tested and placed in CVS now.

One really minor complaint with your patches.
I ran it thru a few test PDF files, and while the output is identical, I do notice a slowdown between the two.

The largest test case is a ~3000-page PDF with lots of cross-referencing links (it's a preprint of an encyclopedia from some past work)

The patched version takes ~10% longer to process than the unpatched version.
For the large file, this is approx. 2.5 minutes more (old time is ~25 minutes, new time is ~27.5 minutes).

Thx Robin, this is ready for a GLSA.

About the patches : I suppose the performance drop comes from the all extra sanity checks done to ensure the provided PDF is not nasty. I'm not too sure we can workaround this...

GLSA 200411-30