robbat2 you committed the ebuild, could you maybe verify and apply the patches for xpdf?
If needed, patches are on bug 68058
Robin: please apply fixes and bump
Robin: in fact you might want to use patches from bug 69662
Robin seems to be away. I think either security should patch or it should be masked.
Sorry, no time at the moment. I'm doing exams, and i'll be away this weekend at the ACM contest. I'd say go ahead and mask it for the moment, citing this bug. I don't believe it's a dependancy for anything, so nothing should break. If somebody else needs it before I have time to get to it (~2 weeks from now), then they can leave the exact needed patches here, and I can see about applying them.
Thx Robin. solar/klieber please mask for now.
CC'ing devs with masking powers.
# <solar@gentoo.org> (20 Nov 2004) # security masked per request of maintainer till # such time as he can fix it. bug 69019 app-text/pdftohtml Checking in package.mask; /var/cvsroot/gentoo-x86/profiles/package.mask,v <-- package.mask new revision: 1.3337; previous revision: 1.3336 done
Plone 2.0.4 depends -> net-zope/portaltransforms depends-> app-text/pdftohtml. Just FYI, no biggie: homeserver-02 root # emerge -puD world These are the packages that I would merge, in order: Calculating world dependencies | !!! All ebuilds that could satisfy "app-text/pdftohtml" have been masked. !!! One of the following masked packages is required to complete your request: - app-text/pdftohtml-0.36 (masked by: package.mask) # <solar@gentoo.org> (20 Nov 2004) # security masked per request of maintainer till # such time as he can fix it. bug 69019 For more information, see MASKED PACKAGES section in the emerge man page or section 2.2 "Software Availability" in the Gentoo Handbook. !!! (dependency required by "net-zope/portaltransforms-1.3.2" [ebuild]) !!! Problem with ebuild net-zope/plone-2.0.4 !!! Possibly a DEPEND/*DEPEND problem. !!! Depgraph creation failed.
This hopefully will be fixed soon enough that we don't have to issue a temp GLSA about it. Blocked deps users can still unmask the package, at their own risk.
Or attach a patch here.
Re: the patch, it's the usual set of recent xpdf patches, but someone must ensure that they apply correctly and build. I miss the time, so if someone else can do it (scouts out there ?)
Here we go... This is an xpdf-2 so you should get : xpdf-CESA-2004-007-xpdf2-newer.diff (http://bugs.gentoo.org/attachment.cgi?id=42169) Applies cleanly in xpdf/ (-p0) xpdf2-underflow.patch (http://bugs.gentoo.org/attachment.cgi?id=43034) Applies cleanly in xpdf/ (-p2) xpdf-goo-sizet.patch (http://bugs.gentoo.org/attachment.cgi?id=43033) Appies cleanly in goo/ (-p2)
The patched version is tested and placed in CVS now. One really minor complaint with your patches. I ran it thru a few test PDF files, and while the output is identical, I do notice a slowdown between the two. The largest test case is a ~3000-page PDF with lots of cross-referencing links (it's a preprint of an encyclopedia from some past work) The patched version takes ~10% longer to process than the unpatched version. For the large file, this is approx. 2.5 minutes more (old time is ~25 minutes, new time is ~27.5 minutes).
Thx Robin, this is ready for a GLSA. About the patches : I suppose the performance drop comes from the all extra sanity checks done to ensure the provided PDF is not nasty. I'm not too sure we can workaround this...
GLSA 200411-30
