A new Xpdf vulnerability will be disclosed on January 18. This will impact (again) GPdf. This is confidential, so we can't commit the fix to Portage until disclosure date. Please prepare an ebuild and if ready attach it to this bug so that we can call arch pre-testing.
Created attachment 48572 [details, diff] xpdf-CAN-2005-0064.patch Patch from RedHat. An official Xpdf patch will be available on Jan 18, but if we can be ready before that, all the better.
Created attachment 48575 [details, diff] diff between gpdf 2.8.1-r1 and 2.8.2 Gpdf also needs a bump to version 2.8.2 which includes the last security patch. This is the diff between the 2.8.2 ebuild and 2.8.1-r1. I might not be available very often this week, so somebody else may need to add it. Changed the patched file location to xpdf/foo.cc so we can apply it from ${S}
Thanks joem. I suppose you keyworded it x86 because you tested it with success on that platform. obz: please test and report success on ppc kloeri: please test and report success on alpha absinthe: please test and report success on amd64 gustavoz: please test and report success on sparc
sparc is happy, though the patch is still wrong (outside ${S}/xpdf), forgot to upload the corrected one?
Alpha works.
This should go public sometime today. Still missing amd64/ppc testing, adding kugelfang and SeJo to help.
OK apparently this patch is not sufficient. We'll just wait for the upstream official patch... sorry for wasting your time, folks.
Gnome team, please adapt gpdf-2.8.2 so that it makes use of official and public xpdf-3.00pl3.patch from bug 77888.
Added an updated 2.8.2, marked stable on x86 and ppc.
sparc-a-go-go.
Alpha stable.
Stable on mips.
Stable on amd64.
GLSA 200501-28 hppa, ia64 please mark stable to benefit from GLSA
Already stable on hppa
