guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] gnu: mupdf: Fix some security problems in bundled mujs.

From: Leo Famulari
Subject: Re: [PATCH] gnu: mupdf: Fix some security problems in bundled mujs.
Date: Thu, 12 Jan 2017 15:03:46 -0500
User-agent: Mutt/1.7.2 (2016-11-26) 
On Thu, Jan 12, 2017 at 08:46:52PM +0100, Marius Bakke wrote:
> Leo Famulari <address@hidden> writes:
> 
> > Can you include links to the upstream bug reports in the patch files?
> 
> Good catch; added.
> 
> > Through cups, this requires ~600 rebuilds. I wonder if we can graft it?
> > That is, is the ABI compatible?
> 
> Good question. The null pointer dereference patch renames a function,
> and I can find it in /gnu/store/...-mupdf-1.10a/lib/libmupdfthird.a. So
> I guess not.
> 
> There is also /lib/libmupdf.a which I assume most packages use, and does
> not seem to use anything from mujs.
> 
> This package only provides static libraries, so grafting may not even
> work. In most cases I've come across, the static library is embedded
> with "ar" in the final package (cups do not retain a rerefence to
> mupdf). What to do?

If we can't graft it, we should build it on a branch on Hydra.

Mark, what do you think?

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]