Dear poppler people, dear security team Fabrice Coutadeur <[email protected]> wrote:
> Luatex FTBFS with lipoppler 0.11, as ~GfxFont() became protectedr. > in the log, you find the following comment: > 2008-12-16 Make destructors private/protected since you are not supposed > to use them > [...] > As stated in libpoppler change log, the call to the virtual GfxFont > destructor should not be done. in the long run, what does that mean for packages that want to link against libpoppler to avoid inclusion of a xpdf copy? Since this is often done in form of distro patches, not by upstream (at least this is the case for *tex), it's the Debian maintainers who need to adapt the patches. Thus, we diverge more and more from upstream. As for the TeX Task Force, we are not experts in C++, not involved in poppler development at all, and hardly familiar with code development of our upstreams, this means that sooner or later poppler will become unusable to us. The only alternative would be to use embedded xpdf code again. Is poppler upstream aware of this use of their library? What do they think about it? On the other hand - can you suggest a fix for the issue at hand right now? Regards, Frank P.S. I'm inclined to file a RC bug on poppler until it has been decided, with input from the security team, how this is to be handled in the future. -- Dr. Frank Küster Debian Developer (TeXLive) VCD Aschaffenburg-Miltenberg, ADFC Miltenberg B90/Grüne KV Miltenberg -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
