Re: [Podofo-users] ABI fix for the fix CVE-2017-5852

2017-10-26 Thread Matthew Brincke 
Hello Mattia,

> Mattia Rizzolo has written on 23. Oktober 2017 at 11:10:
> 
> On Sun, Oct 22, 2017 at 05:20:31PM +0200, Matthew Brincke wrote:
> > Debian bug 854600 [2], I wonder why no one answered to the last post ...)
> 
> My fault.
> TBH, I totally forgot of that. I suppose I could have come up with
> simple patch to retain ABI compatibility on my own, but I forgot and I
> haven't than that.

that's likely a typo, what do you mean, please? I see from your Debian
Maintainer Dashboard https://udd.debian.org/dmd/?mattia%40debian.org#todo
that there are many to-do list entries, yet could you please accept my
patch also? Could it be that the original one in the Debian bug report
wasn't accepted for Jessie and later because of the ABI break? With that
cured by my patch, wouldn't it be acceptable together? If not, please
tell why not.

> > I wonder why changing a private method is relevant to ABI at all, and
> > (at least when you're still unconvinced ;-) to accept) would welcome your
> > elucidation (if you have come across any, to date), please ...
> 
> There is a more widespread problem in podofo where all symbols are
> exported and therefore are formally part of the public ABI (even if not
> intended to). Even if I suppose no program within Debian uses those
> symbols (I could check, I haven't), I would not happily break the ABI
> nonetheless.
> 
Thanks for the explanation, there's one aspect I'm still curious about:
I wonder why any C++ compiler, much less g++, would export any private
symbols, as they aren't supposed to be accessible from anywhere (beyond
their class and compilation unit) except for friend classes (can those
reside in a different library/executable?), so maybe they should be
marked PODOFO_LOCAL?

> https://sourceforge.net/p/podofo/mailman/message/35819398/
> (then, the lack of an actual bug tracker makes those request/reports
> very hard to track, and I wouldn't be surprised if many missed it, or
> even if they did completely forgot about it, as many other reports)
> 
I concur, I'd also like a tracker for bug reports/feature requests, the
sf.net one was probably closed because of spam, IIRC. Could maybe the
bug reports be copied there by someone with the permissions for that?

-- 
> regards,
>  Mattia Rizzolo
> 

Best regards, mabri

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users

Re: [Podofo-users] License header missing in some files (was: Re: podofosign compile errors under MSVC)

2017-10-26 Thread Matthew Brincke 
Hi zyx,

> zyx  has written on 23 Oktober 2017 at 10:14:
> 
> 
> On Sun, 2017-10-22 at 17:44 +0200, Matthew Brincke wrote:
> > Can I just send a patch to add the copyright & GNU LGPL license
> > headers (as it's hopefully understood that all the files are licensed
> > the same, if not expressly spec'd otherwise) and have it accepted
> > (w/o test)?
> 
>   Hi,
> yes, it would help. There is not much to test on such change, just that
> it still compiles, thus nothing time consuming.

attached is the patch (the revision numbers there mean when the patched
file was last changed, diff -up in svn format). There are the following
special cases I excluded from the change:
- for src/doc/podofo-doc.rc I don't know the comment formats, can't test
- for src/doc/PdfTilingPattern.{cpp,h} there's a no-exception LGPL given
  so Dominik's permission is (probably, IANAL) required for changing it
- src/base/PdfEncrypt.cpp has RSA Data Security's copyright because: MD5
- src/base/Pdf3rdPtyForwardDecl.h is (I hope, IANAL) trivial enough to
  be excluded from copyright protection (forward decls, simple typedefs,
  some explanation)
- src/base/PdfVersion.h is a trivial renaming of preprocessor definitions
- src/CMakeLists.txt (and all the others) I don't know commenting into

Please test and accept/commit it (separately of course). Text suggested
for the commit message is at the beginning of the patch file (please add
attribution).

>   Thanks and bye,
>   zyx
> 

Best regards, mabriAdd license headers to the files which miss them (& I know how to add them to).

--- src/base/PdfCompilerCompat.h	(revision 1825)
+++ src/base/PdfCompilerCompat.h	(working copy)
@@ -1,3 +1,36 @@
+/***
+ *   Copyright (C) 2005 by Dominik Seichter*
+ *   domseich...@web.de*
+ * *
+ *   This program is free software; you can redistribute it and/or modify  *
+ *   it under the terms of the GNU Library General Public License as   *
+ *   published by the Free Software Foundation; either version 2 of the*
+ *   License, or (at your option) any later version.   *
+ * *
+ *   This program is distributed in the hope that it will be useful,   *
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of*
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the *
+ *   GNU General Public License for more details.  *
+ * *
+ *   You should have received a copy of the GNU Library General Public *
+ *   License along with this program; if not, write to the *
+ *   Free Software Foundation, Inc.,   *
+ *   59 Temple Place - Suite 330, Boston, MA  02111-1307, USA. *
+ * *
+ *   In addition, as a special exception, the copyright holders give   *
+ *   permission to link the code of portions of this program with the  *
+ *   OpenSSL library under certain conditions as described in each *
+ *   individual source file, and distribute linked combinations*
+ *   including the two.*
+ *   You must obey the GNU General Public License in all respects  *
+ *   for all of the code used other than OpenSSL.  If you modify   *
+ *   file(s) with this exception, you may extend this exception to your*
+ *   version of the file(s), but you are not obligated to do so.  If you   *
+ *   do not wish to do so, delete this exception statement from your   *
+ *   version.  If you delete this exception statement from all source  *
+ *   files in the program, then also delete it here.   *
+ ***/
+
 #ifndef _PDF_COMPILERCOMPAT_H
 #define _PDF_COMPILERCOMPAT_H
 
--- src/base/PdfCompilerCompatPrivate.h	(revision 1474)
+++ src/base/PdfCompilerCompatPrivate.h	(working copy)
@@ -1,3 +1,36 @@
+/***
+ *   Copyright (C) 2005 by Dominik Seichter*
+ *   domseich...@web.de*
+ * *
+ *   This program is free software; you can redistribute it and/or modify  *
+ *   it under the terms of the GNU Library General Public License as   *
+ *   published by the Free Software Foundation; either version 2 of the*
+ *   License, or (at your option) any later version.