get
'src/CMakeFiles/podofo_shared.dir/all' failed
make[2]: *** [src/CMakeFiles/podofo_shared.dir/all] Error 2
make[2]: Leaving directory '/<>/obj-x86_64-linux-gnu'
Makefile:130: recipe for target 'all' failed
make[1]: *** [all] Error 2
make[1]:
On Mon, Oct 10, 2016 at 11:38:00AM +, Mattia Rizzolo wrote:
> Hi there.
>
> Debian received a bug report that podofo fails to build with the newer
> openSSL.
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828407
>
> I'd report this as a bug report, bu
egards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/
lity across
releases.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri
r local changes).
Another way would be of course to reimplement those functions. Or to
depend on similar implementations coming from external libraries.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about
hat file free, I find the unclearness of the situation as
althoughter annoying by itself and worth calming just for it :)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org
those.
Could you please check them out?
Thanks in advance.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
L
des the manpages and the jumper CMakeLists.txt, so it
is really free to go, imho.
Thank you for considering!
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org
cryptTest.h
+++ b/test/unit/EncryptTest.h
@@ -87,7 +87,7 @@
private:
char* m_pEncBuffer;
- long m_lLen;
+ PoDoFo::pdf_long m_lLen;
int m_protection;
};
(also attached for convenience)
Thank you!
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FC
ofocrop (1),
.BR podofoencrypt (1),
1 mattia@warren ..an/libpodofo/upstream/trunk/debian/man (svn)-[trunk:1822] %
:(
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me:
* podofoxmp.1 is actually the only spelling error
(but really there is no better way to send patch or stuff than this
mailing list?)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
e enough MUA...
But I do attach patches usually, yes, because they are more easy to
handle, thanks to be able to juts save the single attachment instead of
messing with copy/pasting or so.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944
libpodofo
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian Q
Do you mind if I ask about the status of this (doesn't seem to be done
in SVN):
On Wed, Feb 08, 2017 at 05:48:02PM +0100, Mattia Rizzolo wrote:
> I've never quite understood why manpages are in debian/man instead of
> man/ or doc/man/ or whatever.
>
> This makes for a ta
On Mon, Mar 13, 2017 at 01:39:00PM +0100, Mattia Rizzolo wrote:
> On Thu, Mar 02, 2017 at 05:31:34PM +0100, Agostino Sarubbo wrote:
> > Please consider the following:
> >
> > …
>
> All of these now have CVEs associated.
And apparently the Debian release team is cons
On Fri, Mar 24, 2017 at 07:13:55PM +0100, zyx wrote:
> On Mon, 2017-03-13 at 13:42 +0100, Mattia Rizzolo wrote:
> > Do you mind if I ask about the status of this (doesn't seem to be done
> > in SVN):
>
> Hi,
> you are right, it was not done. I ran those three co
ll of those referenced from there)
If you need so feel free to drop me a line.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :
l)
> * libpng (optional)
> * OpenSSL
> * zlib
Otherwise you can only use the ubuntu package to get the
build-dependencies of libpodofo installed:
sudo apt build-dep libpodofo
(this requires deb-src lines in /etc/apt/sources.list)
This won't pull cppunit, btw.
--
regards,
.org/ asking for one? Once a
CVE id is published there are people routinely triaging those and adding
to the list in [1].
> []1 https://security-tracker.debian.org/tracker/source-package/libpodofo
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04
eption, instead of crashing,
btw, about this thing, I asked for a CVE, and was denied as "not a
security bug"
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org
nd do something like https://gcc.gnu.org/wiki/Visibility
this could even pave the way to having some kind of ABI
stability, and detach the SONAME from the library version…
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .
e to ask me if you have further question about this report.
Best Regards,
Xiang Xiaobo of VARAS@IIE
- End forwarded message -
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org
sect or something and
identify the fixing commit.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~maprer
er/CVE-2017-5852
https://security-tracker.debian.org/tracker/CVE-2017-7994
I got rid of that TEMP-… issue, as Mitre claimed it's not CVE-worthy,
and you said it's fixed in trunk either way.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4
n't break across patch releases…
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.or
On Mon, Jul 31, 2017 at 05:33:21PM +0200, zyx wrote:
> it's not. Well, the current development version doesn't do that:
> http://sourceforge.net/p/podofo/code/1826
ahah, cool then :)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B0
9398/
(then, the lack of an actual bug tracker makes those request/reports
very hard to track, and I wouldn't be surprised if many missed it, or
even if they did completely forgot about it, as many other reports)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F5
On Fri, Oct 27, 2017 at 12:54:11AM +0200, Matthew Brincke wrote:
> > Mattia Rizzolo has written on 23. Oktober 2017 at 11:10:
> > On Sun, Oct 22, 2017 at 05:20:31PM +0200, Matthew Brincke wrote:
> > > Debian bug 854600 [2], I wonder why no one answered to the last post .
On Wed, May 03, 2017 at 12:00:20PM +0200, Mattia Rizzolo wrote:
> I noticed that libpodofo exports symbols for all of its methods, which
> means that things like https://sourceforge.net/p/podofo/code/1838
> actually break the ABI despite it not needed to, as that's a private
> m
acker/CVE-2017-8054
Plus this one without CVE that was reported in this ML:
https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfinfoguessformat-pdfinfo-cpp/
But yes, a release with the already fixed ones would be nice I agree :)
--
regards,
Matt
r for this bug.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `
one so as a separated thread.
> in it, also copyright [2] (for which I recommend libunistring2) and
> [2] https://sourceforge.net/p/podofo/mailman/message/35633858/
Oh wow. I'm impressed somebody remembers it without proper tracking! :)
♥
--
regards,
Mattia Rizzo
ign.dir/podofosign.cpp.o: In function `main':
> .../tools/podofosign/podofosign.cpp:879: undefined reference to
> `OPENSSL_init_ssl'
> collect2: error: ld returned 1 exit status
I'll let the OP take care of this error :)
--
regards,
862/
Who knows what more…
While you are here, would you reconsider opening a bug tracker
somewhere? When it was proposed in the past in this ML, nobody was
against it, but everybody deferred to you iirc.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18
ems the reason the CVE was rejected is only because the crash
doesn't happen in the library, but in the tool itself.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org
WUwMIEFMsSMuEr6gAOHfw+VIEnBDXVhGklhBZyq+2XbRGeAdy
dlo+9xisMuqmouKq2iO4rpxGdWzOsjhy4ekom3ZVUYSLPj7AFcwjob6T/eoklB/z
8Jh4i8El1uffbiOZ6xkt
=vacu
-END PGP SIGNATURE-
- End forwarded message -
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4
check: https://sourceforge.net/p/podofo/tickets
*Thank you* for configuring it!
I actually trying filing another non-coding bug, so it definitely does
the job. :)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
ct for the PoC) exception message
> with detailed info and "call stack" (via PdfError method) was output
> by podofoimgextract.
The patch is attached (it's against released 0.9.5).
(PS: should we start moving these kind of things to the bug tracker, or
perhaps only start with n
release candidate.
I don't think there is any need to rush this part, or get crazy about.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launc
at TTBOMK are still not fixed in
trunk.
See https://sourceforge.net/p/podofo/tickets/
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Lau
but I think you should).
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri
odofotxt2pdf (1),
.BR podofotxtextract (1),
.BR podofouncompress (1),
.BR podofoxmp (1)
.PP
.SH AUTHOR
.PP
PoDoFo is written by Dominik Seichter and others\.
.PP
This manual page was written by Oleksandr Moskalenko for
the Debian Project (but may be used by others)\.
<<<<<<<
f8 -> utf16 -> utf8 conversion.", lLenUtf8 + 1, result2 );
^
test/unit/CMakeFiles/podofo-test.dir/build.make:377: recipe for target
'test/unit/CMakeFiles/podofo-test.dir/StringTest.cpp.o' failed
make[3]: *** [test/unit/CMakeFiles/podofo-test.dir/StringTest.cpp.o] Error 1
--
regards,
empty directories.
Do you think it's feasible to not ship them?
* doc/html/
* doc/latex/
* test/system/data/
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me:
ches will be integrated before release from now on.
Not critical, but I'd fine nice if you could fix these last few spelling
errors :)
Patch attached!
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more abo
egards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/
), I'd recommend
submitting them, and I would also recommend libpodofo maintainers to
accept them (as really, more tests can't possibly be a bad thing…).
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .'
spent some hours trying to get
something that worked for more than only amd64, but there are several
symbols that varies across all archs (which is kind of fine, it's due to
things like size_t, ssize_t, uint64_t, etc, but there are really too
many and I'm convinced very few of them shou
lot* of confusion.
> @Mattia Rizzolo: Suggested action(s) to take: Correct the Debian security
> tracker to say "vulnerable (no DSA)" instead of "fixed" in Debian stretch
> (CVE-2017-5854). Fix the non-CVE'd bug too (in unstable, I'd think).
I'm sorry
ll] Error 2
|make[1]: Leaving directory '/build/libpodofo-0.9.6/obj-x86_64-linux-gnu'
This can be fixed by e.g.:
|--- a/src/base/PdfXRefStreamParserObject.h
|+++ b/src/base/PdfXRefStreamParserObject.h
|@@ -48,7 +48,7 @@
| *
| * It is mainly here to make PdfParser more modular.
| */
|-class Pd
On Fri, Jun 15, 2018 at 10:47:14AM +0200, Mattia Rizzolo wrote:
> Thanks for all your help, and sorry for the delay in dealing with this.
Now that 0.9.6 is out I took my time and had a look at also the new CVEs
that appeared this year. I've reported them in the podofo issue
tracker (t
nged anymore), I
believe everything is fine now - at least in debian's git (pending the
fix for the thing above). Please correct me if I'm wrong.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .
ed (which is not a decent solution) to debian experimental soon.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: htt
a/CVE/list), just beware that is a very weird git repository,
it's going to melt your CPU. That would potentially save round-trips
and misunderstandings :)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540
ng patches. Also, it's likely that more will appear
the more we wait, so it doesn't make much sense to wait more.
Are there any particular blockers for 0.9.7 at this time?
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540
ion 2000 (see other ML post, please) would come first.
Yes, I've seen the posts about r2000. I see we are only a commi away
from it ;)
In any case, just take this thread of mine as a kind request for a new
release, nothing more. I have to take on commits for the debian stable
releases an
L -> FAIL
>
> I believe at some point we can just take a more permissive stringprep
> implementation written in another language/framework and port it to C++.
Why is this not a blocker for going forward?
Wouldn't linking against libidn make the resulting library effectively
be und
have been avoided.
For me this is relevant because for each release the updates needs to be
manually approved by Debian's archive admins due to the changed soname,
which is something I would be happier without :)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF
since I should be free I'll
lurk in it if you don't mind :)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
More about me: https://mapreri.org : :' :
Launchpad use
7
Does anybody here have any patch floating around for this? :)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
More about me: https://mapreri.org : :' :
Launchpad user:
s just disabing the failing tests.
Indeed, I just received a proposed similar patch in Debian too:
https://salsa.debian.org/debian/libpodofo/-/merge_requests/2
So nobody has actually investigated the failures and did a real fix?
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCC
hat has no/shitty
dynamic link support, but I honestly consider proper dynamic linking a
very good thing myself, that should be properly handled and supported.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540
have tools that verify that the ABI doesn't break, but
that's mostly partial, as it only checks function symbols, and as you
know the ABI is much more than that.
So indeed, some automated testing wouldn't be bad.
--
regards,
Mattia Rizzolo
GPG Key:
64 matches
Mail list logo