[Touch-packages] [Bug 1857902] Re: Thread-safety bugs in package libpoppler-glib8
There is better fix https://gitlab.freedesktop.org/poppler/poppler/merge_requests/494 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1857902 Title: Thread-safety bugs in package libpoppler-glib8 Status in poppler package in Ubuntu: Triaged Bug description: There are these bugs in libpoppler-glib8: https://gitlab.freedesktop.org/poppler/poppler/issues/845 https://gitlab.freedesktop.org/poppler/poppler/issues/846 The first is about sharing cairo_font_face_t instances in multiple threads which is not thread-safe. The second is about accessing global linked list struct without proper synchronisation mechanism. Due to these two bugs poppler+cairo cannot be used for rendering multiple documents in multiple threads. The second may be potentially security vulnerability for applications that use poppler+cairo in multiple threads due to writes to potentially uninitialised pointer. I noticed that poppler source package contains a lot of patches from ubuntu updates. Would be possible to add patch to this problem to ubuntu (and also debian) updates? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1857902/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1857902] Re: Thread-safety bugs in package libpoppler-glib8
** Changed in: poppler (Ubuntu) Importance: Undecided => Low ** Changed in: poppler (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1857902 Title: Thread-safety bugs in package libpoppler-glib8 Status in poppler package in Ubuntu: Triaged Bug description: There are these bugs in libpoppler-glib8: https://gitlab.freedesktop.org/poppler/poppler/issues/845 https://gitlab.freedesktop.org/poppler/poppler/issues/846 The first is about sharing cairo_font_face_t instances in multiple threads which is not thread-safe. The second is about accessing global linked list struct without proper synchronisation mechanism. Due to these two bugs poppler+cairo cannot be used for rendering multiple documents in multiple threads. The second may be potentially security vulnerability for applications that use poppler+cairo in multiple threads due to writes to potentially uninitialised pointer. I noticed that poppler source package contains a lot of patches from ubuntu updates. Would be possible to add patch to this problem to ubuntu (and also debian) updates? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1857902/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1857902] Re: Thread-safety bugs in package libpoppler-glib8
The attachment "460.diff" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1857902 Title: Thread-safety bugs in package libpoppler-glib8 Status in poppler package in Ubuntu: New Bug description: There are these bugs in libpoppler-glib8: https://gitlab.freedesktop.org/poppler/poppler/issues/845 https://gitlab.freedesktop.org/poppler/poppler/issues/846 The first is about sharing cairo_font_face_t instances in multiple threads which is not thread-safe. The second is about accessing global linked list struct without proper synchronisation mechanism. Due to these two bugs poppler+cairo cannot be used for rendering multiple documents in multiple threads. The second may be potentially security vulnerability for applications that use poppler+cairo in multiple threads due to writes to potentially uninitialised pointer. I noticed that poppler source package contains a lot of patches from ubuntu updates. Would be possible to add patch to this problem to ubuntu (and also debian) updates? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1857902/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1857902] Re: Thread-safety bugs in package libpoppler-glib8
Hello, I don't see much progress on the upstream bugs; do you know if progress has been reported elsewhere? Thanks ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1857902 Title: Thread-safety bugs in package libpoppler-glib8 Status in poppler package in Ubuntu: New Bug description: There are these bugs in libpoppler-glib8: https://gitlab.freedesktop.org/poppler/poppler/issues/845 https://gitlab.freedesktop.org/poppler/poppler/issues/846 The first is about sharing cairo_font_face_t instances in multiple threads which is not thread-safe. The second is about accessing global linked list struct without proper synchronisation mechanism. Due to these two bugs poppler+cairo cannot be used for rendering multiple documents in multiple threads. The second may be potentially security vulnerability for applications that use poppler+cairo in multiple threads due to writes to potentially uninitialised pointer. I noticed that poppler source package contains a lot of patches from ubuntu updates. Would be possible to add patch to this problem to ubuntu (and also debian) updates? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1857902/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
