Context Navigation

← Previous Ticket
Next Ticket →

#3207 closed defect (fixed)

Xpdf Instructions are Incorrect

Reported by:	Randy McMurchy	Owned by:	Randy McMurchy
Priority:	high	Milestone:
Component:	BOOK	Version:	SVN
Severity:	major	Keywords:
Cc:

Description ¶

Currently the Xpdf package has gaping security holes. I updated the package last (in March of this year) and I cannot believe the instructions are the way they are. The Xpdf author expects each patch level patch to be applied in succession. Right now Xpdf is at pl5, which means we should be applying pl1, then pl2, then pl3, then pl4, and finally pl5. A total of 5 patches should be applied. The book shows to only download and apply one patch, the latest one. Wrong! Mea culpa, I know I used to apply them consecutively; however, even my build script only has the installation of 1 patch (pl2). Not sure why my build script is at pl2, the book is at pl3, and I updated the .xml last. Perhaps I just updated the patch level and did not test. I'll look at the source history and see what is going on. I could have sworn that the instructions used to show to patch using consecutively numbered patches. Oh well. I'll fix it.

Change History (7)

comment:1 by Randy McMurchy, 14 years ago

Owner:	changed from blfs-book@… to Randy McMurchy
Status:	new → assigned

comment:2 by Randy McMurchy, 14 years ago

Here is what the instructions say to do on the Foolabs site:

# README (also included in all of the other packages below)
# CHANGES: changes in each version of xpdf
# xpdf-3.02.tar.gz: the source code (674912 bytes)
xpdf-3.02pl1.patch: a patch for a security hole (1050 bytes)
xpdf-3.02pl2.patch: a patch for security holes (20843 bytes)
xpdf-3.02pl3.patch: a patch for security holes (30727 bytes)
xpdf-3.02pl4.patch: a patch for security holes (6982 bytes)
xpdf-3.02pl5.patch: a patch for security holes (1065 bytes)
(Note: the patches are separate; you'll need to apply the pl1, pl2, pl3, pl4, and pl5 patches, in that order.)

comment:3 by bdubbs@…, 14 years ago

At least they are in sort order. I ran into a debian package that had arbitrary names and a separate file that specified the order.

follow-up: 5 comment:4 by Randy McMurchy, 14 years ago

I think what I'll do because there are 5 patches, I'll treat this the way we do bash. I'll make a consolidated patch and put it in the LFS repo. Any objects to this?

in reply to: 4 comment:5 by bdubbs@…, 14 years ago

Replying to randy@…:

I think what I'll do because there are 5 patches, I'll treat this the way we do bash. I'll make a consolidated patch and put it in the LFS repo. Any objects to this?

Not really. In the long run it will be easier than trying to manage a lot of separate patches.

comment:6 by Randy McMurchy, 14 years ago

Resolution:	→ fixed
Status:	assigned → closed

Updated Xpdf to patch level 5 by creating a consolidated patch from the five upstream patches.

comment:7 by bdubbs@…, 11 years ago

Milestone:	6.7

Milestone 6.7 deleted

Note: See TracTickets for help on using tickets.

Download in other formats: