On Monday, April 28, 2025 10:11:44 PM CEST Adrian Bunk wrote: > > > Am 28.04.25 um 20:25 schrieb Adrian Bunk: > > > you missed the last line I've added there earlier today: > > > Might cause regression: > > > https://bugzilla.suse.com/show_bug.cgi?id=1241620#c3> > > Indeed I missed it. (Actually didn't look at the contents when I wrote the > > mail, just looked up the URL) [1]
> > But maybe the inkscape/poppler combo in bookworm breaks, didn't try... > > Maybe the inkscape maintainer can help here. > And who knows how likely "Not sure there is any other problem" is. > > I will not try to fix this CVE at this point in time, but this does not > prevent other people from working on it if anyone disagrees. > While wearing my quite frequent upstream poppler contributor hat, there is no way the fix in the NSS backend signature validation code can do any regressions in inkscape. Inkscape does not do any validation of signed documents, it doesn't call any validation related functions. I guess suse isn't just backporting the quite trivial patch but rather bumping to a new poppler upstream version which comes with loads of changes to internal poppler api (that inkscape and others unfortunately uses) /Sune - probably the one who did most poppler code churn over the last couple of years -- I didn’t stop pretending when I became an adult, it’s just that when I was a kid I was pretending that I fit into the rules and structures of this world. And now that I’m an adult, I pretend that those rules and structures exist. - zefrank
