Fix build with Poppler 0.83 and later. Taken from Arch Linux, but adjusted to patch the versioned Poppler files, as upstream applies it after copying them in place. https://git.archlinux.org/svntogit/packages.git/tree/trunk/texlive-poppler-0.83.patch?h=packages/texlive-bin diff -ru texlive-source-orig/texk/web2c/pdftexdir/pdftoepdf-poppler0.76.0.cc texlive-source/texk/web2c/pdftexdir/pdftoepdf-poppler0.76.0.cc --- texlive-source-orig/texk/web2c/pdftexdir/pdftoepdf-poppler0.76.0.cc +++ texlive-source/texk/web2c/pdftexdir/pdftoepdf-poppler0.76.0.cc @@ -723,7 +723,7 @@ #endif // initialize if (!isInit) { - globalParams = new GlobalParams(); + globalParams.reset(new GlobalParams()); globalParams->setErrQuiet(false); isInit = true; } @@ -1108,6 +1108,5 @@ delete_document(p); } // see above for globalParams - delete globalParams; } } diff -ru texlive-source-orig/texk/web2c/pdftexdir/pdftosrc-poppler0.76.0.cc texlive-source/texk/web2c/pdftexdir/pdftosrc-poppler0.76.0.cc --- texlive-source-orig/texk/web2c/pdftexdir/pdftosrc-poppler0.76.0.cc +++ texlive-source/texk/web2c/pdftexdir/pdftosrc-poppler0.76.0.cc @@ -79,7 +79,7 @@ exit(1); } fileName = new GString(argv[1]); - globalParams = new GlobalParams(); + globalParams.reset(new GlobalParams()); doc = new PDFDoc(fileName); if (!doc->isOk()) { fprintf(stderr, "Invalid PDF file\n"); @@ -100,7 +100,7 @@ if (objnum == 0) { srcStream = catalogDict.dictLookup("SourceObject"); static char const_SourceFile[] = "SourceFile"; - if (!srcStream.isStream(const_SourceFile)) { + if (!srcStream.isDict(const_SourceFile)) { fprintf(stderr, "No SourceObject found\n"); exit(1); } @@ -202,5 +202,4 @@ fprintf(stderr, "Cross-reference table extracted to %s\n", outname); fclose(outfile); delete doc; - delete globalParams; } class='path'>path: root/nix/libstore/build.cc
AgeCommit message (Expand)Author
2024-10-21daemon: Sanitize successful build outputs prior to exposing them....There is currently a window of time between when the build outputs are exposed and when their metadata is canonicalized. * nix/libstore/build.cc (DerivationGoal::registerOutputs): wait until after metadata canonicalization to move successful build outputs to the store. Change-Id: Ia995136f3f965eaf7b0e1d92af964b816f3fb276 Signed-off-by: Ludovic Courtès <ludo@gnu.org> Reepca Russelstein
2024-10-21daemon: Sanitize failed build outputs prior to exposing them....The only thing keeping a rogue builder and a local user from collaborating to usurp control over the builder's user during the build is the fact that whatever files the builder may produce are not accessible to any other users yet. If we're going to make them accessible, we should probably do some sanity checking to ensure that sort of collaborating can't happen. Currently this isn't happening when failed build outputs are moved from the chroot as an aid to debugging. * nix/libstore/build.cc (secureFilePerms): new function. (DerivationGoal::buildDone): use it. Change-Id: I9dce1e3d8813b31cabd87a0e3219bf9830d8be96 Signed-off-by: Ludovic Courtès <ludo@gnu.org> Reepca Russelstein