-
-
Notifications
You must be signed in to change notification settings - Fork 171
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
0-day: rebuild with new pdfium dll #2470
Comments
|
Modifying the
|
Trying to build (with limited patching):
Docs say we're supposed to use gn?
What does this even mean? |
2019-12-05 17:59:35: sergey commented
|
@Sergey: there are no |
2019-12-05 20:15:14: sergey commented
|
Security Risks of PDFium-based Apps and SDKs: The high number of reported PDFium vulnerabilities compared to some PDF libraries doesn’t necessarily imply an unusual degree of insecurity for open source; but it creates challenges for developers, DevSecOps, and security teams. |
Another option would be to cherry pick some of the fixes and apply them to the version in mingw. ie:
Commits:
The last change in mingw: update to latest branch (2729) : Diego Sogari committed on May 9, 2016.. |
Replying to [comment:6 Sergey]:
Looks like they managed to do it in MSYS2. And here is the patch I am most interested in applying: [https://pdfium-review.googlesource.com/changes/pdfium~57854/revisions/8/patch?zip] If you want to try it, it should be trivial using an mswindows box:
|
Upstream ticket: update pdfium-git / git fetch fails. |
As suggested in the MINGW-packages ticket I had created: update pdfium-git / git fetch fails: switching to pdfium-binaries in r28023 "fixes" things and saves me having to figure out how to build this beast. We're using the plain |
#2401 is now redundant |
Details here: New Chrome 0-day Bug Under Active Attacks – Update Your Browser Now!: * the other resides in the PDFium (CVE-2019-13721) library*
The text was updated successfully, but these errors were encountered: