File podofo.changes of Package podofo.7908
-------------------------------------------------------------------
Mon Jun 25 12:57:45 UTC 2018 - alarrosa@suse.com
- Added
* r1648-Be-forgiving-when-reading-XRef-stream-content.patch
to apply the newly added (and modified)
* r1834-Fix-stack-overflow-crash-when-XRef-record-references-itself.patch
more easily. This fixes a stack overflow crash when XRef record references
itself.
- Added
* r1835-Fix-for-CVE-2017-5852.patch
which fixes bsc#1023067, CVE-2017-5852. The original patch from upstream
broke binary compatibility by inserting a new enum value in between other
values, so I changed it to have a new value at the end of the enum values.
- Added
* r1836-Fix-for-CVE-2017-5854.patch
* r1870-Fix-parameter-tested-for-NULL-in-PdfMemoryOutputStream-Write.patch
which fixes bsc#1023070, CVE-2017-5854 (which couldn't be reproduced in
SLE12, but the patches undoubtly fix null dereferences). Note that the
upstream developers mentioned in the podofo-users mailing list on 2018-06-12
that r1836 incorrectly references a fix for CVE-2017-5854, which is fixed
in r1870 without mentioning it. Also, r1870 fixes bsc#1075772, CVE-2018-5308.
- Added
* r1837-Fix-for-CVE-2017-5886.patch
which fixes bsc#1023380, CVE-2017-5886.
- Added
* r1838-Extend-fix-for-CVE-2017-5852.patch
to improve the fix for CVE-2017-5852. The original patch from upstream broke
binary compatibility by removing a function (it added a new parameter to an
existing function). I fixed this by leaving a function with the same old
signature that calls the new function.
- Added
* r1840-Fix-CVE-2017-5853-and-CVE-2017-6844.patch
slightly modified from upstream to fix bsc#1023069, CVE-2017-5853
(a signed integer overflow) and bsc#1027782, CVE-2017-6844 (a buffer
overflow).
- Added -std=c++11 to CXXFLAGS since it seems to be needed now.
- Added
* r1842-Fix-CVE-2017-7379-encoding-array-too-short.patch
to fix a out-by-one heap overflow when character 0xffff was encoded
(bsc#1032018, CVE-2017-7379)
- Added
* r1843-Fix-CVE-2017-5855-NULL-pointer-dereference.patch
to fix a NULL pointer dereference in PoDoFo::PdfParser::ReadXRefSubsection.
(bsc#1023071, CVE-2017-5855). This couldn't be reproduced in SLE12, but
the patch from upstream seems valid anyway.
- Added
* r1696-Use-cmake-commands-properly.patch
* r1701-Compatibility-fix-for-CMake-2.8.patch
* r1826-Do-not-force-c++98-standard-for-GNUCXX-compiler.patch
to build correctly since c++11 is required but c++98 was forced for no reason
- Added
* r1844-Fix-CVE-2017-6840-Out-of-bounds-read.patch
* r1845-Correct-fix-for-CVE-2017-6840.patch
to fix an out of bounds read in ColorChanger::GetColorFromStack()
(bsc#1027787, CVE-2017-6840)
- Added
* r1846-Fix-CVE-2017-6847-NULL-pointer-dereference.patch
to fix a NULL pointer dereference when reading XObject without BBox
(bsc#1027778, CVE-2017-6847)
- Added
* r1847-Fix-CVE-2017-7378-Out-of-bounds-read.patch
to fix an out of bounds read in PdfPainter::ExpandTabs()
(bsc#1032017, CVE-2017-7378)
- Added
* r1848-Fix-CVE-2017-7380-NULL-dereference.patch
to fix a NULL dereference in PdfPage::GetFromResources()
(bsc#1032019, CVE-2017-7380)
- Added
* r1849-Fix-CVE-2017-7994-NULL-dereference.patch
to fix a NULL dereference in TextExtractor::ExtractText()
(bsc#1035534, CVE-2017-7994)
- Added
* r1850-Fix-a-memory-leak-on-document-load-exception-in-podofotxtextract.patch
to fix a memory leak in podofotxtextract when an exception was raised
while loading a document.
- Added
* r1851-Fix-for-CVE-2017-8787-Read-out-of-buffer-size.patch
to fix an out of bounds read in PdfXRefStreamParserObject::ReadXRefStreamEntry()
(bsc#1037739, CVE-2017-8787)
- Added
* r1576-Do-not-get-stuck-in-infite-loop-with-broken-page-tables.patch
to fix an infinite loop with broken page tables.
- Added
* r1872-Fix-CVE-2017-8054-Detect-cycles-in-PdfPagesTree.patch
to detect and break cycles in PdfPagesTree which generated an infinite
recursion (bsc#1035596, CVE-2017-8054)
-------------------------------------------------------------------
Fri Jun 15 12:06:51 UTC 2018 - alarrosa@suse.com
- Added
* r1594-Fixed-compilation-on-Apple-platforms.patch
* r1600-Get-PoDoFo-build-under-Visual-Studio-2008.patch
* r1791-Fix-build-failure-with-OpenSSL-1.1.patch
to fix build with openSSL 1.1
- Added
* r1909-Fix-for-CVE-2018-8001-heap-based-buffer-over-read-in-UnescapeName.patch
to fix bsc#1084894, CVE-2018-8001
- Added
* r1709-CMake-compatibility-and-TestFilter-build-fixes.patch
slightly modified to work with SLE's version of cmake and apply a fix for
FilterTest.cpp
- Added
* r1793-Address-some-of-the-issues-reported-by-CoverityScan.patch
to apply better the next patches and to fix a large number of issues. The
original patch from upstream breaks binary compatibility by removing an unused
member variable (m_eVersion) from the PdfDocument class. I changed the patch to
leave it there so the class size doesn't change.
- Added
* r1833-Fix-a-crash-when-passing-a-PDF-file-.patch
to fix a crash when passing a PDF file with an encryption dictionary
reference to a nonexistent object
-------------------------------------------------------------------
Wed Dec 11 20:46:51 UTC 2013 - hrvoje.senjan@gmail.com
- Added remove-internal-findfreetype-references.patch: fixes build
with freetype2 2.5.1 as internal copy is broken. It is also better
practice to use cmake's FindPackage modules
-------------------------------------------------------------------
Sun Mar 31 18:46:29 UTC 2013 - asterios.dramis@gmail.com
- Update to version 0.9.2:
* Many bug fixes which were made over the last two years.
* New encryption support based on OpenSSL. OpenSSL is now a mandatory
requirement.
- Removed podofobox.1_fix.patch (not needed anymore).
- Added a patch (podofo-0.9.2-soname.patch) to update the soname of the library
(http://sourceforge.net/apps/mantisbt/podofo/view.php?id=54).
- Added build requirements libcppunit-devel and libidn-devel.
- Build the devel docs (added doxygen build requirement).
-------------------------------------------------------------------
Mon Jan 7 04:12:21 UTC 2013 - mrdocs@opensuse.org
- fix build on SLES
-------------------------------------------------------------------
Sat Mar 17 14:11:54 UTC 2012 - dimstar@opensuse.org
- Change lua-devel BuildRequires to lua51-devel on openSUSE > 12.1:
the code is not ready to work with lua 5.2.
-------------------------------------------------------------------
Tue Nov 29 14:20:11 CET 2011 - ro@suse.de
- use _lib macro to properly determine lib suffix
-------------------------------------------------------------------
Wed May 25 20:43:50 UTC 2011 - asterios.dramis@gmail.com
- Update to version 0.9.1:
* Bug fixes and optimizations.
* Added a man page for podofogc.
From 0.9.0:
* Lot's of bug fixes for PDF parsing, PDF creation and in several other
areas.
* New compact write mode to create slightly smaller PDF files.
* Initial PDF signature support.
* Support for the 14 standard Type1 fonts.
* Improved font and encoding support (e.g. creation of fonts from existing
objects).
* New tools, e.g. podofocolor.
- Spec files updates:
* Changes based on spec-cleaner run.
* Changes in License.
* Updates in Group:, Summary: and %description entries.
* Updates in %build section for lib64 compilation.
* Minor other updates.
- Added a patch for podofobox.1 to fix an rpmlint warning.
-------------------------------------------------------------------
Thu Oct 28 09:05:32 UTC 2010 - mrdocs@opensuse.org
-version update to 0.8.4
* Build fixes for various plaforms - mostly for Windows/VS2008
-------------------------------------------------------------------
Thu Oct 21 23:49:29 CEST 2010 - mrdocs@opensuse.org
-new version 0.8.3
* Added a new write mode for PDFs, which is default, to create
more compact PDFs;
* Extended several APIs, e.g. image interpolation support,
image chroma key support, or selection of base14 fonts
* Fixed bugs in the predictor implementation
* Fixed encryption of unicode strings
* Fixed namestree implementation (root shall not have a Limits key)
* Fixed detection of inline image data and support for inline images larger than 4KB
* Several optimizations, bugs fixes and fixed a minor memory leak
-------------------------------------------------------------------
Thu Sep 9 20:52:07 UTC 2010 - mrdocs@opensuse.org
-more spec file cleanups
-add missing libpng-devel
-------------------------------------------------------------------
Thu Sep 9 20:30:15 UTC 2010 - mrdocs@opensuse.org
-version bump to 0.8.2
-many many bug fixes and build issues
-add lua-devel, which adds imposition capabilites
-------------------------------------------------------------------
Thu Jul 1 14:03:06 UTC 2010 - toms@suse.de
- Corrected licence
-------------------------------------------------------------------
Tue May 11 06:49:54 UTC 2010 - toms@suse.de
- Updated to 0.8.0, taken patches from hgraeber
. remove so number form devel package
-------------------------------------------------------------------
Tue Jul 28 14:08:00 CEST 2009 - toms@suse.de
- Taken from home:/mrdocs and corrected SPEC file:
. Added typical SUSE header
. Install section now contains the correct lines
. Changed devel package name to libpodofo0_6_99-devel
. Create this .changes file
-------------------------------------------------------------------
Thu Jan 01 00:00:00 CEST 2009 - mrdocs at opensuse.org
- 0.7.0 release
-------------------------------------------------------------------
Sun Oct 05 00:00:00 CEST 2008 - hub@figuiere.net
- Package closer to policies: split.
-------------------------------------------------------------------
Mon Jul 05 00:00:00 CEST 2008 - mrdocs at opensuse.org
- 0.6 release
-------------------------------------------------------------------
Sat Jul 12 00:00:00 CEST 2008 - mrdocs at opensuse.org
- new svn snapshot of upcoming 0.6.0
- add openssl-devel dependency
- 64 bit builds fixed
-------------------------------------------------------------------
Mon Aug 27 00:00:00 CEST 2007 - mrdocs at opensuse.org
- enable debug package
-------------------------------------------------------------------
Wed Aug 08 00:00:00 CEST 2007 - mrdocs at opensuse.org
- revert back to 0.5.0 as the API is unstable
-------------------------------------------------------------------
Tue Aug 01 00:00:00 CEST 2007 - mrdocs at scribus.info
- new svn snapshot with 64 bit build support
-------------------------------------------------------------------
Thu Jul 26 00:00:00 CEST 2007 - mrdocs at scribus.info
- version upgrade
- use cmake as autotools are no longer supported
-------------------------------------------------------------------
Tue Dec 26 00:00:00 CEST 2006 - Bernhard Walle <bwalle@suse.de>
- initial package
