Overview
Request 1096116 accepted
- Update to 0.10.1
- Security bugfixes, #66, #67, #69, #70, #71, #72
- Rewritten PdfPageCollection for performance
- PdfCMapEncoding: Fix parsing some invalid CMap(s) supported by Acrobat
- PdfXRefStreamParserObject: Fixed handling of invalid XRef stream entries
- Support compilation of the library header (not the library itself) with C++20
- Changes from 0.10.0
The release is complete re-imagination of PoDoFo 0.9.x API in C++17,
and it's API/ABI incompatible with the previous releases.
- PdfPage/PdfAnnotationCollection/PdfAnnotation: Now functions with rect input assume it
to be using the canonical coordinate system with no rotation
- PdfImage: Added support for CYMK jpeg
- PdfParser: Cleaned FindToken2 -> FindTokenBackward
- Renamed base source folder -> main
- PdfPainter: Revamped API, added full state inspection with current point,
added added PdfPainterTextContext to handle text object operations
Use it with PdfPainter::Text instance member. Added PdfContentStreamOperators
low level interface for PdfPainter moved SmoothCurveTo, QuadCurveTo SmoothQuadCurveTo,
ArcTo, Arc, to an helper structure until cleaned
- PdfFontMetrics: Added FilePath/FaceIndex for debugging, when available
- PdfFont: Renamed GetStringLength() overloads with PdfString to GetEncodedStringLength()
- PdfFontManager: Renamed GetFont() -> SearchFont() Re-Added better GetOrCreateFont() from file/buffer
- PdfEncrypt: Cleaned factory methods
- Added PdfArray::FindAtAs(), PdfArray::FindAtAsSafe(), PdfArray::TryFindAtAs(),
PdfArray::GetAtAs(), PdfArray::GetAtAsSafe(), PdfArray::TryGetAtAs()
- Added PdfDictionary::FindKeyAsSafe() and PdfDictionary::TryFindKeyAs()
- PdfDictionary::AddKeyIndirect/PdfArray::AddKeyIndirect accepts a reference
- PdfAnnotation/PdfField API review
- PdfDate: Introduced PdfDate::LocalNow() and PdfDate::UtcNow() and default constructor is epoch time instead
- Renamed PdfDocument::GetNameTree() -> GetNames()
- PdfObject: Flate compress on write objects that have no filters
- PdfMemDocument does collect garbage by default when saving
- PdfField/PdfAnntation: Fully reworked the hierarchy and added proper fields ownership
- Added PdfField::GetParent(), PdfField::GetChildren()
- PdfImage: Cleaned/reviewed/fixed SetData()/SetDataRaw()
- Renamed PdfPageTree -> PdfPageCollection
- Added XMP metadata reading/saving. Added PdfMetadata class
- Added text extraction API
- Review I/O API: Merged InputDevice/OutputDevice into StreamDevice.
New hierarchy deriving StreamDevice
- Reviewed PdfObjectStream API: added streaming operations, GetInputStream(),
GetOutputStream(). Renamed GetFilteredCopy() -> GetUnwrappedCopy()/UnwrapTo().
They only unwrap non media filters (see PdfImage::DecodeTo for media ones).
Added proper copy and move assignment operators
- PdfImage: Added DecodeTo(pixelFormat)
- Changes from other older versions
See https://github.com/podofo/podofo/blob/master/CHANGELOG.md
- Change source url to new location.
- Drop podofo-gcc12.patch because source no longer exists.
- Enable of compilation of tools.
- Add podofo-tools_man.patch to fix missing man pages for tools.
Request History
ecsos created request
- Update to 0.10.1
- Security bugfixes, #66, #67, #69, #70, #71, #72
- Rewritten PdfPageCollection for performance
- PdfCMapEncoding: Fix parsing some invalid CMap(s) supported by Acrobat
- PdfXRefStreamParserObject: Fixed handling of invalid XRef stream entries
- Support compilation of the library header (not the library itself) with C++20
- Changes from 0.10.0
The release is complete re-imagination of PoDoFo 0.9.x API in C++17,
and it's API/ABI incompatible with the previous releases.
- PdfPage/PdfAnnotationCollection/PdfAnnotation: Now functions with rect input assume it
to be using the canonical coordinate system with no rotation
- PdfImage: Added support for CYMK jpeg
- PdfParser: Cleaned FindToken2 -> FindTokenBackward
- Renamed base source folder -> main
- PdfPainter: Revamped API, added full state inspection with current point,
added added PdfPainterTextContext to handle text object operations
Use it with PdfPainter::Text instance member. Added PdfContentStreamOperators
low level interface for PdfPainter moved SmoothCurveTo, QuadCurveTo SmoothQuadCurveTo,
ArcTo, Arc, to an helper structure until cleaned
- PdfFontMetrics: Added FilePath/FaceIndex for debugging, when available
- PdfFont: Renamed GetStringLength() overloads with PdfString to GetEncodedStringLength()
- PdfFontManager: Renamed GetFont() -> SearchFont() Re-Added better GetOrCreateFont() from file/buffer
- PdfEncrypt: Cleaned factory methods
- Added PdfArray::FindAtAs(), PdfArray::FindAtAsSafe(), PdfArray::TryFindAtAs(),
PdfArray::GetAtAs(), PdfArray::GetAtAsSafe(), PdfArray::TryGetAtAs()
- Added PdfDictionary::FindKeyAsSafe() and PdfDictionary::TryFindKeyAs()
- PdfDictionary::AddKeyIndirect/PdfArray::AddKeyIndirect accepts a reference
- PdfAnnotation/PdfField API review
- PdfDate: Introduced PdfDate::LocalNow() and PdfDate::UtcNow() and default constructor is epoch time instead
- Renamed PdfDocument::GetNameTree() -> GetNames()
- PdfObject: Flate compress on write objects that have no filters
- PdfMemDocument does collect garbage by default when saving
- PdfField/PdfAnntation: Fully reworked the hierarchy and added proper fields ownership
- Added PdfField::GetParent(), PdfField::GetChildren()
- PdfImage: Cleaned/reviewed/fixed SetData()/SetDataRaw()
- Renamed PdfPageTree -> PdfPageCollection
- Added XMP metadata reading/saving. Added PdfMetadata class
- Added text extraction API
- Review I/O API: Merged InputDevice/OutputDevice into StreamDevice.
New hierarchy deriving StreamDevice
- Reviewed PdfObjectStream API: added streaming operations, GetInputStream(),
GetOutputStream(). Renamed GetFilteredCopy() -> GetUnwrappedCopy()/UnwrapTo().
They only unwrap non media filters (see PdfImage::DecodeTo for media ones).
Added proper copy and move assignment operators
- PdfImage: Added DecodeTo(pixelFormat)
- Changes from other older versions
See https://github.com/podofo/podofo/blob/master/CHANGELOG.md
- Change source url to new location.
- Drop podofo-gcc12.patch because source no longer exists.
- Enable of compilation of tools.
- Add podofo-tools_man.patch to fix missing man pages for tools.
dstoecker accepted request
Did you see: https://build.opensuse.org/request/show/1087940 by @krop ? He reverted the update to 0.10.0 because none of the packages supported the new version.
Even though "The release is complete re-imagination of PoDoFo 0.9.x API in C++17, and it's API/ABI incompatible with the previous releases." is stated
And it still stands. calibre, krename and scribus don't support the major API changes.
This is not right. Since 6.21.0 calibre need 0.10.0 and since 6.22.0 it needs 0.10.1. Without no build. https://github.com/kovidgoyal/calibre/commit/19537450419d396f5b620ed3b990aadc0946ae4e
6.22 runs here with podofo 0.10.1 under Tumbleweed.
No, i dont't. What should we now do?
For krename i found an issue: https://bugs.kde.org/show_bug.cgi?id=470608 And there is also an update request from upstream.
And for scribus i found: https://bugs.scribus.net/view.php?id=16948
podofo 0.9.8 has some security issues. 6- * podofo-CVE-2023-2241.patch (boo#1210757, CVE-2023-2241) 7- * podofo-CVE-2023-31555.patch (boo#1211302, CVE-2023-31555) 8- * podofo-CVE-2023-31568.patch (boo#1211306, CVE-2023-31568) This will not be fixed from upstream 0.9.8 is dead.
We could branch off the old version into a podofo098 package to keep the old version available until all users are updated.
This is a good idea. Can you do this so so we can update podofo itself?
https://build.opensuse.org/package/show/graphics/podofo098
okay. Great. Can you release my request then?
Okay. Today i have time to look. And now podofo and podofo098 is in graphics. But not in factory. podofo say: Links to openSUSE:Factory / podofo podofo098 say: Links to openSUSE:Factory / podofo And so only podofo version 0.9.8 is in factory. Can you please fix this?
Factory said: Wait for scribus update instead of submitting two library versions, so Factory will keep 0.9.8 for now.
I'm not aware of a new release coming soon. backporting the changes could be tricky.
The 0.9.8 is outdated and has security vulnerabilities. Among other things, it still uses Scribus. Calibre, for example, needs the latest version.
First there must be something to backport...
Why go for a version that is riddled with security holes? But thanks for the info anyway.
Keeping two library versions isn't the easiest choice, so preventing that isn't such a dumb idea (rules for Factory are much more strict than for a devel project). When there is no progress on the scribus-front it's very likely that this decision will be re-evaluated. But ATM I agree with them, that a little waiting does no harm.
The current version doesn't have known ones. The security issues all come from podofo 0.10.
Anyway, I'm working on a scribus update. I'll use a SVN snapshot.
Meanwhile, please backport the quaternion changes, I need a newer quotient version in factory without delay.
Until upstream issues are fixed, I disabled podofo integration in scribus. (sr#1102710)
Any objections to accept? For any use which fails the requires can be adapted to use old version.
When the old should be used longer, then the name of the package and devel file needs to be adapted in 0.9.8 package (otherwise it's strange to have two files with different versions). I only cloned this package for now.
@StefanBruens, @WernerFink, @adrianSuSE, @bruclik, @dstoecker, @jsmeix, @jubalh, @kfreitag, @mseben, @msmeissn, @t-paul, @toganm: review reminder
BTW: The pending Factory submission: https://build.opensuse.org/request/show/1101041