SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libpodofo2-0.10.4-lp155.98.1.x86_64.rpm :

* Mon Oct 07 2024 Dominique Leuenberger - Don\'t produce podofo.rpm when tools are disabled (bcond_with): the podofo main package only contained readme and license files (boo#1231058).
* Sun Sep 08 2024 Cliff Zhao - Add podofo-CVE-2019-20093.patch: Backport from upstream proposed fix, Fix denial of service (NULL pointer dereference) in PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h. https://sourceforge.net/p/podofo/tickets/75/ (CVE-2019-20093, bsc#1159921)
* Sat Sep 07 2024 Cliff Zhao - update to 0.10.4:
* StandardStreamDevice: Fixed seek() in case of iostream/fstream
* PdfWriter: Fixed computing the doc identifier with a wrong buffer
* PdfPainter: Fix SetCurrentMatrix() to really update CTM
* Fixed compilation in mingw < 12
* PdfCIDToGIDMap: Fixed map reading
* PdfPainter: Fixed offset on multiline text if text is not left aligned
* Sat Dec 30 2023 Dirk Müller - update to 0.10.3:
* Fixed big performance regression introduced in 0.10, see #108
* Fixed data loss with encrypted documents, see #99
* Fixed compilation with VS2022 >= 17.8
* Fixed compilation using libxml >= 2.12.0
* Sun Dec 03 2023 Wang Jun - Update to 0.10.2
* Security related bugfixes #76, #89, #96
* Some compilation and test fixes
* Drop podofo_security-fixes-validate-more-encrypt-dictionary-parameters.patch, Drop podofo_security-fixes-handling-of-invalid-XRef-stream-entries.patch, All these fixes have been merged by upstream. (bsc#1213720)
* Fri Jun 30 2023 ecsos - Update to 0.10.1 - Security bugfixes, #66, #67, #69, #70, #71, #72 - Rewritten PdfPageCollection for performance - PdfCMapEncoding: Fix parsing some invalid CMap(s) supported by Acrobat - PdfXRefStreamParserObject: Fixed handling of invalid XRef stream entries (bsc#1213720) - PdfEncrypt: Validate more encrypt dictionary parameters (bsc#1213720) - Support compilation of the library header (not the library itself) with C++20- Changes from 0.10.0 The release is complete re-imagination of PoDoFo 0.9.x API in C++17, and it\'s API/ABI incompatible with the previous releases. - PdfPage/PdfAnnotationCollection/PdfAnnotation: Now functions with rect input assume it to be using the canonical coordinate system with no rotation - PdfImage: Added support for CYMK jpeg - PdfParser: Cleaned FindToken2 -> FindTokenBackward - Renamed base source folder -> main - PdfPainter: Revamped API, added full state inspection with current point, added added PdfPainterTextContext to handle text object operations Use it with PdfPainter::Text instance member. Added PdfContentStreamOperators low level interface for PdfPainter moved SmoothCurveTo, QuadCurveTo SmoothQuadCurveTo, ArcTo, Arc, to an helper structure until cleaned - PdfFontMetrics: Added FilePath/FaceIndex for debugging, when available - PdfFont: Renamed GetStringLength() overloads with PdfString to GetEncodedStringLength() - PdfFontManager: Renamed GetFont() -> SearchFont() Re-Added better GetOrCreateFont() from file/buffer - PdfEncrypt: Cleaned factory methods - Added PdfArray::FindAtAs(), PdfArray::FindAtAsSafe(), PdfArray::TryFindAtAs(), PdfArray::GetAtAs(), PdfArray::GetAtAsSafe(), PdfArray::TryGetAtAs() - Added PdfDictionary::FindKeyAsSafe() and PdfDictionary::TryFindKeyAs() - PdfDictionary::AddKeyIndirect/PdfArray::AddKeyIndirect accepts a reference - PdfAnnotation/PdfField API review - PdfDate: Introduced PdfDate::LocalNow() and PdfDate::UtcNow() and default constructor is epoch time instead - Renamed PdfDocument::GetNameTree() -> GetNames() - PdfObject: Flate compress on write objects that have no filters - PdfMemDocument does collect garbage by default when saving - PdfField/PdfAnntation: Fully reworked the hierarchy and added proper fields ownership - Added PdfField::GetParent(), PdfField::GetChildren() - PdfImage: Cleaned/reviewed/fixed SetData()/SetDataRaw() - Renamed PdfPageTree -> PdfPageCollection - Added XMP metadata reading/saving. Added PdfMetadata class - Added text extraction API - Review I/O API: Merged InputDevice/OutputDevice into StreamDevice. New hierarchy deriving StreamDevice - Reviewed PdfObjectStream API: added streaming operations, GetInputStream(), GetOutputStream(). Renamed GetFilteredCopy() -> GetUnwrappedCopy()/UnwrapTo(). They only unwrap non media filters (see PdfImage::DecodeTo for media ones). Added proper copy and move assignment operators - PdfImage: Added DecodeTo(pixelFormat)- Changes from other older versions See https://github.com/podofo/podofo/blob/master/CHANGELOG.md- Change source url to new location.- Drop podofo-gcc12.patch because source no longer exists.- Enable of compilation of tools.- Add podofo-tools_man.patch to fix missing man pages for tools.
* Wed May 04 2022 Marcus Meissner - source url switched to https
* Wed May 04 2022 Christophe Giboudeaux - Update to 0.9.8. No changelog. This version ships security fixes:
* Check that /DecodeParams values are in range (boo#1127514, CVE-2018-20797)
* CVE-2019-10723 - Excessive memory allocation crash at PdfPagesTreeCache (boo#1131544)
* CVE-2018-12983 - stack-based buffer over-read in PdfEncryptMD5Base::ComputeEncryptionKey() (boo#1099719)- Drop patches, now upstream:
* podofo-CVE-2019-10723.patch
* podofo-CVE-2018-12983.patch- Drop patch podofo-CVE-2019-20093.patch: The upstream comment consider the svn repo r2035 doesn\'t dereference the NULL pointer, and this security issue already could ends with an error. The corresponding edition in git repo merged in this release. (CVE-2019-20093, bsc#1159921)
* Wed Feb 16 2022 Christophe Giboudeaux - Add GCC12 compatibility fix from Fedora (boo#1194962):
* podofo-gcc12.patch- Add upstream changes:
* podofo-CVE-2019-10723.patch (boo#1131544, CVE-2019-10723)
* podofo-CVE-2018-12983.patch (boo#1099719, CVE-2018-12983)
* Mon Jun 07 2021 Christophe Giboudeaux - Explicitly require libboost_headers_devel. Some public headers include boost ones.
* Wed Apr 14 2021 Ferdinand Thiessen - Update to version 0.9.7- Cleanup of the spec file- Dropped upstream fixed patches: r1933-Really-fix-CVE-2017-7381.patch, r1936-Really-fix-CVE-2017-7382.patch r1937-Really-fix-CVE-2017-7383.patch, r1942-Fix-build-with-cmake-ge-3.12.patch r1938-Fix-CVE-2018-11256-PdfError-info-gives-not-found-page-0-based.patch r1941-Fix-CVE-2017-8054-and-other-issues-keeping-binary-compat.patch r1945-Fix-possible-incompatibility-of-PdfAESStream-with-OpenSSL-1.1.0g.patch r1948-Fix-CVE-2018-12982-implementing-inline-PdfDictionary-MustGetKey.patch r1949-Fix-CVE-2018-5783-by-introducing-singleton-limit-for-indirect-objects-keeping-binary-compat.patch r1950-Fix-null-pointer-dereference-in-PdfTranslator-setTarget.patch r1952-Fix-CVE-2018-11255-Null-pointer-dereference-in-PdfPage-GetPageNumber.patch r1953-Fix-CVE-2018-14320-Possible-undefined-behaviour-in-PdfEncoding-ParseToUnicode.patch r1954-Fix-CVE-2018-20751-null-pointer-dereference-in-crop_page-of-tools-podofocrop.patch r1961-EncryptTest-Fix-buffer-overflow-in-decrypted-out-buffer-in-TestEncrypt.patch r1963-Fix-heap-based-buffer-overflow-vulnerability-in-PoDoFo-PdfVariant-DelayedLoad.patch r1969-Fix-CVE-2019-9687-heap-based-buffer-overflow.patch r1950-Fix-null-pointer-dereference-in-PdfTranslator-setTarget.patch (CVE-2018-19532, bsc#1117514) podofo-CVE-2019-9199.patch (CVE-2019-9199, bsc#1127855)
* Wed May 15 2019 qzheng - Add r1969-Fix-CVE-2019-9687-heap-based-buffer-overflow.patch (boo#1129290, CVE-2019-9687).
* Wed Feb 20 2019 Antonio Larrosa - Add patches from upstream to fix several CVEs:
* r1933-Really-fix-CVE-2017-7381.patch to fix a null pointer dereference (bsc#1032020, CVE-2017-7381)
* r1936-Really-fix-CVE-2017-7382.patch to fix a null pointer dereference (bsc#1032021, CVE-2017-7382)
* r1937-Really-fix-CVE-2017-7383.patch to fix a null pointer dereference (bsc#1032022, CVE-2017-7383)
* r1938-Fix-CVE-2018-11256-PdfError-info-gives-not-found-page-0-based.patch to fix a null pointer dereference Denial of Service (bsc#1096889, CVE-2018-11256)
* r1941-Fix-CVE-2017-8054-and-other-issues-keeping-binary-compat.patch This patch was rebased from the one upstream so that it applies correctly and modified so it doesn\'t break binary compatibility. (CVE-2017-8054, boo#1035596)
* r1945-Fix-possible-incompatibility-of-PdfAESStream-with-OpenSSL-1.1.0g.patch
* r1948-Fix-CVE-2018-12982-implementing-inline-PdfDictionary-MustGetKey.patch This patch was rebased from the one upstream so that it applies correctly. (CVE-2018-12982, boo#1099720)
* r1949-Fix-CVE-2018-5783-by-introducing-singleton-limit-for-indirect-objects-keeping-binary-compat.patch This patch was rebased from the one upstream so that it applies correctly and modified so it doesn\'t break binary compatibility. (CVE-2018-5783, boo#1076962)
* r1950-Fix-null-pointer-dereference-in-PdfTranslator-setTarget.patch
* r1952-Fix-CVE-2018-11255-Null-pointer-dereference-in-PdfPage-GetPageNumber.patch (CVE-2018-11255, boo#1096890)
* r1953-Fix-CVE-2018-14320-Possible-undefined-behaviour-in-PdfEncoding-ParseToUnicode.patch (CVE-2018-14320, boo#1108764)
* r1954-Fix-CVE-2018-20751-null-pointer-dereference-in-crop_page-of-tools-podofocrop.patch (CVE-2018-20751, boo#1124357)
* r1961-EncryptTest-Fix-buffer-overflow-in-decrypted-out-buffer-in-TestEncrypt.patch This patch was rebased from the one upstream so that it applies correctly.
* r1963-Fix-heap-based-buffer-overflow-vulnerability-in-PoDoFo-PdfVariant-DelayedLoad.patch- Renamed fix-build.patch to r1942-Fix-build-with-cmake-ge-3.12.patch to keep its name consistent with the other upstream patches.
* Tue Oct 16 2018 Christophe Giboudeaux - Add fix-build.patch to fix a build issue with recent CMake versions.- Run spec-cleaner
* Wed Jul 18 2018 plinnellAATTopensuse.org- Update to 0.9.6- drop patches from upstream all are now upstream: (CVE-2017-5852, boo#1023067, CVE-2017-5853, boo#1023069, CVE-2017-5854, boo#1023070, CVE-2017-5855, boo#1023071, CVE-2017-5886, boo#1023380, CVE-2017-6840, boo#1027787, CVE-2017-6844, boo#1027782, CVE-2017-6845, boo#1027779, CVE-2017-6847, boo#1027778, CVE-2017-7378, boo#1032017, CVE-2017-7379, boo#1032018, CVE-2017-7380, boo#1032019, CVE-2017-7994, boo#1035534, CVE-2017-8054, boo#1035596, CVE-2017-8787, boo#1037739, CVE-2018-5295, boo#1075026, CVE-2018-5296, boo#1075021, CVE-2018-5308, boo#1075772, CVE-2018-5309, boo#1075322, CVE-2018-8001, boo#1084894)
* 0001-fix-a-crash-when-passing-a-PDF-file-with-an-encryption-dictionary-ref.patch
* 0002-fix-stack-overflow-crash-when-XRef-record-references-itself.patch
* 0003-Fix-for-CVE-2017-5852-with-added-error-code.patch
* 0004-Fix-for-CVE-2017-5854.patch
* 0005-Fix-for-CVE-2017-5886.patch
* 0006-Extend-fix-for-CVE-2017-5852.patch
* 0007-Fix-CVE-2017-5853-signed-integer-overflow-and-CVE-2017-6844-buffer-overflow.patch
* 0008-Fix-infinite-loop-in-GetPageNumber-if-Parent-chain-contains-a-loop.patch
* 0009-Fix-CVE-2017-7379-encoding-array-too-short-to-encode-decode-code-point-0xffff.patch
* 0010-Fix-CVE-2017-5855-CVE-2018-5296-NULL-pointer-dereference-in-PoDoFo-PdfParser-ReadXRefSubsection.patch
* 0011-Fix-CVE-2017-6840-Out-of-bounds-read-in-ColorChanger-GetColorFromStack.patch
* 0012-Correct-fix-for-CVE-2017-6840-Too-strict-check-for-given-arguments.patch
* 0013-Fix-CVE-2017-6847-NULL-pointer-dereference-when-reading-XObject-without-BBox.patch
* 0014-Fix-CVE-2017-7378-Out-of-bounds-read-in-PdfPainter-ExpandTabs.patch
* 0015-Fix-CVE-2017-7380-NULL-dereference-in-PdfPage-GetFromResources.patch
* 0016-Fix-CVE-2017-7994-NULL-dereference-in-TextExtractor-ExtractText.patch
* 0017-Fix-a-memory-leak-on-document-load-exception-in-podofotxtextract.patch
* 0018-Fix-for-CVE-2017-8787-Read-out-of-buffer-size-in-PdfXRefStreamParserObject-ReadXRefStreamEntry.patch
* 0019-Changes-needed-to-compile-podofo.patch
* 0020-Fix-regression-from-0007.patch
* 0021-Fix-a-build-break-with-OpenSSL-1.1.0f-configured-with-disable-deprecated-option.patch
* 0022-Correct-boundary-comparison-in-PdfListField::GetItemDisplayText.patch
* 0023-Correct-in-parameter-test-in-PdfMemoryOutputStream-Write.patch
* 0024-Fix-CVE-2017-8054-Detect-cycles-in-PdfPagesTree.patch
* 0025-Related-to-CVE-2018-5308.patch
* 0026-Revert-part-of-0024.patch
* 0027-Correction-for-reverted-part-of-CVE-2017-8054-fix-in-0027.patch
* 0028-Fix-for-CVE-2018-5295-Integer-overflow-at-PdfXRefStreamParserObject-ParseStream.patch
* 0029-Try-to-address-an-eventual-use-after-free-in-PdfObject.patch
* 0030-Fix-CVE-2017-6845-Do-not-disable-PODOFO_RAISE_LOGIC_IF-for-Release-builds.patch
* 0031-Fix-clamping-avoiding-crashes-in-PdfPagesTree-InsertPage.patch
* 0032-Fix-wrong-use-of-memcpy-instead-of-wmemcpy.patch
* 0033-Fix-for-CVE-2018-5309-integer-overflow-in-the-PdfObjectStreamParserObject-ReadObjectsFromStream.patch
* 0034-Fix-for-CVE-2018-8001-heap-based-buffer-over-read-in-UnescapeName.patch
* fix-missing-include.patch
* Thu Mar 15 2018 alarrosaAATTsuse.com- Add patches from upstream to fix many issues (CVE-2017-5852, boo#1023067, CVE-2017-5853, boo#1023069, CVE-2017-5854, boo#1023070, CVE-2017-5855, boo#1023071, CVE-2017-5886, boo#1023380, CVE-2017-6840, boo#1027787, CVE-2017-6844, boo#1027782, CVE-2017-6845, boo#1027779, CVE-2017-6847, boo#1027778, CVE-2017-7378, boo#1032017, CVE-2017-7379, boo#1032018, CVE-2017-7380, boo#1032019, CVE-2017-7994, boo#1035534, CVE-2017-8054, boo#1035596, CVE-2017-8787, boo#1037739, CVE-2018-5295, boo#1075026, CVE-2018-5296, boo#1075021, CVE-2018-5308, boo#1075772, CVE-2018-5309, boo#1075322, CVE-2018-8001, boo#1084894)
* 0001-fix-a-crash-when-passing-a-PDF-file-with-an-encryption-dictionary-ref.patch
* 0002-fix-stack-overflow-crash-when-XRef-record-references-itself.patch
* 0003-Fix-for-CVE-2017-5852-with-added-error-code.patch
* 0004-Fix-for-CVE-2017-5854.patch
* 0005-Fix-for-CVE-2017-5886.patch
* 0006-Extend-fix-for-CVE-2017-5852.patch
* 0007-Fix-CVE-2017-5853-signed-integer-overflow-and-CVE-2017-6844-buffer-overflow.patch
* 0008-Fix-infinite-loop-in-GetPageNumber-if-Parent-chain-contains-a-loop.patch
* 0009-Fix-CVE-2017-7379-encoding-array-too-short-to-encode-decode-code-point-0xffff.patch
* 0010-Fix-CVE-2017-5855-CVE-2018-5296-NULL-pointer-dereference-in-PoDoFo-PdfParser-ReadXRefSubsection.patch
* 0011-Fix-CVE-2017-6840-Out-of-bounds-read-in-ColorChanger-GetColorFromStack.patch
* 0012-Correct-fix-for-CVE-2017-6840-Too-strict-check-for-given-arguments.patch
* 0013-Fix-CVE-2017-6847-NULL-pointer-dereference-when-reading-XObject-without-BBox.patch
* 0014-Fix-CVE-2017-7378-Out-of-bounds-read-in-PdfPainter-ExpandTabs.patch
* 0015-Fix-CVE-2017-7380-NULL-dereference-in-PdfPage-GetFromResources.patch
* 0016-Fix-CVE-2017-7994-NULL-dereference-in-TextExtractor-ExtractText.patch
* 0017-Fix-a-memory-leak-on-document-load-exception-in-podofotxtextract.patch
* 0018-Fix-for-CVE-2017-8787-Read-out-of-buffer-size-in-PdfXRefStreamParserObject-ReadXRefStreamEntry.patch
* 0019-Changes-needed-to-compile-podofo.patch
* 0020-Fix-regression-from-0007.patch
* 0021-Fix-a-build-break-with-OpenSSL-1.1.0f-configured-with-disable-deprecated-option.patch
* 0022-Correct-boundary-comparison-in-PdfListField::GetItemDisplayText.patch
* 0023-Correct-in-parameter-test-in-PdfMemoryOutputStream-Write.patch
* 0024-Fix-CVE-2017-8054-Detect-cycles-in-PdfPagesTree.patch
* 0025-Related-to-CVE-2018-5308.patch
* 0026-Revert-part-of-0024.patch
* 0027-Correction-for-reverted-part-of-CVE-2017-8054-fix-in-0027.patch
* 0028-Fix-for-CVE-2018-5295-Integer-overflow-at-PdfXRefStreamParserObject-ParseStream.patch
* 0029-Try-to-address-an-eventual-use-after-free-in-PdfObject.patch
* 0030-Fix-CVE-2017-6845-Do-not-disable-PODOFO_RAISE_LOGIC_IF-for-Release-builds.patch
* 0031-Fix-clamping-avoiding-crashes-in-PdfPagesTree-InsertPage.patch
* 0032-Fix-wrong-use-of-memcpy-instead-of-wmemcpy.patch
* 0033-Fix-for-CVE-2018-5309-integer-overflow-in-the-PdfObjectStreamParserObject-ReadObjectsFromStream.patch
* 0034-Fix-for-CVE-2018-8001-heap-based-buffer-over-read-in-UnescapeName.patch
* fix-missing-include.patch
* Sun Dec 11 2016 plinnellAATTopensuse.org- update to 0.9.5- no change log, but it is available online at: https://sourceforge.net/p/podofo/code/commit_browser
* Sun Dec 11 2016 plinnellAATTopensuse.org- update to 0.9.4- no change log, but it is available online at: https://sourceforge.net/p/podofo/code/commit_browser
 
ICM