|
|
 |
|
|
Changelog for libpodofo2-0.10.3-bp156.2.11.x86_64.rpm :
* Sat Dec 30 2023 Dirk Müller - update to 0.10.3:
* Fixed big performance regression introduced in 0.10, see #108
* Fixed data loss with encrypted documents, see #99
* Fixed compilation with VS2022 >= 17.8
* Fixed compilation using libxml >= 2.12.0
* Sun Dec 03 2023 Wang Jun - Update to 0.10.2
* Security related bugfixes #76, #89, #96
* Some compilation and test fixes
* Fri Jun 30 2023 ecsos - Update to 0.10.1 - Security bugfixes, #66, #67, #69, #70, #71, #72 - Rewritten PdfPageCollection for performance - PdfCMapEncoding: Fix parsing some invalid CMap(s) supported by Acrobat - PdfXRefStreamParserObject: Fixed handling of invalid XRef stream entries - Support compilation of the library header (not the library itself) with C++20- Changes from 0.10.0 The release is complete re-imagination of PoDoFo 0.9.x API in C++17, and it\'s API/ABI incompatible with the previous releases. - PdfPage/PdfAnnotationCollection/PdfAnnotation: Now functions with rect input assume it to be using the canonical coordinate system with no rotation - PdfImage: Added support for CYMK jpeg - PdfParser: Cleaned FindToken2 -> FindTokenBackward - Renamed base source folder -> main - PdfPainter: Revamped API, added full state inspection with current point, added added PdfPainterTextContext to handle text object operations Use it with PdfPainter::Text instance member. Added PdfContentStreamOperators low level interface for PdfPainter moved SmoothCurveTo, QuadCurveTo SmoothQuadCurveTo, ArcTo, Arc, to an helper structure until cleaned - PdfFontMetrics: Added FilePath/FaceIndex for debugging, when available - PdfFont: Renamed GetStringLength() overloads with PdfString to GetEncodedStringLength() - PdfFontManager: Renamed GetFont() -> SearchFont() Re-Added better GetOrCreateFont() from file/buffer - PdfEncrypt: Cleaned factory methods - Added PdfArray::FindAtAs(), PdfArray::FindAtAsSafe(), PdfArray::TryFindAtAs(), PdfArray::GetAtAs(), PdfArray::GetAtAsSafe(), PdfArray::TryGetAtAs() - Added PdfDictionary::FindKeyAsSafe() and PdfDictionary::TryFindKeyAs() - PdfDictionary::AddKeyIndirect/PdfArray::AddKeyIndirect accepts a reference - PdfAnnotation/PdfField API review - PdfDate: Introduced PdfDate::LocalNow() and PdfDate::UtcNow() and default constructor is epoch time instead - Renamed PdfDocument::GetNameTree() -> GetNames() - PdfObject: Flate compress on write objects that have no filters - PdfMemDocument does collect garbage by default when saving - PdfField/PdfAnntation: Fully reworked the hierarchy and added proper fields ownership - Added PdfField::GetParent(), PdfField::GetChildren() - PdfImage: Cleaned/reviewed/fixed SetData()/SetDataRaw() - Renamed PdfPageTree -> PdfPageCollection - Added XMP metadata reading/saving. Added PdfMetadata class - Added text extraction API - Review I/O API: Merged InputDevice/OutputDevice into StreamDevice. New hierarchy deriving StreamDevice - Reviewed PdfObjectStream API: added streaming operations, GetInputStream(), GetOutputStream(). Renamed GetFilteredCopy() -> GetUnwrappedCopy()/UnwrapTo(). They only unwrap non media filters (see PdfImage::DecodeTo for media ones). Added proper copy and move assignment operators - PdfImage: Added DecodeTo(pixelFormat)- Changes from other older versions See https://github.com/podofo/podofo/blob/master/CHANGELOG.md- Change source url to new location.- Drop podofo-gcc12.patch because source no longer exists.- Enable of compilation of tools.- Add podofo-tools_man.patch to fix missing man pages for tools.
* Wed May 04 2022 Marcus Meissner - source url switched to https
* Wed May 04 2022 Christophe Giboudeaux - Update to 0.9.8. No changelog. This version ships security fixes:
* Check that /DecodeParams values are in range (boo#1127514, CVE-2018-20797)
* CVE-2019-10723 - Excessive memory allocation crash at PdfPagesTreeCache (boo#1131544)
* CVE-2018-12983 - stack-based buffer over-read in PdfEncryptMD5Base::ComputeEncryptionKey() (boo#1099719)- Drop patches, now upstream:
* podofo-CVE-2019-10723.patch
* podofo-CVE-2018-12983.patch
* Wed Feb 16 2022 Christophe Giboudeaux - Add GCC12 compatibility fix from Fedora (boo#1194962):
* podofo-gcc12.patch- Add upstream changes:
* podofo-CVE-2019-10723.patch (boo#1131544, CVE-2019-10723)
* podofo-CVE-2018-12983.patch (boo#1099719, CVE-2018-12983)
* Mon Jun 07 2021 Christophe Giboudeaux - Explicitly require libboost_headers_devel. Some public headers include boost ones.
* Wed Apr 14 2021 Ferdinand Thiessen - Update to version 0.9.7- Cleanup of the spec file- Dropped upstream fixed patches: r1933-Really-fix-CVE-2017-7381.patch, r1936-Really-fix-CVE-2017-7382.patch r1937-Really-fix-CVE-2017-7383.patch, r1942-Fix-build-with-cmake-ge-3.12.patch r1938-Fix-CVE-2018-11256-PdfError-info-gives-not-found-page-0-based.patch r1941-Fix-CVE-2017-8054-and-other-issues-keeping-binary-compat.patch r1945-Fix-possible-incompatibility-of-PdfAESStream-with-OpenSSL-1.1.0g.patch r1948-Fix-CVE-2018-12982-implementing-inline-PdfDictionary-MustGetKey.patch r1949-Fix-CVE-2018-5783-by-introducing-singleton-limit-for-indirect-objects-keeping-binary-compat.patch r1950-Fix-null-pointer-dereference-in-PdfTranslator-setTarget.patch r1952-Fix-CVE-2018-11255-Null-pointer-dereference-in-PdfPage-GetPageNumber.patch r1953-Fix-CVE-2018-14320-Possible-undefined-behaviour-in-PdfEncoding-ParseToUnicode.patch r1954-Fix-CVE-2018-20751-null-pointer-dereference-in-crop_page-of-tools-podofocrop.patch r1961-EncryptTest-Fix-buffer-overflow-in-decrypted-out-buffer-in-TestEncrypt.patch r1963-Fix-heap-based-buffer-overflow-vulnerability-in-PoDoFo-PdfVariant-DelayedLoad.patch r1969-Fix-CVE-2019-9687-heap-based-buffer-overflow.patch
* Wed May 15 2019 qzheng - Add r1969-Fix-CVE-2019-9687-heap-based-buffer-overflow.patch (boo#1129290, CVE-2019-9687).
* Wed Feb 20 2019 Antonio Larrosa - Add patches from upstream to fix several CVEs:
* r1933-Really-fix-CVE-2017-7381.patch to fix a null pointer dereference (bsc#1032020, CVE-2017-7381)
* r1936-Really-fix-CVE-2017-7382.patch to fix a null pointer dereference (bsc#1032021, CVE-2017-7382)
* r1937-Really-fix-CVE-2017-7383.patch to fix a null pointer dereference (bsc#1032022, CVE-2017-7383)
* r1938-Fix-CVE-2018-11256-PdfError-info-gives-not-found-page-0-based.patch to fix a null pointer dereference Denial of Service (bsc#1096889, CVE-2018-11256)
* r1941-Fix-CVE-2017-8054-and-other-issues-keeping-binary-compat.patch This patch was rebased from the one upstream so that it applies correctly and modified so it doesn\'t break binary compatibility. (CVE-2017-8054, boo#1035596)
* r1945-Fix-possible-incompatibility-of-PdfAESStream-with-OpenSSL-1.1.0g.patch
* r1948-Fix-CVE-2018-12982-implementing-inline-PdfDictionary-MustGetKey.patch This patch was rebased from the one upstream so that it applies correctly. (CVE-2018-12982, boo#1099720)
* r1949-Fix-CVE-2018-5783-by-introducing-singleton-limit-for-indirect-objects-keeping-binary-compat.patch This patch was rebased from the one upstream so that it applies correctly and modified so it doesn\'t break binary compatibility. (CVE-2018-5783, boo#1076962)
* r1950-Fix-null-pointer-dereference-in-PdfTranslator-setTarget.patch
* r1952-Fix-CVE-2018-11255-Null-pointer-dereference-in-PdfPage-GetPageNumber.patch (CVE-2018-11255, boo#1096890)
* r1953-Fix-CVE-2018-14320-Possible-undefined-behaviour-in-PdfEncoding-ParseToUnicode.patch (CVE-2018-14320, boo#1108764)
* r1954-Fix-CVE-2018-20751-null-pointer-dereference-in-crop_page-of-tools-podofocrop.patch (CVE-2018-20751, boo#1124357)
* r1961-EncryptTest-Fix-buffer-overflow-in-decrypted-out-buffer-in-TestEncrypt.patch This patch was rebased from the one upstream so that it applies correctly.
* r1963-Fix-heap-based-buffer-overflow-vulnerability-in-PoDoFo-PdfVariant-DelayedLoad.patch- Renamed fix-build.patch to r1942-Fix-build-with-cmake-ge-3.12.patch to keep its name consistent with the other upstream patches.
* Tue Oct 16 2018 Christophe Giboudeaux - Add fix-build.patch to fix a build issue with recent CMake versions.- Run spec-cleaner
* Wed Jul 18 2018 plinnellAATTopensuse.org- Update to 0.9.6- drop patches from upstream all are now upstream: (CVE-2017-5852, boo#1023067, CVE-2017-5853, boo#1023069, CVE-2017-5854, boo#1023070, CVE-2017-5855, boo#1023071, CVE-2017-5886, boo#1023380, CVE-2017-6840, boo#1027787, CVE-2017-6844, boo#1027782, CVE-2017-6845, boo#1027779, CVE-2017-6847, boo#1027778, CVE-2017-7378, boo#1032017, CVE-2017-7379, boo#1032018, CVE-2017-7380, boo#1032019, CVE-2017-7994, boo#1035534, CVE-2017-8054, boo#1035596, CVE-2017-8787, boo#1037739, CVE-2018-5295, boo#1075026, CVE-2018-5296, boo#1075021, CVE-2018-5308, boo#1075772, CVE-2018-5309, boo#1075322, CVE-2018-8001, boo#1084894)
* 0001-fix-a-crash-when-passing-a-PDF-file-with-an-encryption-dictionary-ref.patch
* 0002-fix-stack-overflow-crash-when-XRef-record-references-itself.patch
* 0003-Fix-for-CVE-2017-5852-with-added-error-code.patch
* 0004-Fix-for-CVE-2017-5854.patch
* 0005-Fix-for-CVE-2017-5886.patch
* 0006-Extend-fix-for-CVE-2017-5852.patch
* 0007-Fix-CVE-2017-5853-signed-integer-overflow-and-CVE-2017-6844-buffer-overflow.patch
* 0008-Fix-infinite-loop-in-GetPageNumber-if-Parent-chain-contains-a-loop.patch
* 0009-Fix-CVE-2017-7379-encoding-array-too-short-to-encode-decode-code-point-0xffff.patch
* 0010-Fix-CVE-2017-5855-CVE-2018-5296-NULL-pointer-dereference-in-PoDoFo-PdfParser-ReadXRefSubsection.patch
* 0011-Fix-CVE-2017-6840-Out-of-bounds-read-in-ColorChanger-GetColorFromStack.patch
* 0012-Correct-fix-for-CVE-2017-6840-Too-strict-check-for-given-arguments.patch
* 0013-Fix-CVE-2017-6847-NULL-pointer-dereference-when-reading-XObject-without-BBox.patch
* 0014-Fix-CVE-2017-7378-Out-of-bounds-read-in-PdfPainter-ExpandTabs.patch
* 0015-Fix-CVE-2017-7380-NULL-dereference-in-PdfPage-GetFromResources.patch
* 0016-Fix-CVE-2017-7994-NULL-dereference-in-TextExtractor-ExtractText.patch
* 0017-Fix-a-memory-leak-on-document-load-exception-in-podofotxtextract.patch
* 0018-Fix-for-CVE-2017-8787-Read-out-of-buffer-size-in-PdfXRefStreamParserObject-ReadXRefStreamEntry.patch
* 0019-Changes-needed-to-compile-podofo.patch
* 0020-Fix-regression-from-0007.patch
* 0021-Fix-a-build-break-with-OpenSSL-1.1.0f-configured-with-disable-deprecated-option.patch
* 0022-Correct-boundary-comparison-in-PdfListField::GetItemDisplayText.patch
* 0023-Correct-in-parameter-test-in-PdfMemoryOutputStream-Write.patch
* 0024-Fix-CVE-2017-8054-Detect-cycles-in-PdfPagesTree.patch
* 0025-Related-to-CVE-2018-5308.patch
* 0026-Revert-part-of-0024.patch
* 0027-Correction-for-reverted-part-of-CVE-2017-8054-fix-in-0027.patch
* 0028-Fix-for-CVE-2018-5295-Integer-overflow-at-PdfXRefStreamParserObject-ParseStream.patch
* 0029-Try-to-address-an-eventual-use-after-free-in-PdfObject.patch
* 0030-Fix-CVE-2017-6845-Do-not-disable-PODOFO_RAISE_LOGIC_IF-for-Release-builds.patch
* 0031-Fix-clamping-avoiding-crashes-in-PdfPagesTree-InsertPage.patch
* 0032-Fix-wrong-use-of-memcpy-instead-of-wmemcpy.patch
* 0033-Fix-for-CVE-2018-5309-integer-overflow-in-the-PdfObjectStreamParserObject-ReadObjectsFromStream.patch
* 0034-Fix-for-CVE-2018-8001-heap-based-buffer-over-read-in-UnescapeName.patch
* fix-missing-include.patch
* Thu Mar 15 2018 alarrosaAATTsuse.com- Add patches from upstream to fix many issues (CVE-2017-5852, boo#1023067, CVE-2017-5853, boo#1023069, CVE-2017-5854, boo#1023070, CVE-2017-5855, boo#1023071, CVE-2017-5886, boo#1023380, CVE-2017-6840, boo#1027787, CVE-2017-6844, boo#1027782, CVE-2017-6845, boo#1027779, CVE-2017-6847, boo#1027778, CVE-2017-7378, boo#1032017, CVE-2017-7379, boo#1032018, CVE-2017-7380, boo#1032019, CVE-2017-7994, boo#1035534, CVE-2017-8054, boo#1035596, CVE-2017-8787, boo#1037739, CVE-2018-5295, boo#1075026, CVE-2018-5296, boo#1075021, CVE-2018-5308, boo#1075772, CVE-2018-5309, boo#1075322, CVE-2018-8001, boo#1084894)
* 0001-fix-a-crash-when-passing-a-PDF-file-with-an-encryption-dictionary-ref.patch
* 0002-fix-stack-overflow-crash-when-XRef-record-references-itself.patch
* 0003-Fix-for-CVE-2017-5852-with-added-error-code.patch
* 0004-Fix-for-CVE-2017-5854.patch
* 0005-Fix-for-CVE-2017-5886.patch
* 0006-Extend-fix-for-CVE-2017-5852.patch
* 0007-Fix-CVE-2017-5853-signed-integer-overflow-and-CVE-2017-6844-buffer-overflow.patch
* 0008-Fix-infinite-loop-in-GetPageNumber-if-Parent-chain-contains-a-loop.patch
* 0009-Fix-CVE-2017-7379-encoding-array-too-short-to-encode-decode-code-point-0xffff.patch
* 0010-Fix-CVE-2017-5855-CVE-2018-5296-NULL-pointer-dereference-in-PoDoFo-PdfParser-ReadXRefSubsection.patch
* 0011-Fix-CVE-2017-6840-Out-of-bounds-read-in-ColorChanger-GetColorFromStack.patch
* 0012-Correct-fix-for-CVE-2017-6840-Too-strict-check-for-given-arguments.patch
* 0013-Fix-CVE-2017-6847-NULL-pointer-dereference-when-reading-XObject-without-BBox.patch
* 0014-Fix-CVE-2017-7378-Out-of-bounds-read-in-PdfPainter-ExpandTabs.patch
* 0015-Fix-CVE-2017-7380-NULL-dereference-in-PdfPage-GetFromResources.patch
* 0016-Fix-CVE-2017-7994-NULL-dereference-in-TextExtractor-ExtractText.patch
* 0017-Fix-a-memory-leak-on-document-load-exception-in-podofotxtextract.patch
* 0018-Fix-for-CVE-2017-8787-Read-out-of-buffer-size-in-PdfXRefStreamParserObject-ReadXRefStreamEntry.patch
* 0019-Changes-needed-to-compile-podofo.patch
* 0020-Fix-regression-from-0007.patch
* 0021-Fix-a-build-break-with-OpenSSL-1.1.0f-configured-with-disable-deprecated-option.patch
* 0022-Correct-boundary-comparison-in-PdfListField::GetItemDisplayText.patch
* 0023-Correct-in-parameter-test-in-PdfMemoryOutputStream-Write.patch
* 0024-Fix-CVE-2017-8054-Detect-cycles-in-PdfPagesTree.patch
* 0025-Related-to-CVE-2018-5308.patch
* 0026-Revert-part-of-0024.patch
* 0027-Correction-for-reverted-part-of-CVE-2017-8054-fix-in-0027.patch
* 0028-Fix-for-CVE-2018-5295-Integer-overflow-at-PdfXRefStreamParserObject-ParseStream.patch
* 0029-Try-to-address-an-eventual-use-after-free-in-PdfObject.patch
* 0030-Fix-CVE-2017-6845-Do-not-disable-PODOFO_RAISE_LOGIC_IF-for-Release-builds.patch
* 0031-Fix-clamping-avoiding-crashes-in-PdfPagesTree-InsertPage.patch
* 0032-Fix-wrong-use-of-memcpy-instead-of-wmemcpy.patch
* 0033-Fix-for-CVE-2018-5309-integer-overflow-in-the-PdfObjectStreamParserObject-ReadObjectsFromStream.patch
* 0034-Fix-for-CVE-2018-8001-heap-based-buffer-over-read-in-UnescapeName.patch
* fix-missing-include.patch
* Sun Dec 11 2016 plinnellAATTopensuse.org- update to 0.9.5- no change log, but it is available online at: https://sourceforge.net/p/podofo/code/commit_browser
* Sun Dec 11 2016 plinnellAATTopensuse.org- update to 0.9.4- no change log, but it is available online at: https://sourceforge.net/p/podofo/code/commit_browser
|
|
|
