Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:GA
podofo.35912
podofo.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File podofo.changes of Package podofo.35912
------------------------------------------------------------------- Fri Oct 4 12:18:56 UTC 2024 - Antonio Larrosa <alarrosa@suse.com> - Add patch from upstream to fix a heap overflow in ReadXRefSubsection (bsc#1023190, CVE-2015-8981): * r1672-PdfParser-ReadXRefSubsection-Do-not-write-out-of-m_offsets-size.patch - Add patch from upstream to fix a null pointer dereference in PoDoFo:Impose:PdfTranslator:setSource, whose poc was also fixed by r1836-Fix-for-CVE-2017-5854.patch but the proper upstream fix for this is different (bsc#1127855, CVE-2019-9199): * r1971-Fixed-CVE-2019-9199.patch - Add rebased patch from upstream to fix a memory leak in PdfPagesTreeCache (bsc#1131544, CVE-2019-10723): * podofo-CVE-2019-10723.patch ------------------------------------------------------------------- Thu Jun 20 13:28:45 UTC 2024 - Cliff Zhao <qzhao@suse.com> - Add podofo_security-fixes-validate-more-encrypt-dictionary-parameters.patch: Backporting 8f514d69b from upstream. PdfEncrypt: Validate more encrypt dictionary parameters. (bsc#1213720) ------------------------------------------------------------------- Thu Jun 20 09:09:28 UTC 2024 - Cliff Zhao <qzhao@suse.com> - Add podofo_security-fixes-handling-of-invalid-XRef-stream-entries.patch: Backporting 535a786f from upstream. PdfXRefStreamParserObject: Fixed handling of invalid XRef stream entries. (bsc#1213720) ------------------------------------------------------------------- Thu Jun 20 09:08:12 UTC 2024 - Cliff Zhao <qzhao@suse.com> - Add podofo-drop-backup-sources.patch: Drop unused backup sources to clean up the compile env. (bsc#1213720) ------------------------------------------------------------------- Thu Sep 15 19:31:27 UTC 2022 - Michael Gorse <mgorse@suse.com> - Add podofo-CVE-2018-12983.patch: fix a stack overrun (boo#1099719 CVE-2018-12983). ------------------------------------------------------------------- Tue Apr 19 17:19:21 UTC 2022 - Michael Gorse <mgorse@suse.com> - Add podofo-CVE-2019-20093.patch: fix a NULL pointer dereference (boo#1159921 CVE-2019-20093). ------------------------------------------------------------------- Wed Feb 20 16:47:32 UTC 2019 - Antonio Larrosa <alarrosa@suse.com> - Add patches from upstream to fix several CVEs: * r1941-Fix-CVE-2017-8054-and-other-issues-keeping-binary-compat.patch This patch was rebased from the one upstream so that it applies correctly and modified so it doesn't break binary compatibility. (CVE-2017-8054, boo#1035596) * r1948-Fix-CVE-2018-12982-implementing-inline-PdfDictionary-MustGetKey.patch This patch was rebased from the one upstream so that it applies correctly. (CVE-2018-12982, boo#1099720) * r1949-Fix-CVE-2018-5783-by-introducing-singleton-limit-for-indirect-objects-keeping-binary-compat.patch This patch was rebased from the one upstream so that it applies correctly and modified so it doesn't break binary compatibility. (CVE-2018-5783, boo#1076962) * r1950-Fix-null-pointer-dereference-in-PdfTranslator-setTarget.patch * r1952-Fix-CVE-2018-11255-Null-pointer-dereference-in-PdfPage-GetPageNumber.patch (CVE-2018-11255, boo#1096890) * r1954-Fix-CVE-2018-20751-null-pointer-dereference-in-crop_page-of-tools-podofocrop.patch (CVE-2018-20751, boo#1124357) * r1961-EncryptTest-Fix-buffer-overflow-in-decrypted-out-buffer-in-TestEncrypt.patch This patch was rebased from the one upstream so that it applies correctly. * r1963-Fix-heap-based-buffer-overflow-vulnerability-in-PoDoFo-PdfVariant-DelayedLoad.patch - Add patches that are required by some patches above: * r1640-Use-PdfPagesTree-GetChildCount-whenever-possible.patch (rebased) * r1683-Unreachable-code-and-robustness-fixes-in-PdfPagesTree-GetPageNode.patch - Remove fix-CVE-2018-5783.patch and replace it with r1949 (above) which is the fix commited upstream for that CVE. ------------------------------------------------------------------- Wed Sep 19 10:21:07 UTC 2018 - Antonio Larrosa <alarrosa@suse.com> - Add COPYING and COPYING.LIB to fix the FSF address being wrong in the upstream license files. ------------------------------------------------------------------- Tue Sep 18 18:32:50 UTC 2018 - Antonio Larrosa <alarrosa@suse.com> - Removed * r1920-ADDED-Cycle-detection-for-XRef-tables.patch * r1924-Add-PdfRecursionGuard-to-detect-recursions-in-XRef-tables.patch * r1929-Extend-cycle-detection-for-XRef-tables-r1920.patch since they change the ABI of the library. - Modified * r1925-Fix-uncontrolled-memory-allocation-in-the-PdfParser-ReadXRefSubsection-CVE-2018-5296.patch to apply correctly without the removed patches ------------------------------------------------------------------- Tue Sep 18 16:21:00 UTC 2018 - Antonio Larrosa <alarrosa@suse.com> - Added * r1859-Fix-regression-from-r1840.patch to fix a regression of the r1840 patch - Added * r1873-Fix-CVE-2017-6845-and-add-test-case-to-reproduce.patch to fix a null dereference (bsc#1027779, CVE-2017-6845). This is also reported to fix bsc#1027776, CVE-2017-6849. This is also reported to fix bsc#1027786, CVE-2017-6841. - Added * r1876-Related-to-CVE-2018-5308-Add-in-parameter-validity-check.patch to fix a null dereference (bsc#1075772, CVE-2018-5308) - Added * r1881-Revert-part-of-r1872-_Fix-for-CVE-2017-8054_.patch * r1882-Correction-for-reverted-part-of-CVE-2017-8054-fix.patch * r1883-Fix-comment-in-r1882-referring-to-incorrent-CVE-ID.patch to fix a regression caused by the fix for CVE-2017-8054. - Added * r1889-Fix-for-CVE-2018-5295-Integer-overflow-at-PdfXRefStreamParserObject-ParseStream.patch to fix an integer overflow (bsc#1075026, CVE-2018-5295) - Added * r1892-Do-not-disable-PODOFO_RAISE_LOGIC_IF-for-Release-builds-_also-fixes-CVE-2017-6845_.patch to let exceptions be raised by PODOFO_RAISE_LOGIC in Release builds (bsc#1027779, CVE-2017-6845) - Added * r1907-Fix-CVE-2018-5309-integer-overflow-in-PdfObjectStreamParserObject-ReadObjectsFromStream.patch to fix an integer overflow (bsc#1075322, CVE-2018-5309) - Added * r1777-Strict-mode-could-never-be-enabled.patch * r1920-ADDED-Cycle-detection-for-XRef-tables.patch * r1924-Add-PdfRecursionGuard-to-detect-recursions-in-XRef-tables.patch * r1929-Extend-cycle-detection-for-XRef-tables-r1920.patch to detect cycles and recursions in XRef tables - Added * r1921-m_offsets-resize-can-throw-std-length_error-as-well-as-std-bad_alloc.patch from upstream, probably also fixing CVE-2018-5783, but in a less-generic way than the patch we already had for it, though this wouldn't require a rebuild of applications using the library to benefit from the fix. - Added * r1925-Fix-uncontrolled-memory-allocation-in-the-PdfParser-ReadXRefSubsection-CVE-2018-5296.patch to fix uncontrolled memory allocation (bsc#1075021, CVE-2018-5296) - Added * r1933-Really-fix-CVE-2017-7381.patch to fix a null pointer dereference (bsc#1032020, CVE-2017-7381) - Added * r1936-Really-fix-CVE-2017-7382.patch to fix a null pointer dereference (bsc#1032021, CVE-2017-7382) - Added * r1937-Really-fix-CVE-2017-7383.patch to fix a null pointer dereference (bsc#1032022, CVE-2017-7383) - Added * r1938-Fix-CVE-2018-11256-PdfError-info-gives-not-found-page-0-based.patch to fix a null pointer dereference Denial of Service (bsc#1096889, CVE-2018-11256) ------------------------------------------------------------------- Tue Jun 26 16:14:23 UTC 2018 - alarrosa@suse.com - Added * r1588-Fix-various-issues-when-Kids-array-is-missing.patch to fix several issues like NULL dereferences when "Kids" array is missing (related to bsc#1096890, CVE-2018-11255) - Added * fix-CVE-2018-5783.patch to fix bsc#1076962, CVE-2018-5783 by checking for std::vector::resize raising an exception in PdfVecObjects::Reserve and transforming it into a Podofo ePdfError_OutOfMemory error. Note that this changes an inline method, so it would require to rebuild programs that use the library in order to fix the issue for them. ------------------------------------------------------------------- Mon Jun 25 12:57:45 UTC 2018 - alarrosa@suse.com - Added * r1648-Be-forgiving-when-reading-XRef-stream-content.patch to apply the newly added (and modified) * r1834-Fix-stack-overflow-crash-when-XRef-record-references-itself.patch more easily. This fixes a stack overflow crash when XRef record references itself. - Added * r1835-Fix-for-CVE-2017-5852.patch which fixes bsc#1023067, CVE-2017-5852. The original patch from upstream broke binary compatibility by inserting a new enum value in between other values, so I changed it to have a new value at the end of the enum values. - Added * r1836-Fix-for-CVE-2017-5854.patch * r1870-Fix-parameter-tested-for-NULL-in-PdfMemoryOutputStream-Write.patch which fixes bsc#1023070, CVE-2017-5854 (which couldn't be reproduced in SLE12, but the patches undoubtly fix null dereferences). Note that the upstream developers mentioned in the podofo-users mailing list on 2018-06-12 that r1836 incorrectly references a fix for CVE-2017-5854, which is fixed in r1870 without mentioning it. Also, r1870 fixes bsc#1075772, CVE-2018-5308 and bsc#1023072. - Added * r1837-Fix-for-CVE-2017-5886.patch which fixes bsc#1023380, CVE-2017-5886. - Added * r1838-Extend-fix-for-CVE-2017-5852.patch to improve the fix for CVE-2017-5852. The original patch from upstream broke binary compatibility by removing a function (it added a new parameter to an existing function). I fixed this by leaving a function with the same old signature that calls the new function. - Added * r1840-Fix-CVE-2017-5853-and-CVE-2017-6844.patch slightly modified from upstream to fix bsc#1023069, CVE-2017-5853 (a signed integer overflow) and bsc#1027782, CVE-2017-6844 (a buffer overflow). - Added -std=c++11 to CXXFLAGS since it seems to be needed now. - Added * r1842-Fix-CVE-2017-7379-encoding-array-too-short.patch to fix a out-by-one heap overflow when character 0xffff was encoded (bsc#1032018, CVE-2017-7379) - Added * r1843-Fix-CVE-2017-5855-NULL-pointer-dereference.patch to fix a NULL pointer dereference in PoDoFo::PdfParser::ReadXRefSubsection. (bsc#1023071, CVE-2017-5855). This couldn't be reproduced in SLE12, but the patch from upstream seems valid anyway. - Added * r1696-Use-cmake-commands-properly.patch * r1701-Compatibility-fix-for-CMake-2.8.patch * r1826-Do-not-force-c++98-standard-for-GNUCXX-compiler.patch to build correctly since c++11 is required but c++98 was forced for no reason - Added * r1844-Fix-CVE-2017-6840-Out-of-bounds-read.patch * r1845-Correct-fix-for-CVE-2017-6840.patch to fix an out of bounds read in ColorChanger::GetColorFromStack() (bsc#1027787, CVE-2017-6840). This is also reported to fix bsc#1027785, CVE-2017-6842. - Added * r1846-Fix-CVE-2017-6847-NULL-pointer-dereference.patch to fix a NULL pointer dereference when reading XObject without BBox (bsc#1027778, CVE-2017-6847) - Added * r1847-Fix-CVE-2017-7378-Out-of-bounds-read.patch to fix an out of bounds read in PdfPainter::ExpandTabs() (bsc#1032017, CVE-2017-7378) - Added * r1848-Fix-CVE-2017-7380-NULL-dereference.patch to fix a NULL dereference in PdfPage::GetFromResources() (bsc#1032019, CVE-2017-7380) - Added * r1849-Fix-CVE-2017-7994-NULL-dereference.patch to fix a NULL dereference in TextExtractor::ExtractText() (bsc#1035534, CVE-2017-7994) - Added * r1850-Fix-a-memory-leak-on-document-load-exception-in-podofotxtextract.patch to fix a memory leak in podofotxtextract when an exception was raised while loading a document. - Added * r1851-Fix-for-CVE-2017-8787-Read-out-of-buffer-size.patch to fix an out of bounds read in PdfXRefStreamParserObject::ReadXRefStreamEntry() (bsc#1037739, CVE-2017-8787) - Added * r1576-Do-not-get-stuck-in-infite-loop-with-broken-page-tables.patch to fix an infinite loop with broken page tables. - Added * r1872-Fix-CVE-2017-8054-Detect-cycles-in-PdfPagesTree.patch to detect and break cycles in PdfPagesTree which generated an infinite recursion (bsc#1035596, CVE-2017-8054) ------------------------------------------------------------------- Fri Jun 15 12:06:51 UTC 2018 - alarrosa@suse.com - Added * r1594-Fixed-compilation-on-Apple-platforms.patch * r1600-Get-PoDoFo-build-under-Visual-Studio-2008.patch * r1791-Fix-build-failure-with-OpenSSL-1.1.patch to fix build with openSSL 1.1 - Added * r1909-Fix-for-CVE-2018-8001-heap-based-buffer-over-read-in-UnescapeName.patch to fix bsc#1084894, CVE-2018-8001 - Added * r1709-CMake-compatibility-and-TestFilter-build-fixes.patch slightly modified to work with SLE's version of cmake and apply a fix for FilterTest.cpp - Added * r1793-Address-some-of-the-issues-reported-by-CoverityScan.patch to apply better the next patches and to fix a large number of issues. The original patch from upstream breaks binary compatibility by removing an unused member variable (m_eVersion) from the PdfDocument class. I changed the patch to leave it there so the class size doesn't change. - Added * r1833-Fix-a-crash-when-passing-a-PDF-file-.patch to fix a crash when passing a PDF file with an encryption dictionary reference to a nonexistent object (bsc#1037000, CVE-2017-8378) ------------------------------------------------------------------- Wed Dec 11 20:46:51 UTC 2013 - hrvoje.senjan@gmail.com - Added remove-internal-findfreetype-references.patch: fixes build with freetype2 2.5.1 as internal copy is broken. It is also better practice to use cmake's FindPackage modules ------------------------------------------------------------------- Sun Mar 31 18:46:29 UTC 2013 - asterios.dramis@gmail.com - Update to version 0.9.2: * Many bug fixes which were made over the last two years. * New encryption support based on OpenSSL. OpenSSL is now a mandatory requirement. - Removed podofobox.1_fix.patch (not needed anymore). - Added a patch (podofo-0.9.2-soname.patch) to update the soname of the library (http://sourceforge.net/apps/mantisbt/podofo/view.php?id=54). - Added build requirements libcppunit-devel and libidn-devel. - Build the devel docs (added doxygen build requirement). ------------------------------------------------------------------- Mon Jan 7 04:12:21 UTC 2013 - mrdocs@opensuse.org - fix build on SLES ------------------------------------------------------------------- Sat Mar 17 14:11:54 UTC 2012 - dimstar@opensuse.org - Change lua-devel BuildRequires to lua51-devel on openSUSE > 12.1: the code is not ready to work with lua 5.2. ------------------------------------------------------------------- Tue Nov 29 14:20:11 CET 2011 - ro@suse.de - use _lib macro to properly determine lib suffix ------------------------------------------------------------------- Wed May 25 20:43:50 UTC 2011 - asterios.dramis@gmail.com - Update to version 0.9.1: * Bug fixes and optimizations. * Added a man page for podofogc. From 0.9.0: * Lot's of bug fixes for PDF parsing, PDF creation and in several other areas. * New compact write mode to create slightly smaller PDF files. * Initial PDF signature support. * Support for the 14 standard Type1 fonts. * Improved font and encoding support (e.g. creation of fonts from existing objects). * New tools, e.g. podofocolor. - Spec files updates: * Changes based on spec-cleaner run. * Changes in License. * Updates in Group:, Summary: and %description entries. * Updates in %build section for lib64 compilation. * Minor other updates. - Added a patch for podofobox.1 to fix an rpmlint warning. ------------------------------------------------------------------- Thu Oct 28 09:05:32 UTC 2010 - mrdocs@opensuse.org -version update to 0.8.4 * Build fixes for various plaforms - mostly for Windows/VS2008 ------------------------------------------------------------------- Thu Oct 21 23:49:29 CEST 2010 - mrdocs@opensuse.org -new version 0.8.3 * Added a new write mode for PDFs, which is default, to create more compact PDFs; * Extended several APIs, e.g. image interpolation support, image chroma key support, or selection of base14 fonts * Fixed bugs in the predictor implementation * Fixed encryption of unicode strings * Fixed namestree implementation (root shall not have a Limits key) * Fixed detection of inline image data and support for inline images larger than 4KB * Several optimizations, bugs fixes and fixed a minor memory leak ------------------------------------------------------------------- Thu Sep 9 20:52:07 UTC 2010 - mrdocs@opensuse.org -more spec file cleanups -add missing libpng-devel ------------------------------------------------------------------- Thu Sep 9 20:30:15 UTC 2010 - mrdocs@opensuse.org -version bump to 0.8.2 -many many bug fixes and build issues -add lua-devel, which adds imposition capabilites ------------------------------------------------------------------- Thu Jul 1 14:03:06 UTC 2010 - toms@suse.de - Corrected licence ------------------------------------------------------------------- Tue May 11 06:49:54 UTC 2010 - toms@suse.de - Updated to 0.8.0, taken patches from hgraeber . remove so number form devel package ------------------------------------------------------------------- Tue Jul 28 14:08:00 CEST 2009 - toms@suse.de - Taken from home:/mrdocs and corrected SPEC file: . Added typical SUSE header . Install section now contains the correct lines . Changed devel package name to libpodofo0_6_99-devel . Create this .changes file ------------------------------------------------------------------- Thu Jan 01 00:00:00 CEST 2009 - mrdocs at opensuse.org - 0.7.0 release ------------------------------------------------------------------- Sun Oct 05 00:00:00 CEST 2008 - hub@figuiere.net - Package closer to policies: split. ------------------------------------------------------------------- Mon Jul 05 00:00:00 CEST 2008 - mrdocs at opensuse.org - 0.6 release ------------------------------------------------------------------- Sat Jul 12 00:00:00 CEST 2008 - mrdocs at opensuse.org - new svn snapshot of upcoming 0.6.0 - add openssl-devel dependency - 64 bit builds fixed ------------------------------------------------------------------- Mon Aug 27 00:00:00 CEST 2007 - mrdocs at opensuse.org - enable debug package ------------------------------------------------------------------- Wed Aug 08 00:00:00 CEST 2007 - mrdocs at opensuse.org - revert back to 0.5.0 as the API is unstable ------------------------------------------------------------------- Tue Aug 01 00:00:00 CEST 2007 - mrdocs at scribus.info - new svn snapshot with 64 bit build support ------------------------------------------------------------------- Thu Jul 26 00:00:00 CEST 2007 - mrdocs at scribus.info - version upgrade - use cmake as autotools are no longer supported ------------------------------------------------------------------- Tue Dec 26 00:00:00 CEST 2006 - Bernhard Walle <bwalle@suse.de> - initial package
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor