Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:GA
podofo.35911
podofo.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File podofo.changes of Package podofo.35911
------------------------------------------------------------------- Thu Jun 20 13:28:45 UTC 2024 - Cliff Zhao <qzhao@suse.com> - Add podofo_security-fixes-validate-more-encrypt-dictionary-parameters.patch: Backporting 8f514d69b from upstream. PdfEncrypt: Validate more encrypt dictionary parameters. (bsc#1213720) ------------------------------------------------------------------- Thu Jun 20 09:09:28 UTC 2024 - Cliff Zhao <qzhao@suse.com> - Add podofo_security-fixes-handling-of-invalid-XRef-stream-entries.patch: Backporting 535a786f from upstream. PdfXRefStreamParserObject: Fixed handling of invalid XRef stream entries. (bsc#1213720) ------------------------------------------------------------------- Wed Jun 19 16:29:29 UTC 2024 - Antonio Larrosa <alarrosa@suse.com> - Add patch from upstream to fix a NULL pointer dereference in podofoimpose (bsc#1127855, CVE-2019-9199): * podofo-CVE-2019-9199.patch - Add patch from upstream to fix an excessive memory allocation in PoDoFo:podofo_calloc (bsc#1127514, CVE-2018-20797): * podofo-CVE-2018-20797.patch - Add patch from upstream to fix a memory leak in PdfPagesTreeCache (bsc#1131544, CVE-2019-10723): * podofo-CVE-2019-10723.patch ------------------------------------------------------------------- Thu Sep 15 19:26:13 UTC 2022 - Michael Gorse <mgorse@suse.com> - Add podofo-CVE-2018-12983.patch: fix a stack overrun (boo#1099719 CVE-2018-12983). ------------------------------------------------------------------- Tue Apr 19 17:04:45 UTC 2022 - Michael Gorse <mgorse@suse.com> - Add podofo-CVE-2019-20093.patch: fix a NULL pointer dereference (boo#1159921 CVE-2019-20093). ------------------------------------------------------------------- Wed May 15 06:47:07 UTC 2019 - qzheng <qzheng@suse.com> - Add r1969-Fix-CVE-2019-9687-heap-based-buffer-overflow.patch (boo#1129290, CVE-2019-9687). ------------------------------------------------------------------- Wed Feb 20 16:47:32 UTC 2019 - Antonio Larrosa <alarrosa@suse.com> - Add patches from upstream to fix several CVEs: * r1933-Really-fix-CVE-2017-7381.patch to fix a null pointer dereference (bsc#1032020, CVE-2017-7381) * r1936-Really-fix-CVE-2017-7382.patch to fix a null pointer dereference (bsc#1032021, CVE-2017-7382) * r1937-Really-fix-CVE-2017-7383.patch to fix a null pointer dereference (bsc#1032022, CVE-2017-7383) * r1938-Fix-CVE-2018-11256-PdfError-info-gives-not-found-page-0-based.patch to fix a null pointer dereference Denial of Service (bsc#1096889, CVE-2018-11256) * r1941-Fix-CVE-2017-8054-and-other-issues-keeping-binary-compat.patch This patch was rebased from the one upstream so that it applies correctly and modified so it doesn't break binary compatibility. (CVE-2017-8054, boo#1035596) * r1945-Fix-possible-incompatibility-of-PdfAESStream-with-OpenSSL-1.1.0g.patch * r1948-Fix-CVE-2018-12982-implementing-inline-PdfDictionary-MustGetKey.patch This patch was rebased from the one upstream so that it applies correctly. (CVE-2018-12982, boo#1099720) * r1949-Fix-CVE-2018-5783-by-introducing-singleton-limit-for-indirect-objects-keeping-binary-compat.patch This patch was rebased from the one upstream so that it applies correctly and modified so it doesn't break binary compatibility. (CVE-2018-5783, boo#1076962) * r1950-Fix-null-pointer-dereference-in-PdfTranslator-setTarget.patch (CVE-2018-19532, bsc#1117514) * r1952-Fix-CVE-2018-11255-Null-pointer-dereference-in-PdfPage-GetPageNumber.patch (CVE-2018-11255, boo#1096890) * r1953-Fix-CVE-2018-14320-Possible-undefined-behaviour-in-PdfEncoding-ParseToUnicode.patch (CVE-2018-14320, boo#1108764) * r1954-Fix-CVE-2018-20751-null-pointer-dereference-in-crop_page-of-tools-podofocrop.patch (CVE-2018-20751, boo#1124357) * r1961-EncryptTest-Fix-buffer-overflow-in-decrypted-out-buffer-in-TestEncrypt.patch This patch was rebased from the one upstream so that it applies correctly. * r1963-Fix-heap-based-buffer-overflow-vulnerability-in-PoDoFo-PdfVariant-DelayedLoad.patch - Renamed fix-build.patch to r1942-Fix-build-with-cmake-ge-3.12.patch to keep its name consistent with the other upstream patches. ------------------------------------------------------------------- Tue Oct 16 11:22:48 UTC 2018 - Christophe Giboudeaux <christophe@krop.fr> - Add fix-build.patch to fix a build issue with recent CMake versions. - Run spec-cleaner ------------------------------------------------------------------- Wed Jul 18 03:54:52 UTC 2018 - plinnell@opensuse.org - Update to 0.9.6 * Includes fix for bsc#1023072. * Includes fix for bsc#1023190, CVE-2015-8981 (most probably since 0.9.4). - drop patches from upstream all are now upstream: (CVE-2017-5852, boo#1023067, CVE-2017-5853, boo#1023069, CVE-2017-5854, boo#1023070, CVE-2017-5855, boo#1023071, CVE-2017-5886, boo#1023380, CVE-2017-6840, boo#1027787, CVE-2017-6844, boo#1027782, CVE-2017-6845, boo#1027779, CVE-2017-6847, boo#1027778, CVE-2017-7378, boo#1032017, CVE-2017-7379, boo#1032018, CVE-2017-7380, boo#1032019, CVE-2017-7994, boo#1035534, CVE-2017-8054, boo#1035596, CVE-2017-8787, boo#1037739, CVE-2018-5295, boo#1075026, CVE-2018-5296, boo#1075021, CVE-2018-5308, boo#1075772, CVE-2018-5309, boo#1075322, CVE-2018-8001, boo#1084894, CVE-2017-8378, bsc#1037000) * 0001-fix-a-crash-when-passing-a-PDF-file-with-an-encryption-dictionary-ref.patch * 0002-fix-stack-overflow-crash-when-XRef-record-references-itself.patch * 0003-Fix-for-CVE-2017-5852-with-added-error-code.patch * 0004-Fix-for-CVE-2017-5854.patch * 0005-Fix-for-CVE-2017-5886.patch * 0006-Extend-fix-for-CVE-2017-5852.patch * 0007-Fix-CVE-2017-5853-signed-integer-overflow-and-CVE-2017-6844-buffer-overflow.patch * 0008-Fix-infinite-loop-in-GetPageNumber-if-Parent-chain-contains-a-loop.patch * 0009-Fix-CVE-2017-7379-encoding-array-too-short-to-encode-decode-code-point-0xffff.patch * 0010-Fix-CVE-2017-5855-CVE-2018-5296-NULL-pointer-dereference-in-PoDoFo-PdfParser-ReadXRefSubsection.patch * 0011-Fix-CVE-2017-6840-Out-of-bounds-read-in-ColorChanger-GetColorFromStack.patch * 0012-Correct-fix-for-CVE-2017-6840-Too-strict-check-for-given-arguments.patch * 0013-Fix-CVE-2017-6847-NULL-pointer-dereference-when-reading-XObject-without-BBox.patch * 0014-Fix-CVE-2017-7378-Out-of-bounds-read-in-PdfPainter-ExpandTabs.patch * 0015-Fix-CVE-2017-7380-NULL-dereference-in-PdfPage-GetFromResources.patch * 0016-Fix-CVE-2017-7994-NULL-dereference-in-TextExtractor-ExtractText.patch * 0017-Fix-a-memory-leak-on-document-load-exception-in-podofotxtextract.patch * 0018-Fix-for-CVE-2017-8787-Read-out-of-buffer-size-in-PdfXRefStreamParserObject-ReadXRefStreamEntry.patch * 0019-Changes-needed-to-compile-podofo.patch * 0020-Fix-regression-from-0007.patch * 0021-Fix-a-build-break-with-OpenSSL-1.1.0f-configured-with-disable-deprecated-option.patch * 0022-Correct-boundary-comparison-in-PdfListField::GetItemDisplayText.patch * 0023-Correct-in-parameter-test-in-PdfMemoryOutputStream-Write.patch * 0024-Fix-CVE-2017-8054-Detect-cycles-in-PdfPagesTree.patch * 0025-Related-to-CVE-2018-5308.patch * 0026-Revert-part-of-0024.patch * 0027-Correction-for-reverted-part-of-CVE-2017-8054-fix-in-0027.patch * 0028-Fix-for-CVE-2018-5295-Integer-overflow-at-PdfXRefStreamParserObject-ParseStream.patch * 0029-Try-to-address-an-eventual-use-after-free-in-PdfObject.patch * 0030-Fix-CVE-2017-6845-Do-not-disable-PODOFO_RAISE_LOGIC_IF-for-Release-builds.patch * 0031-Fix-clamping-avoiding-crashes-in-PdfPagesTree-InsertPage.patch * 0032-Fix-wrong-use-of-memcpy-instead-of-wmemcpy.patch * 0033-Fix-for-CVE-2018-5309-integer-overflow-in-the-PdfObjectStreamParserObject-ReadObjectsFromStream.patch * 0034-Fix-for-CVE-2018-8001-heap-based-buffer-over-read-in-UnescapeName.patch * fix-missing-include.patch - The fix for bsc#1027779, CVE-2017-6845, is also reported to fix bsc#1027776, CVE-2017-6849 and bsc#1027786, CVE-2017-6841. - The fix for boo#1027787, CVE-2017-6840, is also reported to fix bsc#1027785, CVE-2017-6842. ------------------------------------------------------------------- Thu Mar 15 16:39:19 UTC 2018 - alarrosa@suse.com - Add patches from upstream to fix many issues (CVE-2017-5852, boo#1023067, CVE-2017-5853, boo#1023069, CVE-2017-5854, boo#1023070, CVE-2017-5855, boo#1023071, CVE-2017-5886, boo#1023380, CVE-2017-6840, boo#1027787, CVE-2017-6844, boo#1027782, CVE-2017-6845, boo#1027779, CVE-2017-6847, boo#1027778, CVE-2017-7378, boo#1032017, CVE-2017-7379, boo#1032018, CVE-2017-7380, boo#1032019, CVE-2017-7994, boo#1035534, CVE-2017-8054, boo#1035596, CVE-2017-8787, boo#1037739, CVE-2018-5295, boo#1075026, CVE-2018-5296, boo#1075021, CVE-2018-5308, boo#1075772, CVE-2018-5309, boo#1075322, CVE-2018-8001, boo#1084894) * 0001-fix-a-crash-when-passing-a-PDF-file-with-an-encryption-dictionary-ref.patch * 0002-fix-stack-overflow-crash-when-XRef-record-references-itself.patch * 0003-Fix-for-CVE-2017-5852-with-added-error-code.patch * 0004-Fix-for-CVE-2017-5854.patch * 0005-Fix-for-CVE-2017-5886.patch * 0006-Extend-fix-for-CVE-2017-5852.patch * 0007-Fix-CVE-2017-5853-signed-integer-overflow-and-CVE-2017-6844-buffer-overflow.patch * 0008-Fix-infinite-loop-in-GetPageNumber-if-Parent-chain-contains-a-loop.patch * 0009-Fix-CVE-2017-7379-encoding-array-too-short-to-encode-decode-code-point-0xffff.patch * 0010-Fix-CVE-2017-5855-CVE-2018-5296-NULL-pointer-dereference-in-PoDoFo-PdfParser-ReadXRefSubsection.patch * 0011-Fix-CVE-2017-6840-Out-of-bounds-read-in-ColorChanger-GetColorFromStack.patch * 0012-Correct-fix-for-CVE-2017-6840-Too-strict-check-for-given-arguments.patch * 0013-Fix-CVE-2017-6847-NULL-pointer-dereference-when-reading-XObject-without-BBox.patch * 0014-Fix-CVE-2017-7378-Out-of-bounds-read-in-PdfPainter-ExpandTabs.patch * 0015-Fix-CVE-2017-7380-NULL-dereference-in-PdfPage-GetFromResources.patch * 0016-Fix-CVE-2017-7994-NULL-dereference-in-TextExtractor-ExtractText.patch * 0017-Fix-a-memory-leak-on-document-load-exception-in-podofotxtextract.patch * 0018-Fix-for-CVE-2017-8787-Read-out-of-buffer-size-in-PdfXRefStreamParserObject-ReadXRefStreamEntry.patch * 0019-Changes-needed-to-compile-podofo.patch * 0020-Fix-regression-from-0007.patch * 0021-Fix-a-build-break-with-OpenSSL-1.1.0f-configured-with-disable-deprecated-option.patch * 0022-Correct-boundary-comparison-in-PdfListField::GetItemDisplayText.patch * 0023-Correct-in-parameter-test-in-PdfMemoryOutputStream-Write.patch * 0024-Fix-CVE-2017-8054-Detect-cycles-in-PdfPagesTree.patch * 0025-Related-to-CVE-2018-5308.patch * 0026-Revert-part-of-0024.patch * 0027-Correction-for-reverted-part-of-CVE-2017-8054-fix-in-0027.patch * 0028-Fix-for-CVE-2018-5295-Integer-overflow-at-PdfXRefStreamParserObject-ParseStream.patch * 0029-Try-to-address-an-eventual-use-after-free-in-PdfObject.patch * 0030-Fix-CVE-2017-6845-Do-not-disable-PODOFO_RAISE_LOGIC_IF-for-Release-builds.patch * 0031-Fix-clamping-avoiding-crashes-in-PdfPagesTree-InsertPage.patch * 0032-Fix-wrong-use-of-memcpy-instead-of-wmemcpy.patch * 0033-Fix-for-CVE-2018-5309-integer-overflow-in-the-PdfObjectStreamParserObject-ReadObjectsFromStream.patch * 0034-Fix-for-CVE-2018-8001-heap-based-buffer-over-read-in-UnescapeName.patch * fix-missing-include.patch ------------------------------------------------------------------- Sun Dec 11 03:17:04 UTC 2016 - plinnell@opensuse.org - update to 0.9.5 - no change log, but it is available online at: https://sourceforge.net/p/podofo/code/commit_browser ------------------------------------------------------------------- Sun Dec 11 03:17:04 UTC 2016 - plinnell@opensuse.org - update to 0.9.4 - no change log, but it is available online at: https://sourceforge.net/p/podofo/code/commit_browser ------------------------------------------------------------------- Mon Sep 15 03:23:29 UTC 2014 - crrodriguez@opensuse.org - Just use "lua-devel" as BuildRequires current versions support lua 5.2 ------------------------------------------------------------------- Sat Jul 12 21:16:10 UTC 2014 - plinnell@suse.com - Update to 0.9.3 + OSX build fixes + Fixed AES decryption + Improved load of (broken) PDF files + Sign PDF file as an incremental update + Added partial support for Type3 font encoding and metrics + Drawing API improvements + Unicode file names for attachments + Font subset embedding + Many compiler warnings squashed - Dropped podofo-0.9.2-soname.patch which is upstream - Dropped remove-internal-findfreetype-references.patch ------------------------------------------------------------------- Wed Dec 11 20:46:51 UTC 2013 - hrvoje.senjan@gmail.com - Added remove-internal-findfreetype-references.patch: fixes build with freetype2 2.5.1 as internal copy is broken. It is also better practice to use cmake's FindPackage modules ------------------------------------------------------------------- Sun Mar 31 18:46:29 UTC 2013 - asterios.dramis@gmail.com - Update to version 0.9.2: * Many bug fixes which were made over the last two years. * New encryption support based on OpenSSL. OpenSSL is now a mandatory requirement. - Removed podofobox.1_fix.patch (not needed anymore). - Added a patch (podofo-0.9.2-soname.patch) to update the soname of the library (http://sourceforge.net/apps/mantisbt/podofo/view.php?id=54). - Added build requirements libcppunit-devel and libidn-devel. - Build the devel docs (added doxygen build requirement). ------------------------------------------------------------------- Mon Jan 7 04:12:21 UTC 2013 - mrdocs@opensuse.org - fix build on SLES ------------------------------------------------------------------- Sat Mar 17 14:11:54 UTC 2012 - dimstar@opensuse.org - Change lua-devel BuildRequires to lua51-devel on openSUSE > 12.1: the code is not ready to work with lua 5.2. ------------------------------------------------------------------- Tue Nov 29 14:20:11 CET 2011 - ro@suse.de - use _lib macro to properly determine lib suffix ------------------------------------------------------------------- Wed May 25 20:43:50 UTC 2011 - asterios.dramis@gmail.com - Update to version 0.9.1: * Bug fixes and optimizations. * Added a man page for podofogc. From 0.9.0: * Lot's of bug fixes for PDF parsing, PDF creation and in several other areas. * New compact write mode to create slightly smaller PDF files. * Initial PDF signature support. * Support for the 14 standard Type1 fonts. * Improved font and encoding support (e.g. creation of fonts from existing objects). * New tools, e.g. podofocolor. - Spec files updates: * Changes based on spec-cleaner run. * Changes in License. * Updates in Group:, Summary: and %description entries. * Updates in %build section for lib64 compilation. * Minor other updates. - Added a patch for podofobox.1 to fix an rpmlint warning. ------------------------------------------------------------------- Thu Oct 28 09:05:32 UTC 2010 - mrdocs@opensuse.org -version update to 0.8.4 * Build fixes for various plaforms - mostly for Windows/VS2008 ------------------------------------------------------------------- Thu Oct 21 23:49:29 CEST 2010 - mrdocs@opensuse.org -new version 0.8.3 * Added a new write mode for PDFs, which is default, to create more compact PDFs; * Extended several APIs, e.g. image interpolation support, image chroma key support, or selection of base14 fonts * Fixed bugs in the predictor implementation * Fixed encryption of unicode strings * Fixed namestree implementation (root shall not have a Limits key) * Fixed detection of inline image data and support for inline images larger than 4KB * Several optimizations, bugs fixes and fixed a minor memory leak ------------------------------------------------------------------- Thu Sep 9 20:52:07 UTC 2010 - mrdocs@opensuse.org -more spec file cleanups -add missing libpng-devel ------------------------------------------------------------------- Thu Sep 9 20:30:15 UTC 2010 - mrdocs@opensuse.org -version bump to 0.8.2 -many many bug fixes and build issues -add lua-devel, which adds imposition capabilites ------------------------------------------------------------------- Thu Jul 1 14:03:06 UTC 2010 - toms@suse.de - Corrected licence ------------------------------------------------------------------- Tue May 11 06:49:54 UTC 2010 - toms@suse.de - Updated to 0.8.0, taken patches from hgraeber . remove so number form devel package ------------------------------------------------------------------- Tue Jul 28 14:08:00 CEST 2009 - toms@suse.de - Taken from home:/mrdocs and corrected SPEC file: . Added typical SUSE header . Install section now contains the correct lines . Changed devel package name to libpodofo0_6_99-devel . Create this .changes file ------------------------------------------------------------------- Thu Jan 01 00:00:00 CEST 2009 - mrdocs at opensuse.org - 0.7.0 release ------------------------------------------------------------------- Sun Oct 05 00:00:00 CEST 2008 - hub@figuiere.net - Package closer to policies: split. ------------------------------------------------------------------- Mon Jul 05 00:00:00 CEST 2008 - mrdocs at opensuse.org - 0.6 release ------------------------------------------------------------------- Sat Jul 12 00:00:00 CEST 2008 - mrdocs at opensuse.org - new svn snapshot of upcoming 0.6.0 - add openssl-devel dependency - 64 bit builds fixed ------------------------------------------------------------------- Mon Aug 27 00:00:00 CEST 2007 - mrdocs at opensuse.org - enable debug package ------------------------------------------------------------------- Wed Aug 08 00:00:00 CEST 2007 - mrdocs at opensuse.org - revert back to 0.5.0 as the API is unstable ------------------------------------------------------------------- Tue Aug 01 00:00:00 CEST 2007 - mrdocs at scribus.info - new svn snapshot with 64 bit build support ------------------------------------------------------------------- Thu Jul 26 00:00:00 CEST 2007 - mrdocs at scribus.info - version upgrade - use cmake as autotools are no longer supported ------------------------------------------------------------------- Tue Dec 26 00:00:00 CEST 2006 - Bernhard Walle <bwalle@suse.de> - initial package
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor