File podofo.changes of Package podofo.35912

Overview Repositories Revisions Requests Users Attributes Meta

File podofo.changes of Package podofo.35912

-------------------------------------------------------------------
Fri Oct  4 12:18:56 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>

- Add patch from upstream to fix a heap overflow in
  ReadXRefSubsection (bsc#1023190, CVE-2015-8981):
  * r1672-PdfParser-ReadXRefSubsection-Do-not-write-out-of-m_offsets-size.patch
- Add patch from upstream to fix a null pointer dereference in 
  PoDoFo:Impose:PdfTranslator:setSource, whose poc was also fixed by
  r1836-Fix-for-CVE-2017-5854.patch but the proper upstream fix
  for this is different (bsc#1127855, CVE-2019-9199):
  * r1971-Fixed-CVE-2019-9199.patch
- Add rebased patch from upstream to fix a memory leak in
  PdfPagesTreeCache (bsc#1131544, CVE-2019-10723):
  * podofo-CVE-2019-10723.patch

-------------------------------------------------------------------
Thu Jun 20 13:28:45 UTC 2024 - Cliff Zhao <qzhao@suse.com>

- Add podofo_security-fixes-validate-more-encrypt-dictionary-parameters.patch:
  Backporting 8f514d69b from upstream. PdfEncrypt: Validate more
  encrypt dictionary parameters.
  (bsc#1213720)

-------------------------------------------------------------------
Thu Jun 20 09:09:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>

- Add podofo_security-fixes-handling-of-invalid-XRef-stream-entries.patch:
  Backporting 535a786f from upstream. PdfXRefStreamParserObject:
  Fixed handling of invalid XRef stream entries.
  (bsc#1213720)

-------------------------------------------------------------------
Thu Jun 20 09:08:12 UTC 2024 - Cliff Zhao <qzhao@suse.com>

- Add podofo-drop-backup-sources.patch:
  Drop unused backup sources to clean up the compile env.
  (bsc#1213720)

-------------------------------------------------------------------
Thu Sep 15 19:31:27 UTC 2022 - Michael Gorse <mgorse@suse.com>

- Add podofo-CVE-2018-12983.patch: fix a stack overrun (boo#1099719
  CVE-2018-12983).

-------------------------------------------------------------------
Tue Apr 19 17:19:21 UTC 2022 - Michael Gorse <mgorse@suse.com>

- Add podofo-CVE-2019-20093.patch: fix a NULL pointer dereference
  (boo#1159921 CVE-2019-20093).

-------------------------------------------------------------------
Wed Feb 20 16:47:32 UTC 2019 - Antonio Larrosa <alarrosa@suse.com>

- Add patches from upstream to fix several CVEs:
  * r1941-Fix-CVE-2017-8054-and-other-issues-keeping-binary-compat.patch
    This patch was rebased from the one upstream so that it applies correctly
    and modified so it doesn't break binary compatibility.
    (CVE-2017-8054, boo#1035596)

* r1948-Fix-CVE-2018-12982-implementing-inline-PdfDictionary-MustGetKey.patch
    This patch was rebased from the one upstream so that it applies correctly.
    (CVE-2018-12982, boo#1099720)

* r1949-Fix-CVE-2018-5783-by-introducing-singleton-limit-for-indirect-objects-keeping-binary-compat.patch
    This patch was rebased from the one upstream so that it applies correctly
    and modified so it doesn't break binary compatibility.
    (CVE-2018-5783, boo#1076962)

* r1950-Fix-null-pointer-dereference-in-PdfTranslator-setTarget.patch

* r1952-Fix-CVE-2018-11255-Null-pointer-dereference-in-PdfPage-GetPageNumber.patch
    (CVE-2018-11255, boo#1096890)

* r1954-Fix-CVE-2018-20751-null-pointer-dereference-in-crop_page-of-tools-podofocrop.patch
    (CVE-2018-20751, boo#1124357)

* r1961-EncryptTest-Fix-buffer-overflow-in-decrypted-out-buffer-in-TestEncrypt.patch
    This patch was rebased from the one upstream so that it applies correctly.

* r1963-Fix-heap-based-buffer-overflow-vulnerability-in-PoDoFo-PdfVariant-DelayedLoad.patch

- Add patches that are required by some patches above:
  * r1640-Use-PdfPagesTree-GetChildCount-whenever-possible.patch (rebased)
  * r1683-Unreachable-code-and-robustness-fixes-in-PdfPagesTree-GetPageNode.patch

- Remove fix-CVE-2018-5783.patch and replace it with r1949 (above)
  which is the fix commited upstream for that CVE.

-------------------------------------------------------------------
Wed Sep 19 10:21:07 UTC 2018 - Antonio Larrosa <alarrosa@suse.com>

- Add COPYING and COPYING.LIB to fix the FSF address being wrong in the
  upstream license files.

-------------------------------------------------------------------
Tue Sep 18 18:32:50 UTC 2018 - Antonio Larrosa <alarrosa@suse.com>

- Removed
  * r1920-ADDED-Cycle-detection-for-XRef-tables.patch
  * r1924-Add-PdfRecursionGuard-to-detect-recursions-in-XRef-tables.patch
  * r1929-Extend-cycle-detection-for-XRef-tables-r1920.patch
  since they change the ABI of the library.

- Modified
  * r1925-Fix-uncontrolled-memory-allocation-in-the-PdfParser-ReadXRefSubsection-CVE-2018-5296.patch
  to apply correctly without the removed patches

-------------------------------------------------------------------
Tue Sep 18 16:21:00 UTC 2018 - Antonio Larrosa <alarrosa@suse.com>

- Added
  * r1859-Fix-regression-from-r1840.patch
  to fix a regression of the r1840 patch

- Added
  * r1873-Fix-CVE-2017-6845-and-add-test-case-to-reproduce.patch
  to fix a null dereference (bsc#1027779, CVE-2017-6845).
  This is also reported to fix bsc#1027776, CVE-2017-6849.
  This is also reported to fix bsc#1027786, CVE-2017-6841.

- Added
  * r1876-Related-to-CVE-2018-5308-Add-in-parameter-validity-check.patch
  to fix a null dereference (bsc#1075772, CVE-2018-5308)

- Added
  * r1881-Revert-part-of-r1872-_Fix-for-CVE-2017-8054_.patch
  * r1882-Correction-for-reverted-part-of-CVE-2017-8054-fix.patch
  * r1883-Fix-comment-in-r1882-referring-to-incorrent-CVE-ID.patch
  to fix a regression caused by the fix for CVE-2017-8054.

- Added
  * r1889-Fix-for-CVE-2018-5295-Integer-overflow-at-PdfXRefStreamParserObject-ParseStream.patch
  to fix an integer overflow (bsc#1075026, CVE-2018-5295)

- Added
  * r1892-Do-not-disable-PODOFO_RAISE_LOGIC_IF-for-Release-builds-_also-fixes-CVE-2017-6845_.patch
  to let exceptions be raised by PODOFO_RAISE_LOGIC in Release builds
  (bsc#1027779, CVE-2017-6845)

- Added
  * r1907-Fix-CVE-2018-5309-integer-overflow-in-PdfObjectStreamParserObject-ReadObjectsFromStream.patch
  to fix an integer overflow (bsc#1075322, CVE-2018-5309)

- Added
  * r1777-Strict-mode-could-never-be-enabled.patch
  * r1920-ADDED-Cycle-detection-for-XRef-tables.patch
  * r1924-Add-PdfRecursionGuard-to-detect-recursions-in-XRef-tables.patch
  * r1929-Extend-cycle-detection-for-XRef-tables-r1920.patch
  to detect cycles and recursions in XRef tables

- Added
  * r1921-m_offsets-resize-can-throw-std-length_error-as-well-as-std-bad_alloc.patch
  from upstream, probably also fixing CVE-2018-5783, but in a less-generic way
  than the patch we already had for it, though this wouldn't require a rebuild of
  applications using the library to benefit from the fix.

- Added
  * r1925-Fix-uncontrolled-memory-allocation-in-the-PdfParser-ReadXRefSubsection-CVE-2018-5296.patch
  to fix uncontrolled memory allocation (bsc#1075021, CVE-2018-5296)

- Added
  * r1933-Really-fix-CVE-2017-7381.patch
  to fix a null pointer dereference (bsc#1032020, CVE-2017-7381)

- Added
  * r1936-Really-fix-CVE-2017-7382.patch
  to fix a null pointer dereference (bsc#1032021, CVE-2017-7382)

- Added
  * r1937-Really-fix-CVE-2017-7383.patch
  to fix a null pointer dereference (bsc#1032022, CVE-2017-7383)

- Added
  * r1938-Fix-CVE-2018-11256-PdfError-info-gives-not-found-page-0-based.patch
  to fix a null pointer dereference Denial of Service (bsc#1096889, CVE-2018-11256)

-------------------------------------------------------------------
Tue Jun 26 16:14:23 UTC 2018 - alarrosa@suse.com

- Added
  * r1588-Fix-various-issues-when-Kids-array-is-missing.patch
  to fix several issues like NULL dereferences when "Kids" array is missing
  (related to bsc#1096890, CVE-2018-11255)

- Added
  * fix-CVE-2018-5783.patch
  to fix bsc#1076962, CVE-2018-5783 by checking for std::vector::resize raising
  an exception in PdfVecObjects::Reserve and transforming it into a Podofo
  ePdfError_OutOfMemory error. Note that this changes an inline method, so
  it would require to rebuild programs that use the library in order to fix
  the issue for them.

-------------------------------------------------------------------
Mon Jun 25 12:57:45 UTC 2018 - alarrosa@suse.com

- Added 
  * r1648-Be-forgiving-when-reading-XRef-stream-content.patch
  to apply the newly added (and modified)
  * r1834-Fix-stack-overflow-crash-when-XRef-record-references-itself.patch
  more easily.  This fixes a stack overflow crash when XRef record references
  itself.

- Added
  * r1835-Fix-for-CVE-2017-5852.patch
  which fixes bsc#1023067, CVE-2017-5852. The original patch from upstream
  broke binary compatibility by inserting a new enum value in between other
  values, so I changed it to have a new value at the end of the enum values.

- Added 
  * r1836-Fix-for-CVE-2017-5854.patch
  * r1870-Fix-parameter-tested-for-NULL-in-PdfMemoryOutputStream-Write.patch
  which fixes bsc#1023070, CVE-2017-5854 (which couldn't be reproduced in
  SLE12, but the patches undoubtly fix null dereferences). Note that the
  upstream developers mentioned in the podofo-users mailing list on 2018-06-12
  that r1836 incorrectly references a fix for CVE-2017-5854, which is fixed
  in r1870 without mentioning it. Also, r1870 fixes bsc#1075772, CVE-2018-5308
  and bsc#1023072.

- Added 
  * r1837-Fix-for-CVE-2017-5886.patch
  which fixes bsc#1023380, CVE-2017-5886.

- Added 
  * r1838-Extend-fix-for-CVE-2017-5852.patch
  to improve the fix for CVE-2017-5852. The original patch from upstream broke
  binary compatibility by removing a function (it added a new parameter to an
  existing function). I fixed this by leaving a function with the same old
  signature that calls the new function.

- Added
  * r1840-Fix-CVE-2017-5853-and-CVE-2017-6844.patch
  slightly modified from upstream to fix bsc#1023069, CVE-2017-5853
  (a signed integer overflow) and bsc#1027782, CVE-2017-6844 (a buffer
  overflow).

- Added -std=c++11 to CXXFLAGS since it seems to be needed now.

- Added
  * r1842-Fix-CVE-2017-7379-encoding-array-too-short.patch
  to fix a out-by-one heap overflow when character 0xffff was encoded
  (bsc#1032018, CVE-2017-7379)

- Added
  * r1843-Fix-CVE-2017-5855-NULL-pointer-dereference.patch
  to fix a NULL pointer dereference in PoDoFo::PdfParser::ReadXRefSubsection.
  (bsc#1023071, CVE-2017-5855). This couldn't be reproduced in SLE12, but
  the patch from upstream seems valid anyway.

- Added 
  * r1696-Use-cmake-commands-properly.patch
  * r1701-Compatibility-fix-for-CMake-2.8.patch
  * r1826-Do-not-force-c++98-standard-for-GNUCXX-compiler.patch
  to build correctly since c++11 is required but c++98 was forced for no reason

- Added
  * r1844-Fix-CVE-2017-6840-Out-of-bounds-read.patch
  * r1845-Correct-fix-for-CVE-2017-6840.patch
  to fix an out of bounds read in ColorChanger::GetColorFromStack()
  (bsc#1027787, CVE-2017-6840).
  This is also reported to fix bsc#1027785, CVE-2017-6842.

- Added
  * r1846-Fix-CVE-2017-6847-NULL-pointer-dereference.patch
  to fix a NULL pointer dereference when reading XObject without BBox
  (bsc#1027778, CVE-2017-6847)

- Added
  * r1847-Fix-CVE-2017-7378-Out-of-bounds-read.patch
  to fix an out of bounds read in PdfPainter::ExpandTabs()
  (bsc#1032017, CVE-2017-7378)

- Added
  * r1848-Fix-CVE-2017-7380-NULL-dereference.patch
  to fix a NULL dereference in PdfPage::GetFromResources()
  (bsc#1032019, CVE-2017-7380)

- Added
  * r1849-Fix-CVE-2017-7994-NULL-dereference.patch
  to fix a NULL dereference in TextExtractor::ExtractText()
  (bsc#1035534, CVE-2017-7994)

- Added
  * r1850-Fix-a-memory-leak-on-document-load-exception-in-podofotxtextract.patch
  to fix a memory leak in podofotxtextract when an exception was raised
  while loading a document.

- Added
  * r1851-Fix-for-CVE-2017-8787-Read-out-of-buffer-size.patch
  to fix an out of bounds read in PdfXRefStreamParserObject::ReadXRefStreamEntry()
  (bsc#1037739, CVE-2017-8787)

- Added
  * r1576-Do-not-get-stuck-in-infite-loop-with-broken-page-tables.patch
  to fix an infinite loop with broken page tables.

- Added 
  * r1872-Fix-CVE-2017-8054-Detect-cycles-in-PdfPagesTree.patch
  to detect and break cycles in PdfPagesTree which generated an infinite
  recursion (bsc#1035596, CVE-2017-8054)

-------------------------------------------------------------------
Fri Jun 15 12:06:51 UTC 2018 - alarrosa@suse.com

- Added
  * r1594-Fixed-compilation-on-Apple-platforms.patch
  * r1600-Get-PoDoFo-build-under-Visual-Studio-2008.patch
  * r1791-Fix-build-failure-with-OpenSSL-1.1.patch
  to fix build with openSSL 1.1

- Added 
  * r1909-Fix-for-CVE-2018-8001-heap-based-buffer-over-read-in-UnescapeName.patch
  to fix bsc#1084894, CVE-2018-8001

- Added
  * r1709-CMake-compatibility-and-TestFilter-build-fixes.patch
  slightly modified to work with SLE's version of cmake and apply a fix for
  FilterTest.cpp

- Added
  * r1793-Address-some-of-the-issues-reported-by-CoverityScan.patch
  to apply better the next patches and to fix a large number of issues. The
  original patch from upstream breaks binary compatibility by removing an unused
  member variable (m_eVersion) from the PdfDocument class. I changed the patch to
  leave it there so the class size doesn't change.

- Added 
  * r1833-Fix-a-crash-when-passing-a-PDF-file-.patch 
  to fix a crash when passing a PDF file with an encryption dictionary
  reference to a nonexistent object (bsc#1037000, CVE-2017-8378)

-------------------------------------------------------------------
Wed Dec 11 20:46:51 UTC 2013 - hrvoje.senjan@gmail.com

- Added remove-internal-findfreetype-references.patch: fixes build
  with freetype2 2.5.1 as internal copy is broken. It is also better
  practice to use cmake's FindPackage modules

-------------------------------------------------------------------
Sun Mar 31 18:46:29 UTC 2013 - asterios.dramis@gmail.com

- Update to version 0.9.2:
  * Many bug fixes which were made over the last two years.
  * New encryption support based on OpenSSL. OpenSSL is now a mandatory
    requirement.
- Removed podofobox.1_fix.patch (not needed anymore).
- Added a patch (podofo-0.9.2-soname.patch) to update the soname of the library
  (http://sourceforge.net/apps/mantisbt/podofo/view.php?id=54).
- Added build requirements libcppunit-devel and libidn-devel.
- Build the devel docs (added doxygen build requirement).

-------------------------------------------------------------------
Mon Jan  7 04:12:21 UTC 2013 - mrdocs@opensuse.org

- fix build on SLES

-------------------------------------------------------------------
Sat Mar 17 14:11:54 UTC 2012 - dimstar@opensuse.org

- Change lua-devel BuildRequires to lua51-devel on openSUSE > 12.1:
  the code is not ready to work with lua 5.2.

-------------------------------------------------------------------
Tue Nov 29 14:20:11 CET 2011 - ro@suse.de

- use _lib macro to properly determine lib suffix

-------------------------------------------------------------------
Wed May 25 20:43:50 UTC 2011 - asterios.dramis@gmail.com

- Update to version 0.9.1:
  * Bug fixes and optimizations.
  * Added a man page for podofogc.
  From 0.9.0:
  * Lot's of bug fixes for PDF parsing, PDF creation and in several other
    areas.
  * New compact write mode to create slightly smaller PDF files.
  * Initial PDF signature support.
  * Support for the 14 standard Type1 fonts.
  * Improved font and encoding support (e.g. creation of fonts from existing
    objects).
  * New tools, e.g. podofocolor.
- Spec files updates:
  * Changes based on spec-cleaner run.
  * Changes in License.
  * Updates in Group:, Summary: and %description entries.
  * Updates in %build section for lib64 compilation.
  * Minor other updates.
- Added a patch for podofobox.1 to fix an rpmlint warning.

-------------------------------------------------------------------
Thu Oct 28 09:05:32 UTC 2010 - mrdocs@opensuse.org

-version update to 0.8.4
 * Build fixes for various plaforms - mostly for  Windows/VS2008

-------------------------------------------------------------------  
Thu Oct 21 23:49:29 CEST 2010 - mrdocs@opensuse.org  
-new version 0.8.3
    * Added a new write mode for PDFs, which is default, to create
     more compact PDFs;
    * Extended several APIs, e.g. image interpolation support,
     image chroma key support, or selection of base14 fonts
    * Fixed bugs in the predictor implementation
    * Fixed encryption of unicode strings
    * Fixed namestree implementation (root shall not have a Limits key)
    * Fixed detection of inline image data and support for inline images larger than 4KB
    * Several optimizations, bugs fixes and fixed a minor memory leak

-------------------------------------------------------------------
Thu Sep  9 20:52:07 UTC 2010 - mrdocs@opensuse.org

-more spec file cleanups
-add missing libpng-devel

-------------------------------------------------------------------
Thu Sep  9 20:30:15 UTC 2010 - mrdocs@opensuse.org

-version bump to 0.8.2
-many many bug fixes and build issues
-add lua-devel, which adds imposition capabilites

-------------------------------------------------------------------
Thu Jul  1 14:03:06 UTC 2010 - toms@suse.de

- Corrected licence

-------------------------------------------------------------------
Tue May 11 06:49:54 UTC 2010 - toms@suse.de

- Updated to 0.8.0, taken patches from hgraeber
  . remove so number form devel package

-------------------------------------------------------------------
Tue Jul 28 14:08:00 CEST 2009 - toms@suse.de

- Taken from home:/mrdocs and corrected SPEC file:
  . Added typical SUSE header
  . Install section now contains the correct lines
  . Changed devel package name to libpodofo0_6_99-devel
  . Create this .changes file

-------------------------------------------------------------------
Thu Jan 01 00:00:00 CEST 2009 - mrdocs at opensuse.org

- 0.7.0 release

-------------------------------------------------------------------
Sun Oct 05 00:00:00 CEST 2008 - hub@figuiere.net

- Package closer to policies: split.

-------------------------------------------------------------------
Mon Jul 05 00:00:00 CEST 2008 - mrdocs at opensuse.org

- 0.6 release

-------------------------------------------------------------------
Sat Jul 12 00:00:00 CEST 2008 - mrdocs at opensuse.org

- new svn snapshot of upcoming 0.6.0 
- add openssl-devel dependency
- 64 bit builds fixed

-------------------------------------------------------------------
Mon Aug 27 00:00:00 CEST 2007 - mrdocs at opensuse.org

- enable debug package

-------------------------------------------------------------------
Wed Aug 08 00:00:00 CEST 2007 - mrdocs at opensuse.org

- revert back to 0.5.0 as the API is unstable

-------------------------------------------------------------------
Tue Aug 01 00:00:00 CEST 2007 - mrdocs at scribus.info

- new svn snapshot with 64 bit build support

-------------------------------------------------------------------
Thu Jul 26 00:00:00 CEST 2007 - mrdocs at scribus.info

- version upgrade
- use cmake as autotools are no longer supported

-------------------------------------------------------------------
Tue Dec 26 00:00:00 CEST 2006 - Bernhard Walle <bwalle@suse.de>

- initial package

Places

File podofo.changes of Package podofo.35912

Places