Version: 0.9.6-150300.3.9.1
* Wed Jun 19 2024 alarrosa@suse.com
- Add patch from upstream to fix a NULL pointer dereference in
podofoimpose (bsc#1127855, CVE-2019-9199):
* podofo-CVE-2019-9199.patch
- Add patch from upstream to fix an excessive memory allocation
in PoDoFo:podofo_calloc (bsc#1127514, CVE-2018-20797):
* podofo-CVE-2018-20797.patch
- Add patch from upstream to fix a memory leak in PdfPagesTreeCache
(bsc#1131544, CVE-2019-10723):
* podofo-CVE-2019-10723.patch
* Thu Sep 15 2022 mgorse@suse.com
- Add podofo-CVE-2018-12983.patch: fix a stack overrun (boo#1099719
CVE-2018-12983).
* Tue Apr 19 2022 mgorse@suse.com
- Add podofo-CVE-2019-20093.patch: fix a NULL pointer dereference
(boo#1159921 CVE-2019-20093).
* Wed May 15 2019 qzheng@suse.com
- Add r1969-Fix-CVE-2019-9687-heap-based-buffer-overflow.patch
(boo#1129290, CVE-2019-9687).
* Wed Feb 20 2019 alarrosa@suse.com
- Add patches from upstream to fix several CVEs:
* r1933-Really-fix-CVE-2017-7381.patch
to fix a null pointer dereference (bsc#1032020, CVE-2017-7381)
* r1936-Really-fix-CVE-2017-7382.patch
to fix a null pointer dereference (bsc#1032021, CVE-2017-7382)
* r1937-Really-fix-CVE-2017-7383.patch
to fix a null pointer dereference (bsc#1032022, CVE-2017-7383)
* r1938-Fix-CVE-2018-11256-PdfError-info-gives-not-found-page-0-based.patch
to fix a null pointer dereference Denial of Service
(bsc#1096889, CVE-2018-11256)
* r1941-Fix-CVE-2017-8054-and-other-issues-keeping-binary-compat.patch
This patch was rebased from the one upstream so that it applies correctly
and modified so it doesn't break binary compatibility.
(CVE-2017-8054, boo#1035596)
* r1945-Fix-possible-incompatibility-of-PdfAESStream-with-OpenSSL-1.1.0g.patch
* r1948-Fix-CVE-2018-12982-implementing-inline-PdfDictionary-MustGetKey.patch
This patch was rebased from the one upstream so that it applies correctly.
(CVE-2018-12982, boo#1099720)
* r1949-Fix-CVE-2018-5783-by-introducing-singleton-limit-for-indirect-objects-keeping-binary-compat.patch
This patch was rebased from the one upstream so that it applies correctly
and modified so it doesn't break binary compatibility.
(CVE-2018-5783, boo#1076962)
* r1950-Fix-null-pointer-dereference-in-PdfTranslator-setTarget.patch
(CVE-2018-19532, bsc#1117514)
* r1952-Fix-CVE-2018-11255-Null-pointer-dereference-in-PdfPage-GetPageNumber.patch
(CVE-2018-11255, boo#1096890)
* r1953-Fix-CVE-2018-14320-Possible-undefined-behaviour-in-PdfEncoding-ParseToUnicode.patch
(CVE-2018-14320, boo#1108764)
* r1954-Fix-CVE-2018-20751-null-pointer-dereference-in-crop_page-of-tools-podofocrop.patch
(CVE-2018-20751, boo#1124357)
* r1961-EncryptTest-Fix-buffer-overflow-in-decrypted-out-buffer-in-TestEncrypt.patch
This patch was rebased from the one upstream so that it applies correctly.
* r1963-Fix-heap-based-buffer-overflow-vulnerability-in-PoDoFo-PdfVariant-DelayedLoad.patch
- Renamed fix-build.patch to r1942-Fix-build-with-cmake-ge-3.12.patch to
keep its name consistent with the other upstream patches.
* Tue Oct 16 2018 christophe@krop.fr
- Add fix-build.patch to fix a build issue with recent CMake versions.
- Run spec-cleaner
* Wed Jul 18 2018 plinnell@opensuse.org
- Update to 0.9.6
- drop patches from upstream all are now upstream:
(CVE-2017-5852, boo#1023067, CVE-2017-5853, boo#1023069,
CVE-2017-5854, boo#1023070, CVE-2017-5855, boo#1023071,
CVE-2017-5886, boo#1023380, CVE-2017-6840, boo#1027787,
CVE-2017-6844, boo#1027782, CVE-2017-6845, boo#1027779,
CVE-2017-6847, boo#1027778, CVE-2017-7378, boo#1032017,
CVE-2017-7379, boo#1032018, CVE-2017-7380, boo#1032019,
CVE-2017-7994, boo#1035534, CVE-2017-8054, boo#1035596,
CVE-2017-8787, boo#1037739, CVE-2018-5295, boo#1075026,
CVE-2018-5296, boo#1075021, CVE-2018-5308, boo#1075772,
CVE-2018-5309, boo#1075322, CVE-2018-8001, boo#1084894)
* 0001-fix-a-crash-when-passing-a-PDF-file-with-an-encryption-dictionary-ref.patch
* 0002-fix-stack-overflow-crash-when-XRef-record-references-itself.patch
* 0003-Fix-for-CVE-2017-5852-with-added-error-code.patch
* 0004-Fix-for-CVE-2017-5854.patch
* 0005-Fix-for-CVE-2017-5886.patch
* 0006-Extend-fix-for-CVE-2017-5852.patch
* 0007-Fix-CVE-2017-5853-signed-integer-overflow-and-CVE-2017-6844-buffer-overflow.patch
* 0008-Fix-infinite-loop-in-GetPageNumber-if-Parent-chain-contains-a-loop.patch
* 0009-Fix-CVE-2017-7379-encoding-array-too-short-to-encode-decode-code-point-0xffff.patch
* 0010-Fix-CVE-2017-5855-CVE-2018-5296-NULL-pointer-dereference-in-PoDoFo-PdfParser-ReadXRefSubsection.patch
* 0011-Fix-CVE-2017-6840-Out-of-bounds-read-in-ColorChanger-GetColorFromStack.patch
* 0012-Correct-fix-for-CVE-2017-6840-Too-strict-check-for-given-arguments.patch
* 0013-Fix-CVE-2017-6847-NULL-pointer-dereference-when-reading-XObject-without-BBox.patch
* 0014-Fix-CVE-2017-7378-Out-of-bounds-read-in-PdfPainter-ExpandTabs.patch
* 0015-Fix-CVE-2017-7380-NULL-dereference-in-PdfPage-GetFromResources.patch
* 0016-Fix-CVE-2017-7994-NULL-dereference-in-TextExtractor-ExtractText.patch
* 0017-Fix-a-memory-leak-on-document-load-exception-in-podofotxtextract.patch
* 0018-Fix-for-CVE-2017-8787-Read-out-of-buffer-size-in-PdfXRefStreamParserObject-ReadXRefStreamEntry.patch
* 0019-Changes-needed-to-compile-podofo.patch
* 0020-Fix-regression-from-0007.patch
* 0021-Fix-a-build-break-with-OpenSSL-1.1.0f-configured-with-disable-deprecated-option.patch
* 0022-Correct-boundary-comparison-in-PdfListField::GetItemDisplayText.patch
* 0023-Correct-in-parameter-test-in-PdfMemoryOutputStream-Write.patch
* 0024-Fix-CVE-2017-8054-Detect-cycles-in-PdfPagesTree.patch
* 0025-Related-to-CVE-2018-5308.patch
* 0026-Revert-part-of-0024.patch
* 0027-Correction-for-reverted-part-of-CVE-2017-8054-fix-in-0027.patch
* 0028-Fix-for-CVE-2018-5295-Integer-overflow-at-PdfXRefStreamParserObject-ParseStream.patch
* 0029-Try-to-address-an-eventual-use-after-free-in-PdfObject.patch
* 0030-Fix-CVE-2017-6845-Do-not-disable-PODOFO_RAISE_LOGIC_IF-for-Release-builds.patch
* 0031-Fix-clamping-avoiding-crashes-in-PdfPagesTree-InsertPage.patch
* 0032-Fix-wrong-use-of-memcpy-instead-of-wmemcpy.patch
* 0033-Fix-for-CVE-2018-5309-integer-overflow-in-the-PdfObjectStreamParserObject-ReadObjectsFromStream.patch
* 0034-Fix-for-CVE-2018-8001-heap-based-buffer-over-read-in-UnescapeName.patch
* fix-missing-include.patch
Version: 0.9.5-bp150.2.2
* Thu Mar 15 2018 alarrosa@suse.com
- Add patches from upstream to fix many issues
(CVE-2017-5852, boo#1023067, CVE-2017-5853, boo#1023069,
CVE-2017-5854, boo#1023070, CVE-2017-5855, boo#1023071,
CVE-2017-5886, boo#1023380, CVE-2017-6840, boo#1027787,
CVE-2017-6844, boo#1027782, CVE-2017-6845, boo#1027779,
CVE-2017-6847, boo#1027778, CVE-2017-7378, boo#1032017,
CVE-2017-7379, boo#1032018, CVE-2017-7380, boo#1032019,
CVE-2017-7994, boo#1035534, CVE-2017-8054, boo#1035596,
CVE-2017-8787, boo#1037739, CVE-2018-5295, boo#1075026,
CVE-2018-5296, boo#1075021, CVE-2018-5308, boo#1075772,
CVE-2018-5309, boo#1075322, CVE-2018-8001, boo#1084894)
* 0001-fix-a-crash-when-passing-a-PDF-file-with-an-encryption-dictionary-ref.patch
* 0002-fix-stack-overflow-crash-when-XRef-record-references-itself.patch
* 0003-Fix-for-CVE-2017-5852-with-added-error-code.patch
* 0004-Fix-for-CVE-2017-5854.patch
* 0005-Fix-for-CVE-2017-5886.patch
* 0006-Extend-fix-for-CVE-2017-5852.patch
* 0007-Fix-CVE-2017-5853-signed-integer-overflow-and-CVE-2017-6844-buffer-overflow.patch
* 0008-Fix-infinite-loop-in-GetPageNumber-if-Parent-chain-contains-a-loop.patch
* 0009-Fix-CVE-2017-7379-encoding-array-too-short-to-encode-decode-code-point-0xffff.patch
* 0010-Fix-CVE-2017-5855-CVE-2018-5296-NULL-pointer-dereference-in-PoDoFo-PdfParser-ReadXRefSubsection.patch
* 0011-Fix-CVE-2017-6840-Out-of-bounds-read-in-ColorChanger-GetColorFromStack.patch
* 0012-Correct-fix-for-CVE-2017-6840-Too-strict-check-for-given-arguments.patch
* 0013-Fix-CVE-2017-6847-NULL-pointer-dereference-when-reading-XObject-without-BBox.patch
* 0014-Fix-CVE-2017-7378-Out-of-bounds-read-in-PdfPainter-ExpandTabs.patch
* 0015-Fix-CVE-2017-7380-NULL-dereference-in-PdfPage-GetFromResources.patch
* 0016-Fix-CVE-2017-7994-NULL-dereference-in-TextExtractor-ExtractText.patch
* 0017-Fix-a-memory-leak-on-document-load-exception-in-podofotxtextract.patch
* 0018-Fix-for-CVE-2017-8787-Read-out-of-buffer-size-in-PdfXRefStreamParserObject-ReadXRefStreamEntry.patch
* 0019-Changes-needed-to-compile-podofo.patch
* 0020-Fix-regression-from-0007.patch
* 0021-Fix-a-build-break-with-OpenSSL-1.1.0f-configured-with-disable-deprecated-option.patch
* 0022-Correct-boundary-comparison-in-PdfListField::GetItemDisplayText.patch
* 0023-Correct-in-parameter-test-in-PdfMemoryOutputStream-Write.patch
* 0024-Fix-CVE-2017-8054-Detect-cycles-in-PdfPagesTree.patch
* 0025-Related-to-CVE-2018-5308.patch
* 0026-Revert-part-of-0024.patch
* 0027-Correction-for-reverted-part-of-CVE-2017-8054-fix-in-0027.patch
* 0028-Fix-for-CVE-2018-5295-Integer-overflow-at-PdfXRefStreamParserObject-ParseStream.patch
* 0029-Try-to-address-an-eventual-use-after-free-in-PdfObject.patch
* 0030-Fix-CVE-2017-6845-Do-not-disable-PODOFO_RAISE_LOGIC_IF-for-Release-builds.patch
* 0031-Fix-clamping-avoiding-crashes-in-PdfPagesTree-InsertPage.patch
* 0032-Fix-wrong-use-of-memcpy-instead-of-wmemcpy.patch
* 0033-Fix-for-CVE-2018-5309-integer-overflow-in-the-PdfObjectStreamParserObject-ReadObjectsFromStream.patch
* 0034-Fix-for-CVE-2018-8001-heap-based-buffer-over-read-in-UnescapeName.patch
* fix-missing-include.patch
* Sun Dec 11 2016 plinnell@opensuse.org
- update to 0.9.5
- no change log, but it is available online at:
https://sourceforge.net/p/podofo/code/commit_browser
* Sun Dec 11 2016 plinnell@opensuse.org
- update to 0.9.4
- no change log, but it is available online at:
https://sourceforge.net/p/podofo/code/commit_browser
* Mon Sep 15 2014 crrodriguez@opensuse.org
- Just use "lua-devel" as BuildRequires current versions
support lua 5.2
* Sat Jul 12 2014 plinnell@suse.com
- Update to 0.9.3
+ OSX build fixes
+ Fixed AES decryption
+ Improved load of (broken) PDF files
+ Sign PDF file as an incremental update
+ Added partial support for Type3 font encoding and metrics
+ Drawing API improvements
+ Unicode file names for attachments
+ Font subset embedding
+ Many compiler warnings squashed
- Dropped podofo-0.9.2-soname.patch which is upstream
- Dropped remove-internal-findfreetype-references.patch
* Wed Dec 11 2013 hrvoje.senjan@gmail.com
- Added remove-internal-findfreetype-references.patch: fixes build
with freetype2 2.5.1 as internal copy is broken. It is also better
practice to use cmake's FindPackage modules
* Sun Mar 31 2013 asterios.dramis@gmail.com
- Update to version 0.9.2:
* Many bug fixes which were made over the last two years.
* New encryption support based on OpenSSL. OpenSSL is now a mandatory
requirement.
- Removed podofobox.1_fix.patch (not needed anymore).
- Added a patch (podofo-0.9.2-soname.patch) to update the soname of the library
(http://sourceforge.net/apps/mantisbt/podofo/view.php?id=54).
- Added build requirements libcppunit-devel and libidn-devel.
- Build the devel docs (added doxygen build requirement).
* Mon Jan 07 2013 mrdocs@opensuse.org
- fix build on SLES
* Sat Mar 17 2012 dimstar@opensuse.org
- Change lua-devel BuildRequires to lua51-devel on openSUSE > 12.1:
the code is not ready to work with lua 5.2.
* Tue Nov 29 2011 ro@suse.de
- use _lib macro to properly determine lib suffix
* Wed May 25 2011 asterios.dramis@gmail.com
- Update to version 0.9.1:
* Bug fixes and optimizations.
* Added a man page for podofogc.
From 0.9.0:
* Lot's of bug fixes for PDF parsing, PDF creation and in several other
areas.
* New compact write mode to create slightly smaller PDF files.
* Initial PDF signature support.
* Support for the 14 standard Type1 fonts.
* Improved font and encoding support (e.g. creation of fonts from existing
objects).
* New tools, e.g. podofocolor.
- Spec files updates:
* Changes based on spec-cleaner run.
* Changes in License.
* Updates in Group:, Summary: and %description entries.
* Updates in %build section for lib64 compilation.
* Minor other updates.
- Added a patch for podofobox.1 to fix an rpmlint warning.
* Thu Oct 28 2010 mrdocs@opensuse.org
-version update to 0.8.4
* Build fixes for various plaforms - mostly for Windows/VS2008
* Thu Oct 21 2010 mrdocs@opensuse.org
-new version 0.8.3
* Added a new write mode for PDFs, which is default, to create
more compact PDFs;
* Extended several APIs, e.g. image interpolation support,
image chroma key support, or selection of base14 fonts
* Fixed bugs in the predictor implementation
* Fixed encryption of unicode strings
* Fixed namestree implementation (root shall not have a Limits key)
* Fixed detection of inline image data and support for inline images larger than 4KB
* Several optimizations, bugs fixes and fixed a minor memory leak
* Thu Sep 09 2010 mrdocs@opensuse.org
-more spec file cleanups
-add missing libpng-devel
* Thu Sep 09 2010 mrdocs@opensuse.org
-version bump to 0.8.2
-many many bug fixes and build issues
-add lua-devel, which adds imposition capabilites
* Thu Jul 01 2010 toms@suse.de
- Corrected licence
* Tue May 11 2010 toms@suse.de
- Updated to 0.8.0, taken patches from hgraeber
. remove so number form devel package
* Tue Jul 28 2009 toms@suse.de
- Taken from home:/mrdocs and corrected SPEC file:
. Added typical SUSE header
. Install section now contains the correct lines
. Changed devel package name to libpodofo0_6_99-devel
. Create this .changes file
Thu Jan 01 00:00:00 CEST 2009 - mrdocs at opensuse.org
- 0.7.0 release
* Sat Oct 04 2008 hub@figuiere.net
- Package closer to policies: split.
Mon Jul 05 00:00:00 CEST 2008 - mrdocs at opensuse.org
- 0.6 release
Sat Jul 12 00:00:00 CEST 2008 - mrdocs at opensuse.org
- new svn snapshot of upcoming 0.6.0
- add openssl-devel dependency
- 64 bit builds fixed
Mon Aug 27 00:00:00 CEST 2007 - mrdocs at opensuse.org
- enable debug package
Wed Aug 08 00:00:00 CEST 2007 - mrdocs at opensuse.org
- revert back to 0.5.0 as the API is unstable
Tue Aug 01 00:00:00 CEST 2007 - mrdocs at scribus.info
- new svn snapshot with 64 bit build support
Thu Jul 26 00:00:00 CEST 2007 - mrdocs at scribus.info
- version upgrade
- use cmake as autotools are no longer supported
* Mon Dec 25 2006 Bernhard Walle <bwalle@suse.de>
- initial package