Hello community, here is the log from the commit of package poppler for openSUSE:Factory checked in at 2017-09-26 21:12:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/poppler (Old) and /work/SRC/openSUSE:Factory/.poppler.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "poppler" Tue Sep 26 21:12:21 2017 rev:141 rq:528401 version:0.59.0 Changes: -------- --- /work/SRC/openSUSE:Factory/poppler/poppler-qt.changes 2017-08-12 19:37:44.243978261 +0200 +++ /work/SRC/openSUSE:Factory/.poppler.new/poppler-qt.changes 2017-09-26 21:12:25.279279275 +0200 @@ -1,0 +2,62 @@ +Mon Sep 18 10:27:48 UTC 2017 - [email protected] + +- Apply CVE-2017-14517.patch from upstream to fix a NULL pointer + dereference in the XRef::parseEntry() function that may have lead + to potential denial-of-service attack when handling malicious PDF + files. [CVE-2017-14517, bsc#1059066] + +------------------------------------------------------------------- +Thu Sep 7 10:34:49 UTC 2017 - [email protected] + +- Update to version 0.59.0: + + core: Fix infinite recursion in NameTree parsing in broken + files. + + utils: + - pdfunite: Fix API porting error that caused abort in some + cases. + - pdfinfo: + . Fix crashes and memory leaks when using -dests. + . Use GooString.append instead of sprintf/strcat. + - pdfimages: Fix warning when compiling with cygwin. + + build system: + - Fix cygwin 32-bit compile. + - Cmake tweaks. +- Bump soversion following upstream changes. + +------------------------------------------------------------------- +Sun Sep 3 10:21:49 UTC 2017 - [email protected] + +- Update to version 0.58.0: + + core: + - CairoOutputDev: cairo 1.14 now has high quality downscaling. + - Signature related improvements (fdo#99271). + - Tweak which cmap we use (fdo#101855). + - Memory leak fixes. + - Substantial rework of the internals. + - win32: call ANSI functions directly (fdo#100312). + - Add some documentation. + + qt5: + - Expose signature information. + - ArthurOutputDev: initialize the image with the paper color + (fdo#102129). + - Fix copy'n'paste bugs: Qt4 -> Qt5. + - ArthurOutputDev: Properly set the QPainter transformation. + - ArthurOutputDev: Use Qt::SvgMiterJoin instead of + Qt::MiterJoin (fdo#102356). + + utils: + - pdfinfo: add -dests option to print named destinations + (fdo#97262). + - pdftocairo: add -jpegopt for setting jpeg compression + parameters (fdo#45727). + - pdftoppm: add -jpegopt for setting jpeg compression + parameters (fdo#45727). + - pdfimages: support listing/extracting inline images + (fdo#25625). + + build system: + - cmake: Various Windows fixes. + - cmake: Use -std=c++11 instead of -std=gnu++11. + + cpp: Fix page.text() not taking page orientation into account + (fdo#94517). +- Bump soversion following upstream changes. + +------------------------------------------------------------------- poppler-qt5.changes: same change poppler.changes: same change Old: ---- poppler-0.57.0.tar.xz New: ---- CVE-2017-14517.patch poppler-0.59.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ poppler-qt.spec ++++++ --- /var/tmp/diff_new_pack.KfuxJP/_old 2017-09-26 21:13:12.364658241 +0200 +++ /var/tmp/diff_new_pack.KfuxJP/_new 2017-09-26 21:13:12.368657679 +0200 @@ -21,11 +21,11 @@ Name: poppler-qt %define _name poppler -Version: 0.57.0 +Version: 0.59.0 Release: 0 # Actual version of poppler-data: %define poppler_data_version 0.4.6 -%define poppler_sover 68 +%define poppler_sover 70 %define poppler_cpp_sover 0 %define poppler_glib_sover 8 %define poppler_qt4_sover 4 @@ -38,6 +38,7 @@ Group: System/Libraries Source: http://poppler.freedesktop.org/%{_name}-%{version}.tar.xz Source99: baselibs.conf +Patch1: CVE-2017-14517.patch BuildRequires: gcc-c++ BuildRequires: gobject-introspection-devel BuildRequires: libjpeg-devel @@ -226,6 +227,7 @@ %prep %setup -q -n poppler-%{version} +%patch1 -p1 %build %if %build_qt5 poppler-qt5.spec: same change ++++++ poppler.spec ++++++ --- /var/tmp/diff_new_pack.KfuxJP/_old 2017-09-26 21:13:12.444646993 +0200 +++ /var/tmp/diff_new_pack.KfuxJP/_new 2017-09-26 21:13:12.448646431 +0200 @@ -21,11 +21,11 @@ Name: poppler %define _name poppler -Version: 0.57.0 +Version: 0.59.0 Release: 0 # Actual version of poppler-data: %define poppler_data_version 0.4.6 -%define poppler_sover 68 +%define poppler_sover 70 %define poppler_cpp_sover 0 %define poppler_glib_sover 8 %define poppler_qt4_sover 4 @@ -38,6 +38,7 @@ Group: System/Libraries Source: http://poppler.freedesktop.org/%{_name}-%{version}.tar.xz Source99: baselibs.conf +Patch1: CVE-2017-14517.patch BuildRequires: gcc-c++ BuildRequires: gobject-introspection-devel BuildRequires: libjpeg-devel @@ -226,6 +227,7 @@ %prep %setup -q -n poppler-%{version} +%patch1 -p1 %build %if %build_qt5 ++++++ CVE-2017-14517.patch ++++++ >From 80f9819b6233f9f9b5fd44f0e4cad026e5d048c2 Mon Sep 17 00:00:00 2001 From: Albert Astals Cid <[email protected]> Date: Wed, 13 Sep 2017 23:09:45 +0200 Subject: isImageInterpolationRequired: Fix divide by 0 on broken documents Bug #102688 diff --git a/splash/Splash.cc b/splash/Splash.cc index 46b8ce2..39fc7d6 100644 --- a/splash/Splash.cc +++ b/splash/Splash.cc @@ -4134,7 +4134,7 @@ SplashError Splash::arbitraryTransformImage(SplashImageSource src, SplashICCTran static GBool isImageInterpolationRequired(int srcWidth, int srcHeight, int scaledWidth, int scaledHeight, GBool interpolate) { - if (interpolate) + if (interpolate || srcWidth == 0 || srcHeight == 0) return gTrue; /* When scale factor is >= 400% we don't interpolate. See bugs #25268, #9860 */ -- cgit v0.10.2 ++++++ poppler-0.57.0.tar.xz -> poppler-0.59.0.tar.xz ++++++ ++++ 29482 lines of diff (skipped)
