Hello community, here is the log from the commit of package podofo for openSUSE:Factory checked in at 2018-07-21 10:24:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/podofo (Old) and /work/SRC/openSUSE:Factory/.podofo.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "podofo" Sat Jul 21 10:24:41 2018 rev:27 rq:624001 version:0.9.6 Changes: -------- --- /work/SRC/openSUSE:Factory/podofo/podofo.changes 2018-03-22 12:10:41.725676771 +0100 +++ /work/SRC/openSUSE:Factory/.podofo.new/podofo.changes 2018-07-21 10:24:42.774964852 +0200 @@ -1,0 +2,54 @@ +Wed Jul 18 03:54:52 UTC 2018 - [email protected] + +- Update to 0.9.6 + +- drop patches from upstream all are now upstream: + + (CVE-2017-5852, boo#1023067, CVE-2017-5853, boo#1023069, + CVE-2017-5854, boo#1023070, CVE-2017-5855, boo#1023071, + CVE-2017-5886, boo#1023380, CVE-2017-6840, boo#1027787, + CVE-2017-6844, boo#1027782, CVE-2017-6845, boo#1027779, + CVE-2017-6847, boo#1027778, CVE-2017-7378, boo#1032017, + CVE-2017-7379, boo#1032018, CVE-2017-7380, boo#1032019, + CVE-2017-7994, boo#1035534, CVE-2017-8054, boo#1035596, + CVE-2017-8787, boo#1037739, CVE-2018-5295, boo#1075026, + CVE-2018-5296, boo#1075021, CVE-2018-5308, boo#1075772, + CVE-2018-5309, boo#1075322, CVE-2018-8001, boo#1084894) + + * 0001-fix-a-crash-when-passing-a-PDF-file-with-an-encryption-dictionary-ref.patch + * 0002-fix-stack-overflow-crash-when-XRef-record-references-itself.patch + * 0003-Fix-for-CVE-2017-5852-with-added-error-code.patch + * 0004-Fix-for-CVE-2017-5854.patch + * 0005-Fix-for-CVE-2017-5886.patch + * 0006-Extend-fix-for-CVE-2017-5852.patch + * 0007-Fix-CVE-2017-5853-signed-integer-overflow-and-CVE-2017-6844-buffer-overflow.patch + * 0008-Fix-infinite-loop-in-GetPageNumber-if-Parent-chain-contains-a-loop.patch + * 0009-Fix-CVE-2017-7379-encoding-array-too-short-to-encode-decode-code-point-0xffff.patch + * 0010-Fix-CVE-2017-5855-CVE-2018-5296-NULL-pointer-dereference-in-PoDoFo-PdfParser-ReadXRefSubsection.patch + * 0011-Fix-CVE-2017-6840-Out-of-bounds-read-in-ColorChanger-GetColorFromStack.patch + * 0012-Correct-fix-for-CVE-2017-6840-Too-strict-check-for-given-arguments.patch + * 0013-Fix-CVE-2017-6847-NULL-pointer-dereference-when-reading-XObject-without-BBox.patch + * 0014-Fix-CVE-2017-7378-Out-of-bounds-read-in-PdfPainter-ExpandTabs.patch + * 0015-Fix-CVE-2017-7380-NULL-dereference-in-PdfPage-GetFromResources.patch + * 0016-Fix-CVE-2017-7994-NULL-dereference-in-TextExtractor-ExtractText.patch + * 0017-Fix-a-memory-leak-on-document-load-exception-in-podofotxtextract.patch + * 0018-Fix-for-CVE-2017-8787-Read-out-of-buffer-size-in-PdfXRefStreamParserObject-ReadXRefStreamEntry.patch + * 0019-Changes-needed-to-compile-podofo.patch + * 0020-Fix-regression-from-0007.patch + * 0021-Fix-a-build-break-with-OpenSSL-1.1.0f-configured-with-disable-deprecated-option.patch + * 0022-Correct-boundary-comparison-in-PdfListField::GetItemDisplayText.patch + * 0023-Correct-in-parameter-test-in-PdfMemoryOutputStream-Write.patch + * 0024-Fix-CVE-2017-8054-Detect-cycles-in-PdfPagesTree.patch + * 0025-Related-to-CVE-2018-5308.patch + * 0026-Revert-part-of-0024.patch + * 0027-Correction-for-reverted-part-of-CVE-2017-8054-fix-in-0027.patch + * 0028-Fix-for-CVE-2018-5295-Integer-overflow-at-PdfXRefStreamParserObject-ParseStream.patch + * 0029-Try-to-address-an-eventual-use-after-free-in-PdfObject.patch + * 0030-Fix-CVE-2017-6845-Do-not-disable-PODOFO_RAISE_LOGIC_IF-for-Release-builds.patch + * 0031-Fix-clamping-avoiding-crashes-in-PdfPagesTree-InsertPage.patch + * 0032-Fix-wrong-use-of-memcpy-instead-of-wmemcpy.patch + * 0033-Fix-for-CVE-2018-5309-integer-overflow-in-the-PdfObjectStreamParserObject-ReadObjectsFromStream.patch + * 0034-Fix-for-CVE-2018-8001-heap-based-buffer-over-read-in-UnescapeName.patch + * fix-missing-include.patch + +------------------------------------------------------------------- Old: ---- 0001-fix-a-crash-when-passing-a-PDF-file-with-an-encryption-dictionary-ref.patch 0002-fix-stack-overflow-crash-when-XRef-record-references-itself.patch 0003-Fix-for-CVE-2017-5852-with-added-error-code.patch 0004-Fix-for-CVE-2017-5854.patch 0005-Fix-for-CVE-2017-5886.patch 0006-Extend-fix-for-CVE-2017-5852.patch 0007-Fix-CVE-2017-5853-signed-integer-overflow-and-CVE-2017-6844-buffer-overflow.patch 0008-Fix-infinite-loop-in-GetPageNumber-if-Parent-chain-contains-a-loop.patch 0009-Fix-CVE-2017-7379-encoding-array-too-short-to-encode-decode-code-point-0xffff.patch 0010-Fix-CVE-2017-5855-CVE-2018-5296-NULL-pointer-dereference-in-PoDoFo-PdfParser-ReadXRefSubsection.patch 0011-Fix-CVE-2017-6840-Out-of-bounds-read-in-ColorChanger-GetColorFromStack.patch 0012-Correct-fix-for-CVE-2017-6840-Too-strict-check-for-given-arguments.patch 0013-Fix-CVE-2017-6847-NULL-pointer-dereference-when-reading-XObject-without-BBox.patch 0014-Fix-CVE-2017-7378-Out-of-bounds-read-in-PdfPainter-ExpandTabs.patch 0015-Fix-CVE-2017-7380-NULL-dereference-in-PdfPage-GetFromResources.patch 0016-Fix-CVE-2017-7994-NULL-dereference-in-TextExtractor-ExtractText.patch 0017-Fix-a-memory-leak-on-document-load-exception-in-podofotxtextract.patch 0018-Fix-for-CVE-2017-8787-Read-out-of-buffer-size-in-PdfXRefStreamParserObject-ReadXRefStreamEntry.patch 0019-Changes-needed-to-compile-podofo.patch 0020-Fix-regression-from-0007.patch 0021-Fix-a-build-break-with-OpenSSL-1.1.0f-configured-with-disable-deprecated-option.patch 0022-Correct-boundary-comparison-in-PdfListField::GetItemDisplayText.patch 0023-Correct-in-parameter-test-in-PdfMemoryOutputStream-Write.patch 0024-Fix-CVE-2017-8054-Detect-cycles-in-PdfPagesTree.patch 0025-Related-to-CVE-2018-5308.patch 0026-Revert-part-of-0024.patch 0027-Correction-for-reverted-part-of-CVE-2017-8054-fix-in-0027.patch 0028-Fix-for-CVE-2018-5295-Integer-overflow-at-PdfXRefStreamParserObject-ParseStream.patch 0029-Try-to-address-an-eventual-use-after-free-in-PdfObject.patch 0030-Fix-CVE-2017-6845-Do-not-disable-PODOFO_RAISE_LOGIC_IF-for-Release-builds.patch 0031-Fix-clamping-avoiding-crashes-in-PdfPagesTree-InsertPage.patch 0032-Fix-wrong-use-of-memcpy-instead-of-wmemcpy.patch 0033-Fix-for-CVE-2018-5309-integer-overflow-in-the-PdfObjectStreamParserObject-ReadObjectsFromStream.patch 0034-Fix-for-CVE-2018-8001-heap-based-buffer-over-read-in-UnescapeName.patch fix-missing-include.patch podofo-0.9.5.tar.gz New: ---- podofo-0.9.6.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ podofo.spec ++++++ --- /var/tmp/diff_new_pack.sJaMQ6/_old 2018-07-21 10:24:44.726964380 +0200 +++ /var/tmp/diff_new_pack.sJaMQ6/_new 2018-07-21 10:24:44.726964380 +0200 @@ -16,51 +16,17 @@ # -%define libver 0_9_5 +%define libver 0_9_6 Name: podofo -Version: 0.9.5 +Version: 0.9.6 Release: 0 Summary: Tools to work with PDF files License: GPL-2.0-or-later Group: Productivity/Publishing/PDF Url: http://podofo.sourceforge.net/ Source0: http://downloads.sourceforge.net/podofo/%{name}-%{version}.tar.gz -Patch0: 0001-fix-a-crash-when-passing-a-PDF-file-with-an-encryption-dictionary-ref.patch -Patch1: 0002-fix-stack-overflow-crash-when-XRef-record-references-itself.patch -Patch2: 0003-Fix-for-CVE-2017-5852-with-added-error-code.patch -Patch3: 0004-Fix-for-CVE-2017-5854.patch -Patch4: 0005-Fix-for-CVE-2017-5886.patch -Patch5: 0006-Extend-fix-for-CVE-2017-5852.patch -Patch6: 0007-Fix-CVE-2017-5853-signed-integer-overflow-and-CVE-2017-6844-buffer-overflow.patch -Patch7: 0008-Fix-infinite-loop-in-GetPageNumber-if-Parent-chain-contains-a-loop.patch -Patch8: 0009-Fix-CVE-2017-7379-encoding-array-too-short-to-encode-decode-code-point-0xffff.patch -Patch9: 0010-Fix-CVE-2017-5855-CVE-2018-5296-NULL-pointer-dereference-in-PoDoFo-PdfParser-ReadXRefSubsection.patch -Patch10: 0011-Fix-CVE-2017-6840-Out-of-bounds-read-in-ColorChanger-GetColorFromStack.patch -Patch11: 0012-Correct-fix-for-CVE-2017-6840-Too-strict-check-for-given-arguments.patch -Patch12: 0013-Fix-CVE-2017-6847-NULL-pointer-dereference-when-reading-XObject-without-BBox.patch -Patch13: 0014-Fix-CVE-2017-7378-Out-of-bounds-read-in-PdfPainter-ExpandTabs.patch -Patch14: 0015-Fix-CVE-2017-7380-NULL-dereference-in-PdfPage-GetFromResources.patch -Patch15: 0016-Fix-CVE-2017-7994-NULL-dereference-in-TextExtractor-ExtractText.patch -Patch16: 0017-Fix-a-memory-leak-on-document-load-exception-in-podofotxtextract.patch -Patch17: 0018-Fix-for-CVE-2017-8787-Read-out-of-buffer-size-in-PdfXRefStreamParserObject-ReadXRefStreamEntry.patch -Patch18: 0019-Changes-needed-to-compile-podofo.patch -Patch19: 0020-Fix-regression-from-0007.patch -Patch20: 0021-Fix-a-build-break-with-OpenSSL-1.1.0f-configured-with-disable-deprecated-option.patch -Patch21: 0022-Correct-boundary-comparison-in-PdfListField::GetItemDisplayText.patch -Patch22: 0023-Correct-in-parameter-test-in-PdfMemoryOutputStream-Write.patch -Patch23: 0024-Fix-CVE-2017-8054-Detect-cycles-in-PdfPagesTree.patch -Patch24: 0025-Related-to-CVE-2018-5308.patch -Patch25: 0026-Revert-part-of-0024.patch -Patch26: 0027-Correction-for-reverted-part-of-CVE-2017-8054-fix-in-0027.patch -Patch27: 0028-Fix-for-CVE-2018-5295-Integer-overflow-at-PdfXRefStreamParserObject-ParseStream.patch -Patch28: 0029-Try-to-address-an-eventual-use-after-free-in-PdfObject.patch -Patch29: 0030-Fix-CVE-2017-6845-Do-not-disable-PODOFO_RAISE_LOGIC_IF-for-Release-builds.patch -Patch30: 0031-Fix-clamping-avoiding-crashes-in-PdfPagesTree-InsertPage.patch -Patch31: 0032-Fix-wrong-use-of-memcpy-instead-of-wmemcpy.patch -Patch32: 0033-Fix-for-CVE-2018-5309-integer-overflow-in-the-PdfObjectStreamParserObject-ReadObjectsFromStream.patch -Patch33: 0034-Fix-for-CVE-2018-8001-heap-based-buffer-over-read-in-UnescapeName.patch -Patch1000: fix-missing-include.patch + BuildRequires: cmake >= 2.5 BuildRequires: doxygen BuildRequires: fdupes ++++++ podofo-0.9.5.tar.gz -> podofo-0.9.6.tar.gz ++++++ ++++ 8922 lines of diff (skipped)
