-
poppler (0.24.5-2ubuntu4.17) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-9200.patch: fix in
poppler/Stream.cc.
- CVE-2019-9200
-- <email address hidden> (Leonidas S. Barbosa) Thu, 28 Feb 2019 09:14:27 -0300
-
poppler (0.24.5-2ubuntu4.16) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-7310.patch: fix in
poppler/XRef.cc.
- CVE-2019-7310
-- <email address hidden> (Leonidas S. Barbosa) Fri, 08 Feb 2019 11:16:54 -0300
-
poppler (0.24.5-2ubuntu4.15) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20481.patch: fix in
poppler/XRef.cc.
- CVE-2018-20481
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20650.patch: fix in
poppler/FileSpec.cc.
- CVE-2018-20650
-- <email address hidden> (Leonidas S. Barbosa) Mon, 21 Jan 2019 13:21:05 -0300
-
poppler (0.24.5-2ubuntu4.14) trusty-security; urgency=medium
* SECURITY REGRESSION: fixing regression in check entry
- debian/patches/CVE-2018-16646-fix-regression-p1.patch
- debian/patches/CVE-2018-16646-fix-regression-p2.patch
-- <email address hidden> (Leonidas S. Barbosa) Tue, 11 Dec 2018 10:14:13 -0300
-
poppler (0.24.5-2ubuntu4.13) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-19149.patch: "check whether
and embedded file is actually present in the PDF and
show warning in that case" in glib/poppler-attachment.cc,
glib/poppler-document.cc.
- CVE-2018-19149
[ Marc Deslauriers ]
* SECURITY UPDATE: infinite recursion via crafted file
- debian/patches/CVE-2018-16646.patch: avoid cycles in PDF parsing in
poppler/Parser.cc, poppler/XRef.h.
- CVE-2018-16646
* SECURITY UPDATE: denial of service via reachable abort
- debian/patches/CVE-2018-19058.patch: check for stream before calling
stream methods when saving an embedded file in poppler/FileSpec.cc.
- CVE-2018-19058
* SECURITY UPDATE: denial of service via out-of-bounds read
- debian/patches/CVE-2018-19059.patch: check for valid embedded file
before trying to save it in utils/pdfdetach.cc.
- CVE-2018-19059
* SECURITY UPDATE: denial of service via NULL pointer dereference
- debian/patches/CVE-2018-19060.patch: check for valid file name of
embedded file in utils/pdfdetach.cc.
- CVE-2018-19060
-- <email address hidden> (Leonidas S. Barbosa) Fri, 30 Nov 2018 13:07:28 -0300
-
poppler (0.24.5-2ubuntu4.12) trusty-security; urgency=medium
* SECURITY UPDATE: Out of bounds read
- debian/patches/CVE-2018-13988.patch: fix in poppler/Parser.cc.
- CVE-2018-13988
-- <email address hidden> (Leonidas S. Barbosa) Mon, 27 Aug 2018 12:10:48 -0300
-
poppler (0.24.5-2ubuntu4.11) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-18267.patch: fix issue for malformed
documents in fofi/FoFiType1C.cc.
- CVE-2017-18267
* SECURITY UPDATE: Null dereference
- debian/patches/CVE-2018-10768.patch: draw for malformed docs
in poppler/Annot.c.
- CVE-2018-10768
-- <email address hidden> (Leonidas S. Barbosa) Mon, 14 May 2018 11:18:01 -0300
-
poppler (0.24.5-2ubuntu4.9) trusty-security; urgency=medium
* SECURITY UPDATE: fails to validate boundaries in TextPool::addWord
leading to overflow
- debian/patches/CVE-2017-1000456.patch: fix crash in fuzzed file in
poppler/TextOutputDev.cc.
- CVE-2017-1000456
* SECURITY UPDATE: has a heap-based buffer over-read vulnerability
- debian/patches/CVE-2017-14976.patch: fix crash in broken files in
fofi/FoFiType1C.cc.
- CVE-2017-14976
-- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jan 2018 13:49:42 -0300
-
poppler (0.24.5-2ubuntu4.8) trusty-security; urgency=medium
* SECURITY UPDATE: pointer dereference can cause a DoS attack
- debian/patches/CVE-2017-15565.patch: fix crash in broken files caused by
a dereference pointer in poppler/CairoOutputDev.cc.
- CVE-2017-15565
-- <email address hidden> (Leonidas S. Barbosa) Thu, 26 Oct 2017 11:22:42 -0300
-
poppler (0.24.5-2ubuntu4.7) trusty-security; urgency=medium
* SECURITY UPDATE: Floating point exception
- debian/patches/CVE-2017-14518.patch: Fix divide by 0 on broken
documents in splash/Splash.cc.
- CVE-2017-14518
* SECURITY UPDATE: Floating point exception
- debian/patches/CVE-2017-14520.patch: don't try to scale if srcHeight or
srcWidth is less than 1 in splash/Splash.cc.
- CVE-2017-14520
* SECURITY UPDATE: Floating point exception in ImageStream
- debian/patches/CVE-2017-14617.patch: Fix crash in broken files in
poppler/Stream.cc.
- CVE-2017-14617
* SECURITY UPDATE: Memory corruption
- debian/patches/CVE-2017-14929.patch: Fix infinite recursion
in poppler/Gfx.cc, poppler/GfxState.cc, poppler/GfxState.h.
- CVE-2017-14929
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2017-14975.patch: fix crash in convertToType0 in
fofi/FoFiType1C.cc.
- CVE-2017-14975
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2017-14977.patch: fix NULL deference pointer in
fofi/FoFiTrueType.cc.
- CVE-2017-14977
* SECURITY UPDATE: Integer overflow and heap overflow
- debian/patches/CVE-2017-9776.patch: fix malformed documents
in poppler/JBIG2Stream.cc.
- CVE-2017-9776
-- <email address hidden> (Leonidas S. Barbosa) Wed, 04 Oct 2017 12:51:10 -0300
-
poppler (0.24.5-2ubuntu4.6) trusty-security; urgency=medium
* SECURITY UPDATE: Memory corruption - infinite loop
- debian/patches/CVE-2017-14519.patch: fix infinite recursion in
poppler/Gfx.cc, poppler/Gfx.h, poppler/GfxFont.cc, poppler/GfxFont.h
- CVE-2017-14519
-- <email address hidden> (Leonidas S. Barbosa) Fri, 29 Sep 2017 12:25:36 -0300
-
poppler (0.24.5-2ubuntu4.5) trusty-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference in pdfunite
- debian/patches/CVE-2017-7511.patch: add extra checks to
utils/pdfunite.cc.
- CVE-2017-7511
* SECURITY UPDATE: uncontrolled recursion in pdfunite
- debian/patches/CVE-2017-7515.patch: fix recursion in
poppler/PDFDoc.cc, poppler/PDFDoc.h.
- CVE-2017-7515
* SECURITY UPDATE: NULL pointer dereference in JPXStream::readUByte
- debian/patches/CVE-2017-9083.patch: check nComps in
poppler/JPXStream.cc.
- CVE-2017-9083
* SECURITY UPDATE: memory leak in gmalloc
- debian/patches/CVE-2017-9406.patch: fix leak in poppler/XRef.cc.
- CVE-2017-9406
* SECURITY UPDATE: memory leak in Object::initArray
- debian/patches/CVE-2017-9408.patch: fix leak in poppler/XRef.cc.
- CVE-2017-9408
* SECURITY UPDATE: stack buffer overflow in GfxState.cc
- debian/patches/CVE-2017-9775.patch: add extra checks to
poppler/GfxState.cc.
- CVE-2017-9775
* SECURITY UPDATE: integer overflow in JPXStream::readTilePart
- debian/patches/CVE-2017-2820.patch: check for overflow in
poppler/JPXStream.cc.
- CVE-2017-2820
-- Marc Deslauriers <email address hidden> Thu, 06 Jul 2017 11:40:22 -0400
-
poppler (0.24.5-2ubuntu4.4) trusty-security; urgency=medium
* SECURITY UPDATE: heap overflow on invalid files
- debian/patches/CVE-2015-8868.patch: check length of C0 array in
poppler/Function.cc.
- CVE-2015-8868
-- Marc Deslauriers <email address hidden> Fri, 29 Apr 2016 15:58:02 -0400
-
poppler (0.24.5-2ubuntu4.3) trusty; urgency=medium
* debian/patches/git_matrix_not_invertable.patch:
- cairo: don't render text when text matrix is not invertable
(lp: #1412916)
-- Sebastien Bacher <email address hidden> Tue, 13 Oct 2015 16:10:18 +0100
-
poppler (0.24.5-2ubuntu4.2) trusty; urgency=medium
* 0001-Map-Standard-Expert-encoding-ligatures-to-AGLFN-name.patch:
Cherry-pick patch from upstream to fix ligature mapping with substitute
fonts which don't use the current standard glyph names. (LP: #1379375)
-- Iain Lane <email address hidden> Mon, 19 Jan 2015 13:18:49 +0000
-
poppler (0.24.5-2ubuntu4.1) trusty; urgency=medium
* debian/patches/git_hint_table.patch:
- backport git patch to fix pdf parsing issues (lp: #1377695)
-- Sebastien Bacher <email address hidden> Fri, 17 Oct 2014 19:22:35 +0200
-
poppler (0.24.5-2ubuntu4) trusty; urgency=medium
* Rebuild to solve a powerpc dependency problem.
-- Timo Jyrinki <email address hidden> Fri, 07 Mar 2014 11:46:30 +0200
-
poppler (0.24.5-2ubuntu2) trusty; urgency=medium
* Revert the -O0 change. Apparently a texlive issue. LP: #1273779.
-- Matthias Klose <email address hidden> Mon, 24 Feb 2014 17:52:15 +0100
-
poppler (0.24.5-2ubuntu1) trusty; urgency=medium
* Merge with Debian experimental (LP: #1276443), remaining changes:
- Drop libopenjpeg-dev build depends, it is in universe.
- Lower poppler-data to Suggests, it is too big for CD images,
handled by language-selector.
- Have libpoppler-dev Depend on libpoppler-private-dev, to help with
the transition after the split of the two packages.
- Add libpoppler-glib-doc Breaks/Replaces on libpoppler-glib-dev
(<= 0.24.4).
- Add simple compile/link/run autopkgtest.
- Backport duplex printing fixes (pdftops-origpagesizes-fixes.diff,
pdftops-origpagesizes-papersize-setpagedevice-fix.diff).
- Build with dh-autoreconf.
- Build with -O0 until LP #1273779 is addressed.
poppler (0.24.5-2) experimental; urgency=medium
* Backport upstream commits a766c55f68db38feed91cf003a0d5710e2f925a8 and
e238c1f83fd5f667336bfbb0e9a59569ff638ecc to fix the detection of
Qt 5's moc; patch upstream_fix_qt5_moc_detection.diff.
* Rename patch qt4-visibility.diff to qt-visibility.diff, and extend to qt5.
* Provide poppler-qt5: (Closes: #716685)
- add the qtbase5-dev build dependency
- add the libpoppler-qt5-1 and libpoppler-qt5-dev binaries
- pass --enable-poppler-qt5 to configure
- add symbols file for libpoppler-qt5-1
poppler (0.24.5-1) experimental; urgency=low
* New upstream release:
- poppler can handle documents bigger than 2GB. (Closes: #642530)
- fixes a typo in an error message. (Closes: #708972)
* Rename packages according to the new SONAMEs:
- libpoppler37 -> libpoppler44
* debian/patches:
- qt4-visibility.diff: refresh
- upstream_pdfseparate-improve-the-path-building.patch: drop, backported
- upstream_Allow-only-one-d-in-the-filename.diff: drop, backported
* Update copyright.
* Update symbols files.
* Remove the manual link to pthreads, introduced in 0.18.4-10, as it is no
more needed now (poppler does it on its own now).
poppler (0.22.5-4) unstable; urgency=medium
* Upload to unstable.
poppler (0.22.5-3) experimental; urgency=low
* Merge changes from 0.18.4-9 and 0.18.4-10:
- upstream_Allow-only-one-d-in-the-filename.diff: pick it unmodified from
upstream
poppler (0.22.5-2) experimental; urgency=low
* Merge changes from 0.18.4-7 and 0.18.4-8:
- CVE-2012-2142.diff: drop, fixed upstream
- upstream_pdfseparate.1-Syntax-fixes.patch: drop, backported
poppler (0.22.5-1) experimental; urgency=low
* New upstream release:
- fixes case sensitive search in poppler-glib. (Closes: #299657)
- poppler passes correct UTF-8 strings to cairo. (Closes: #697766)
* Rename packages according to the new SONAMEs:
- libpoppler28 -> libpoppler37
* debian/patches:
- qt4-visibility.diff: refresh
- upstream_fix-GooString-insert.diff: drop, applied upstream
- upstream_Fix-another-invalid-memory-access-in-1091.pdf.asan.7.patch: drop,
backported
- upstream_Fix-invalid-memory-access-in-2030.pdf.asan.69.463.patch: drop,
backported
- upstream_Fix-invalid-memory-access-in-1150.pdf.asan.8.69.patch: drop,
backported
- upstream_Initialize-refLine-totally.patch: drop, backported
- upstream_cairo-support-parameterized-Gouraud-shading.patch: drop,
applied upstream
* Update copyright.
* Update symbols files.
* Update configure arguments:
- Add: --enable-libpng, --enable-libtiff, --enable-cms=lcms2
(no actual changes, just enforce their usage)
* Update recommends and suggests:
- libpoppler-private-dev: drop the libpng-dev, libtiff-dev suggests.
- poppler-utils: drop the ghostscript recommend.
* Split the API documentation from libpoppler-glib-dev to an own
libpoppler-glib-doc.
poppler (0.20.5-3) experimental; urgency=low
* Merge changes from 0.18.4-6:
- upstream_Fix-another-invalid-memory-access-in-1091.pdf.asan.7.patch:
update from upstream repository
- upstream_Fix-invalid-memory-access-in-2030.pdf.asan.69.463.patch:
update from upstream repository
- upstream_Fix-invalid-memory-access-in-1150.pdf.asan.8.69.patch:
update from upstream repository
- upstream_Initialize-refLine-totally.patch:
update from upstream repository
poppler (0.20.5-2) experimental; urgency=low
* Merge changes from 0.18.4-4 and 0.18.4-5:
- psoutputdev-initialize-vars.diff: drop, obsolete
* Backport upstream commit ae8fc0cbfc6123189e17b3cf1286e0540f181646 to
support parameterized Gouraud shading in CairoOutputDev; patch
upstream_cairo-support-parameterized-Gouraud-shading.patch.
(Closes: #699467)
-- Dmitry Shachnev <email address hidden> Wed, 05 Feb 2014 12:16:35 +0400
-
poppler (0.24.5-0ubuntu3) trusty; urgency=medium
* Just append -O0 to CFLAGS/CXXFLAGS to keep the hardening flags enabled.
-- Matthias Klose <email address hidden> Wed, 29 Jan 2014 10:27:27 +0000
-
poppler (0.24.5-0ubuntu2) trusty; urgency=medium
* Build with -O0 until #1273779 is addressed.
-- Matthias Klose <email address hidden> Wed, 29 Jan 2014 10:29:40 +0100
-
poppler (0.24.5-0ubuntu1) trusty; urgency=low
* New upstream version
* Reapplied the Ubuntu changes that were added since the merge work
done by Dmitry
* debian/patches/pdftops-origpagesizes-fixes.diff,
debian/patches/pdftops-origpagesizes-papersize-setpagedevice-fix.diff:
- duplex printing fixes
* debian/control.in, debian/rules:
- build using dh-autoreconf
[ Dmitry Shachnev ]
* Merge with Debian experimental (LP: #1256627), remaining changes:
- Drop libopenjpeg-dev build depends, it's in universe.
- Lower poppler-data to Suggests, it is too big for CD images,
handled by language-selector.
- Have libpoppler-dev Depend on libpoppler-private-dev, to help with
the transition after the split of the two packages.
- Build Qt 5 packages.
- Add simple compile/link/run autopkgtest.
- Differences in symbols file.
* New upstream bugfix release.
* Update soname version to 44.
* Add libpoppler-glib-doc Breaks/Replaces on libpoppler-glib-dev
(<= 0.24.4).
* Update debian/copyright (taken from unreleased Debian Git).
[ Timo Jyrinki ]
* Backport upstream patch to support two variations of moc binary version
output to fix Qt 5.2 (LP: #1271026)
-- Sebastien Bacher <email address hidden> Wed, 22 Jan 2014 18:43:28 +0100
-
poppler (0.24.3-0ubuntu12) trusty; urgency=medium
* debian/patches/pdftops-origpagesizes-papersize-setpagedevice-fix.diff:
Re-introduced patch to fix duplex printing (from -0ubuntu5).
-- Till Kamppeter <email address hidden> Thu, 2 Jan 2014 21:57:33 +0100
-
poppler (0.24.3-0ubuntu11) trusty; urgency=medium
* debian/patches/pdftops-origpagesizes-fixes.diff: Backed out all upstream
backports after -0ubuntu4 as they introduce an ABI change.
-- Till Kamppeter <email address hidden> Thu, 2 Jan 2014 21:23:33 +0100
-
poppler (0.24.3-0ubuntu10) trusty; urgency=medium
* debian/patches/pdftops-origpagesizes-fixes.diff: Another upstream update
for the patch, this time applying the fixes also to pdftocairo. See
comments #49 and #50 in Freedesktop/Poppler bug #72312.
-- Till Kamppeter <email address hidden> Mon, 30 Dec 2013 11:57:33 +0100
-
poppler (0.24.3-0ubuntu9) trusty; urgency=medium
* debian/patches/pdftops-origpagesizes-fixes.diff: Another upstream update
for the patch, this time correcting a segfault on a broken PDF file. See
comments #47 and #48 in Freedesktop/Poppler bug #72312.
-- Till Kamppeter <email address hidden> Sun, 29 Dec 2013 23:06:33 +0100
-
poppler (0.24.3-0ubuntu8) trusty; urgency=medium
* debian/patches/pdftops-origpagesizes-fixes.diff: Another upstream update
for the patch, this time correcting rounding errors. See see comments #39
and #40 in Freedesktop/Poppler bug #72312.
-- Till Kamppeter <email address hidden> Sat, 21 Dec 2013 22:47:33 +0100
-
poppler (0.24.3-0ubuntu7) trusty; urgency=medium
* debian/patches/pdftops-origpagesizes-fixes.diff: The changes for pdftops
broke conversion of PostScript to PNG with ImageMagick, see comments #33 -
#37 in Freedesktop/Poppler bug #72312. This update solves the problem.
-- Till Kamppeter <email address hidden> Sat, 21 Dec 2013 11:31:33 +0100
-
poppler (0.24.3-0ubuntu6) trusty; urgency=medium
* debian/patches/pdftops-origpagesizes-fixes.diff: Updated patch to upstream
patches from Freedesktop/Poppler bug #72312.
* debian/patches/pdftops-paper-segfault-fix.diff,
debian/patches/pdftops-origpagesizes-papersize-setpagedevice-fix.diff:
Removed, these changes are in pdftops-origpagesizes-fixes.diff now.
-- Till Kamppeter <email address hidden> Fri, 20 Dec 2013 00:22:33 +0100
-
poppler (0.24.3-0ubuntu5) trusty; urgency=medium
* debian/patches/pdftops-origpagesizes-papersize-setpagedevice-fix.diff:
Fixed handling of paper sizes in the output of pdftops so that duplex
printing works.
* debian/patches/pdftops-paper-segfault-fix.diff: Fixed segfault in upstream
patches of Freedesktop/Poppler bug #72312 when calling "pdftops -paper ...".
* debian/patches/pdftops-origpagesizes-fixes.diff: Updated patch to upstream
patches from Freedesktop/Poppler bug #72312.
-- Till Kamppeter <email address hidden> Mon, 16 Dec 2013 16:58:33 +0100
-
poppler (0.24.3-0ubuntu4) trusty; urgency=medium
* Use dh-autoreconf.
-- Steve Langasek <email address hidden> Fri, 13 Dec 2013 11:44:17 -0800
-
poppler (0.24.3-0ubuntu3) trusty; urgency=low
* debian/patches/pdftops-origpagesizes-fixes.diff: Turn off centering
of the page content when doing "pdftops -origpagesizes". This does not
make sense in this mode and breaks some files.
-- Till Kamppeter <email address hidden> Tue, 3 Dec 2013 23:44:33 +0100
-
poppler (0.24.3-0ubuntu2) trusty; urgency=low
* debian/patches/pdftops-origpagesizes-fixes.diff: Output of "pdftops
-origpagesizes" was broken, especially PDFs which have a rotation set
(for example from the pdftopdf from cups-filters) are turned into
PostScript files without this rotation. This leads to problems with
Landscape-oriented printouts, especially on mobile devices where only
Poppler is available and no Ghostscript for doing PDF->PS conversion
(Red Hat bug #768811, LP: #1243484, LP: #1247740).
-- Till Kamppeter <email address hidden> Tue, 3 Dec 2013 18:01:33 +0100
-
poppler (0.24.3-0ubuntu1) trusty; urgency=low
* New upstream version
-- Sebastien Bacher <email address hidden> Tue, 05 Nov 2013 12:41:48 +0100
-
poppler (0.24.1-0ubuntu1) saucy; urgency=low
* New upstream version
-- Sebastien Bacher <email address hidden> Tue, 27 Aug 2013 16:35:09 +0200