poppler (0.5.4-0ubuntu8.3) feisty-security; urgency=low * SECURITY UPDATE: arbitrary code execution via malicious embedded fonts. * debian/patches/102_embedded-font-fixes.patch: upstream fix and stronger type-checking added. * References CVE-2008-1693 -- Kees Cook Tue, 15 Apr 2008 13:04:21 -0700 poppler (0.5.4-0ubuntu8.2) feisty-security; urgency=low * SECURITY UPDATE: out of bounds array access causes memory corruption via a crafted PDF file * fix for DCTStream::readScanInfo() in Stream.cc to properly check boundaries * SECURITY UPDATE: integer overflow resulting in heap-based overflow and potential arbitrary code execution via crafted PDF file * fix for DCTStream::reset() in Stream.cc to properly check width and height * SECURITY UPDATE: boundary error in lookChar() resulting in heap-based overflow and potential arbitrary code execution via crafted PDF file * fixes for CCITTFaxStream::CCITTFaxStream and CCITTFaxStream::lookChar() in Stream.cc to properly check boundary conditions. This also includes upstream refactoring for easier maintenance. * References CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 -- Jamie Strandboge Tue, 13 Nov 2007 08:31:43 -0500 poppler (0.5.4-0ubuntu8.1) feisty-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted PDFs * Add debian/patches/100_streampredictor_overflow.patch: upstream fixes. * References CVE-2007-3387 -- Kees Cook Tue, 07 Aug 2007 09:27:27 -0700 poppler (0.5.4-0ubuntu8) feisty; urgency=low * debian/patches/005_fix_inverted_text_from_bug_8944.patch: - fixes "text is inverted in some PDFs" (LP: #93772) -- Daniel Holbach Thu, 5 Apr 2007 12:27:48 +0200 poppler (0.5.4-0ubuntu7) feisty; urgency=low * debian/control.in: add versioned conflict on pdftohtml. (LP: #99894) * Adhere to DebianMaintainerField. -- Lionel Le Folgoc Mon, 2 Apr 2007 00:42:40 +0200 poppler (0.5.4-0ubuntu6) feisty; urgency=low * debian/control.in: - Build-Depends on libcairo2-dev - libpoppler-glib-dev Depends on libcairo2-dev * debian/libpoppler-glib-dev.install: - install html documentation * debian/libpoppler-dev.install: - also install poppler-cairo.pc * debian/rules: - build the cairo variant -- Sebastien Bacher Wed, 14 Mar 2007 14:17:52 +0100 poppler (0.5.4-0ubuntu5) feisty; urgency=low * SECURITY UPDATE: Denial of Service. * Add debian/patches/004_CVE-2007-0104.patch: - Limit recursion depth of the parsing tree to 100 to avoid infinite loop with crafted documents. - Patch taken from koffice security update (which has a copy of xpdf sources). -- Martin Pitt Tue, 16 Jan 2007 17:58:48 +0100 poppler (0.5.4-0ubuntu4) edgy; urgency=low * Clean sources before upload -- Jonathan Riddell Thu, 12 Oct 2006 11:55:54 +0100 poppler (0.5.4-0ubuntu3) edgy; urgency=low * Include missing header files in libpoppler-qt4-dev.install and libpoppler-qt-dev.install -- Jonathan Riddell Wed, 11 Oct 2006 12:05:48 +0100 poppler (0.5.4-0ubuntu2) edgy; urgency=low * debian/control.in: - Build-Depends on libglade2-dev to fix the build -- Sebastien Bacher Tue, 10 Oct 2006 21:59:29 +0200 poppler (0.5.4-0ubuntu1) edgy; urgency=low * New upstream version, UVF exception granted by Matt Zimmerman * debian/patches/003_fontconfig-undefined-symbols.patch: - fixed with the new version * debian/patches/003_glib_pkgconfig_fix.patch: - fix pkg-config call to glib -- Sebastien Bacher Tue, 26 Sep 2006 18:30:35 +0200 poppler (0.5.3-0ubuntu9) edgy; urgency=low * Build with splash for now, the cairo backend is much slower (Ubuntu: #61161) * debian/control.in: - applied the changes made by Jonathan to the correct control file - don't Build-Depends on libcairo2-dev - no libpoppler-glib-dev Depends on libcairo2-dev * debian/libpoppler-dev.install: - don't list files for cairo * debian/rules: - don't build with cairo -- Sebastien Bacher Tue, 19 Sep 2006 10:21:10 +0200 poppler (0.5.3-0ubuntu8) edgy; urgency=low * Add Qt 4 packages -- Jonathan Riddell Mon, 18 Sep 2006 15:07:15 +0100 poppler (0.5.3-0ubuntu7) edgy; urgency=low * Disable zlib support again as this is broken and not recommended by upstream -- Sebastian Dröge Wed, 16 Aug 2006 00:19:52 +0200 poppler (0.5.3-0ubuntu6) edgy; urgency=low * Enable zlib support -- Sebastian Dröge Fri, 28 Jul 2006 10:31:31 +0200 poppler (0.5.3-0ubuntu5) edgy; urgency=low * Add poppler-splash.pc and the splash header to libpoppler-dev again to make it really correct now -- Sebastian Dröge Wed, 26 Jul 2006 13:10:15 +0200 poppler (0.5.3-0ubuntu4) edgy; urgency=low * Revert last change * Enable splash and cairo. splash will be used for the qt/qt4 bindings, cairo for the glib bindings. This fixes kpdf and everything else using the qt bindings. -- Sebastian Dröge Wed, 26 Jul 2006 12:41:39 +0200 poppler (0.5.3-0ubuntu3) edgy; urgency=low * Add missing splash/ headers to libpoppler-dev -- Jonathan Riddell Wed, 26 Jul 2006 10:04:48 +0000 poppler (0.5.3-0ubuntu2) edgy; urgency=low * debian/patches/003_fontconfig-undefined-symbols.patch: + Link libpoppler against libfontconfig. This makes it usuable again in applications that don't link against libfontconfig themself. * debian/control.in: + Add Build-Depends on libfontconfig1-dev (Depends were already there) -- Sebastian Dröge Mon, 24 Jul 2006 14:37:38 +0200 poppler (0.5.3-0ubuntu1) edgy; urgency=low * New upstream version: - Add poppler as a private requires of poppler-glib. - Allow CairoFont creation to fail more gracefully (#4030). - Back out the rest of krh's type3 font work. - Revert splashModeRGB8 changes. - Add missing poppler-annotation-helper.h. * debian/control.in: - Build-Depends on libcairo2-dev - libpoppler-glib-dev Depends on libcairo2-dev, libpango1.0-dev * debian/libpoppler-dev.install: - list cairo instead of splash * debian/rules: - build the cairo variant instead of the splash one -- Sebastien Bacher Mon, 24 Jul 2006 10:29:30 +0200 poppler (0.5.2-1) experimental; urgency=low * New upstream release. * Remove patches adopted upstream: debian/patches/000_incorrect_define_fix.patch debian/patches/000_splash_build_fix.patch -- Ondřej Surý Tue, 23 May 2006 20:21:30 +0200 poppler (0.5.1-1) experimental; urgency=low * Merge back changes from Ubuntu. * Upload to experimental (Closes: 352522) -- Ondřej Surý Tue, 18 Apr 2006 15:08:26 +0200 poppler (0.5.1-0ubuntu6) dapper; urgency=low * Install poppler-page-transition into libpoppler-qt-dev (not libpoppler-dev), since it comes from the Qt bindings. Closes: LP#32179 -- Martin Pitt Mon, 10 Apr 2006 12:20:46 +0200 poppler (0.5.1-0ubuntu5) dapper; urgency=low * debian/patches/000_incorrect_define_fix.patch: - patch from the CVS, fix an incorrect boxes rendering (Ubuntu: #33239) -- Sebastien Bacher Thu, 23 Mar 2006 12:33:17 +0100 poppler (0.5.1-0ubuntu4) dapper; urgency=low * debian/control.in: libpoppler-dev needs to depend on libfontconfig1-dev, because we directly include in GlobalParams.h -- Adam Conrad Thu, 16 Mar 2006 11:23:00 +1100 poppler (0.5.1-0ubuntu3) dapper; urgency=low * debian/control.in: Have poppler-utils Replace: xpdf-reader, since both contain pdftoppm.1.gz. -- Martin Pitt Mon, 13 Mar 2006 09:10:12 +0100 poppler (0.5.1-0ubuntu2) dapper; urgency=low * debian/control.in: - fix the libpoppler1 package description -- Sebastien Bacher Thu, 9 Mar 2006 09:43:15 +0000 poppler (0.5.1-0ubuntu1) dapper; urgency=low * New upstream version: - Support for embedded files. - Handle 0-width lines correctly. - Avoid external file use when opening fonts. - Only use vector fonts returned from fontconfig (#5758). - Fix scaled 1x1 pixmaps use for drawing lines (#3387). - drawSoftMaskedImage support in cairo backend. - Misc bug fixes: #5922, #5946, #5749, #5952, #4030, #5420. * debian/control.in, debian/libpoppler0c2.dirs, debian/libpoppler0c2-glib.dirs, debian/libpoppler0c2-glib.install, debian/libpoppler0c2.install, debian/libpoppler0c2-qt.dirs, debian/libpoppler0c2-qt.install, debian/rules: - updated for the soname change * debian/patches/000_splash_build_fix.patch: - fix build when using splash * debian/patches/001_fixes_for_fonts_selection.patch: - fix with the new version -- Sebastien Bacher Mon, 6 Mar 2006 18:42:44 +0000 poppler (0.5.0-0ubuntu5) dapper; urgency=low * debian/control.in, debian/rules: - build without libcairo -- Sebastien Bacher Sun, 26 Feb 2006 20:05:10 +0100 poppler (0.5.0-0ubuntu4) dapper; urgency=low * debian/patches/001_fixes_for_fonts_selection.patch: - change from the CVS, fix some renderings issues and fonts selection -- Sebastien Bacher Tue, 7 Feb 2006 13:38:04 +0100 poppler (0.5.0-0ubuntu3) dapper; urgency=low * SECURITY UPDATE: Buffer overflow. * Add debian/patches/002_CVE-2006-0301.patch: - splash/Splash.cc, Splash::drawPixel(), Splash::drawSpan(), Splash::xorSpan(): Check coordinates for integer overflow. * CVE-2006-0301 -- Martin Pitt Fri, 3 Feb 2006 18:13:30 +0000 poppler (0.5.0-0ubuntu2) dapper; urgency=low * debian/rules: Bump shlibs version to 0.5.0. -- Martin Pitt Fri, 20 Jan 2006 16:56:40 +0100 poppler (0.5.0-0ubuntu1) dapper; urgency=low * New upstream release 0.5.0, required for new evince 0.5. * Merge with Debian. * Remove patches adopted upstream: - debian/patches/000_add-poppler-utils.patch - debian/patches/002-selection-crash-bug.patch * debian/libpoppler-dev.install: - Install poppler-page-transition.h. - Do not install poppler-config.h, it doesn't exist any more. - Upstream doesn't install legacy xpdf includes any more, fix path to install them into libpoppler-dev. * Add debian/patches/001_jpxstream_int_crash.patch: - poppler/JPXStream.h: Fix declaration of cbW to be signed. JPXStream.cc, readCodeBlockData() negates the value, which results in an invalid value on 64 bit platforms if using unsigned types. - Thanks to Vladimir Nadvornik for pointing at this. -- Martin Pitt Thu, 19 Jan 2006 23:49:52 +0100 poppler (0.4.4-1) unstable; urgency=high * New upstream security release - fixes CVE-2005-3624, CVE-2005-3625, CVE-2005-3627 * Remove debian/patches/003-CVE-2005-3624_5_7.patch: - Merged upstream * Remove debian/patches/004-fix-CVE-2005-3192.patch: - Merged upstream * Remove debian/patches/001-relibtoolize.patch - Upstream uses recent libtool -- Ondřej Surý Thu, 12 Jan 2006 20:40:27 +0100 poppler (0.4.3-3) unstable; urgency=low * Fix missing libcairo2-dev dependency (Closes: #346277) -- Ondřej Surý Fri, 6 Jan 2006 21:37:10 +0100 poppler (0.4.3-2) unstable; urgency=high [ Martin Pitt ] * SECURITY UPDATE: Multiple integer/buffer overflows. * Add debian/patches/003-CVE-2005-3624_5_7.patch: - poppler/Stream.cc, CCITTFaxStream::CCITTFaxStream(): + Check columns for negative or large values. + CVE-2005-3624 - poppler/Stream.cc, numComps checks introduced in CVE-2005-3191 patch: + Reset numComps to 0 since it's a global variable that is used later. + CVE-2005-3627 - poppler/Stream.cc, DCTStream::readHuffmanTables(): + Fix out of bounds array access in Huffman tables. + CVE-2005-3627 - poppler/Stream.cc, DCTStream::readMarker(): + Check for EOF in while loop to prevent endless loops. + CVE-2005-3625 - poppler/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(), JBIG2Bitmap::expand(), JBIG2Stream::readHalftoneRegionSeg(): + Check user supplied width and height against invalid values. + Allocate one extra byte to prevent out of bounds access in combine(). * Add debian/patches/004-fix-CVE-2005-3192.patch: - Fix nVals int overflow check in StreamPredictor::StreamPredictor(). - Forwarded upstream to https://bugs.freedesktop.org/show_bug.cgi?id=5514. [ Ondřej Surý ] * Merge changes from Ubuntu (Closes: #346076). * Enable Cairo output again. -- Ondřej Surý Thu, 5 Jan 2006 14:54:44 +0100 poppler (0.4.3-1) unstable; urgency=high * New upstream release. * New maintainer (Closes: #344738) * CVE-2005-3191 and CAN-2005-2097 fixes merged upstream. * Fixed some rendering bugs and disabled Cairo output (Closes: #314556, #322964, #328211) * Acknowledge NMU (Closes: #342288) * Add 001-selection-crash-bug.patch (Closes: #330544) * Add poppler-utils (merge patch from Ubuntu) -- Ondřej Surý Fri, 30 Dec 2005 11:34:07 +0100 poppler (0.4.2-1.1) unstable; urgency=high * SECURITY UPDATE: Multiple integer/buffer overflows. * NMU to fix RC security bug (closes: #342288) * Add debian/patches/04_CVE-2005-3191_2_3.patch taken from Ubuntu, thanks to Martin Pitt: * poppler/Stream.cc, DCTStream::readBaselineSOF(), DCTStream::readProgressiveSOF(), DCTStream::readScanInfo(): - Check numComps for invalid values. - http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities - CVE-2005-3191 * poppler/Stream.cc, StreamPredictor::StreamPredictor(): - Check rowBytes for invalid values. - http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities - CVE-2005-3192 * poppler/JPXStream.cc, JPXStream::readCodestream(): - Check img.nXTiles * img.nYTiles for integer overflow. - http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities - CVE-2005-3193 -- Frank Küster Fri, 23 Dec 2005 16:36:30 +0100 poppler (0.4.2-1) unstable; urgency=low * GNOME Team upload. * New upstream version. * debian/control.in: - updated the Build-Depends on libqt (Closes: #326130). * debian/rules: - updated the shlibs. -- Sebastien Bacher Wed, 7 Sep 2005 12:41:48 +0200 poppler (0.4.0-1) unstable; urgency=low * GNOME Team Upload. * Rebuild for the CPP transition. * New upstream version (Closes: #311133): - fix some crashers (Closes: #315590, #312261, #309410). - fix some rendering defaults (Closes: #314441, #315383, #309697, #308785). * debian/control.in, debian/rules: - build with the current cairo version (Closes: #321368, #318293). - update for the renamed the packages. * debian/patches/01_CAN-2005-2097.patch: - Patch from Ubuntu, thanks Martin Pitt. - Check sanity of the TrueType "loca" table. Specially crafted broken tables caused disk space exhaustion due to very large generated glyph descriptions when attempting to fix the table. - Upstream patch scheduled for xpdf 3.01. - CAN-2005-2097 * debian/watch: - fixed, patch by Jerome Warnier (Closes: #310996). -- Sebastien Bacher Wed, 17 Aug 2005 21:54:07 +0200 poppler (0.3.1-1) unstable; urgency=low * New upstream release * Upstream fixed the Qt build bug, so now I can enable Qt build. (Closes:#307340) It leads two new binary packages libpoppler0-qt and libpoppler-qt-dev. * Excluded DEB_CONFIGURE_SYSCONFDIR setting, which is obsolete by the upstream removal of xpdfrc config. -- Changwoo Ryu Wed, 4 May 2005 00:19:35 +0900 poppler (0.3.0-2) unstable; urgency=high * Added shlib version info for libpoppler0-glib. * Corrected dependencies of libpoppler0-glib and libpoppler-glib-dev. (Closes: #306897) * Build-Depends on libgtk2.0-dev for -glib packages. (Closes: #306885) * Corrected descriptions of -glib packages. -- Changwoo Ryu Thu, 28 Apr 2005 02:41:25 +0900 poppler (0.3.0-1) unstable; urgency=low * New upstream release (Closes: #306573) * Added new binary packages libpoppler0-glib and libpoppler-glib-dev, which are GLib-based interfaces. Qt interface build is termporarily disabled, because of an upstream FTBFS. -- Changwoo Ryu Thu, 28 Apr 2005 02:07:23 +0900 poppler (0.1.2-1) unstable; urgency=low * Initial Release (Closes: #299518) -- Changwoo Ryu Tue, 15 Mar 2005 02:08:00 +0900