poppler (0.26.5-2+deb8u4) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * Correct patch for CVE-2017-9776. Fixes "[regression] Broken rendering of scan PDF from Xerox WorkCentre 5945". (Closes: #890826) -- Salvatore Bonaccorso Thu, 12 Apr 2018 11:19:50 +0200 poppler (0.26.5-2+deb8u3) jessie-security; urgency=medium * Fix regression in fix for CVE-2017-14519 * CVE-2017-1000456 * CVE-2017-14929 -- Moritz Muehlenhoff Tue, 22 Jan 2018 23:45:05 +0100 poppler (0.26.5-2+deb8u2) jessie-security; urgency=medium * Fix CVE-2017-9406: a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. * Fix CVE-2017-9408: memory leak in the function Object::initArray in Object.cc that allows attackers to cause a DoS via a crafted file. * Fix CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo that allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. * Fix CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. * Fix CVE-2017-9865: The function GfxImageColorMap::getGray in GfxState.cc allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document * Fix CVE-2017-14517: NULL pointer dereference vulnerability in the XRef::parseEntry() function in XRef.cc * Fix CVE-2017-14518: Floating point exception in the isImageInterpolationRequired() function in Splash.cc * Fix CVE-2017-14519: A memory corruption may occur in a call to Object::streamGetChar * Fix CVE-2017-14520: Floating point exception in Splash::scaleImageYuXd() * Fix CVE-2017-14617: Floating point exception in the ImageStream class in Stream.cc * Fix CVE-2017-14975: NULL pointer dereference vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14976: Heap-based buffer over-read vulnerability in the FoFiType1C::convertToType0 function in FoFiType1C.cc * Fix CVE-2017-14977: NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock function in FoFiTrueType.cc * Fix CVE-2017-15565: NULL Pointer Dereference in the GfxImageColorMap::getGrayLine() function in GfxState.cc -- Santiago R.R. Sat, 02 Dec 2017 07:34:06 +0100 poppler (0.26.5-2+deb8u1) jessie-security; urgency=medium * Backport upstream commit b3425dd3261679958cd56c0f71995c15d2124433 to fix a crash on invalid files, reported also as CVE-2015-8868; patch upstream_Do-not-crash-on-invalid-files.patch. (Closes: #822578) -- Pino Toscano Mon, 25 Apr 2016 19:02:11 +0200 poppler (0.26.5-2) unstable; urgency=medium * Backport upstream commit 01723aa17e836e818158dbdc56df642a290be300 to map Standard/Expert encoding ligatures to AGLFN names; patch upstream_Map-Standard-Expert-encoding-ligatures-to-AGLFN-name.patch. (Closes: #740801) * Bump Standards-Version to 3.9.6, no changes required. -- Pino Toscano Sun, 19 Oct 2014 18:23:32 +0200 poppler (0.26.5-1) unstable; urgency=medium * New upstream release. -- Pino Toscano Sat, 27 Sep 2014 15:57:03 +0200 poppler (0.26.4-1) unstable; urgency=medium * New upstream release. * Fix linking order in autopkgtest tests. * Update copyright. -- Pino Toscano Fri, 22 Aug 2014 23:43:20 +0200 poppler (0.26.3-1) unstable; urgency=medium * New upstream release. * Bump the libqt4-dev (build-)dependency to 4.7.0, as noted in the upstream build system. * Update copyright. -- Pino Toscano Sun, 20 Jul 2014 19:16:14 +0200 poppler (0.26.2-3) unstable; urgency=medium * Mark libpoppler-dev, libpoppler-private-dev, libpoppler-qt5-dev, and libpoppler-cpp-dev as Multi-Arch: same; dependencies of the other -dev's are not ready. (Closes: #743817) * Switch from autotools-dev to dh-autoreconf: (Closes: #753342) - autoreconf in as-needed mode, and thus drop patch ltmain-as-needed.diff - remove Makefile.in parts from qt-visibility.diff * Provide a simple debian/upstream/metadata file, for DEP 12. * Remove Dave Beckett and Ross Burton from Uploaders, since they have done no work at all in poppler. * Add simple autopkgtest tests for the frontends (cpp, glib, qt4, qt5); loosely inspired by the glib one provided by Ubuntu. [ Peter Pentchev ] * Drop the unused libgtk2.0-dev build dependency. (Closes: #749972) -- Pino Toscano Fri, 18 Jul 2014 19:04:31 +0200 poppler (0.26.2-2) unstable; urgency=medium * Upload to unstable. (See #751525) -- Pino Toscano Wed, 02 Jul 2014 21:37:11 +0200 poppler (0.26.2-1) experimental; urgency=medium * New upstream release: - 'pdftohtml -v' now returns 0 as exit code (Closes: #732427) -- Pino Toscano Fri, 20 Jun 2014 00:53:56 +0200 poppler (0.26.1-1) experimental; urgency=medium * New upstream release: - fix extraction of text in some files (Closes: #747057) * Update copyright. * Merge changes from 0.24.5-4: - upstream_Fix-extraction-of-text-in-some-files.patch: drop, backported -- Pino Toscano Sat, 24 May 2014 16:03:20 +0200 poppler (0.26.0-1) experimental; urgency=medium * New upstream release: - pdfseparate supports left-padding PDF page patterns (Closes: #723121) - poppler-glib uses the GLib logging features for Poppler's messages (Closes: #736425) * Rename packages according to the new SONAMEs: - libpoppler44 -> libpoppler46 * Update copyright. * Update symbols files. * debian/patches: - upstream_fix_qt5_moc_detection.diff: drop, backported - qt-visibility.diff: remove applied parts -- Pino Toscano Fri, 25 Apr 2014 23:54:13 +0200 poppler (0.24.5-4) unstable; urgency=medium * Backport upstream commit 5b2cdef49a8a0a92fd323fbe45841a5098a42ece to fix extraction of text in in some documents; patch upstream_Fix-extraction-of-text-in-some-files.patch. (Closes: #747057) * Enable the autotools_dev dh addon to update config.{guess,sub} before configure. (Closes: #734014) -- Pino Toscano Sat, 24 May 2014 15:00:15 +0200 poppler (0.24.5-3) unstable; urgency=medium * Upload to unstable. * The rebuild closes: #742293. -- Pino Toscano Sat, 05 Apr 2014 16:28:26 +0200 poppler (0.24.5-2) experimental; urgency=medium * Backport upstream commits a766c55f68db38feed91cf003a0d5710e2f925a8 and e238c1f83fd5f667336bfbb0e9a59569ff638ecc to fix the detection of Qt 5's moc; patch upstream_fix_qt5_moc_detection.diff. * Rename patch qt4-visibility.diff to qt-visibility.diff, and extend to qt5. * Provide poppler-qt5: (Closes: #716685) - add the qtbase5-dev build dependency - add the libpoppler-qt5-1 and libpoppler-qt5-dev binaries - pass --enable-poppler-qt5 to configure - add symbols file for libpoppler-qt5-1 -- Pino Toscano Sun, 02 Feb 2014 14:18:21 +0100 poppler (0.24.5-1) experimental; urgency=low * New upstream release: - poppler can handle documents bigger than 2GB. (Closes: #642530) - fixes a typo in an error message. (Closes: #708972) * Rename packages according to the new SONAMEs: - libpoppler37 -> libpoppler44 * debian/patches: - qt4-visibility.diff: refresh - upstream_pdfseparate-improve-the-path-building.patch: drop, backported - upstream_Allow-only-one-d-in-the-filename.diff: drop, backported * Update copyright. * Update symbols files. * Remove the manual link to pthreads, introduced in 0.18.4-10, as it is no more needed now (poppler does it on its own now). -- Pino Toscano Tue, 21 Jan 2014 23:58:32 +0100 poppler (0.22.5-4) unstable; urgency=medium * Upload to unstable. -- Pino Toscano Tue, 21 Jan 2014 22:43:36 +0100 poppler (0.22.5-3) experimental; urgency=low * Merge changes from 0.18.4-9 and 0.18.4-10: - upstream_Allow-only-one-d-in-the-filename.diff: pick it unmodified from upstream -- Pino Toscano Wed, 18 Dec 2013 14:40:56 +0100 poppler (0.22.5-2) experimental; urgency=low * Merge changes from 0.18.4-7 and 0.18.4-8: - CVE-2012-2142.diff: drop, fixed upstream - upstream_pdfseparate.1-Syntax-fixes.patch: drop, backported -- Pino Toscano Wed, 21 Aug 2013 14:25:35 +0200 poppler (0.22.5-1) experimental; urgency=low * New upstream release: - fixes case sensitive search in poppler-glib. (Closes: #299657) - poppler passes correct UTF-8 strings to cairo. (Closes: #697766) * Rename packages according to the new SONAMEs: - libpoppler28 -> libpoppler37 * debian/patches: - qt4-visibility.diff: refresh - upstream_fix-GooString-insert.diff: drop, applied upstream - upstream_Fix-another-invalid-memory-access-in-1091.pdf.asan.7.patch: drop, backported - upstream_Fix-invalid-memory-access-in-2030.pdf.asan.69.463.patch: drop, backported - upstream_Fix-invalid-memory-access-in-1150.pdf.asan.8.69.patch: drop, backported - upstream_Initialize-refLine-totally.patch: drop, backported - upstream_cairo-support-parameterized-Gouraud-shading.patch: drop, applied upstream * Update copyright. * Update symbols files. * Update configure arguments: - Add: --enable-libpng, --enable-libtiff, --enable-cms=lcms2 (no actual changes, just enforce their usage) * Update recommends and suggests: - libpoppler-private-dev: drop the libpng-dev, libtiff-dev suggests. - poppler-utils: drop the ghostscript recommend. * Split the API documentation from libpoppler-glib-dev to an own libpoppler-glib-doc. -- Pino Toscano Wed, 07 Aug 2013 13:21:35 +0200 poppler (0.20.5-3) experimental; urgency=low * Merge changes from 0.18.4-6: - upstream_Fix-another-invalid-memory-access-in-1091.pdf.asan.7.patch: update from upstream repository - upstream_Fix-invalid-memory-access-in-2030.pdf.asan.69.463.patch: update from upstream repository - upstream_Fix-invalid-memory-access-in-1150.pdf.asan.8.69.patch: update from upstream repository - upstream_Initialize-refLine-totally.patch: update from upstream repository -- Pino Toscano Tue, 26 Mar 2013 00:52:48 +0100 poppler (0.20.5-2) experimental; urgency=low * Merge changes from 0.18.4-4 and 0.18.4-5: - psoutputdev-initialize-vars.diff: drop, obsolete * Backport upstream commit ae8fc0cbfc6123189e17b3cf1286e0540f181646 to support parameterized Gouraud shading in CairoOutputDev; patch upstream_cairo-support-parameterized-Gouraud-shading.patch. (Closes: #699467) -- Pino Toscano Thu, 31 Jan 2013 19:41:24 +0100 poppler (0.20.5-1) experimental; urgency=low * New upstream release. * Update copyright. -- Pino Toscano Wed, 10 Oct 2012 21:02:25 +0200 poppler (0.20.4-1) experimental; urgency=low * New upstream release. * Rename packages according to the new SONAMEs: - libpoppler27 -> libpoppler28 * Add few optional symbols to the libpoppler-qt4-4 symbols file. * Rename docs to libpoppler28.docs to make sure it is used only for libpoppler. -- Pino Toscano Sun, 23 Sep 2012 17:03:39 +0200 poppler (0.20.3-2) experimental; urgency=low * Adapt the libpoppler-qt4-4 symbols file to the internal symbols exported only with GCC 4.7, and to other templinst arm* symbols. -- Pino Toscano Tue, 14 Aug 2012 01:08:12 +0200 poppler (0.20.3-1) experimental; urgency=low * New upstream release. * Rename packages according to the new SONAMEs: - libpoppler26 -> libpoppler27 * Update copyright. * Remove from libpoppler-private-dev the headers we used to install manually but which are not installed by the upstream sources: - ArthurOutputDev.h - CairoFontEngine.h - CairoOutputDev.h - DCTStream.h - JPEG2000Stream.h - PageLabelInfo.h using them would have meant not compiling with upstream sources anyway. * Remove the libopenjpeg-dev suggest from libpoppler-private-dev, since now there are no more headers including openjpeg headers. * Add a symbols file for libpoppler-qt4-4, based on poppler 0.20.1: - add patch qt4-visibility.diff to enable the GCC hidden visibility, and avoid exporting private symbols - set the current poppler version as version for the remaining private symbols - stop invoking dh_makeshlibs manually for libpoppler-qt4-4 -- Pino Toscano Sat, 11 Aug 2012 12:13:20 +0200 poppler (0.20.2-2) experimental; urgency=low * Raise the version of the libpoppler-private-dev breaks/replaces against libpoppler-dev to << 0.20.2. (Closes: #681313) -- Pino Toscano Thu, 12 Jul 2012 12:19:17 +0200 poppler (0.20.2-1) experimental; urgency=low * New upstream release. * Merge changes from 0.18.4-3: - upstream_cairo-use-correct-userfont-font-bbox.patch: drop, backported - upstream_Change-nnnnnn-to-number.patch: drop, backported - upstream_pdfinfo-decode-utf-16-surrogate-pairs.patch: drop, backported * Update copyright. -- Pino Toscano Wed, 11 Jul 2012 23:51:35 +0200 poppler (0.20.1-1) experimental; urgency=low * New upstream release. * Rename packages according to the new SONAMEs: - libpoppler19 -> libpoppler26 - libpoppler-qt4-3 -> libpoppler-qt4-4 * Bump shlibs for libpoppler-qt4-4. * Update copyright. * Update build dependencies: - Switch liblcms1-dev to liblcms2-dev, supported upstream now. * debian/patches: - ltmain-as-needed.diff: refresh * Add pdfdetach in the description of poppler-utils. * Add a symbols file for libpoppler-glib8, based on poppler 0.18; the C++ symbols (internal) of it now have the current poppler version as version. -- Pino Toscano Mon, 11 Jun 2012 15:14:29 +0200 poppler (0.18.4-10) unstable; urgency=low * Manually force the link of everything against pthreads; while I cannot reproduce #730112, it seems (see e.g. #728113) that doing so would fix the poppler utilities. (Closes: #730112) Newer versions of poppler link to pthreads already, so this is a workaround for 0.18.x only. -- Pino Toscano Sun, 15 Dec 2013 12:49:01 +0100 poppler (0.18.4-9) unstable; urgency=medium * Remove the custom RPATH handing on Hurd, since the issue does not affect the build anymore; remove the hurd-only chrpath build dependency. * Backport upstream commits b8682d868ddf7f741e93b791588af0932893f95c (patch upstream_pdfseparate-improve-the-path-building.patch) and 61f79b8447c3ac8ab5a26e79e0c28053ffdccf75 (patch upstream_Allow-only-one-d-in-the-filename.diff) to fix two string/format issues in pdfseparate, reported as CVE-2013-4473 and CVE-2013-4474. (Closes: #723124, #729064) * Bump Standards-Version to 3.9.5, no changes required. -- Pino Toscano Sun, 17 Nov 2013 18:57:18 +0100 poppler (0.18.4-8) unstable; urgency=low * Remove the .la files from debian/tmp, to shorten the --list-missing output. * Workaround issues of old libtool on Hurd, by removing with chrpath the extra RPATH added; add the hurd-only chrpath build dependency for that. * Backport upstream commit 8e504bf2543621973fdaddbd29055ce435540146 to fix small syntax issues in pdfseparate.1. -- Pino Toscano Tue, 20 Aug 2013 19:12:31 +0200 poppler (0.18.4-7) unstable; urgency=low * Filter stuff that might end up in the shell; patch CVE-2012-2142.diff by Marek Kasik to fix CVE-2012-2142. * Fix Vcs-* headers. * Bump Standards-Version to 3.9.4, no changes required. * Adjust watch file to allow both gz and xz extensions. * Mark poppler-dbg as Multi-Arch: same. -- Pino Toscano Fri, 09 Aug 2013 12:50:40 +0200 poppler (0.18.4-6) unstable; urgency=low * Backport upstream commits 0388837f01bc467045164f9ddaff787000a8caaa (patch upstream_Fix-another-invalid-memory-access-in-1091.pdf.asan.7.patch), 8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492 (adapted patch upstream_Fix-invalid-memory-access-in-1150.pdf.asan.8.69.patch), and e14b6e9c13d35c9bd1e0c50906ace8e707816888 (adapted patch upstream_Fix-invalid-memory-access-in-2030.pdf.asan.69.463.patch) to fix CVE-2013-1788. * Backport upstream commit b1026b5978c385328f2a15a2185c599a563edf91 to fix CVE-2013-1790 (patch upstream_Initialize-refLine-totally.patch). * With the changes above, this upload closes: #702071. -- Pino Toscano Mon, 25 Mar 2013 21:43:07 +0100 poppler (0.18.4-5) unstable; urgency=low * Correctly initialize PSOutputDev::fontFileNameLen and PSOutputDev::psFileNames; patch psoutputdev-initialize-vars.diff. (Closes: #699421) -- Pino Toscano Thu, 31 Jan 2013 15:20:33 +0100 poppler (0.18.4-4) unstable; urgency=low * Backport upstream commits 7ba15d11e56175601104d125d5e4a47619c224bf and 55940e989701eb9118015e30f4f48eb654fa34c4 to fix GooString::insert; patch upstream_fix-GooString-insert.diff. (Closes: #693817) * Add a libcairo2-doc build dependency to fix cross-references to cairo methods in the poppler-glib apidox. -- Pino Toscano Tue, 27 Nov 2012 16:24:17 +0100 poppler (0.18.4-3) unstable; urgency=low * Finally drop the libfontconfig1-dev dependency from libpoppler-dev, since now all sources have been fixed. * Remove an extra colon from the override_dh_auto_clean declaration. * Move the poppler private headers from libpoppler-dev to libpoppler-private-dev: - Add break/replaces in libpoppler-private-dev. - Drop lintian overrides of libpoppler-private-dev. - Adjust descriptions of libpoppler-dev and libpoppler-private-dev. * Backport upstream commit f1e621adbbb74ec709022b2a31195331651c83fa to fix the glyph drawing with cairo >= 1.12; patch upstream_cairo-use-correct-userfont-font-bbox.patch. (Closes: #668250) * Backport upstream commit fde3bed0f400a50f31f1f6bcee44ac1b2c17ddc6 to make pdfinfo decode UTF-16 surrogate pairs; patch upstream_pdfinfo-decode-utf-16-surrogate-pairs.patch. (Closes: #525309) * Backport upstream commit 4eaafe67de79fb63ebf61f031a97bbc0ed6a8891 to fix the man page of pdftoppm regarding the naming of the output files; patch upstream_Change-nnnnnn-to-number.patch. (Closes: #495901) -- Pino Toscano Thu, 21 Jun 2012 21:38:32 +0200 poppler (0.18.4-2) unstable; urgency=low * Upload to unstable. * Enable all the hardening flags. * Bump to Standards-Version to 3.9.3, no changes required. * Bump debhelper build dependency to >= 9, since compat 9 is used. * Set the minimum shlib version of libpoppler19 to the current version. * Temporarly put back the libfontconfig1-dev dependency to libpoppler-dev, as there is still one source assuming that dependency. -- Pino Toscano Thu, 31 May 2012 15:24:07 +0200 poppler (0.18.4-1) experimental; urgency=low * New upstream release. * Update copyright. -- Pino Toscano Sat, 18 Feb 2012 20:22:17 +0100 poppler (0.18.3-1) experimental; urgency=low * New upstream release: (Closes: #644447) - fixes rendering of Porirua City overview map. (Closes: #443547) - shows the names of unknown fonts. (Closes: #524323) * Rename packages according to the new SONAMEs: - libpoppler13 -> libpoppler19 - libpoppler-glib6 -> libpoppler-glib8 * Bump shlibs for libpoppler-glib8 and libpoppler-qt4-3. * debian/patches: - ltmain-as-needed.diff: refresh * Update copyright. * Update configure arguments: - Remove: --disable-poppler-qt, --disable-abiword-output * Drop test-poppler-glib from libpoppler-glib-dev, as it does not exist anymore. * Update build dependencies, dependencies and suggests: - Switch liblcms-dev to liblcms1-dev, to make it explicit lcms 1 is used. - Add libtiff-dev (for TIFF support). - Remove the gnome-pkg-tools B-D, unused. - libpoppler-dev: remove libfontconfig1-dev. - libpoppler-private-dev: suggest packages containing headers included in barely used private poppler core headers: libfreetype6-dev, libopenjpeg-dev, libpng-dev, libtiff-dev. (Closes: #646688) - libpoppler-glib-dev: remove libgtk2.0-dev. * Enable the GObject introspection support (Closes: #617604): - Add libgirepository1.0-dev and gobject-introspection build dependencies. - Add a new package gir1.2-poppler-0.18, and make libpoppler-glib-dev depend on it. - Enable the introspection in configure arguments. * Improve description of poppler-utils, also including the new tools (pdfseparate, pdftocairo, pdfunite). * Convert convert to the `dh' sequencer: - Drop cdbs build dependency. - Bump debhelper build dependency to 7.0.50. - Make use of the gir dh addon. - Enable parallel build support. * Remove ${shlibs:Depends} from poppler-dbg. * Install the upstream ChangeLog only in the libpopplerN package. * Convert to multi-arch: - Bump debhelper build dependency to 8.9.0. - Bump compat to 9. - Add dpkg build dependency to 1.16.1. - libpoppler19, libpoppler-glib8, libpoppler-qt4-3, libpoppler-cpp0: mark "Multi-Arch: same", and add Pre-Depends. - poppler-utils: mark "Multi-Arch: foreign". - Fix (using wildcard) library paths in .install files, taking care of installing the gir .typelib file in a non-multi-arch path. * Use DEB_LDFLAGS_MAINT_APPEND in rules to properly append custom LDFLAGS. (Closes: #651968) * Make the build verbose (V=1). -- Pino Toscano Sun, 12 Feb 2012 22:49:35 +0100 poppler (0.16.7-3) unstable; urgency=low [ Michael Gilbert ] * Bump standards to 3.9.2. * Remove automatically generated glib reference files in clean rule (this prevents automatic generation of a debian patch on a second build run. [ Pino Toscano ] * Switch to my @debian.org address, I'm a DD now. * Add a libpoppler-private-dev package: it will contain the private poppler core headers, but at the moment it is empty to allow sources to migrate their (build-)dependencies from libpoppler-dev to it. * control: add Vcs-Browser and Vcs-Git headers. * control: fix some of the conflict/replaces relations in poppler-utils: - xpdf-utils: properly set the version for it, and turn into a breaks/replaces (see also #586620) - pdftohtml: remove the version, since any newer version would always conflict with the one in poppler-utils -- Pino Toscano Fri, 10 Feb 2012 23:59:28 +0100 poppler (0.16.7-2) unstable; urgency=low * Upload to unstable. -- Pino Toscano Fri, 01 Jul 2011 22:29:43 +0200 poppler (0.16.7-1) experimental; urgency=low * New upstream release. * Make sure to really disable the gobject introspection for configure. * Few touches to descriptions: - Fix typo in libpoppler-cpp0. - Correctly capitalize "Xpdf". * Update copyright. * Enable as-needed linking: - Import the ltmain-as-needed.diff (refreshed) patch to allow to pass -Wl,--as-needed at the beginning of autotools linking lines - set LDFLAGS to "-Wl,--as-needed" * Drop abiword support, buggy and dropped in Poppler 0.18: (Closes: #521456, #618634) - rules: add --disable-abiword-output - control: remove the libxml2-dev build-dependency and the pdftoabw references in the poppler-utils description - drop patch 03_CVE-2009-3938.patch, no more needed now - drop pdftoabw.1 manpage - libpoppler-dev.install: stop installing ABWOutputDev.h -- Pino Toscano Fri, 01 Jul 2011 00:47:07 +0200 poppler (0.16.3-1) experimental; urgency=low [ Pino Toscano ] * New upstream release: (Closes: #567817, #585434, #592534, #601179, #611874) - fixes thread-unsafe usage of strtok(). (Closes: #533426) - pdftohtml correctly rotates images. (Closes: #506785) - pdftoppm tests correctly for rotation. (Closes: #614831) - fixes text highlighting. (Closes: #463963) - fixes image rescaling with cairo. (Closes: #533138) - fixes/hides some "Illegal entry in bfrange block in ToUnicode CMap" errors. (Closes: #578050) - fixes a pdftotext crash. (Closes: #611124) * Update patches: - 01_revert_abi_change.patch: remove, obsolete - 02_autohinting_abi_compatibility.patch: remove, obsolete - 03_CVE-2009-3938.patch: add two DEP3 headers (with bug number) - 04_security.patch: remove, applied upstream * Drop Qt 3 frontend, unused in Debian (and will no more be provided with Poppler 0.18). (Closes: #604370, #558951) * Rename packages according to the new SONAMEs: - libpoppler5 -> libpoppler13 - libpoppler-glib4 -> libpoppler-glib6 * Update shlib depends for libpoppler-qt4-3. * Add packages for the new CPP frontend (libpoppler-cpp0). * Update build-dependencies and dependencies: - Bump libglib2.0-dev, libcairo2-dev, gtk-doc-tools, and libqt4-dev to the versions required upstream. - Remove obsolete B-D: libqt3-mt-dev, libglade2-dev. - libpoppler-glib-dev: add libgtk2.0-dev (Closes: #540582), remove libpango1.0-dev. * Update configure arguments: - Add: --enable-xpdf-headers - Remove: --enable-a4-paper * Update copyright, adding a small clarifying text that the Poppler license is GPL v2 only. (Closes: #611259) * Bump debhelper compatibility to 7: - Update .install files accordingly. * libpoppler-dev.install: Avoid installing all the poppler private headers (even those that will not work), but rely on what poppler installs and manually copy the few "useful". * rules: include /usr/share/cdbs/1/rules/utils.mk for list-missing. * Add myself to the Uploaders. * Add Homepage field in control. * Improve descriptions of most of the packages. [ Michael Gilbert ] * Recommend poppler-data (closes: #584503). * Fix a typo (closes: #582527). * Update to source format 3.0 (quilt). - Drop explicit quilt dependency. * Bump standards version to 3.8.4 (no changes required). * Add copyright dates to copyright file as stated in README-XPDF. * Add manpage for pdftoabw (closes: #505147). -- Josselin Mouette Thu, 03 Mar 2011 22:14:46 +0100 poppler (0.12.4-1.2) unstable; urgency=medium * Non-maintainer upload by the Security Team * Fix CVE-2010-3702, CVE-2010-3703, CVE-2010-3704 and several crashers (Closes:#599165) -- Moritz Mühlenhoff Sat, 23 Oct 2010 15:59:04 +0200 poppler (0.12.4-1.1) unstable; urgency=high * Non-maintainer upload. * Do not conflict with newer versions of xpdf-utils (closes: #586620). -- Michael Gilbert Fri, 06 Aug 2010 18:51:54 -0400 poppler (0.12.4-1) unstable; urgency=low * New upstream release. * Bump Qt requirements. -- Josselin Mouette Fri, 16 Apr 2010 19:22:34 +0200 poppler (0.12.2-2.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fixed CVE-2009-3938 (Closes: #534680) -- Giuseppe Iuculano Tue, 22 Dec 2009 16:11:27 +0100 poppler (0.12.2-2) unstable; urgency=low * Switch to quilt to manage patches. * 01_revert_abi_change.patch: revert upstream commit that introduced an ABI change in a stable release. Closes: #558463. * 02_autohinting_abi_compatibility.patch: revert part of another upstream commit for a similar reason. -- Josselin Mouette Mon, 30 Nov 2009 16:51:53 +0100 poppler (0.12.2-1) unstable; urgency=low * New upstream release. -- Josselin Mouette Sat, 28 Nov 2009 13:24:28 +0100 poppler (0.12.0-2.1) unstable; urgency=low * Non-maintainer upload. * Include fofi/*.h in /usr/include/poppler/fofi. Closes: #553445. -- Matt Kraai Tue, 10 Nov 2009 19:51:32 -0800 poppler (0.12.0-2) unstable; urgency=low * copyright: add complete list of copyright holders. * Upload to unstable. Hold on to your pants. -- Josselin Mouette Sat, 17 Oct 2009 10:48:03 +0200 poppler (0.12.0-1) experimental; urgency=low * New upstream release. Closes: #530731. * Rename libpoppler4 to libpoppler5. * Bump shlibs versions. -- Josselin Mouette Thu, 24 Sep 2009 16:39:17 +0200 poppler (0.10.6-1) unstable; urgency=critical * Fix section for the debug package. * New upstream release. + Fix problems that happen when parsing broken JBIG2 files. CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-1187, CVE-2009-1188. * Bump libqt4 requirement. * 10_jpxstream_int_crash.patch: removed, upstream has merged a different fix quite a while ago. * Standards version is 3.8.1. -- Josselin Mouette Wed, 01 Apr 2009 18:30:04 +0200 poppler (0.10.5-1) unstable; urgency=low [ Pino Toscano ] * New upstream release, no API nor ABI changes. + Fixes crash when rendering documents with optional content. (Closes: #519494) * Remove lintian override for poppler-dbg, which is no more needed with lintian >= 2.2.1. -- Josselin Mouette Wed, 01 Apr 2009 15:19:53 +0200 poppler (0.10.4-3) unstable; urgency=low * Revert previous upload, now openjpeg was built successfully on alpha. * Build-depend on libglib2.0-doc to ensure proper xrefs. -- Josselin Mouette Tue, 10 Mar 2009 12:03:06 +0100 poppler (0.10.4-2) unstable; urgency=low * Don’t require openjpeg on alpha, since it doesn’t build there. -- Josselin Mouette Sun, 08 Mar 2009 03:33:50 +0100 poppler (0.10.4-1) unstable; urgency=low [ Pino Toscano ] * New upstream stable release, with ABI and API changes wrt poppler 0.8. - Rename libpoppler3 to libpoppler4, libpoppler-glib3 to libpoppler-glib4; libpoppler-qt2 and libpoppler-qt4-3 are not renamed; update control, DEB_DH_MAKESHLIBS_ARGS_* in rules, and rename install files. - Add shlib version for libpoppler-qt4-3. - Drop patches 60_manpages-cfg-flag.patch, 61_manpages-hyphens.patch, and 62_pdftops-mandatory-arg.patch, merged upstream. * Build-dep on libopenjpeg-dev for better JPEG2000 reading. [ Josselin Mouette ] * Build-depend explicitly on libjpeg-dev, libfreetype6-dev and libxml2-dev. * Bump requirement on libqt4-dev. -- Josselin Mouette Fri, 06 Mar 2009 12:54:09 +0100 poppler (0.8.7-1) unstable; urgency=low * Bump up Standards-Version to 3.8.0. * New patch, 61_manpages-hyphens, fixes escaping of hyphens in man pages; FreeDesktop #17225. * New patch, 62_pdftops-mandatory-arg, fixes synopsis of pdftops in man page to clarify that a PDF file is required in all cases; FreeDesktop #17226; closes: #491816. * Build-dep on cdbs (>= 0.4.52) and add a lintian override with rationale for the following lintian warning: W: poppler-dbg: dbg-package-missing-depends poppler * Add xrefs and CVE for #489756 in 0.8.5-1 as I didn't merge the 0.8.4-1.1 NMU. * New upstream release; no API change, bug fixes. -- Loic Minier Wed, 20 Aug 2008 17:36:12 +0200 poppler (0.8.6-1) unstable; urgency=low * Fix /usr/share/gtk-doc/html/poppler symlink to point at /usr/share/doc/libpoppler-glib-dev/html/poppler instead of /usr/share/doc/libpoppler-glib-dev/html; LP: #226677. * New upstream stable release; bug fixes, no API change. * New patch, 60_manpages-cfg-flag, drop unimplemented -cfg flag from man pages; FreeDesktop #17222; closes: #461961. * Rename patch 001_jpxstream_int_crash to 10_jpxstream_int_crash as we don't have that many patches; also add upstream bug id (FreeDesktop #5667) and refresh to apply cleanly. * Build-dep on pkg-config >= 0.18 to make sure -lpoppler is only in poppler-qt's Libs.private (it already is though); closes: #360595. -- Loic Minier Fri, 01 Aug 2008 15:04:05 +0200 poppler (0.8.5-1) unstable; urgency=low * New upstream release; no API changes, misc fixes. - Initializes pageWidgets in Page.cc, otherwise it can be a rubbish pointer as Annots is not a valid object; upstream commit fd0bf8b05cb155e2f29df31fa01964b12e710b89; CVE-2008-2950; closes: #489756. -- Loic Minier Wed, 30 Jul 2008 14:52:42 +0200 poppler (0.8.4-1) unstable; urgency=low * New upstream release; no API change. - Fixes crash when reloading PDFs; GNOME #536482; closes: 484160. -- Loic Minier Mon, 30 Jun 2008 10:44:16 +0200 poppler (0.8.3-1) unstable; urgency=low * New upstream release. Closes: #487214. + Fix crasher with some PDF files. Closes: #484224. -- Josselin Mouette Wed, 25 Jun 2008 16:40:39 +0200 poppler (0.8.2-2) unstable; urgency=low * Upload to unstable. * Set myself as Maintainer instead of Uploader, taking over from Ondřej Surý but I wish we move to an official team; closes: #481323. -- Loic Minier Thu, 15 May 2008 12:33:18 +0200 poppler (0.8.2-1) experimental; urgency=low * New upstream releases. - Drop patch 006_pthreads_ldflags, upstream now calls ACX_PTHREAD() in configure.ac which does the right thing. - Drop patch 102_embedded-font-fixes, merged upstream. -- Loic Minier Sun, 11 May 2008 01:02:22 +0200 poppler (0.8.0-1) experimental; urgency=low * Bump libcairo2-dev build-dep and dep to >= 1.4; thanks Marc 'HE' Brockschmidt. * New upstream stable release, with ABI and API changes; closes: #476323. - Rename libpoppler2 to libpoppler3, libpoppler-glib2 to libpoppler-glib3, and libpoppler-qt4-2 to libpoppler-qt4-3; NB: libpoppler-qt2 not renamed; update control, DEB_DH_MAKESHLIBS_ARGS_* in rules, rename install files. - Drop shlib version except for libpoppler-qt2. - Update patch 006_pthreads_ldflags for the version-info changes in poppler/Makefile.am. - Force usage of qt4's moc via a PATH setting; export PATH. * Let libpoppler-glib-dev depend on libglib2.0-dev >= 2.6 for consistency with build-deps. * New patch, 102_embedded-font-fixes; protects the methods of the Object class to be more robust and prevent things like CVE-2008-1693; see also FreeDesktop/Poppler #11392; taken from the Ubuntu package; closes: #476842. * Add a poppler-dbg package; closes: #408403. - Bump up cdbs build-dep to >= 0.4.51 for -dbg handling fixes. - Add poppler-dbg to control. -- Loic Minier Mon, 17 Mar 2008 21:00:13 +0100 poppler (0.6.4-1) unstable; urgency=medium * Add ${shlibs:Depends} to libpoppler-glib-dev, libpoppler-dev, libpoppler-qt-dev, libpoppler-qt4-dev. * Add ${misc:Depends}. * Cleanups. * New upstream releases; no API change; bug fixes; closes: #459342. * Fix copyright information to use version 2 of the GPL (instead of version 2 or later); thanks Timo Jyrinki for the patch; closes: #453865. * Urgency medium for RC bug fix. * List pdftohtml in poppler-utils' description; closes: #464439. * Drop libpoppler-qt-dev dependency from libpoppler-qt4-dev; thanks Pino Toscano; closes: #459922. * Bump up Standards-Version to 3.7.3. -- Loic Minier Fri, 18 Jan 2008 13:35:06 +0100 poppler (0.6.2-1) unstable; urgency=low * New upstream version. (Closes: #447992) * Dependency on xpdfrc was removed on 2007-02-25 (Closes: #347789, #440936) * Changes since 0.6.1: - Fix CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393 (Closes: #450628) - Fix a crash on documents with wrong CCITTFaxStream - Fix a crash in the Cairo renderer with invalid embedded fonts - Fix a crash with invalid TrueType fonts - Check if font is inside the clip area before rendering it to a temporary bitmap in the Splash renderer. Fixes crashes on incorrect documents - Do not use exit(1) on DCTStream errors - Detect form fields at any depth level - Do not generate appearance stream for radio buttons that are not active -- Ondřej Surý Wed, 14 Nov 2007 11:20:07 +0100 poppler (0.6.1-2) unstable; urgency=low * Upload to unstable. -- Ondřej Surý Tue, 06 Nov 2007 09:07:10 +0100 poppler (0.6.1-1) experimental; urgency=low * New upstream version. * Changes since 0.6.0: - poppler core: + Fix printing with different x and y scale + Fix crash when Form Fields array contains references to non existent objects + Fix crash in CairoOutputDev::drawMaskedImage() + Fix embedded file description not working on some cases - Qt4 frontend: + Fix printing issue + Avoid double free + Fix memory leak when dealing with embedded files - glib frontend: + Fix build with --disable-cairo-output + Do not return unknown field type for signature form fields - build system: + Support automake-1.10 + More compatible sh code in qt.m4 - utils: + Fix build on Sun Studio compiler -- Ondřej Surý Thu, 25 Oct 2007 11:33:04 +0200 poppler (0.6-1) experimental; urgency=low * New upstream release. (Closes: #429700) - merged changes from Ubuntu, courtesy of Sebastien Bacher - Fix security issue MOAB-06-01-2007 - Fix security issue CVE-2007-3387 - Fix security issue CVE-2007-5049 (Closes: #443903) * debian/watch: - update (Closes: #441012) * debian/control, debian/libpoppler2.install, debian/libpoppler-glib2.install, debian/libpoppler-qt2.install, debian/libpoppler-qt4-2.install, debian/rules: - updated for soname change * debian/libpoppler-glib-dev.install: - install new test-poppler-glib * debian/patches/002_CVE-2006-0301.patch: - dropped, deprecated by the upstream changes * debian/patches/003_glib-2.0-configure.patch: * debian/patches/004_CVE-2007-0104.patch: * debian/patches/005_fix_inverted_text_from_bug_8944.patch: - dropped, fixed with the new version * debian/patches/006_pthreads_ldflags.patch: - updated -- Ondřej Surý Thu, 27 Sep 2007 09:03:33 +0200 poppler (0.5.4-6) unstable; urgency=low * Conflict with old library names from experimental. (Closes: #426023) -- Ondřej Surý Wed, 30 May 2007 08:42:32 +0200 poppler (0.5.4-5) unstable; urgency=low * Add missing poppler/poppler-link-qt3.h header to libpoppler-qt-dev; thanks Sune Vuorela; closes: #425486. * Let libpoppler-qt4-dev depend on libpoppler-qt-dev since some of its headers require poppler-page-transition.h which is clearly from the Qt bindings; thanks Sune Vuorela; closes: #425540. * Wrap build-deps and deps. * Drop useless debian/*.dirs. * Misc cleanups. * Build-dep on autotools-dev and drop bogus lintian overrides. -- Loic Minier Thu, 24 May 2007 23:09:23 +0200 poppler (0.5.4-4) unstable; urgency=low * The "Augean Stables" release. * 0.5.x branch fixes all kind of displaying errors Closes: #372169, #235360, #331380, #332426, #336616 Closes: #402647, #369164, #413953, #343654 * Add versioned conflict to pdftohtml (Closes: #393169) * We dropped .la files some time ago, libjpeg62-dev dependency not needed now (Closes: #413112) * Crash fixed in 0.5.4 (Closes: #418638) * [control.in]: dropped some time ago (Closes: #407818) * NMU 0.5.4-5.1 merged as 004_CVE-2007-0104.patch (Closes: #407810) * 0.5.x uploaded to unstable (Closes: #352522) * qt4 libraries are now part of build (Closes: #414643) * No longer depends on poppler-data (Closes: #389753) * [debian/patches/006_pthreads_ldflags.patch]: + Add -lpthread to poppler/Makefile.am (Closes: #399275) -- Ondřej Surý Wed, 16 May 2007 10:45:39 +0200 poppler (0.5.4-3) unstable; urgency=low * Upload to unstable. * Enable Cairo output again. * Enable gtk-doc build. * Add lintian override for outdated-autotools-helper-files (we use CDBS). * Change shared library packages names according to Library Packaging Guide. * Change ${Source-Version} to ${binary:Version} to allow binNMU * Drop (= ${Source-Version}) dependency in glib, qt3, qt4 libraries; we are adding that from debian/rules * Merge changes from Ubuntu: + Enable Qt4 library build (but change name to libpoppler-qt4-1). + [debian/patches/004_CVE-2007-0104.patch]: - Limit recursion depth of the parsing tree to 100 to avoid infinite loop with crafted documents. - Patch taken from koffice security update (which has a copy of xpdf sources). + [debian/patches/005_fix_inverted_text_from_bug_8944.patch]: - fixes "text is inverted in some PDFs" -- Ondřej Surý Wed, 16 May 2007 08:26:47 +0200 poppler (0.5.4-2) experimental; urgency=low * [debian/control]: poppler-data is non-free, do not depend on it (Closes: #389753) -- Ondřej Surý Mon, 2 Oct 2006 14:41:58 +0200 poppler (0.5.4-1) experimental; urgency=low * New upstrem release. * [debian/control.in]: remove file and add all pkg-freedesktop people to Uploaders: field * [debian/control]: Add dependency on poppler-data package. * [debian/patches/03_glib-2.0-configure.patch]: fix broken configure.ac -- Ondřej Surý Fri, 22 Sep 2006 16:49:17 +0200 poppler (0.5.3-1) experimental; urgency=low * New upstream release. * debian/lib{poppler,poppler-glib,poppler-qt}-dev.install: Stop shipping /usr/lib/*.la in libpoppler*-dev. -- Ondřej Surý Wed, 31 May 2006 17:19:34 +0200 poppler (0.5.2-1) experimental; urgency=low * New upstream release. * Remove patches adopted upstream: debian/patches/000_incorrect_define_fix.patch debian/patches/000_splash_build_fix.patch -- Ondřej Surý Tue, 23 May 2006 20:21:30 +0200 poppler (0.5.1-1) experimental; urgency=low * Merge back changes from Ubuntu. * Upload to experimental (Closes: 352522) -- Ondřej Surý Tue, 18 Apr 2006 15:08:26 +0200 poppler (0.5.1-0ubuntu6) dapper; urgency=low * Install poppler-page-transition into libpoppler-qt-dev (not libpoppler-dev), since it comes from the Qt bindings. Closes: LP#32179 -- Martin Pitt Mon, 10 Apr 2006 12:20:46 +0200 poppler (0.5.1-0ubuntu5) dapper; urgency=low * debian/patches/000_incorrect_define_fix.patch: - patch from the CVS, fix an incorrect boxes rendering (Ubuntu: #33239) -- Sebastien Bacher Thu, 23 Mar 2006 12:33:17 +0100 poppler (0.5.1-0ubuntu4) dapper; urgency=low * debian/control.in: libpoppler-dev needs to depend on libfontconfig1-dev, because we directly include in GlobalParams.h -- Adam Conrad Thu, 16 Mar 2006 11:23:00 +1100 poppler (0.5.1-0ubuntu3) dapper; urgency=low * debian/control.in: Have poppler-utils Replace: xpdf-reader, since both contain pdftoppm.1.gz. -- Martin Pitt Mon, 13 Mar 2006 09:10:12 +0100 poppler (0.5.1-0ubuntu2) dapper; urgency=low * debian/control.in: - fix the libpoppler1 package description -- Sebastien Bacher Thu, 9 Mar 2006 09:43:15 +0000 poppler (0.5.1-0ubuntu1) dapper; urgency=low * New upstream version: - Support for embedded files. - Handle 0-width lines correctly. - Avoid external file use when opening fonts. - Only use vector fonts returned from fontconfig (#5758). - Fix scaled 1x1 pixmaps use for drawing lines (#3387). - drawSoftMaskedImage support in cairo backend. - Misc bug fixes: #5922, #5946, #5749, #5952, #4030, #5420. * debian/control.in, debian/libpoppler0c2.dirs, debian/libpoppler0c2-glib.dirs, debian/libpoppler0c2-glib.install, debian/libpoppler0c2.install, debian/libpoppler0c2-qt.dirs, debian/libpoppler0c2-qt.install, debian/rules: - updated for the soname change * debian/patches/000_splash_build_fix.patch: - fix build when using splash * debian/patches/001_fixes_for_fonts_selection.patch: - fix with the new version -- Sebastien Bacher Mon, 6 Mar 2006 18:42:44 +0000 poppler (0.5.0-0ubuntu5) dapper; urgency=low * debian/control.in, debian/rules: - build without libcairo -- Sebastien Bacher Sun, 26 Feb 2006 20:05:10 +0100 poppler (0.5.0-0ubuntu4) dapper; urgency=low * debian/patches/001_fixes_for_fonts_selection.patch: - change from the CVS, fix some renderings issues and fonts selection -- Sebastien Bacher Tue, 7 Feb 2006 13:38:04 +0100 poppler (0.5.0-0ubuntu3) dapper; urgency=low * SECURITY UPDATE: Buffer overflow. * Add debian/patches/002_CVE-2006-0301.patch: - splash/Splash.cc, Splash::drawPixel(), Splash::drawSpan(), Splash::xorSpan(): Check coordinates for integer overflow. * CVE-2006-0301 -- Martin Pitt Fri, 3 Feb 2006 18:13:30 +0000 poppler (0.5.0-0ubuntu2) dapper; urgency=low * debian/rules: Bump shlibs version to 0.5.0. -- Martin Pitt Fri, 20 Jan 2006 16:56:40 +0100 poppler (0.5.0-0ubuntu1) dapper; urgency=low * New upstream release 0.5.0, required for new evince 0.5. * Merge with Debian. * Remove patches adopted upstream: - debian/patches/000_add-poppler-utils.patch - debian/patches/002-selection-crash-bug.patch * debian/libpoppler-dev.install: - Install poppler-page-transition.h. - Do not install poppler-config.h, it doesn't exist any more. - Upstream doesn't install legacy xpdf includes any more, fix path to install them into libpoppler-dev. * Add debian/patches/001_jpxstream_int_crash.patch: - poppler/JPXStream.h: Fix declaration of cbW to be signed. JPXStream.cc, readCodeBlockData() negates the value, which results in an invalid value on 64 bit platforms if using unsigned types. - Thanks to Vladimir Nadvornik for pointing at this. -- Martin Pitt Thu, 19 Jan 2006 23:49:52 +0100 poppler (0.4.4-1) unstable; urgency=high * New upstream security release - fixes CVE-2005-3624, CVE-2005-3625, CVE-2005-3627 * Remove debian/patches/003-CVE-2005-3624_5_7.patch: - Merged upstream * Remove debian/patches/004-fix-CVE-2005-3192.patch: - Merged upstream * Remove debian/patches/001-relibtoolize.patch - Upstream uses recent libtool -- Ondřej Surý Thu, 12 Jan 2006 20:40:27 +0100 poppler (0.4.3-3) unstable; urgency=low * Fix missing libcairo2-dev dependency (Closes: #346277) -- Ondřej Surý Fri, 6 Jan 2006 21:37:10 +0100 poppler (0.4.3-2) unstable; urgency=high [ Martin Pitt ] * SECURITY UPDATE: Multiple integer/buffer overflows. * Add debian/patches/003-CVE-2005-3624_5_7.patch: - poppler/Stream.cc, CCITTFaxStream::CCITTFaxStream(): + Check columns for negative or large values. + CVE-2005-3624 - poppler/Stream.cc, numComps checks introduced in CVE-2005-3191 patch: + Reset numComps to 0 since it's a global variable that is used later. + CVE-2005-3627 - poppler/Stream.cc, DCTStream::readHuffmanTables(): + Fix out of bounds array access in Huffman tables. + CVE-2005-3627 - poppler/Stream.cc, DCTStream::readMarker(): + Check for EOF in while loop to prevent endless loops. + CVE-2005-3625 - poppler/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(), JBIG2Bitmap::expand(), JBIG2Stream::readHalftoneRegionSeg(): + Check user supplied width and height against invalid values. + Allocate one extra byte to prevent out of bounds access in combine(). * Add debian/patches/004-fix-CVE-2005-3192.patch: - Fix nVals int overflow check in StreamPredictor::StreamPredictor(). - Forwarded upstream to https://bugs.freedesktop.org/show_bug.cgi?id=5514. [ Ondřej Surý ] * Merge changes from Ubuntu (Closes: #346076). * Enable Cairo output again. -- Ondřej Surý Thu, 5 Jan 2006 14:54:44 +0100 poppler (0.4.3-1) unstable; urgency=high * New upstream release. * New maintainer (Closes: #344738) * CVE-2005-3191 and CAN-2005-2097 fixes merged upstream. * Fixed some rendering bugs and disabled Cairo output (Closes: #314556, #322964, #328211) * Acknowledge NMU (Closes: #342288) * Add 001-selection-crash-bug.patch (Closes: #330544) * Add poppler-utils (merge patch from Ubuntu) -- Ondřej Surý Fri, 30 Dec 2005 11:34:07 +0100 poppler (0.4.2-1.1) unstable; urgency=high * SECURITY UPDATE: Multiple integer/buffer overflows. * NMU to fix RC security bug (closes: #342288) * Add debian/patches/04_CVE-2005-3191_2_3.patch taken from Ubuntu, thanks to Martin Pitt: * poppler/Stream.cc, DCTStream::readBaselineSOF(), DCTStream::readProgressiveSOF(), DCTStream::readScanInfo(): - Check numComps for invalid values. - http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities - CVE-2005-3191 * poppler/Stream.cc, StreamPredictor::StreamPredictor(): - Check rowBytes for invalid values. - http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities - CVE-2005-3192 * poppler/JPXStream.cc, JPXStream::readCodestream(): - Check img.nXTiles * img.nYTiles for integer overflow. - http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities - CVE-2005-3193 -- Frank Küster Fri, 23 Dec 2005 16:36:30 +0100 poppler (0.4.2-1) unstable; urgency=low * GNOME Team upload. * New upstream version. * debian/control.in: - updated the Build-Depends on libqt (Closes: #326130). * debian/rules: - updated the shlibs. -- Sebastien Bacher Wed, 7 Sep 2005 12:41:48 +0200 poppler (0.4.0-1) unstable; urgency=low * GNOME Team Upload. * Rebuild for the CPP transition. * New upstream version (Closes: #311133): - fix some crashers (Closes: #315590, #312261, #309410). - fix some rendering defaults (Closes: #314441, #315383, #309697, #308785). * debian/control.in, debian/rules: - build with the current cairo version (Closes: #321368, #318293). - update for the renamed the packages. * debian/patches/01_CAN-2005-2097.patch: - Patch from Ubuntu, thanks Martin Pitt. - Check sanity of the TrueType "loca" table. Specially crafted broken tables caused disk space exhaustion due to very large generated glyph descriptions when attempting to fix the table. - Upstream patch scheduled for xpdf 3.01. - CAN-2005-2097 * debian/watch: - fixed, patch by Jerome Warnier (Closes: #310996). -- Sebastien Bacher Wed, 17 Aug 2005 21:54:07 +0200 poppler (0.3.1-1) unstable; urgency=low * New upstream release * Upstream fixed the Qt build bug, so now I can enable Qt build. (Closes:#307340) It leads two new binary packages libpoppler0-qt and libpoppler-qt-dev. * Excluded DEB_CONFIGURE_SYSCONFDIR setting, which is obsolete by the upstream removal of xpdfrc config. -- Changwoo Ryu Wed, 4 May 2005 00:19:35 +0900 poppler (0.3.0-2) unstable; urgency=high * Added shlib version info for libpoppler0-glib. * Corrected dependencies of libpoppler0-glib and libpoppler-glib-dev. (Closes: #306897) * Build-Depends on libgtk2.0-dev for -glib packages. (Closes: #306885) * Corrected descriptions of -glib packages. -- Changwoo Ryu Thu, 28 Apr 2005 02:41:25 +0900 poppler (0.3.0-1) unstable; urgency=low * New upstream release (Closes: #306573) * Added new binary packages libpoppler0-glib and libpoppler-glib-dev, which are GLib-based interfaces. Qt interface build is termporarily disabled, because of an upstream FTBFS. -- Changwoo Ryu Thu, 28 Apr 2005 02:07:23 +0900 poppler (0.1.2-1) unstable; urgency=low * Initial Release (Closes: #299518) -- Changwoo Ryu Tue, 15 Mar 2005 02:08:00 +0900