poppler (0.86.1-0ubuntu1.4) focal-security; urgency=medium * SECURITY UPDATE: stack overflow issue - debian/patches/CVE-2020-23804.patch: Fix stack overflow with specially crafted files - CVE-2020-23804 * SECURITY UPDATE: denial of service issue - debian/patches/CVE-2022-37050.patch: pdfseparate: Check XRef's Catalog for being a Dict - debian/patches/CVE-2022-37051.patch: Check isDict before calling getDict - debian/patches/CVE-2022-37052.patch: pdfseparate: Account for XRef::add failing because we run out of memory - debian/patches/CVE-2022-38349.patch: pdfunite: Fix crash on broken files - CVE-2022-37050 - CVE-2022-37051 - CVE-2022-37052 - CVE-2022-38349 -- Nishit Majithia Wed, 22 Nov 2023 11:20:52 +0530 poppler (0.86.1-0ubuntu1.3) focal-security; urgency=medium * SECURITY UPDATE: Infinite loop - d/p/0001-Fix-infinite-looping-in-cvtGlyph-with-broken-files.patch: Fix Infinite loop in FoFiType1C::cvtGlyph(). - CVE-2020-36023 * SECURITY UPDATE: NULL dereference - d/p/0002-FoFiType1C-Fix-crashes-with-broken-files.patch: Fix NULL dereference in FoFiType1C::convertToType1(). - CVE-2020-36024 -- Fabian Toepfer Wed, 16 Aug 2023 19:03:16 +0200 poppler (0.86.1-0ubuntu1.2) focal-security; urgency=medium * SECURITY UPDATE: DoS via crafted PDF file - debian/patches/CVE-2022-27337.patch: bail out if we run out of file when reading in poppler/Hints.cc. - CVE-2022-27337 -- Marc Deslauriers Wed, 02 Aug 2023 15:15:50 -0400 poppler (0.86.1-0ubuntu1.1) focal-security; urgency=medium * SECURITY UPDATE: Integer Overflow - debian/patches/CVE-2022-38784.patch:Fix crash on broken file in poppler/JBIG2Stream.cc. - CVE-2022-38784 -- Leonidas Da Silva Barbosa Tue, 06 Sep 2022 07:53:20 -0300 poppler (0.86.1-0ubuntu1) focal; urgency=medium * New upstream version (lp: #1865351) -- Sebastien Bacher Fri, 27 Mar 2020 17:31:07 +0100 poppler (0.85.0-1ubuntu3) focal; urgency=medium * debian/patches/glyphless-font.patch: - updated for the recent poppler upstream changes -- Sebastien Bacher Wed, 04 Mar 2020 19:09:31 +0100 poppler (0.85.0-1ubuntu2) focal; urgency=medium * debian/patches/glyphless-font.patch: - restore a fix to the patch for a null pointer dereference which was reverted by error in the recent merge/update (lp: #1865861) -- Sebastien Bacher Wed, 04 Mar 2020 18:29:53 +0100 poppler (0.85.0-1ubuntu1) focal; urgency=medium * Resynchronize with Debian, removing the jpx parser CVE fixes since the openjpeg backend is used now. Remaining changes * d/p/glyphless-font.patch: - Support Tesseract's glyphless font (LP: #1830473) * debian/tests: - Make autopkgtests cross-test-friendly. -- Sebastien Bacher Mon, 24 Feb 2020 11:09:50 +0100 poppler (0.85.0-1) experimental; urgency=medium [ Andreas Henriksson ] * New upstream release. * libpoppler91 -> libpoppler95 * Revert "Silence deprecation warnings for GTime, fixing autopkgtest" - merged upstream, now part of upstream release. * Update symbols [ Philip Withnall ] * Add python3:any to build deps as it’s used in `make-glib-api-docs` script. Closes: #947327. [ Emilio Pozuelo Monfort ] * Replace ADTTMP variable with AUTOPKGTEST_TMP. * Update copyright holders. -- Emilio Pozuelo Monfort Wed, 19 Feb 2020 18:50:58 +0100 poppler (0.81.0-1) experimental; urgency=medium * New upstream release. Closes: #924617. * Remove patches applied upstream. * libpoppler82 -> libpoppler91. * Update cmake flag for the unstable headers. * Update README filename. * Update symbols files. * Update copyright holders. -- Emilio Pozuelo Monfort Fri, 04 Oct 2019 12:45:27 +0200 poppler (0.71.0-6) unstable; urgency=medium [ Simon McVittie ] * d/p/Silence-deprecation-warnings-for-PopplerAttachment-c.patch: Silence deprecation warnings for GTime, fixing autopkgtest (Closes: #941718) [ Emilio Pozuelo Monfort ] * Remove Joss from uploaders, thanks for all the work! Closes: #930163. -- Emilio Pozuelo Monfort Fri, 04 Oct 2019 11:32:23 +0200 poppler (0.71.0-5) unstable; urgency=medium * CVE-2018-10872 (Closes: #926530) * CVE-2019-12293 (Closes: #929423) -- Moritz Muehlenhoff Mon, 27 May 2019 22:51:48 +0200 poppler (0.71.0-4.1) unstable; urgency=medium * Non-maintainer upload. * Prevent a crash due to null pointer dereferencing in goo/GooString.h (Closes: #924029) -- Jonathan Wiltshire Sat, 25 May 2019 17:10:35 +0100 poppler (0.71.0-4) unstable; urgency=medium * CVE-2018-16646 (Closes: #909802) * CVE-2018-20481 (Closes: #917325) * CVE-2018-20551 (Closes: #917525) * CVE-2018-20662 (Closes: #918158) * CVE-2019-7310 (Closes: #921215) * CVE-2019-9200 (Closes: #923414) * CVE-2019-9631 (Closes: #926673) * CVE-2019-10873 (Closes: #926532) -- Moritz Muehlenhoff Thu, 23 May 2019 22:18:49 +0200 poppler (0.71.0-3) unstable; urgency=medium [ Simon McVittie ] * Add patch to fix poppler_document_new_from_stream() regression (Closes: #896596) * d/tests/glib: Add a test for #896596 [ Jeroen Ooms ] * Backport upstream patch to fix page::text_list encoding issue. -- Emilio Pozuelo Monfort Sat, 02 Mar 2019 11:03:24 +0100 poppler (0.71.0-2) unstable; urgency=medium * Upload to unstable. -- Emilio Pozuelo Monfort Mon, 07 Jan 2019 18:02:44 +0100 poppler (0.71.0-1) experimental; urgency=medium * New upstream release. * libpoppler80 -> libpoppler82. * Update libpoppler-glib8 and libpoppler-qt5-1 symbols. * Update copyright holders. -- Emilio Pozuelo Monfort Tue, 11 Dec 2018 19:34:06 +0100 poppler (0.69.0-2) unstable; urgency=medium * Upload to unstable. -- Emilio Pozuelo Monfort Thu, 18 Oct 2018 09:59:36 +0200 poppler (0.69.0-1) experimental; urgency=medium * New upstream release. * libpoppler77 -> libpoppler80. * Update copyright holders. -- Emilio Pozuelo Monfort Wed, 26 Sep 2018 14:55:21 +0200 poppler (0.66.0-1) experimental; urgency=medium * New upstream release. * libpoppler75 -> libpoppler76. * rules: no need to remove .la files anymore since we no longer use libtool. * Add one new copyright holder. -- Emilio Pozuelo Monfort Sun, 15 Jul 2018 12:23:23 +0200 poppler (0.65.0-1) experimental; urgency=medium * New upstream release. - CVE-2017-18267: fix infinite recursion on malformed documents. * libpoppler75 -> libpoppler76. * Switch dh_missing to fail mode. * Update copyright holders. -- Emilio Pozuelo Monfort Sun, 03 Jun 2018 10:15:33 +0200 poppler (0.64.0-1) experimental; urgency=medium * New upstream release. * 0001-Fix-PDFDoc-checkHeader-for-PDFs-smaller-than-1-KiB.patch: - Removed, included upstream. * Bump debhelper compat to 11. - Don't install a TODO file, it hasn't existed for a while and dh_installdocs now aborts on unknown files. * Move libglib2.0-doc and libcairo2-doc to Build-Depends-Indep. They are only needed to generate cross-references in the documentation. * libpoppler74 -> libpoppler75. -- Emilio Pozuelo Monfort Thu, 19 Apr 2018 19:44:35 +0200 poppler (0.63.0-2) unstable; urgency=medium * 0001-Fix-PDFDoc-checkHeader-for-PDFs-smaller-than-1-KiB.patch: - Don't give up on files smaller than 1KB. At least pdf2djvu's test suite has such files, and it breaks without this patch. Closes: #895630. * Upload to unstable. -- Emilio Pozuelo Monfort Thu, 19 Apr 2018 12:02:38 +0200 poppler (0.63.0-1) experimental; urgency=medium * New upstream release. - Fix performance regression on cairo backends. Closes: #895487. * debian/patches/01-new-gtk-doc.patch: - Removed, merged upstream. * debian/rules: - Let dpkg set -g and other CFLAGS for us. * libpoppler73 -> libpoppler74. -- Emilio Pozuelo Monfort Thu, 12 Apr 2018 19:12:20 +0200 poppler (0.62.0-2) unstable; urgency=medium * 01-new-gtk-doc.patch: patch from upstream git, fix FTBFS with new gtk-doc-tools. Closes: #887525. * rules: don't hardcode CXXFLAGS when setting -g, instead append to it so that we also get dpkg's buildflags. * rules: pass CFLAGS down to CMake. This should get x32 the required flags from dpkg to build with hardening=pie. This was lost during the switch to CMake as it doesn't use CFLAGS directly. Closes: #883881. * debian/tests/test-qt4.cpp: drop, the qt4 build is gone. * qt-visibility.diff: drop qt4 hunk. * control: Switch Vcs to salsa. * Upload to unstable. -- Emilio Pozuelo Monfort Sun, 04 Mar 2018 11:37:52 +0100 poppler (0.62.0-1) experimental; urgency=medium * New upstream release. * Drop libpoppler-qt4 library, removed upstream. Closes: #875096. * libpoppler72 -> libpoppler73. * control: Bump Standards-Version to 4.1.2. -- Emilio Pozuelo Monfort Thu, 14 Dec 2017 19:22:22 +0100 poppler (0.61.1-2) unstable; urgency=medium * debian/patches/qt-visibility.diff: forward upstream. * Upload to unstable. -- Emilio Pozuelo Monfort Wed, 06 Dec 2017 09:47:06 +0100 poppler (0.61.1-1) experimental; urgency=medium * New upstream release. * CVE-2017-14517: null pointer dereference on broken files. Closes: #876079. * CVE-2017-14518: division by 0 on broken files. Closes: #876082. * CVE-2017-14519: infinite recursion on broken files. Closes: #876086. * CVE-2017-14520: floating point exception on broken files. Closes: #876081. * CVE-2017-14617: floating point exception on broken files. Closes: #876385. * CVE-2017-14926: null pointer dereference on broken files. Closes: #877239. * CVE-2017-14927: null pointer dereference on broken files. Closes: #877237. * CVE-2017-14928: null pointer dereference on broken files. Closes: #877231. * CVE-2017-14929: infinite recursion on broken files. Closes: #877222. * CVE-2017-14975: null pointer dereference on broken files. Closes: #877957. * CVE-2017-14976: heap-based buffer over-read. Closes: #877954. * CVE-2017-14977: null pointer dereference on broken files. Closes: #877952. * CVE-2017-15565: null pointer dereference on broken files. Closes: #879066. * Switch to cmake; the autotools build system is gone. * rules: set libdir to the multiarch dir. * Don't install static libs, they are not built with cmake. * rules: Build with -g to get useful debugging symbols. * control: Bump Standards-Version to 4.1.1. * control: Drop Testsuite header, no longer needed. * libpoppler70 -> libpoppler72. * qt-visibility.diff: Port to cmake, but disable for now. Some Qt tests use some of the private symbols and they are built now with the cmake build system, which causes the build to fail. This makes the Qt libraries export way more symbols, but they are not exported in the headers, so this is fine for now. -- Emilio Pozuelo Monfort Mon, 20 Nov 2017 19:17:11 +0100 poppler (0.59.0-1) experimental; urgency=medium * New upstream release. * libpoppler68 -> libpoppler70. * Update symbols. * control: Downgrade libpoppler-glib-doc dependency on other -doc packages to a recommends. * control: Remove ancient breaks/replaces. * control: Bump Standards-Version to 4.1.0. * copyright: Update copyright holders. * rules: Switch to dh_missing as dh_install --list-missing is now deprecated. * rules: Qt 3 is long gone, no need to try to use qt4's moc over it. * rules: Drop V=1, no longer needed. -- Emilio Pozuelo Monfort Wed, 20 Sep 2017 01:23:06 +0200 poppler (0.57.0-2) unstable; urgency=medium * debian/copyright: Add missing copyright holders. Closes: #872298. * Upload to unstable. -- Emilio Pozuelo Monfort Tue, 29 Aug 2017 18:42:54 +0200 poppler (0.57.0-1) experimental; urgency=medium [ Pino Toscano ] * Update Vcs-* fields. * Add a lintian override for the "breaks-without-version xpdf-common" in poppler-utils, as it is making sure to clean up xpdf-common for upgrades to Buster. [ Emilio Pozuelo Monfort ] * New upstream release. Closes: #860955. * Fixes: CVE-2017-9406: memory leak parsing XRef entries. Closes: #864010. CVE-2017-9408: memory leak in Object::initArray. Closes: #864009. CVE-2017-9775: stack buffer overflow in GfxState.cc. Closes: #865680. CVE-2017-9776: integer overflow leading to heap buffer overflow in JBIG2Stream.cc. Closes: #865679. CVE-2017-9865: stack buffer overflow in GfxImageColorMap::getGray. Closes: #867477. CVE-2017-7511: pdfunite denial of service due to null pointer dereference. Closes: #863759. CVE-2017-7515: crash in tools due to infinite recursion. * debian/patches/upstream_pdfseparate-remove-extra-in-error-message.patch: + Dropped, fixed upstream. * Update symbols files. * libpoppler64 -> libpoppler68. * Re-enable PIE. Looks like Qt5 got fixed. * Bump debhelper compat to 10. + debhelper now defaults to --with autoreconf. + It also defaults to --parallel. * Switch to -dbgsym packages. * Set the team as maintainer. * Add myself to uploaders. -- Emilio Pozuelo Monfort Mon, 14 Aug 2017 22:19:15 +0200 poppler (0.48.0-2) unstable; urgency=medium * Upload to unstable. (See #839869) * autopkgtest: build the qt5 test with -std=c++11, required with Qt5 >= 5.6. * Backport upstream commit 5d15a52aade68c618c356fe403ca500e74917ef7 to remove an extra '%' in an error message of pdfseparate; patch upstream_pdfseparate-remove-extra-in-error-message.patch. (Closes: #835202) -- Pino Toscano Sat, 05 Nov 2016 08:29:43 +0100 poppler (0.48.0-1) experimental; urgency=medium * New upstream release: - fixes UTF-16 decoding of document outline title (Closes: #702082) - fixes crashes in PDF documents (Closes: #830565) * Rename packages according to the new SONAMEs: - libpoppler61 -> libpoppler64 * Update copyright. * Bump the libglib2.0-dev (build-)dependency to 2.41, as noted in the upstream build system. * Update symbols files. * Bump shlibs for libpoppler-cpp0v5 to >= 0.46.0, following the new APIs added. * Install the GObject introspection data in a multi-arch directory: - bump the libgirepository1.0-dev, and gobject-introspection to >= 1.42.0-2~, as providing a fixed dh_girepository - update gir1.2-poppler-0.18.install - mark gir1.2-poppler-0.18 as Multi-Arch: same -- Pino Toscano Sat, 08 Oct 2016 20:14:42 +0200 poppler (0.44.0-3) unstable; urgency=medium * Switch from OpenJPEG 1.x to 2.x: (Closes: #826825) - replace the libopenjpeg-dev build dependency with libopenjp2-7-dev - pass --enable-libopenjpeg=openjpeg2 to configure, to be sure OpenJPEG 2.x is used -- Pino Toscano Thu, 09 Jun 2016 23:14:49 +0200 poppler (0.44.0-2) unstable; urgency=medium * Upload to unstable. (See #823667) -- Pino Toscano Fri, 27 May 2016 22:13:46 +0200 poppler (0.44.0-1) experimental; urgency=medium * New upstream release. * Rename packages according to the new SONAMEs: - libpoppler60 -> libpoppler61 * Update copyright. -- Pino Toscano Sun, 22 May 2016 08:46:59 +0200 poppler (0.43.0-1) experimental; urgency=medium * New upstream release: (Closes: #822644) - fixes pdfinfo man page (Closes: #813500) - fixes build with GCC 6 (Closes: #811901) * Rename packages according to the new SONAMEs: - libpoppler57 -> libpoppler60 * Update copyright. * Update symbols files: - adapt to the different internal symbols with GCC 6 * Update build dependencies: - add zlib1g-dev for Flate compression - add libnss3-dev for signature handling * Mention pdfsig in the description of poppler-utils. -- Pino Toscano Sun, 01 May 2016 09:31:22 +0200 poppler (0.38.0-3) unstable; urgency=medium * Backport upstream commit b3425dd3261679958cd56c0f71995c15d2124433 to fix a crash on invalid files, reported also as CVE-2015-8868; patch upstream_Do-not-crash-on-invalid-files.patch. (Closes: #822578) * Update Vcs-* fields. * Bump Standards-Version to 3.9.8, no changes required. -- Pino Toscano Mon, 25 Apr 2016 16:51:07 +0200 poppler (0.38.0-2) unstable; urgency=medium * Upload to unstable. (See #807089) -- Pino Toscano Wed, 09 Dec 2015 20:21:27 +0100 poppler (0.38.0-1) experimental; urgency=medium * New upstream release: - fixes an initialized value in Splash (Closes: #777250) * Rename packages according to the new SONAMEs: - libpoppler47 -> libpoppler57 * Update copyright. * debian/patches: - qt-visibility.diff: refresh * Update symbols files. * Merge changes from 0.26.5-3 and 0.26.5-4. -- Pino Toscano Sun, 29 Nov 2015 19:42:03 +0100 poppler (0.28.1-1) experimental; urgency=medium * New upstream release: - fix typo in JPX stream decoder (Closes: #764997) * Rename packages according to the new SONAMEs: - libpoppler46 -> libpoppler47 * debian/patches: - upstream_Map-Standard-Expert-encoding-ligatures-to-AGLFN-name.patch: drop, backported - qt-visibility.diff: refresh * Update copyright. * Update symbols files. -- Pino Toscano Tue, 04 Nov 2014 23:04:13 +0100 poppler (0.26.5-4) unstable; urgency=medium * Handle the new libstc++ ABI of GCC 5 on libpoppler-cpp: (Closes: #796919) - rename libpoppler-cpp0 to libpoppler-cpp0v5 - make libpoppler-cpp0v5 conflict/replace libpoppler-cpp0 -- Pino Toscano Sat, 29 Aug 2015 11:11:46 +0200 poppler (0.26.5-3) unstable; urgency=medium * Replace "xpdf-utils (<< 3.02-2~)" with "xpdf-utils (<< 1:0), xpdf-common" to cleanup the old packages. (Closes: #774949) * Disable pie for now, as there seems to be an incompatibility between Qt5 and GCC >= 5. (Closes: #792592) * Tighten dependencies on the libpopplerN package to the exact binary version in other library packages and poppler-utils. (Closes: #767659) * control: rename XS-Testsuite to Testsuite. * autopkgtest tests: remove the realpath dependency, as the version of coreutils in stable provides the realpath binary. -- Pino Toscano Sat, 25 Jul 2015 20:01:57 +0200 poppler (0.26.5-2) unstable; urgency=medium * Backport upstream commit 01723aa17e836e818158dbdc56df642a290be300 to map Standard/Expert encoding ligatures to AGLFN names; patch upstream_Map-Standard-Expert-encoding-ligatures-to-AGLFN-name.patch. (Closes: #740801) * Bump Standards-Version to 3.9.6, no changes required. -- Pino Toscano Sun, 19 Oct 2014 18:23:32 +0200 poppler (0.26.5-1) unstable; urgency=medium * New upstream release. -- Pino Toscano Sat, 27 Sep 2014 15:57:03 +0200 poppler (0.26.4-1) unstable; urgency=medium * New upstream release. * Fix linking order in autopkgtest tests. * Update copyright. -- Pino Toscano Fri, 22 Aug 2014 23:43:20 +0200 poppler (0.26.3-1) unstable; urgency=medium * New upstream release. * Bump the libqt4-dev (build-)dependency to 4.7.0, as noted in the upstream build system. * Update copyright. -- Pino Toscano Sun, 20 Jul 2014 19:16:14 +0200 poppler (0.26.2-3) unstable; urgency=medium * Mark libpoppler-dev, libpoppler-private-dev, libpoppler-qt5-dev, and libpoppler-cpp-dev as Multi-Arch: same; dependencies of the other -dev's are not ready. (Closes: #743817) * Switch from autotools-dev to dh-autoreconf: (Closes: #753342) - autoreconf in as-needed mode, and thus drop patch ltmain-as-needed.diff - remove Makefile.in parts from qt-visibility.diff * Provide a simple debian/upstream/metadata file, for DEP 12. * Remove Dave Beckett and Ross Burton from Uploaders, since they have done no work at all in poppler. * Add simple autopkgtest tests for the frontends (cpp, glib, qt4, qt5); loosely inspired by the glib one provided by Ubuntu. [ Peter Pentchev ] * Drop the unused libgtk2.0-dev build dependency. (Closes: #749972) -- Pino Toscano Fri, 18 Jul 2014 19:04:31 +0200 poppler (0.26.2-2) unstable; urgency=medium * Upload to unstable. (See #751525) -- Pino Toscano Wed, 02 Jul 2014 21:37:11 +0200 poppler (0.26.2-1) experimental; urgency=medium * New upstream release: - 'pdftohtml -v' now returns 0 as exit code (Closes: #732427) -- Pino Toscano Fri, 20 Jun 2014 00:53:56 +0200 poppler (0.26.1-1) experimental; urgency=medium * New upstream release: - fix extraction of text in some files (Closes: #747057) * Update copyright. * Merge changes from 0.24.5-4: - upstream_Fix-extraction-of-text-in-some-files.patch: drop, backported -- Pino Toscano Sat, 24 May 2014 16:03:20 +0200 poppler (0.26.0-1) experimental; urgency=medium * New upstream release: - pdfseparate supports left-padding PDF page patterns (Closes: #723121) - poppler-glib uses the GLib logging features for Poppler's messages (Closes: #736425) * Rename packages according to the new SONAMEs: - libpoppler44 -> libpoppler46 * Update copyright. * Update symbols files. * debian/patches: - upstream_fix_qt5_moc_detection.diff: drop, backported - qt-visibility.diff: remove applied parts -- Pino Toscano Fri, 25 Apr 2014 23:54:13 +0200 poppler (0.24.5-4) unstable; urgency=medium * Backport upstream commit 5b2cdef49a8a0a92fd323fbe45841a5098a42ece to fix extraction of text in in some documents; patch upstream_Fix-extraction-of-text-in-some-files.patch. (Closes: #747057) * Enable the autotools_dev dh addon to update config.{guess,sub} before configure. (Closes: #734014) -- Pino Toscano Sat, 24 May 2014 15:00:15 +0200 poppler (0.24.5-3) unstable; urgency=medium * Upload to unstable. * The rebuild closes: #742293. -- Pino Toscano Sat, 05 Apr 2014 16:28:26 +0200 poppler (0.24.5-2) experimental; urgency=medium * Backport upstream commits a766c55f68db38feed91cf003a0d5710e2f925a8 and e238c1f83fd5f667336bfbb0e9a59569ff638ecc to fix the detection of Qt 5's moc; patch upstream_fix_qt5_moc_detection.diff. * Rename patch qt4-visibility.diff to qt-visibility.diff, and extend to qt5. * Provide poppler-qt5: (Closes: #716685) - add the qtbase5-dev build dependency - add the libpoppler-qt5-1 and libpoppler-qt5-dev binaries - pass --enable-poppler-qt5 to configure - add symbols file for libpoppler-qt5-1 -- Pino Toscano Sun, 02 Feb 2014 14:18:21 +0100 poppler (0.24.5-1) experimental; urgency=low * New upstream release: - poppler can handle documents bigger than 2GB. (Closes: #642530) - fixes a typo in an error message. (Closes: #708972) * Rename packages according to the new SONAMEs: - libpoppler37 -> libpoppler44 * debian/patches: - qt4-visibility.diff: refresh - upstream_pdfseparate-improve-the-path-building.patch: drop, backported - upstream_Allow-only-one-d-in-the-filename.diff: drop, backported * Update copyright. * Update symbols files. * Remove the manual link to pthreads, introduced in 0.18.4-10, as it is no more needed now (poppler does it on its own now). -- Pino Toscano Tue, 21 Jan 2014 23:58:32 +0100 poppler (0.22.5-4) unstable; urgency=medium * Upload to unstable. -- Pino Toscano Tue, 21 Jan 2014 22:43:36 +0100 poppler (0.22.5-3) experimental; urgency=low * Merge changes from 0.18.4-9 and 0.18.4-10: - upstream_Allow-only-one-d-in-the-filename.diff: pick it unmodified from upstream -- Pino Toscano Wed, 18 Dec 2013 14:40:56 +0100 poppler (0.22.5-2) experimental; urgency=low * Merge changes from 0.18.4-7 and 0.18.4-8: - CVE-2012-2142.diff: drop, fixed upstream - upstream_pdfseparate.1-Syntax-fixes.patch: drop, backported -- Pino Toscano Wed, 21 Aug 2013 14:25:35 +0200 poppler (0.22.5-1) experimental; urgency=low * New upstream release: - fixes case sensitive search in poppler-glib. (Closes: #299657) - poppler passes correct UTF-8 strings to cairo. (Closes: #697766) * Rename packages according to the new SONAMEs: - libpoppler28 -> libpoppler37 * debian/patches: - qt4-visibility.diff: refresh - upstream_fix-GooString-insert.diff: drop, applied upstream - upstream_Fix-another-invalid-memory-access-in-1091.pdf.asan.7.patch: drop, backported - upstream_Fix-invalid-memory-access-in-2030.pdf.asan.69.463.patch: drop, backported - upstream_Fix-invalid-memory-access-in-1150.pdf.asan.8.69.patch: drop, backported - upstream_Initialize-refLine-totally.patch: drop, backported - upstream_cairo-support-parameterized-Gouraud-shading.patch: drop, applied upstream * Update copyright. * Update symbols files. * Update configure arguments: - Add: --enable-libpng, --enable-libtiff, --enable-cms=lcms2 (no actual changes, just enforce their usage) * Update recommends and suggests: - libpoppler-private-dev: drop the libpng-dev, libtiff-dev suggests. - poppler-utils: drop the ghostscript recommend. * Split the API documentation from libpoppler-glib-dev to an own libpoppler-glib-doc. -- Pino Toscano Wed, 07 Aug 2013 13:21:35 +0200 poppler (0.20.5-3) experimental; urgency=low * Merge changes from 0.18.4-6: - upstream_Fix-another-invalid-memory-access-in-1091.pdf.asan.7.patch: update from upstream repository - upstream_Fix-invalid-memory-access-in-2030.pdf.asan.69.463.patch: update from upstream repository - upstream_Fix-invalid-memory-access-in-1150.pdf.asan.8.69.patch: update from upstream repository - upstream_Initialize-refLine-totally.patch: update from upstream repository -- Pino Toscano Tue, 26 Mar 2013 00:52:48 +0100 poppler (0.20.5-2) experimental; urgency=low * Merge changes from 0.18.4-4 and 0.18.4-5: - psoutputdev-initialize-vars.diff: drop, obsolete * Backport upstream commit ae8fc0cbfc6123189e17b3cf1286e0540f181646 to support parameterized Gouraud shading in CairoOutputDev; patch upstream_cairo-support-parameterized-Gouraud-shading.patch. (Closes: #699467) -- Pino Toscano Thu, 31 Jan 2013 19:41:24 +0100 poppler (0.20.5-1) experimental; urgency=low * New upstream release. * Update copyright. -- Pino Toscano Wed, 10 Oct 2012 21:02:25 +0200 poppler (0.20.4-1) experimental; urgency=low * New upstream release. * Rename packages according to the new SONAMEs: - libpoppler27 -> libpoppler28 * Add few optional symbols to the libpoppler-qt4-4 symbols file. * Rename docs to libpoppler28.docs to make sure it is used only for libpoppler. -- Pino Toscano Sun, 23 Sep 2012 17:03:39 +0200 poppler (0.20.3-2) experimental; urgency=low * Adapt the libpoppler-qt4-4 symbols file to the internal symbols exported only with GCC 4.7, and to other templinst arm* symbols. -- Pino Toscano Tue, 14 Aug 2012 01:08:12 +0200 poppler (0.20.3-1) experimental; urgency=low * New upstream release. * Rename packages according to the new SONAMEs: - libpoppler26 -> libpoppler27 * Update copyright. * Remove from libpoppler-private-dev the headers we used to install manually but which are not installed by the upstream sources: - ArthurOutputDev.h - CairoFontEngine.h - CairoOutputDev.h - DCTStream.h - JPEG2000Stream.h - PageLabelInfo.h using them would have meant not compiling with upstream sources anyway. * Remove the libopenjpeg-dev suggest from libpoppler-private-dev, since now there are no more headers including openjpeg headers. * Add a symbols file for libpoppler-qt4-4, based on poppler 0.20.1: - add patch qt4-visibility.diff to enable the GCC hidden visibility, and avoid exporting private symbols - set the current poppler version as version for the remaining private symbols - stop invoking dh_makeshlibs manually for libpoppler-qt4-4 -- Pino Toscano Sat, 11 Aug 2012 12:13:20 +0200 poppler (0.20.2-2) experimental; urgency=low * Raise the version of the libpoppler-private-dev breaks/replaces against libpoppler-dev to << 0.20.2. (Closes: #681313) -- Pino Toscano Thu, 12 Jul 2012 12:19:17 +0200 poppler (0.20.2-1) experimental; urgency=low * New upstream release. * Merge changes from 0.18.4-3: - upstream_cairo-use-correct-userfont-font-bbox.patch: drop, backported - upstream_Change-nnnnnn-to-number.patch: drop, backported - upstream_pdfinfo-decode-utf-16-surrogate-pairs.patch: drop, backported * Update copyright. -- Pino Toscano Wed, 11 Jul 2012 23:51:35 +0200 poppler (0.20.1-1) experimental; urgency=low * New upstream release. * Rename packages according to the new SONAMEs: - libpoppler19 -> libpoppler26 - libpoppler-qt4-3 -> libpoppler-qt4-4 * Bump shlibs for libpoppler-qt4-4. * Update copyright. * Update build dependencies: - Switch liblcms1-dev to liblcms2-dev, supported upstream now. * debian/patches: - ltmain-as-needed.diff: refresh * Add pdfdetach in the description of poppler-utils. * Add a symbols file for libpoppler-glib8, based on poppler 0.18; the C++ symbols (internal) of it now have the current poppler version as version. -- Pino Toscano Mon, 11 Jun 2012 15:14:29 +0200 poppler (0.18.4-10) unstable; urgency=low * Manually force the link of everything against pthreads; while I cannot reproduce #730112, it seems (see e.g. #728113) that doing so would fix the poppler utilities. (Closes: #730112) Newer versions of poppler link to pthreads already, so this is a workaround for 0.18.x only. -- Pino Toscano Sun, 15 Dec 2013 12:49:01 +0100 poppler (0.18.4-9) unstable; urgency=medium * Remove the custom RPATH handing on Hurd, since the issue does not affect the build anymore; remove the hurd-only chrpath build dependency. * Backport upstream commits b8682d868ddf7f741e93b791588af0932893f95c (patch upstream_pdfseparate-improve-the-path-building.patch) and 61f79b8447c3ac8ab5a26e79e0c28053ffdccf75 (patch upstream_Allow-only-one-d-in-the-filename.diff) to fix two string/format issues in pdfseparate, reported as CVE-2013-4473 and CVE-2013-4474. (Closes: #723124, #729064) * Bump Standards-Version to 3.9.5, no changes required. -- Pino Toscano Sun, 17 Nov 2013 18:57:18 +0100 poppler (0.18.4-8) unstable; urgency=low * Remove the .la files from debian/tmp, to shorten the --list-missing output. * Workaround issues of old libtool on Hurd, by removing with chrpath the extra RPATH added; add the hurd-only chrpath build dependency for that. * Backport upstream commit 8e504bf2543621973fdaddbd29055ce435540146 to fix small syntax issues in pdfseparate.1. -- Pino Toscano Tue, 20 Aug 2013 19:12:31 +0200 poppler (0.18.4-7) unstable; urgency=low * Filter stuff that might end up in the shell; patch CVE-2012-2142.diff by Marek Kasik to fix CVE-2012-2142. * Fix Vcs-* headers. * Bump Standards-Version to 3.9.4, no changes required. * Adjust watch file to allow both gz and xz extensions. * Mark poppler-dbg as Multi-Arch: same. -- Pino Toscano Fri, 09 Aug 2013 12:50:40 +0200 poppler (0.18.4-6) unstable; urgency=low * Backport upstream commits 0388837f01bc467045164f9ddaff787000a8caaa (patch upstream_Fix-another-invalid-memory-access-in-1091.pdf.asan.7.patch), 8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492 (adapted patch upstream_Fix-invalid-memory-access-in-1150.pdf.asan.8.69.patch), and e14b6e9c13d35c9bd1e0c50906ace8e707816888 (adapted patch upstream_Fix-invalid-memory-access-in-2030.pdf.asan.69.463.patch) to fix CVE-2013-1788. * Backport upstream commit b1026b5978c385328f2a15a2185c599a563edf91 to fix CVE-2013-1790 (patch upstream_Initialize-refLine-totally.patch). * With the changes above, this upload closes: #702071. -- Pino Toscano Mon, 25 Mar 2013 21:43:07 +0100 poppler (0.18.4-5) unstable; urgency=low * Correctly initialize PSOutputDev::fontFileNameLen and PSOutputDev::psFileNames; patch psoutputdev-initialize-vars.diff. (Closes: #699421) -- Pino Toscano Thu, 31 Jan 2013 15:20:33 +0100 poppler (0.18.4-4) unstable; urgency=low * Backport upstream commits 7ba15d11e56175601104d125d5e4a47619c224bf and 55940e989701eb9118015e30f4f48eb654fa34c4 to fix GooString::insert; patch upstream_fix-GooString-insert.diff. (Closes: #693817) * Add a libcairo2-doc build dependency to fix cross-references to cairo methods in the poppler-glib apidox. -- Pino Toscano Tue, 27 Nov 2012 16:24:17 +0100 poppler (0.18.4-3) unstable; urgency=low * Finally drop the libfontconfig1-dev dependency from libpoppler-dev, since now all sources have been fixed. * Remove an extra colon from the override_dh_auto_clean declaration. * Move the poppler private headers from libpoppler-dev to libpoppler-private-dev: - Add break/replaces in libpoppler-private-dev. - Drop lintian overrides of libpoppler-private-dev. - Adjust descriptions of libpoppler-dev and libpoppler-private-dev. * Backport upstream commit f1e621adbbb74ec709022b2a31195331651c83fa to fix the glyph drawing with cairo >= 1.12; patch upstream_cairo-use-correct-userfont-font-bbox.patch. (Closes: #668250) * Backport upstream commit fde3bed0f400a50f31f1f6bcee44ac1b2c17ddc6 to make pdfinfo decode UTF-16 surrogate pairs; patch upstream_pdfinfo-decode-utf-16-surrogate-pairs.patch. (Closes: #525309) * Backport upstream commit 4eaafe67de79fb63ebf61f031a97bbc0ed6a8891 to fix the man page of pdftoppm regarding the naming of the output files; patch upstream_Change-nnnnnn-to-number.patch. (Closes: #495901) -- Pino Toscano Thu, 21 Jun 2012 21:38:32 +0200 poppler (0.18.4-2) unstable; urgency=low * Upload to unstable. * Enable all the hardening flags. * Bump to Standards-Version to 3.9.3, no changes required. * Bump debhelper build dependency to >= 9, since compat 9 is used. * Set the minimum shlib version of libpoppler19 to the current version. * Temporarly put back the libfontconfig1-dev dependency to libpoppler-dev, as there is still one source assuming that dependency. -- Pino Toscano Thu, 31 May 2012 15:24:07 +0200 poppler (0.18.4-1) experimental; urgency=low * New upstream release. * Update copyright. -- Pino Toscano Sat, 18 Feb 2012 20:22:17 +0100 poppler (0.18.3-1) experimental; urgency=low * New upstream release: (Closes: #644447) - fixes rendering of Porirua City overview map. (Closes: #443547) - shows the names of unknown fonts. (Closes: #524323) * Rename packages according to the new SONAMEs: - libpoppler13 -> libpoppler19 - libpoppler-glib6 -> libpoppler-glib8 * Bump shlibs for libpoppler-glib8 and libpoppler-qt4-3. * debian/patches: - ltmain-as-needed.diff: refresh * Update copyright. * Update configure arguments: - Remove: --disable-poppler-qt, --disable-abiword-output * Drop test-poppler-glib from libpoppler-glib-dev, as it does not exist anymore. * Update build dependencies, dependencies and suggests: - Switch liblcms-dev to liblcms1-dev, to make it explicit lcms 1 is used. - Add libtiff-dev (for TIFF support). - Remove the gnome-pkg-tools B-D, unused. - libpoppler-dev: remove libfontconfig1-dev. - libpoppler-private-dev: suggest packages containing headers included in barely used private poppler core headers: libfreetype6-dev, libopenjpeg-dev, libpng-dev, libtiff-dev. (Closes: #646688) - libpoppler-glib-dev: remove libgtk2.0-dev. * Enable the GObject introspection support (Closes: #617604): - Add libgirepository1.0-dev and gobject-introspection build dependencies. - Add a new package gir1.2-poppler-0.18, and make libpoppler-glib-dev depend on it. - Enable the introspection in configure arguments. * Improve description of poppler-utils, also including the new tools (pdfseparate, pdftocairo, pdfunite). * Convert convert to the `dh' sequencer: - Drop cdbs build dependency. - Bump debhelper build dependency to 7.0.50. - Make use of the gir dh addon. - Enable parallel build support. * Remove ${shlibs:Depends} from poppler-dbg. * Install the upstream ChangeLog only in the libpopplerN package. * Convert to multi-arch: - Bump debhelper build dependency to 8.9.0. - Bump compat to 9. - Add dpkg build dependency to 1.16.1. - libpoppler19, libpoppler-glib8, libpoppler-qt4-3, libpoppler-cpp0: mark "Multi-Arch: same", and add Pre-Depends. - poppler-utils: mark "Multi-Arch: foreign". - Fix (using wildcard) library paths in .install files, taking care of installing the gir .typelib file in a non-multi-arch path. * Use DEB_LDFLAGS_MAINT_APPEND in rules to properly append custom LDFLAGS. (Closes: #651968) * Make the build verbose (V=1). -- Pino Toscano Sun, 12 Feb 2012 22:49:35 +0100 poppler (0.16.7-3) unstable; urgency=low [ Michael Gilbert ] * Bump standards to 3.9.2. * Remove automatically generated glib reference files in clean rule (this prevents automatic generation of a debian patch on a second build run. [ Pino Toscano ] * Switch to my @debian.org address, I'm a DD now. * Add a libpoppler-private-dev package: it will contain the private poppler core headers, but at the moment it is empty to allow sources to migrate their (build-)dependencies from libpoppler-dev to it. * control: add Vcs-Browser and Vcs-Git headers. * control: fix some of the conflict/replaces relations in poppler-utils: - xpdf-utils: properly set the version for it, and turn into a breaks/replaces (see also #586620) - pdftohtml: remove the version, since any newer version would always conflict with the one in poppler-utils -- Pino Toscano Fri, 10 Feb 2012 23:59:28 +0100 poppler (0.16.7-2) unstable; urgency=low * Upload to unstable. -- Pino Toscano Fri, 01 Jul 2011 22:29:43 +0200 poppler (0.16.7-1) experimental; urgency=low * New upstream release. * Make sure to really disable the gobject introspection for configure. * Few touches to descriptions: - Fix typo in libpoppler-cpp0. - Correctly capitalize "Xpdf". * Update copyright. * Enable as-needed linking: - Import the ltmain-as-needed.diff (refreshed) patch to allow to pass -Wl,--as-needed at the beginning of autotools linking lines - set LDFLAGS to "-Wl,--as-needed" * Drop abiword support, buggy and dropped in Poppler 0.18: (Closes: #521456, #618634) - rules: add --disable-abiword-output - control: remove the libxml2-dev build-dependency and the pdftoabw references in the poppler-utils description - drop patch 03_CVE-2009-3938.patch, no more needed now - drop pdftoabw.1 manpage - libpoppler-dev.install: stop installing ABWOutputDev.h -- Pino Toscano Fri, 01 Jul 2011 00:47:07 +0200 poppler (0.16.3-1) experimental; urgency=low [ Pino Toscano ] * New upstream release: (Closes: #567817, #585434, #592534, #601179, #611874) - fixes thread-unsafe usage of strtok(). (Closes: #533426) - pdftohtml correctly rotates images. (Closes: #506785) - pdftoppm tests correctly for rotation. (Closes: #614831) - fixes text highlighting. (Closes: #463963) - fixes image rescaling with cairo. (Closes: #533138) - fixes/hides some "Illegal entry in bfrange block in ToUnicode CMap" errors. (Closes: #578050) - fixes a pdftotext crash. (Closes: #611124) * Update patches: - 01_revert_abi_change.patch: remove, obsolete - 02_autohinting_abi_compatibility.patch: remove, obsolete - 03_CVE-2009-3938.patch: add two DEP3 headers (with bug number) - 04_security.patch: remove, applied upstream * Drop Qt 3 frontend, unused in Debian (and will no more be provided with Poppler 0.18). (Closes: #604370, #558951) * Rename packages according to the new SONAMEs: - libpoppler5 -> libpoppler13 - libpoppler-glib4 -> libpoppler-glib6 * Update shlib depends for libpoppler-qt4-3. * Add packages for the new CPP frontend (libpoppler-cpp0). * Update build-dependencies and dependencies: - Bump libglib2.0-dev, libcairo2-dev, gtk-doc-tools, and libqt4-dev to the versions required upstream. - Remove obsolete B-D: libqt3-mt-dev, libglade2-dev. - libpoppler-glib-dev: add libgtk2.0-dev (Closes: #540582), remove libpango1.0-dev. * Update configure arguments: - Add: --enable-xpdf-headers - Remove: --enable-a4-paper * Update copyright, adding a small clarifying text that the Poppler license is GPL v2 only. (Closes: #611259) * Bump debhelper compatibility to 7: - Update .install files accordingly. * libpoppler-dev.install: Avoid installing all the poppler private headers (even those that will not work), but rely on what poppler installs and manually copy the few "useful". * rules: include /usr/share/cdbs/1/rules/utils.mk for list-missing. * Add myself to the Uploaders. * Add Homepage field in control. * Improve descriptions of most of the packages. [ Michael Gilbert ] * Recommend poppler-data (closes: #584503). * Fix a typo (closes: #582527). * Update to source format 3.0 (quilt). - Drop explicit quilt dependency. * Bump standards version to 3.8.4 (no changes required). * Add copyright dates to copyright file as stated in README-XPDF. * Add manpage for pdftoabw (closes: #505147). -- Josselin Mouette Thu, 03 Mar 2011 22:14:46 +0100 poppler (0.12.4-1.2) unstable; urgency=medium * Non-maintainer upload by the Security Team * Fix CVE-2010-3702, CVE-2010-3703, CVE-2010-3704 and several crashers (Closes:#599165) -- Moritz Mühlenhoff Sat, 23 Oct 2010 15:59:04 +0200 poppler (0.12.4-1.1) unstable; urgency=high * Non-maintainer upload. * Do not conflict with newer versions of xpdf-utils (closes: #586620). -- Michael Gilbert Fri, 06 Aug 2010 18:51:54 -0400 poppler (0.12.4-1) unstable; urgency=low * New upstream release. * Bump Qt requirements. -- Josselin Mouette Fri, 16 Apr 2010 19:22:34 +0200 poppler (0.12.2-2.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fixed CVE-2009-3938 (Closes: #534680) -- Giuseppe Iuculano Tue, 22 Dec 2009 16:11:27 +0100 poppler (0.12.2-2) unstable; urgency=low * Switch to quilt to manage patches. * 01_revert_abi_change.patch: revert upstream commit that introduced an ABI change in a stable release. Closes: #558463. * 02_autohinting_abi_compatibility.patch: revert part of another upstream commit for a similar reason. -- Josselin Mouette Mon, 30 Nov 2009 16:51:53 +0100 poppler (0.12.2-1) unstable; urgency=low * New upstream release. -- Josselin Mouette Sat, 28 Nov 2009 13:24:28 +0100 poppler (0.12.0-2.1) unstable; urgency=low * Non-maintainer upload. * Include fofi/*.h in /usr/include/poppler/fofi. Closes: #553445. -- Matt Kraai Tue, 10 Nov 2009 19:51:32 -0800 poppler (0.12.0-2) unstable; urgency=low * copyright: add complete list of copyright holders. * Upload to unstable. Hold on to your pants. -- Josselin Mouette Sat, 17 Oct 2009 10:48:03 +0200 poppler (0.12.0-1) experimental; urgency=low * New upstream release. Closes: #530731. * Rename libpoppler4 to libpoppler5. * Bump shlibs versions. -- Josselin Mouette Thu, 24 Sep 2009 16:39:17 +0200 poppler (0.10.6-1) unstable; urgency=critical * Fix section for the debug package. * New upstream release. + Fix problems that happen when parsing broken JBIG2 files. CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-1187, CVE-2009-1188. * Bump libqt4 requirement. * 10_jpxstream_int_crash.patch: removed, upstream has merged a different fix quite a while ago. * Standards version is 3.8.1. -- Josselin Mouette Wed, 01 Apr 2009 18:30:04 +0200 poppler (0.10.5-1) unstable; urgency=low [ Pino Toscano ] * New upstream release, no API nor ABI changes. + Fixes crash when rendering documents with optional content. (Closes: #519494) * Remove lintian override for poppler-dbg, which is no more needed with lintian >= 2.2.1. -- Josselin Mouette Wed, 01 Apr 2009 15:19:53 +0200 poppler (0.10.4-3) unstable; urgency=low * Revert previous upload, now openjpeg was built successfully on alpha. * Build-depend on libglib2.0-doc to ensure proper xrefs. -- Josselin Mouette Tue, 10 Mar 2009 12:03:06 +0100 poppler (0.10.4-2) unstable; urgency=low * Don’t require openjpeg on alpha, since it doesn’t build there. -- Josselin Mouette Sun, 08 Mar 2009 03:33:50 +0100 poppler (0.10.4-1) unstable; urgency=low [ Pino Toscano ] * New upstream stable release, with ABI and API changes wrt poppler 0.8. - Rename libpoppler3 to libpoppler4, libpoppler-glib3 to libpoppler-glib4; libpoppler-qt2 and libpoppler-qt4-3 are not renamed; update control, DEB_DH_MAKESHLIBS_ARGS_* in rules, and rename install files. - Add shlib version for libpoppler-qt4-3. - Drop patches 60_manpages-cfg-flag.patch, 61_manpages-hyphens.patch, and 62_pdftops-mandatory-arg.patch, merged upstream. * Build-dep on libopenjpeg-dev for better JPEG2000 reading. [ Josselin Mouette ] * Build-depend explicitly on libjpeg-dev, libfreetype6-dev and libxml2-dev. * Bump requirement on libqt4-dev. -- Josselin Mouette Fri, 06 Mar 2009 12:54:09 +0100 poppler (0.8.7-1) unstable; urgency=low * Bump up Standards-Version to 3.8.0. * New patch, 61_manpages-hyphens, fixes escaping of hyphens in man pages; FreeDesktop #17225. * New patch, 62_pdftops-mandatory-arg, fixes synopsis of pdftops in man page to clarify that a PDF file is required in all cases; FreeDesktop #17226; closes: #491816. * Build-dep on cdbs (>= 0.4.52) and add a lintian override with rationale for the following lintian warning: W: poppler-dbg: dbg-package-missing-depends poppler * Add xrefs and CVE for #489756 in 0.8.5-1 as I didn't merge the 0.8.4-1.1 NMU. * New upstream release; no API change, bug fixes. -- Loic Minier Wed, 20 Aug 2008 17:36:12 +0200 poppler (0.8.6-1) unstable; urgency=low * Fix /usr/share/gtk-doc/html/poppler symlink to point at /usr/share/doc/libpoppler-glib-dev/html/poppler instead of /usr/share/doc/libpoppler-glib-dev/html; LP: #226677. * New upstream stable release; bug fixes, no API change. * New patch, 60_manpages-cfg-flag, drop unimplemented -cfg flag from man pages; FreeDesktop #17222; closes: #461961. * Rename patch 001_jpxstream_int_crash to 10_jpxstream_int_crash as we don't have that many patches; also add upstream bug id (FreeDesktop #5667) and refresh to apply cleanly. * Build-dep on pkg-config >= 0.18 to make sure -lpoppler is only in poppler-qt's Libs.private (it already is though); closes: #360595. -- Loic Minier Fri, 01 Aug 2008 15:04:05 +0200 poppler (0.8.5-1) unstable; urgency=low * New upstream release; no API changes, misc fixes. - Initializes pageWidgets in Page.cc, otherwise it can be a rubbish pointer as Annots is not a valid object; upstream commit fd0bf8b05cb155e2f29df31fa01964b12e710b89; CVE-2008-2950; closes: #489756. -- Loic Minier Wed, 30 Jul 2008 14:52:42 +0200 poppler (0.8.4-1) unstable; urgency=low * New upstream release; no API change. - Fixes crash when reloading PDFs; GNOME #536482; closes: 484160. -- Loic Minier Mon, 30 Jun 2008 10:44:16 +0200 poppler (0.8.3-1) unstable; urgency=low * New upstream release. Closes: #487214. + Fix crasher with some PDF files. Closes: #484224. -- Josselin Mouette Wed, 25 Jun 2008 16:40:39 +0200 poppler (0.8.2-2) unstable; urgency=low * Upload to unstable. * Set myself as Maintainer instead of Uploader, taking over from Ondřej Surý but I wish we move to an official team; closes: #481323. -- Loic Minier Thu, 15 May 2008 12:33:18 +0200 poppler (0.8.2-1) experimental; urgency=low * New upstream releases. - Drop patch 006_pthreads_ldflags, upstream now calls ACX_PTHREAD() in configure.ac which does the right thing. - Drop patch 102_embedded-font-fixes, merged upstream. -- Loic Minier Sun, 11 May 2008 01:02:22 +0200 poppler (0.8.0-1) experimental; urgency=low * Bump libcairo2-dev build-dep and dep to >= 1.4; thanks Marc 'HE' Brockschmidt. * New upstream stable release, with ABI and API changes; closes: #476323. - Rename libpoppler2 to libpoppler3, libpoppler-glib2 to libpoppler-glib3, and libpoppler-qt4-2 to libpoppler-qt4-3; NB: libpoppler-qt2 not renamed; update control, DEB_DH_MAKESHLIBS_ARGS_* in rules, rename install files. - Drop shlib version except for libpoppler-qt2. - Update patch 006_pthreads_ldflags for the version-info changes in poppler/Makefile.am. - Force usage of qt4's moc via a PATH setting; export PATH. * Let libpoppler-glib-dev depend on libglib2.0-dev >= 2.6 for consistency with build-deps. * New patch, 102_embedded-font-fixes; protects the methods of the Object class to be more robust and prevent things like CVE-2008-1693; see also FreeDesktop/Poppler #11392; taken from the Ubuntu package; closes: #476842. * Add a poppler-dbg package; closes: #408403. - Bump up cdbs build-dep to >= 0.4.51 for -dbg handling fixes. - Add poppler-dbg to control. -- Loic Minier Mon, 17 Mar 2008 21:00:13 +0100 poppler (0.6.4-1) unstable; urgency=medium * Add ${shlibs:Depends} to libpoppler-glib-dev, libpoppler-dev, libpoppler-qt-dev, libpoppler-qt4-dev. * Add ${misc:Depends}. * Cleanups. * New upstream releases; no API change; bug fixes; closes: #459342. * Fix copyright information to use version 2 of the GPL (instead of version 2 or later); thanks Timo Jyrinki for the patch; closes: #453865. * Urgency medium for RC bug fix. * List pdftohtml in poppler-utils' description; closes: #464439. * Drop libpoppler-qt-dev dependency from libpoppler-qt4-dev; thanks Pino Toscano; closes: #459922. * Bump up Standards-Version to 3.7.3. -- Loic Minier Fri, 18 Jan 2008 13:35:06 +0100 poppler (0.6.2-1) unstable; urgency=low * New upstream version. (Closes: #447992) * Dependency on xpdfrc was removed on 2007-02-25 (Closes: #347789, #440936) * Changes since 0.6.1: - Fix CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393 (Closes: #450628) - Fix a crash on documents with wrong CCITTFaxStream - Fix a crash in the Cairo renderer with invalid embedded fonts - Fix a crash with invalid TrueType fonts - Check if font is inside the clip area before rendering it to a temporary bitmap in the Splash renderer. Fixes crashes on incorrect documents - Do not use exit(1) on DCTStream errors - Detect form fields at any depth level - Do not generate appearance stream for radio buttons that are not active -- Ondřej Surý Wed, 14 Nov 2007 11:20:07 +0100 poppler (0.6.1-2) unstable; urgency=low * Upload to unstable. -- Ondřej Surý Tue, 06 Nov 2007 09:07:10 +0100 poppler (0.6.1-1) experimental; urgency=low * New upstream version. * Changes since 0.6.0: - poppler core: + Fix printing with different x and y scale + Fix crash when Form Fields array contains references to non existent objects + Fix crash in CairoOutputDev::drawMaskedImage() + Fix embedded file description not working on some cases - Qt4 frontend: + Fix printing issue + Avoid double free + Fix memory leak when dealing with embedded files - glib frontend: + Fix build with --disable-cairo-output + Do not return unknown field type for signature form fields - build system: + Support automake-1.10 + More compatible sh code in qt.m4 - utils: + Fix build on Sun Studio compiler -- Ondřej Surý Thu, 25 Oct 2007 11:33:04 +0200 poppler (0.6-1) experimental; urgency=low * New upstream release. (Closes: #429700) - merged changes from Ubuntu, courtesy of Sebastien Bacher - Fix security issue MOAB-06-01-2007 - Fix security issue CVE-2007-3387 - Fix security issue CVE-2007-5049 (Closes: #443903) * debian/watch: - update (Closes: #441012) * debian/control, debian/libpoppler2.install, debian/libpoppler-glib2.install, debian/libpoppler-qt2.install, debian/libpoppler-qt4-2.install, debian/rules: - updated for soname change * debian/libpoppler-glib-dev.install: - install new test-poppler-glib * debian/patches/002_CVE-2006-0301.patch: - dropped, deprecated by the upstream changes * debian/patches/003_glib-2.0-configure.patch: * debian/patches/004_CVE-2007-0104.patch: * debian/patches/005_fix_inverted_text_from_bug_8944.patch: - dropped, fixed with the new version * debian/patches/006_pthreads_ldflags.patch: - updated -- Ondřej Surý Thu, 27 Sep 2007 09:03:33 +0200 poppler (0.5.4-6) unstable; urgency=low * Conflict with old library names from experimental. (Closes: #426023) -- Ondřej Surý Wed, 30 May 2007 08:42:32 +0200 poppler (0.5.4-5) unstable; urgency=low * Add missing poppler/poppler-link-qt3.h header to libpoppler-qt-dev; thanks Sune Vuorela; closes: #425486. * Let libpoppler-qt4-dev depend on libpoppler-qt-dev since some of its headers require poppler-page-transition.h which is clearly from the Qt bindings; thanks Sune Vuorela; closes: #425540. * Wrap build-deps and deps. * Drop useless debian/*.dirs. * Misc cleanups. * Build-dep on autotools-dev and drop bogus lintian overrides. -- Loic Minier Thu, 24 May 2007 23:09:23 +0200 poppler (0.5.4-4) unstable; urgency=low * The "Augean Stables" release. * 0.5.x branch fixes all kind of displaying errors Closes: #372169, #235360, #331380, #332426, #336616 Closes: #402647, #369164, #413953, #343654 * Add versioned conflict to pdftohtml (Closes: #393169) * We dropped .la files some time ago, libjpeg62-dev dependency not needed now (Closes: #413112) * Crash fixed in 0.5.4 (Closes: #418638) * [control.in]: dropped some time ago (Closes: #407818) * NMU 0.5.4-5.1 merged as 004_CVE-2007-0104.patch (Closes: #407810) * 0.5.x uploaded to unstable (Closes: #352522) * qt4 libraries are now part of build (Closes: #414643) * No longer depends on poppler-data (Closes: #389753) * [debian/patches/006_pthreads_ldflags.patch]: + Add -lpthread to poppler/Makefile.am (Closes: #399275) -- Ondřej Surý Wed, 16 May 2007 10:45:39 +0200 poppler (0.5.4-3) unstable; urgency=low * Upload to unstable. * Enable Cairo output again. * Enable gtk-doc build. * Add lintian override for outdated-autotools-helper-files (we use CDBS). * Change shared library packages names according to Library Packaging Guide. * Change ${Source-Version} to ${binary:Version} to allow binNMU * Drop (= ${Source-Version}) dependency in glib, qt3, qt4 libraries; we are adding that from debian/rules * Merge changes from Ubuntu: + Enable Qt4 library build (but change name to libpoppler-qt4-1). + [debian/patches/004_CVE-2007-0104.patch]: - Limit recursion depth of the parsing tree to 100 to avoid infinite loop with crafted documents. - Patch taken from koffice security update (which has a copy of xpdf sources). + [debian/patches/005_fix_inverted_text_from_bug_8944.patch]: - fixes "text is inverted in some PDFs" -- Ondřej Surý Wed, 16 May 2007 08:26:47 +0200 poppler (0.5.4-2) experimental; urgency=low * [debian/control]: poppler-data is non-free, do not depend on it (Closes: #389753) -- Ondřej Surý Mon, 2 Oct 2006 14:41:58 +0200 poppler (0.5.4-1) experimental; urgency=low * New upstrem release. * [debian/control.in]: remove file and add all pkg-freedesktop people to Uploaders: field * [debian/control]: Add dependency on poppler-data package. * [debian/patches/03_glib-2.0-configure.patch]: fix broken configure.ac -- Ondřej Surý Fri, 22 Sep 2006 16:49:17 +0200 poppler (0.5.3-1) experimental; urgency=low * New upstream release. * debian/lib{poppler,poppler-glib,poppler-qt}-dev.install: Stop shipping /usr/lib/*.la in libpoppler*-dev. -- Ondřej Surý Wed, 31 May 2006 17:19:34 +0200 poppler (0.5.2-1) experimental; urgency=low * New upstream release. * Remove patches adopted upstream: debian/patches/000_incorrect_define_fix.patch debian/patches/000_splash_build_fix.patch -- Ondřej Surý Tue, 23 May 2006 20:21:30 +0200 poppler (0.5.1-1) experimental; urgency=low * Merge back changes from Ubuntu. * Upload to experimental (Closes: 352522) -- Ondřej Surý Tue, 18 Apr 2006 15:08:26 +0200 poppler (0.5.1-0ubuntu6) dapper; urgency=low * Install poppler-page-transition into libpoppler-qt-dev (not libpoppler-dev), since it comes from the Qt bindings. Closes: LP#32179 -- Martin Pitt Mon, 10 Apr 2006 12:20:46 +0200 poppler (0.5.1-0ubuntu5) dapper; urgency=low * debian/patches/000_incorrect_define_fix.patch: - patch from the CVS, fix an incorrect boxes rendering (Ubuntu: #33239) -- Sebastien Bacher Thu, 23 Mar 2006 12:33:17 +0100 poppler (0.5.1-0ubuntu4) dapper; urgency=low * debian/control.in: libpoppler-dev needs to depend on libfontconfig1-dev, because we directly include in GlobalParams.h -- Adam Conrad Thu, 16 Mar 2006 11:23:00 +1100 poppler (0.5.1-0ubuntu3) dapper; urgency=low * debian/control.in: Have poppler-utils Replace: xpdf-reader, since both contain pdftoppm.1.gz. -- Martin Pitt Mon, 13 Mar 2006 09:10:12 +0100 poppler (0.5.1-0ubuntu2) dapper; urgency=low * debian/control.in: - fix the libpoppler1 package description -- Sebastien Bacher Thu, 9 Mar 2006 09:43:15 +0000 poppler (0.5.1-0ubuntu1) dapper; urgency=low * New upstream version: - Support for embedded files. - Handle 0-width lines correctly. - Avoid external file use when opening fonts. - Only use vector fonts returned from fontconfig (#5758). - Fix scaled 1x1 pixmaps use for drawing lines (#3387). - drawSoftMaskedImage support in cairo backend. - Misc bug fixes: #5922, #5946, #5749, #5952, #4030, #5420. * debian/control.in, debian/libpoppler0c2.dirs, debian/libpoppler0c2-glib.dirs, debian/libpoppler0c2-glib.install, debian/libpoppler0c2.install, debian/libpoppler0c2-qt.dirs, debian/libpoppler0c2-qt.install, debian/rules: - updated for the soname change * debian/patches/000_splash_build_fix.patch: - fix build when using splash * debian/patches/001_fixes_for_fonts_selection.patch: - fix with the new version -- Sebastien Bacher Mon, 6 Mar 2006 18:42:44 +0000 poppler (0.5.0-0ubuntu5) dapper; urgency=low * debian/control.in, debian/rules: - build without libcairo -- Sebastien Bacher Sun, 26 Feb 2006 20:05:10 +0100 poppler (0.5.0-0ubuntu4) dapper; urgency=low * debian/patches/001_fixes_for_fonts_selection.patch: - change from the CVS, fix some renderings issues and fonts selection -- Sebastien Bacher Tue, 7 Feb 2006 13:38:04 +0100 poppler (0.5.0-0ubuntu3) dapper; urgency=low * SECURITY UPDATE: Buffer overflow. * Add debian/patches/002_CVE-2006-0301.patch: - splash/Splash.cc, Splash::drawPixel(), Splash::drawSpan(), Splash::xorSpan(): Check coordinates for integer overflow. * CVE-2006-0301 -- Martin Pitt Fri, 3 Feb 2006 18:13:30 +0000 poppler (0.5.0-0ubuntu2) dapper; urgency=low * debian/rules: Bump shlibs version to 0.5.0. -- Martin Pitt Fri, 20 Jan 2006 16:56:40 +0100 poppler (0.5.0-0ubuntu1) dapper; urgency=low * New upstream release 0.5.0, required for new evince 0.5. * Merge with Debian. * Remove patches adopted upstream: - debian/patches/000_add-poppler-utils.patch - debian/patches/002-selection-crash-bug.patch * debian/libpoppler-dev.install: - Install poppler-page-transition.h. - Do not install poppler-config.h, it doesn't exist any more. - Upstream doesn't install legacy xpdf includes any more, fix path to install them into libpoppler-dev. * Add debian/patches/001_jpxstream_int_crash.patch: - poppler/JPXStream.h: Fix declaration of cbW to be signed. JPXStream.cc, readCodeBlockData() negates the value, which results in an invalid value on 64 bit platforms if using unsigned types. - Thanks to Vladimir Nadvornik for pointing at this. -- Martin Pitt Thu, 19 Jan 2006 23:49:52 +0100 poppler (0.4.4-1) unstable; urgency=high * New upstream security release - fixes CVE-2005-3624, CVE-2005-3625, CVE-2005-3627 * Remove debian/patches/003-CVE-2005-3624_5_7.patch: - Merged upstream * Remove debian/patches/004-fix-CVE-2005-3192.patch: - Merged upstream * Remove debian/patches/001-relibtoolize.patch - Upstream uses recent libtool -- Ondřej Surý Thu, 12 Jan 2006 20:40:27 +0100 poppler (0.4.3-3) unstable; urgency=low * Fix missing libcairo2-dev dependency (Closes: #346277) -- Ondřej Surý Fri, 6 Jan 2006 21:37:10 +0100 poppler (0.4.3-2) unstable; urgency=high [ Martin Pitt ] * SECURITY UPDATE: Multiple integer/buffer overflows. * Add debian/patches/003-CVE-2005-3624_5_7.patch: - poppler/Stream.cc, CCITTFaxStream::CCITTFaxStream(): + Check columns for negative or large values. + CVE-2005-3624 - poppler/Stream.cc, numComps checks introduced in CVE-2005-3191 patch: + Reset numComps to 0 since it's a global variable that is used later. + CVE-2005-3627 - poppler/Stream.cc, DCTStream::readHuffmanTables(): + Fix out of bounds array access in Huffman tables. + CVE-2005-3627 - poppler/Stream.cc, DCTStream::readMarker(): + Check for EOF in while loop to prevent endless loops. + CVE-2005-3625 - poppler/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(), JBIG2Bitmap::expand(), JBIG2Stream::readHalftoneRegionSeg(): + Check user supplied width and height against invalid values. + Allocate one extra byte to prevent out of bounds access in combine(). * Add debian/patches/004-fix-CVE-2005-3192.patch: - Fix nVals int overflow check in StreamPredictor::StreamPredictor(). - Forwarded upstream to https://bugs.freedesktop.org/show_bug.cgi?id=5514. [ Ondřej Surý ] * Merge changes from Ubuntu (Closes: #346076). * Enable Cairo output again. -- Ondřej Surý Thu, 5 Jan 2006 14:54:44 +0100 poppler (0.4.3-1) unstable; urgency=high * New upstream release. * New maintainer (Closes: #344738) * CVE-2005-3191 and CAN-2005-2097 fixes merged upstream. * Fixed some rendering bugs and disabled Cairo output (Closes: #314556, #322964, #328211) * Acknowledge NMU (Closes: #342288) * Add 001-selection-crash-bug.patch (Closes: #330544) * Add poppler-utils (merge patch from Ubuntu) -- Ondřej Surý Fri, 30 Dec 2005 11:34:07 +0100 poppler (0.4.2-1.1) unstable; urgency=high * SECURITY UPDATE: Multiple integer/buffer overflows. * NMU to fix RC security bug (closes: #342288) * Add debian/patches/04_CVE-2005-3191_2_3.patch taken from Ubuntu, thanks to Martin Pitt: * poppler/Stream.cc, DCTStream::readBaselineSOF(), DCTStream::readProgressiveSOF(), DCTStream::readScanInfo(): - Check numComps for invalid values. - http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities - CVE-2005-3191 * poppler/Stream.cc, StreamPredictor::StreamPredictor(): - Check rowBytes for invalid values. - http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities - CVE-2005-3192 * poppler/JPXStream.cc, JPXStream::readCodestream(): - Check img.nXTiles * img.nYTiles for integer overflow. - http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities - CVE-2005-3193 -- Frank Küster Fri, 23 Dec 2005 16:36:30 +0100 poppler (0.4.2-1) unstable; urgency=low * GNOME Team upload. * New upstream version. * debian/control.in: - updated the Build-Depends on libqt (Closes: #326130). * debian/rules: - updated the shlibs. -- Sebastien Bacher Wed, 7 Sep 2005 12:41:48 +0200 poppler (0.4.0-1) unstable; urgency=low * GNOME Team Upload. * Rebuild for the CPP transition. * New upstream version (Closes: #311133): - fix some crashers (Closes: #315590, #312261, #309410). - fix some rendering defaults (Closes: #314441, #315383, #309697, #308785). * debian/control.in, debian/rules: - build with the current cairo version (Closes: #321368, #318293). - update for the renamed the packages. * debian/patches/01_CAN-2005-2097.patch: - Patch from Ubuntu, thanks Martin Pitt. - Check sanity of the TrueType "loca" table. Specially crafted broken tables caused disk space exhaustion due to very large generated glyph descriptions when attempting to fix the table. - Upstream patch scheduled for xpdf 3.01. - CAN-2005-2097 * debian/watch: - fixed, patch by Jerome Warnier (Closes: #310996). -- Sebastien Bacher Wed, 17 Aug 2005 21:54:07 +0200 poppler (0.3.1-1) unstable; urgency=low * New upstream release * Upstream fixed the Qt build bug, so now I can enable Qt build. (Closes:#307340) It leads two new binary packages libpoppler0-qt and libpoppler-qt-dev. * Excluded DEB_CONFIGURE_SYSCONFDIR setting, which is obsolete by the upstream removal of xpdfrc config. -- Changwoo Ryu Wed, 4 May 2005 00:19:35 +0900 poppler (0.3.0-2) unstable; urgency=high * Added shlib version info for libpoppler0-glib. * Corrected dependencies of libpoppler0-glib and libpoppler-glib-dev. (Closes: #306897) * Build-Depends on libgtk2.0-dev for -glib packages. (Closes: #306885) * Corrected descriptions of -glib packages. -- Changwoo Ryu Thu, 28 Apr 2005 02:41:25 +0900 poppler (0.3.0-1) unstable; urgency=low * New upstream release (Closes: #306573) * Added new binary packages libpoppler0-glib and libpoppler-glib-dev, which are GLib-based interfaces. Qt interface build is termporarily disabled, because of an upstream FTBFS. -- Changwoo Ryu Thu, 28 Apr 2005 02:07:23 +0900 poppler (0.1.2-1) unstable; urgency=low * Initial Release (Closes: #299518) -- Changwoo Ryu Tue, 15 Mar 2005 02:08:00 +0900