Includes fix for CVE-2024-56378
Changelog:
===========
core:
* TextOutputDev: Better detect fakebold words
* TextOutputDev: Faster sorting algorithm
* Internal code improvements
* Fix crashes in malformed documents
cpp:
* Remove rect parameter from image::copy, it was never implemented
qt6:
* Fix crash in Submit Forms if document links to non existing field
qt5:
* Fix crash in Submit Forms if document links to non existing field
glib:
* mark transfer of poppler_page_get_selected_region
utils:
* pdfdetach: Make -savefile work with Unicode strings. Issue #1540
build system:
* Don't update pdfsig.pot when POT-Creation-date is the only change
Droped 0001-Don-t-update-pdfsig.pot-when-POT-Creation-date-is-th.patch
as this is available in 25.01.0
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Last tag is from 2014, but bugfixing continued and last commit is from
year 2024. Additional 87 commits are present, mostly bugfixes.
PV already has "+git" although it was exactly on tag, no edit needed.
Drop 3 patches which are included in current git version.
Add CVE_STATUS for 2 CVEs from those patches.
Also mark one additional CVE as fixed: CVE-2021-33454.
Stack trace from https://github.com/yasm/yasm/issues/166
References the same line of code as corrected in
https://github.com/yasm/yasm/pull/244
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It exports all symbols globally which results in a symbol clash, for
example "hashtable_del" of ulogd2. It has been revealed because the
recipe inherits cmake over autotools since Langdale.
This fixes it by specifying visibility scope of symbols in its version
script which matches what is given with the libtool flag
'-export-symbols-regex' in Makefile.am.
Signed-off-by: Jaeyoon Jung <jaeyoon.jung@lge.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
After fixing the TMPDIR [buildpaths] warning, a segmentation fault while
running gphoto2 command.
It seems 'sed' is primarily designed for text processing. When running
'sed' on a binary, it may overwrite or corrupt critical parts of the
binary.
> root@qemux86-64:~# gphoto2 -v
> Segmentation fault
Signed-off-by: Hieu Van Nguyen <hieu2.nguyen@lge.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog: https://github.com/c-ares/c-ares/releases/tag/v1.32.0
Features:
Add support for DNS 0x20 to help prevent cache poisoning attacks, enabled
by specifying ARES_FLAG_DNS0x20. Disabled by default. PR #800
Rework query timeout logic to automatically adjust timeouts based on network
conditions. The timeout specified now is only used as a hint until there
is enough history to calculate a more valid timeout. PR #794
Changes:
DNS RR TXT strings should not be automatically concatenated as there are use
cases outside of RFC 7208. In order to maintain ABI compliance, the ability
to retrieve TXT strings concatenated is retained as well as a new API to
retrieve the individual strings. This restores behavior from c-ares 1.20.0.
PR #801
Clean up header inclusion logic to make hacking on code easier. PR #797
GCC/Clang: Enable even more strict warnings to catch more coding flaws. 253bdee
MSVC: Enable /W4 warning level. PR #792
Bugfixes:
Tests: Fix thread race condition in test cases for EventThread. PR #803
Windows: Fix building with UNICODE. PR #802
Thread Saftey: ares_timeout() was missing lock. 74a64e4
Fix building with DJGPP (32bit protected mode DOS). PR #789
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Similarly to old openssl versions, proftpd has patch releases with
characters instead of numbers.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Patch releases have character after version
devtool upgrade would currently downgrade 1.3.8b -> 1.3.8
This will make it upgrade 1.3.8b -> 1.3.8c
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Commit d89fc818b7 changed the
permissions back to 700, which is wrong for /usr/share, these
files are intended to be world readable. Change it back.
Fixes: d89fc818b7 ("polkit: Install rules in subdir")
Signed-off-by: Luca Boccassi <luca.boccassi@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Plug memory leak in the notification portal backend
- Implement the contrast setting
- Set correct platform data for notification activation
- Drop use of private GNOME Shell notification API
- Depend on the graphical-session target
- Ensure proper shutdown target
- Build against xdg-desktop-portal >= 1.19.1
- Translation updates
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Wang Mingyu
Yogita Urade
Peter Marko
Jason Schonberg
Markus Volk
Derek Straka
Luca Boccassi
Jaeyoon Jung
Hieu Van Nguyen
Bartosz Szostak
Ayoub Zaki
Khem Raj