From freedesktop-poppler Mon Apr 01 22:41:37 2024 From: Albert Astals Cid Date: Mon, 01 Apr 2024 22:41:37 +0000 To: freedesktop-poppler Subject: Re: Poppler 24.04.0 released Message-Id: <8038860.qJSNaBkbe3 () xps15> X-MARC-Message: https://marc.info/?l=freedesktop-poppler&m=171201115616174 El dilluns, 1 d=E2=80=99abril del 2024, a les 20:59:13 (CEST), William Bade= r va escriure: > Until the full extent of the recent xz compromise is known, would it be > possible to distribute in an additional format like bz2?=20 If you fear my system has been potentially compromised and the tar.xz I cre= ated can not be trusted, you should not trust the tar.bz2 I created either. You can create your own tarballs by running git archive --prefix=3Dpoppler-24.4.0/ 0aa1fe5c30a6c467c91bad8d81bd6c2f57= fcb726 > poppler-24.4.0.tar on the git repository If you check the=20 add_custom_target(dist in CMakeLists.txt that and a few small other things is what is used to crea= te the release tarball. Cheers, Albert > The compromise was > introduced in xz 5.6.0, which is only in bleeding edge distributions, but > the developer controlled releases starting at 5.3.1. >=20 > "backdoor in upstream xz/liblzma leading to ssh server compromise" > https://www.openwall.com/lists/oss-security/2024/03/29/4 >=20 > "Linux xz Backdoor Damage Could Be Greater Than Feared" > https://thenewstack.io/linux-xz-backdoor-damage-could-be-greater-than-fea= re > d/ >=20 >=20 >=20 >=20 > ________________________________ > From: poppler on behalf of Albert > Astals Cid Sent: Monday, April 1, 2024 4:08 AM > To: poppler@lists.freedesktop.org > Cc: ftp-release@lists.freedesktop.org > Subject: Poppler 24.04.0 released >=20 > Available from http://poppler.freedesktop.org/poppler-24.04.0.tar.xz >=20 > The tarball is signed at > http://poppler.freedesktop.org/poppler-24.04.0.tar.xz.sig with my key > https://pgp.surfnet.nl/pks/lookup?op=3Dget&search=3D0xCA262C6C83DE4D2FB28= A332A3 > A6A4DB839EAA6D7 >=20 > Release 24.04.0: > core: > * Optimize page text extraction speed > * Fix clipping path handling in some files. Issue #739 > * Fix regression in text selection > * Fix text search across lines between paragraphs >=20 > qt6: > * Fix crash in SoundObject::data >=20 > utils: > * pdfsig: Add Catalan translation >=20 > build system: > * Build code as C++20 >=20 > This release was brought to you by Albert Astals Cid, Josep M. Ferrer, > Nelson Ben=C3=ADtez Le=C3=B3n, Stefan Br=C3=BCns and everyone else that f= iled bugs or > helped with code reviews :) >=20 > Testing, patches and bug reports welcome. >=20 > Cheers, > Albert