'Re: Poppler 24.04.0 released'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freedesktop-poppler
Subject:    Re: Poppler 24.04.0 released
From:       Albert Astals Cid <aacid () kde ! org>
Date:       2024-04-01 22:41:37
Message-ID: 8038860.qJSNaBkbe3 () xps15
[Download RAW message or body]

El dilluns, 1 d'abril del 2024, a les 20:59:13 (CEST), William Bader va escriure:
> Until the full extent of the recent xz compromise is known, would it be
> possible to distribute in an additional format like bz2? 

If you fear my system has been potentially compromised and the tar.xz I created can not be trusted, you \
should not trust the tar.bz2 I created either.

You can create your own tarballs by running
  git archive --prefix=poppler-24.4.0/ 0aa1fe5c30a6c467c91bad8d81bd6c2f57fcb726 > poppler-24.4.0.tar
on the git repository

If you check the 
  add_custom_target(dist
in CMakeLists.txt that and a few small other things is what is used to create the release tarball.

Cheers,
  Albert

> The compromise was
> introduced in xz 5.6.0, which is only in bleeding edge distributions, but
> the developer controlled releases starting at 5.3.1.
> 
> "backdoor in upstream xz/liblzma leading to ssh server compromise"
> https://www.openwall.com/lists/oss-security/2024/03/29/4
> 
> "Linux xz Backdoor Damage Could Be Greater Than Feared"
> https://thenewstack.io/linux-xz-backdoor-damage-could-be-greater-than-feare
> d/
> 
> 
> 
> 
> ________________________________
> From: poppler <poppler-bounces@lists.freedesktop.org> on behalf of Albert
> Astals Cid <aacid@kde.org> Sent: Monday, April 1, 2024 4:08 AM
> To: poppler@lists.freedesktop.org <poppler@lists.freedesktop.org>
> Cc: ftp-release@lists.freedesktop.org <ftp-release@lists.freedesktop.org>
> Subject: Poppler 24.04.0 released
> 
> Available from http://poppler.freedesktop.org/poppler-24.04.0.tar.xz
> 
> The tarball is signed at
> http://poppler.freedesktop.org/poppler-24.04.0.tar.xz.sig with my key
> https://pgp.surfnet.nl/pks/lookup?op=get&search=0xCA262C6C83DE4D2FB28A332A3
> A6A4DB839EAA6D7
> 
> Release 24.04.0:
> core:
> * Optimize page text extraction speed
> * Fix clipping path handling in some files. Issue #739
> * Fix regression in text selection
> * Fix text search across lines between paragraphs
> 
> qt6:
> * Fix crash in SoundObject::data
> 
> utils:
> * pdfsig: Add Catalan translation
> 
> build system:
> * Build code as C++20
> 
> This release was brought to you by Albert Astals Cid, Josep M. Ferrer,
> Nelson Benítez León, Stefan Brüns and everyone else that filed bugs or
> helped with code reviews :)
> 
> Testing, patches and bug reports welcome.
> 
> Cheers,
> Albert


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic