Poppler 24.04.0 released

William Bader williambader at hotmail.com
Tue Apr 2 01:18:08 UTC 2024


Thanks. I was also worried about using xz unnecessary on my fedora laptop.
________________________________
From: poppler <poppler-bounces at lists.freedesktop.org> on behalf of Albert Astals Cid <aacid at kde.org>
Sent: Monday, April 1, 2024 6:41 PM
To: poppler at lists.freedesktop.org <poppler at lists.freedesktop.org>
Subject: Re: Poppler 24.04.0 released

El dilluns, 1 d’abril del 2024, a les 20:59:13 (CEST), William Bader va escriure:
> Until the full extent of the recent xz compromise is known, would it be
> possible to distribute in an additional format like bz2?

If you fear my system has been potentially compromised and the tar.xz I created can not be trusted, you should not trust the tar.bz2 I created either.

You can create your own tarballs by running
  git archive --prefix=poppler-24.4.0/ 0aa1fe5c30a6c467c91bad8d81bd6c2f57fcb726 > poppler-24.4.0.tar
on the git repository

If you check the
  add_custom_target(dist
in CMakeLists.txt that and a few small other things is what is used to create the release tarball.

Cheers,
  Albert

> The compromise was
> introduced in xz 5.6.0, which is only in bleeding edge distributions, but
> the developer controlled releases starting at 5.3.1.
>
> "backdoor in upstream xz/liblzma leading to ssh server compromise"
> https://www.openwall.com/lists/oss-security/2024/03/29/4
>
> "Linux xz Backdoor Damage Could Be Greater Than Feared"
> https://thenewstack.io/linux-xz-backdoor-damage-could-be-greater-than-feare
> d/
>
>
>
>
> ________________________________
> From: poppler <poppler-bounces at lists.freedesktop.org> on behalf of Albert
> Astals Cid <aacid at kde.org> Sent: Monday, April 1, 2024 4:08 AM
> To: poppler at lists.freedesktop.org <poppler at lists.freedesktop.org>
> Cc: ftp-release at lists.freedesktop.org <ftp-release at lists.freedesktop.org>
> Subject: Poppler 24.04.0 released
>
> Available from http://poppler.freedesktop.org/poppler-24.04.0.tar.xz
>
> The tarball is signed at
> http://poppler.freedesktop.org/poppler-24.04.0.tar.xz.sig with my key
> https://pgp.surfnet.nl/pks/lookup?op=get&search=0xCA262C6C83DE4D2FB28A332A3
> A6A4DB839EAA6D7
>
> Release 24.04.0:
> core:
>  * Optimize page text extraction speed
>  * Fix clipping path handling in some files. Issue #739
>  * Fix regression in text selection
>  * Fix text search across lines between paragraphs
>
> qt6:
>  * Fix crash in SoundObject::data
>
> utils:
>  * pdfsig: Add Catalan translation
>
> build system:
>  * Build code as C++20
>
> This release was brought to you by Albert Astals Cid, Josep M. Ferrer,
> Nelson Benítez León, Stefan Brüns and everyone else that filed bugs or
> helped with code reviews :)
>
> Testing, patches and bug reports welcome.
>
> Cheers,
>   Albert




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler/attachments/20240402/5b0549c1/attachment-0001.htm>


More information about the poppler mailing list