From 395bbc5838eff833f70ee9e16fc9a53b4a44b435024289ba257b9316d042d408 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Wed, 14 Apr 2021 11:24:12 +0000 Subject: [PATCH] Accepting request 884606 from home:pmonrealgonzalez:branches:Java:packages - Update to 2.0.23: * Security fixes: - CVE-2021-27807: A carefully crafted PDF file can trigger an infinite loop while loading the file [bsc#1184356] - CVE-2021-27906: OutOfMemory-Exception while loading a crafted PDF file [bsc#1184357] * Bug fixes: - Transparency Group issues - getLastSignatureDictionary modifies internal structure of PDDocument - NullPointerexception in AcroFormOrphanWidgetsProcessor.resolveNonRootField() - AcroForm PDTextField formatting lost when setting value - java.lang.IndexOutOfBoundsException - Failure to modify cropBox when splitting a PDF Page vertically into 2 pieces - ArrayIndexOutOfBoundsException in isOwnerPassword - IllegalArgumentException in computeEncryptedKeyRev56 - IllegalArgumentException in PDFObjectStreamParser.privateReadObjectNumbers - ClassCastException in COSStream.getFilterList - ArrayIndexOutOfBoundsException in PDFXrefStreamParser.parseValue * Improvements: - Improve document signing - Allow reuse of subsetted fonts by inverting the ToUnicode CMap - improve performance in signature validation - Add more checks to PDFXrefStreamParser and reduce memory footprint - Use StringBuilder for key in PDDeviceN.toRGBWithTintTransform() - Don't use RGB loop in PDDeviceN.toRGBWithTintTransform() OBS-URL: https://build.opensuse.org/request/show/884606 OBS-URL: https://build.opensuse.org/package/show/Java:packages/apache-pdfbox?expand=0&rev=29 --- apache-pdfbox.changes | 29 +++++++++++++++++++++++++++++ apache-pdfbox.spec | 2 +- pdfbox-2.0.22-build.tar.xz | 3 --- pdfbox-2.0.22-src.zip | 3 --- pdfbox-2.0.22-src.zip.asc | 6 ------ pdfbox-2.0.23-build.tar.xz | 3 +++ pdfbox-2.0.23-src.zip | 3 +++ pdfbox-2.0.23-src.zip.asc | 6 ++++++ 8 files changed, 42 insertions(+), 13 deletions(-) delete mode 100644 pdfbox-2.0.22-build.tar.xz delete mode 100644 pdfbox-2.0.22-src.zip delete mode 100644 pdfbox-2.0.22-src.zip.asc create mode 100644 pdfbox-2.0.23-build.tar.xz create mode 100644 pdfbox-2.0.23-src.zip create mode 100644 pdfbox-2.0.23-src.zip.asc diff --git a/apache-pdfbox.changes b/apache-pdfbox.changes index ed303e9..8a36734 100644 --- a/apache-pdfbox.changes +++ b/apache-pdfbox.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Mon Apr 12 08:13:49 UTC 2021 - Pedro Monreal + +- Update to 2.0.23: + * Security fixes: + - CVE-2021-27807: A carefully crafted PDF file can trigger an + infinite loop while loading the file [bsc#1184356] + - CVE-2021-27906: OutOfMemory-Exception while loading a crafted + PDF file [bsc#1184357] + * Bug fixes: + - Transparency Group issues + - getLastSignatureDictionary modifies internal structure of PDDocument + - NullPointerexception in AcroFormOrphanWidgetsProcessor.resolveNonRootField() + - AcroForm PDTextField formatting lost when setting value + - java.lang.IndexOutOfBoundsException + - Failure to modify cropBox when splitting a PDF Page vertically into 2 pieces + - ArrayIndexOutOfBoundsException in isOwnerPassword + - IllegalArgumentException in computeEncryptedKeyRev56 + - IllegalArgumentException in PDFObjectStreamParser.privateReadObjectNumbers + - ClassCastException in COSStream.getFilterList + - ArrayIndexOutOfBoundsException in PDFXrefStreamParser.parseValue + * Improvements: + - Improve document signing + - Allow reuse of subsetted fonts by inverting the ToUnicode CMap + - improve performance in signature validation + - Add more checks to PDFXrefStreamParser and reduce memory footprint + - Use StringBuilder for key in PDDeviceN.toRGBWithTintTransform() + - Don't use RGB loop in PDDeviceN.toRGBWithTintTransform() + ------------------------------------------------------------------- Mon Jan 4 12:21:38 UTC 2021 - Fabian Vogt diff --git a/apache-pdfbox.spec b/apache-pdfbox.spec index 6db464f..c2adebb 100644 --- a/apache-pdfbox.spec +++ b/apache-pdfbox.spec @@ -18,7 +18,7 @@ # Only fontbox and jempbox are built as pdfbox itself depends on Adobe's pcif. Name: apache-pdfbox -Version: 2.0.22 +Version: 2.0.23 Release: 0 Summary: Java PDF Library License: Apache-2.0 AND OFL-1.1 diff --git a/pdfbox-2.0.22-build.tar.xz b/pdfbox-2.0.22-build.tar.xz deleted file mode 100644 index 75e7adb..0000000 --- a/pdfbox-2.0.22-build.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e251074a59cb4293285745ab58bfdc87b981236029fd564b7a5cce1a76c3f472 -size 7464 diff --git a/pdfbox-2.0.22-src.zip b/pdfbox-2.0.22-src.zip deleted file mode 100644 index 40ab00e..0000000 --- a/pdfbox-2.0.22-src.zip +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:214ca7613b240dca0e55cd53735714de2a19fda443e4b5a058a730e446264679 -size 15585201 diff --git a/pdfbox-2.0.22-src.zip.asc b/pdfbox-2.0.22-src.zip.asc deleted file mode 100644 index 5a07e9d..0000000 --- a/pdfbox-2.0.22-src.zip.asc +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iF0EABEKAB0WIQSmApcP4b9cnIqUkbl6PJ/iHf2/RAUCX9pDkAAKCRB6PJ/iHf2/ -RBImAJ4t9UtGinGr8Qk3+YX6A/66gNLx3wCgzjzHY/hkA9MWP8iEDZACy+XoVvE= -=e0c8 ------END PGP SIGNATURE----- diff --git a/pdfbox-2.0.23-build.tar.xz b/pdfbox-2.0.23-build.tar.xz new file mode 100644 index 0000000..37cd515 --- /dev/null +++ b/pdfbox-2.0.23-build.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7346dd32e58b86fa566383af07d2cd196c1248d1a87b286e7fd4a0b6270c220e +size 15167 diff --git a/pdfbox-2.0.23-src.zip b/pdfbox-2.0.23-src.zip new file mode 100644 index 0000000..82b853a --- /dev/null +++ b/pdfbox-2.0.23-src.zip @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:05f8c10db42c0e56a82e5e4e6d9b8472ff1a7f53d58504eb182b0703722599e8 +size 15590829 diff --git a/pdfbox-2.0.23-src.zip.asc b/pdfbox-2.0.23-src.zip.asc new file mode 100644 index 0000000..d6e81e2 --- /dev/null +++ b/pdfbox-2.0.23-src.zip.asc @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iF0EABEKAB0WIQSmApcP4b9cnIqUkbl6PJ/iHf2/RAUCYE+SVwAKCRB6PJ/iHf2/ +RGcMAJ97o4Di7BfFGq4g8PExz36ZUwLbDwCffDJFklqPDTqoJsoaSNK3Ab6OWjM= +=Xz6l +-----END PGP SIGNATURE-----