Fixes multiple vulnerabilites
Change list too long to include here, see http://www.foolabs.com/xpdf/CHANGES
(file does not note what changes were included in 3.02pl1 - 3.02pl4 and which
are new for 3.03)
------------------
Added the continuous view mode, including the '-cont' switch and the
'continuousView' config file option.
At high zoom levels, don't rasterize the entire page - this avoids
problems running out of memory.
Added "search backward" and "match case" options to the find dialog.
Support explicitly masked images and soft masked images.
Add support to DCTStream for 16-bit quant tables.
Don't segfault if the user clicks on an outline entry with a broken
destination.
Changed the makefiles and configure script to skip building pdftoppm
(in addition to xpdf) if X, Motif, or FreeType is not found; changed
the error message in the configure script to match.
Move an inline function in JArithmeticDecoder.cc to avoid compiler
errors.
Fixed a bug in the rasterizer that was sometimes causing infinite
loops with round line caps on vertical lines.
Various rasterizer optimizations.
Look for intermediate resize events - try to avoid lagging when the
user is doing an opaque resize.
The FormType key in Form XObjects is optional.
Handle external 16-bit TrueType fonts correctly, using the Unicode
cmap.
Add class declarations to TextOutputDev.h to work with stricter C++
compilers.
More...
"A vulnerability has been reported in Xpdf, which can be exploited by
malicious people to cause a DoS (Denial of Service) on a vulnerable system."
http://secunia.com/advisories/16374/
Patches from Ubuntu and RedHat.
Changes:
- s/USE_X11BASE/USE_X11/
- fix paths in manual pages
- install shared directory for supplemental packages
2.02:
=====
- Rewrote the text extractor code that assembles words into lines to
better handle vertically overlapping lines.
- Add the "match" option for paper size (in PostScript output).
- Added support for external 16-bit TrueType fonts; added the
displayCIDFontTT and displayNamedCIDFontTT commands to the xpdfrc
file.
- Added an Arabic language support package.
- Added the Windows-1255 encoding to the Hebrew language package.
- A missing NULL check was causing a crash when closing the file in a
single window (which clears out the window, but leaves it open).
- Deal with TrueType fonts whose glyph data is out of order - this
affected both FreeType rasterization and PostScript generation.
- Munge font names in PSOutputDev to avoid names that are problematic
for ghostscript because they start with an out-of-limits number
(e.g., 1e999foo).
- Modify the TrueType font encoding deciphering algorithm in yet another
attempt to match up with Acrobat's behavior.
- Bounds check the indexHigh value in indexed color spaces.
- The text extractor no longer bothers trying to get an average
character width for Type 3 fonts, since it generally doesn't work
very well (because Type 3 metrics are unreliable).
- Don't crash if the user hits ctrl-G ("find again") before doing a
find.
- Set the button pixmap foreground color correctly.
- Handle text drawn backward on 180 degree rotated pages.
- Added a magic call to XtUngrabButton after calling XmCreatePopupMenu
which appears to prevent some very odd problems (idea taken from the
DDD source code).
- Fix the MacOS X fix (needed to include <AvailabilityMacros.h>).
- Fixed a bunch of Motif 1.x / X11R5 incompatibilities. [Thanks to
William Bader and Albert Chin-A-Young.]
- Fixed various bugs in previously untested code in the JBIG2 decoder.
- Modify the XPDFCore destructor to avoid a bogus warning message from
OpenMotif 2.2.
- Modified the Type 1C font parser to do proper bounds checking.
- Fixed the bounds checking in the TrueType font parser.
- Text extractor shouldn't do block merging in physical layout mode.
- Fixed a problem in PSOutputDev in level2sep mode with images in a
Separation color space and with a non-default Decode array.
- Text extraction with "-raw" was concatenating lines from the bottom
of one column and the top of the next.
- Handle Type 1C subroutines in the font converters.
- Correctly handle progressive JPEG images whose scans are slightly
different sizes (e.g., the Y scan rounds up to a multiple of 8
pixels and the Cb/Cr scans round up to 16 pixels).
- Avoid a potential divide-by-zero problem in TextOutputDev.
- Modified the T1Font and FTFont modules to correctly handle glyphs that
are larger than the font's claimed bounding box.
- Tweak dupMaxDeltaX parameter in TextOutputDev to avoid triggering on
double characters.
- Improved detection in pdfinfo for ISO paper sizes. [Thanks to Hartmut
Henkel.]
- Xpdf wasn't responding to the TARGETS atom, which prevented pasting
the selection into various applications. [Thanks to Phillip Ezolt.]
- Handle XObjects with recursive references in their Resources
dictionaries (in PSOutputDev).
- Change PSOutputDev to deal with invalid PDF files that use
non-embedded TrueType fonts with no encoding.
- Check for undersized Widths arrays in fonts.
- Add bounds checking code to Array class.
- Updated VMS build scripts. [Thanks to Martin Zinser.]
- Tweak the TrueType font handling code (again):
- char codes in symbolic fonts may or may not be offset by 0xf000
- discard empty tables because they sometimes confuse FreeType
- Fixed bounds checking in the Flate decoder.
- Removed a bogus error message for exponential functions without
explicit C0/C1 values. [Thanks to Hartmut Henkel.]
- Handle the other Unicode cmap type (platform=0) in TrueType fonts.
- Added support for the SGI Motif horizontal paned window widget.
[Thanks to Felix Ritter.]
- Ignore extra elements in link destination arrays.
- Accept external Type 1 font files with a suffix of ".ps" or no suffix
at all.
- Add a bounds check in the DCT decoder.
- Added instructions for building xpdf.exe under cygwin/XFree86.
Changes since 1.01:
- Switched to the Motif toolkit.
- Support multiple open documents (in separate windows).
- Added document outlines to the viewer.
- Implemented the JBIG2 decoder.
- Added support for movie annotations.
- Switched back to native LZW decompression code.
- Many bug fixes and enhancements.
Honoring ${PKG_SYSCONFDIR} for location of xpdfrc.
Implemented Type 3 fonts.
Implemented PostScript CID font embedding; added a
psEmbedCIDPostScriptFonts option.
Implemented PostScript 16-bit font substitution; added psNamedFont16
and psFont16 options.
Moved the initialZoom setting from X resources to the xpdfrc file.
Implemented the radial shading type in the sh (shaded fill) operator.
[Thanks to Mike Sweet.]
Added an 'include' command to the xpdfrc format.
Added the displayNamedCIDFontX option so different fonts can be used
within one character collection.
Implemented stroked text in XOutputDev (with t1lib and FreeType2).
[Thanks to Leonard Rosenthol.]
Implemented stroked text in PSOutputDev.
Added a built-in Unicode map for UCS-2.
PSOutputDev will now embed external TrueType fonts in addition to
external Type 1 fonts.
Added the Big5ascii Unicode map to the Chinese-traditional support
package (maps 7-bit ASCII straight through). [Thanks to Lawrence
Lai.]
Modified the EUC-CN and EUC-JP encodings to pass 7-bit ASCII straight
through. [Thanks to Lawrence Lai.]
In the code that guesses character names (for font subsets), also
handle names of the form 'ABnnn'. [Thanks to Colin Granville.]
Tweak the Type 1 font bbox code to look at the bboxes in both the PDF
font object and the embedded font file.
Added an optional displayCIDFontX entry for one of the Arphic TrueType
fonts in the traditional Chinese 'add-to-xpdfrc' file.
Added psASCIIHex parameter.
Added the GBK Unicode map to the simplified Chinese language pack.
Pdftotext now opens the text file in binary mode to avoid Microsoft's
annoying automatic end-of-line translation stuff.
Added an executeCommand function in goo/gfile.cc. [Thanks to Mikhail
Kruk.]
The %ALDImagePosition OPI comment was wrong if the page was scaled to
a different paper size.
The OPI code was saving the default transform matrix before calling
setpagedevice, which can change the matrix.
PSOutputDev now handles PostScript XObjects.
Implemented the sh (shaded fill) operator for the axial shading type.
Minor fixes to avoid compiler warnings.
Fix an uninitialized var in XOutputDev that caused crashes on Alphas.
Don't incrementally update the display in full-screen mode.
Added a duplex option to PSOutputDev and a -duplex switch to pdftops.
Completely rewrote the code that handles font encodings:
- everything is Unicode-based
- 16-bit fonts are handled much more cleanly
- text output encoding can be set more flexibly
New .xpdfrc config files.
Added key bindings for forward ('v') and backward ('b').
Added the pdffonts program which lists the fonts used in a PDF file.
Fixed several problems in the TrueType font embedding code
Accept named destination on command line.
Added several new items to pdfinfo: file size, PDF version, tagged
(yes or no), XML metadata (with the -meta option).
Pdftops didn't get the portrait/landscape setting correct for PDF
files with rotated pages.
The TrueTypeFontFile class (including the Type 42 converter) now
understands cmap format 6.
The '0' keyboard shortcut didn't update the zoom popup menu.
Handle the complete list of alternate names for the Base14 fonts.
Fixed substitute font scaling in XOutputDev - scale only the width,
not the height.
Implemented stitching (type 3) functions.
Handle the case of moveto/closepath/clip, which defines an empty
clipping region.
Move dependences into separate Makefile.dep files; get rid of the
distdepend target.
Move all of the configure-script-generated -D options out of the
Makefiles and into a top-level .h file (aconf.h).
Pdfinfo prints dates in a more readable format.
Fixed a bug in the Paeth image predictor.
Handle annotations with multiple states.
The save and restore (q/Q) operators shouldn't save/restore the path.
Performance optimization: disable pattern drawing in TextOutputDev.
- PDF 1.4 (128-bit) decryption.
- FreeType 2 support.
- Embed TrueType fonts in PostScript output.
- Mouse wheel support.
- Text output for Simplified Chinese.
Lots more in the CHANGES file.