El dilluns, 1 d’abril del 2024, a les 20:59:13 (CEST), William Bader va escriure: > Until the full extent of the recent xz compromise is known, would it be > possible to distribute in an additional format like bz2?
If you fear my system has been potentially compromised and the tar.xz I created can not be trusted, you should not trust the tar.bz2 I created either. You can create your own tarballs by running git archive --prefix=poppler-24.4.0/ 0aa1fe5c30a6c467c91bad8d81bd6c2f57fcb726 > poppler-24.4.0.tar on the git repository If you check the add_custom_target(dist in CMakeLists.txt that and a few small other things is what is used to create the release tarball. Cheers, Albert > The compromise was > introduced in xz 5.6.0, which is only in bleeding edge distributions, but > the developer controlled releases starting at 5.3.1. > > "backdoor in upstream xz/liblzma leading to ssh server compromise" > https://www.openwall.com/lists/oss-security/2024/03/29/4 > > "Linux xz Backdoor Damage Could Be Greater Than Feared" > https://thenewstack.io/linux-xz-backdoor-damage-could-be-greater-than-feare > d/ > > > > > ________________________________ > From: poppler <[email protected]> on behalf of Albert > Astals Cid <[email protected]> Sent: Monday, April 1, 2024 4:08 AM > To: [email protected] <[email protected]> > Cc: [email protected] <[email protected]> > Subject: Poppler 24.04.0 released > > Available from http://poppler.freedesktop.org/poppler-24.04.0.tar.xz > > The tarball is signed at > http://poppler.freedesktop.org/poppler-24.04.0.tar.xz.sig with my key > https://pgp.surfnet.nl/pks/lookup?op=get&search=0xCA262C6C83DE4D2FB28A332A3 > A6A4DB839EAA6D7 > > Release 24.04.0: > core: > * Optimize page text extraction speed > * Fix clipping path handling in some files. Issue #739 > * Fix regression in text selection > * Fix text search across lines between paragraphs > > qt6: > * Fix crash in SoundObject::data > > utils: > * pdfsig: Add Catalan translation > > build system: > * Build code as C++20 > > This release was brought to you by Albert Astals Cid, Josep M. Ferrer, > Nelson Benítez León, Stefan Brüns and everyone else that filed bugs or > helped with code reviews :) > > Testing, patches and bug reports welcome. > > Cheers, > Albert
