Until the full extent of the recent xz compromise is known, would it be possible to distribute in an additional format like bz2? The compromise was introduced in xz 5.6.0, which is only in bleeding edge distributions, but the developer controlled releases starting at 5.3.1.
"backdoor in upstream xz/liblzma leading to ssh server compromise" https://www.openwall.com/lists/oss-security/2024/03/29/4 "Linux xz Backdoor Damage Could Be Greater Than Feared" https://thenewstack.io/linux-xz-backdoor-damage-could-be-greater-than-feared/ ________________________________ From: poppler <poppler-boun...@lists.freedesktop.org> on behalf of Albert Astals Cid <aa...@kde.org> Sent: Monday, April 1, 2024 4:08 AM To: poppler@lists.freedesktop.org <poppler@lists.freedesktop.org> Cc: ftp-rele...@lists.freedesktop.org <ftp-rele...@lists.freedesktop.org> Subject: Poppler 24.04.0 released Available from http://poppler.freedesktop.org/poppler-24.04.0.tar.xz The tarball is signed at http://poppler.freedesktop.org/poppler-24.04.0.tar.xz.sig with my key https://pgp.surfnet.nl/pks/lookup?op=get&search=0xCA262C6C83DE4D2FB28A332A3A6A4DB839EAA6D7 Release 24.04.0: core: * Optimize page text extraction speed * Fix clipping path handling in some files. Issue #739 * Fix regression in text selection * Fix text search across lines between paragraphs qt6: * Fix crash in SoundObject::data utils: * pdfsig: Add Catalan translation build system: * Build code as C++20 This release was brought to you by Albert Astals Cid, Josep M. Ferrer, Nelson Benítez León, Stefan Brüns and everyone else that filed bugs or helped with code reviews :) Testing, patches and bug reports welcome. Cheers, Albert