-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-7d6412477b 2025-01-08 02:05:34.785563+00:00 -------------------------------------------------------------------------------- Name : php-tcpdf Product : Fedora 41 Version : 6.8.0 Release : 1.fc41 URL : http://www.tcpdf.org Summary : PHP class for generating PDF documents and barcodes Description : PHP class for generating PDF documents. * no external libraries are required for the basic functions; * all standard page formats, custom page formats, custom margins and units of measure; * UTF-8 Unicode and Right-To-Left languages; * TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0 fonts; * font subsetting; * methods to publish some XHTML + CSS code, Javascript and Forms; * images, graphic (geometric figures) and transformation methods; * supports JPEG, PNG and SVG images natively, all images supported by GD (GD, GD2, GD2PART, GIF, JPEG, PNG, BMP, XBM, XPM) and all images supported via ImagMagick (http: www.imagemagick.org/www/formats.html) * 1D and 2D barcodes: CODE 39, ANSI MH10.8M-1983, USD-3, 3 of 9, CODE 93, USS-93, Standard 2 of 5, Interleaved 2 of 5, CODE 128 A/B/C, 2 and 5 Digits UPC-Based Extention, EAN 8, EAN 13, UPC-A, UPC-E, MSI, POSTNET, PLANET, RMS4CC (Royal Mail 4-state Customer Code), CBC (Customer Bar Code), KIX (Klant index - Customer index), Intelligent Mail Barcode, Onecode, USPS-B-3200, CODABAR, CODE 11, PHARMACODE, PHARMACODE TWO-TRACKS, Datamatrix ECC200, QR-Code, PDF417; * ICC Color Profiles, Grayscale, RGB, CMYK, Spot Colors and Transparencies; * automatic page header and footer management; * document encryption up to 256 bit and digital signature certifications; * transactions to UNDO commands; * PDF annotations, including links, text and file attachments; * text rendering modes (fill, stroke and clipping); * multiple columns mode; * no-write page regions; * bookmarks and table of content; * text hyphenation; * text stretching and spacing (tracking/kerning); * automatic page break, line break and text alignments including justification; * automatic page numbering and page groups; * move and delete pages; * page compression (requires php-zlib extension); * XOBject templates; * PDF/A-1b (ISO 19005-1:2005) support. By default, TCPDF uses the GD library which is know as slower than ImageMagick solution. You can optionally install php-pecl-imagick; TCPDF will use it. -------------------------------------------------------------------------------- Update Information: Version 6.8.0 (2024-12-23) Requires PHP 7.1+ and curl extension. Escape error message. Use strict time-constant function to compare TCPDF-tag hashes. Add K_CURLOPTS config array to set custom cURL options (NOTE: some defaults have changed). Add some addTTFfont fixes from tc-lib-pdf-font. -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 23 2024 Remi Collet <remi@xxxxxxxxxxxx> - 6.8.0-1 - update to 6.8.0 - raise dependency on PHP 7.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2334296 - CVE-2024-56522 php-tcpdf: unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2334296 [ 2 ] Bug #2334301 - CVE-2024-56519 php-tcpdf: setSVGStyles does not sanitize the SVG font-family attribute [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2334301 [ 3 ] Bug #2334304 - CVE-2024-56521 php-tcpdf: CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely when libcurl is used [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2334304 [ 4 ] Bug #2334345 - CVE-2024-56527 php-tcpdf: Error function lacks an htmlspecialchars call for the error message. [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2334345 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-7d6412477b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
