fix CVE-2025-32364, CVE-2025-32365

(cherry picked from commit ac41519451e019022775fd1bf218334748cd5e98)
2025-04-06 14:21:40 +08:00 · 2025-04-06 14:21:40 +08:00 · 78bb38ce2f
commit 78bb38ce2f
parent e61f460a8c
7 changed files with 61 additions and 1 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1 @@
+*.xz filter=lfs diff=lfs merge=lfs -text
--- a/.lfsconfig
+++ b/.lfsconfig
@ -0,0 +1,2 @@
+[lfs]
+	url = https://artlfs.openeuler.openatom.cn/src-openEuler/poppler
--- a/backport-CVE-2025-32364.patch
+++ b/backport-CVE-2025-32364.patch
@ -0,0 +1,25 @@
+From d87bc726c7cc98f8c26b60ece5f20236e9de1bc3 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Mon, 24 Mar 2025 00:44:54 +0100
+Subject: [PATCH] PSStack::roll: Protect against doing int = -INT_MIN
+
+---
+ poppler/Function.cc | 2 +-
+ 1 file changed, 1 insertion(+),  deletion(-)
+
+diff --git a/poppler/Function.cc b/poppler/Function.cc
+index d84c4e350..f3168f191 100644
+--- a/poppler/Function.cc
+++ b/poppler/Function.cc
+@@ -1099,7 +1099,7 @@
+   PSObject obj;
+   int i, k;
+ 
+-  if (unlikely(n == 0)) {
+  if (unlikely(n == 0 || j == INT_MIN)) {
+     return;
+   }
+   if (j >= 0) {
+-- 
+GitLab
+
--- a/backport-CVE-2025-32365.patch
+++ b/backport-CVE-2025-32365.patch
@ -0,0 +1,27 @@
+From 1f151565bbca5be7449ba8eea6833051cc1baa41 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Mon, 31 Mar 2025 14:35:49 +0200
+Subject: [PATCH] Move isOk check to inside JBIG2Bitmap::combine
+
+---
+ poppler/JBIG2Stream.cc | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
+index cf9e0c984..4e81d4a8c 100644
+--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
+@@ -862,6 +862,10 @@
+   unsigned int src0, src1, src, dest, s1, s2, m1, m2, m3;
+   bool oneByte;
+ 
+  if (unlikely(!isOk())) {
+    return;
+  }
+
+   // check for the pathological case where y = -2^31
+   if (y < -0x7fffffff) {
+     return;
+-- 
+GitLab
+
--- a/poppler-0.90.0.tar.xz
+++ b/poppler-0.90.0.tar.xz
--- a/poppler-test-2018-12-18-45f55f1e03b9bf3fbd334c31776b6f5e472889ec.tar.xz
+++ b/poppler-test-2018-12-18-45f55f1e03b9bf3fbd334c31776b6f5e472889ec.tar.xz
--- a/poppler.spec
+++ b/poppler.spec
@ -4,7 +4,7 @@
 Summary:        PDF rendering library
 Name:           poppler
 Version:        0.90.0
-Release:        10
+Release:        11
 License:        (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
 URL:            http://poppler.freedesktop.org/
 Source0:        http://poppler.freedesktop.org/poppler-%{version}.tar.xz
@ -26,6 +26,8 @@ Patch6008:	backport-CVE-2020-36023.patch
 Patch6009:	backport-CVE-2024-6239.patch
 Patch6010:	backport-CVE-2024-4141.patch
 Patch6011:	backport-CVE-2024-56378.patch
+Patch6012:      backport-CVE-2025-32364.patch
+Patch6013:      backport-CVE-2025-32365.patch

 BuildRequires:  cmake
 BuildRequires:  gcc-c++
@ -225,6 +227,9 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
 %{_mandir}/man1/*

 %changelog
+* Sun Apr 06 2025 Funda Wang <fundawang@yeah.net> - 0.90.0-11
+- fix CVE-2025-32364, CVE-2025-32365
+
 * Mon Dec 23 2024 Funda Wang <fundawang@yeah.net> - 0.90.0-10
 - fix CVE-2024-56378