packages/poppler
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:f248e2442c0dd5af75e2f909539344eaedeb9b15
Branches Tags
packages:main
...
compare: packages:4f37b3173eb80d7c7f5a244321b147a98931d886
Branches Tags
packages:main

10 Commits
f248e2442c ... 4f37b3173e

Author SHA1 Message Date
openeuler-ci-bot
4f37b3173e
!125 [sync] PR-116: fix CVE-2025-32364, CVE-2025-32365 
From: @openeuler-sync-bot 
Reviewed-by: @weidongkl 
Signed-off-by: @weidongkl
 2025-04-07 05:53:35 +00:00
Funda Wang
78bb38ce2f fix CVE-2025-32364, CVE-2025-32365 
(cherry picked from commit ac41519451e019022775fd1bf218334748cd5e98)
 2025-04-07 11:14:11 +08:00
openeuler-ci-bot
e61f460a8c
!109 [sync] PR-105: fix CVE-2024-56378 
From: @openeuler-sync-bot 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
 2024-12-24 11:15:59 +00:00
Funda Wang
c658500043 fix CVE-2024-56378 
(cherry picked from commit 353f68f6ce7634f32b09bb878c8c0c8ee64f0906)
 2024-12-24 15:58:52 +08:00
openeuler-ci-bot
8c6601b732
!98 [sync] PR-96: fix CVE-2024-4141 
From: @openeuler-sync-bot 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
 2024-09-25 07:09:45 +00:00
lingsheng
26d52c9b23 fix CVE-2024-4141 
(cherry picked from commit ffd8a0a5b2c39f78f70ed0b2e866a71a9f4733f1)
 2024-09-25 14:37:07 +08:00
openeuler-ci-bot
4bb5f311fe
!93 fix CVE-2024-6239 
From: @ultra_planet 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
 2024-06-26 03:27:04 +00:00
lingsheng
018112c4bc fix CVE-2024-6239 2024-06-26 03:10:10 +00:00
openeuler-ci-bot
5c51ace403
!75 [sync] PR-73: Fix infinite looping in cvtGlyph with broken files 
From: @openeuler-sync-bot 
Reviewed-by: @open-bot 
Signed-off-by: @open-bot
 2023-11-30 01:44:37 +00:00
xiongyi
fd52e15146 Fix infinite looping in cvtGlyph with broken files 
Signed-off-by: xiongyi <xiongyi@uniontech.com>
(cherry picked from commit fbd46f08e3129e5a9d900f06cdeccafda0a98e4c)
 2023-11-29 16:24:48 +08:00
11 changed files with 431 additions and 1 deletions
Show Stats Expand all files Collapse all files

1
.gitattributes vendored Normal file
View File

@ -0,0 +1 @@
*.xz filter=lfs diff=lfs merge=lfs -text

2
.lfsconfig Normal file
View File

@ -0,0 +1,2 @@
[lfs]
url = https://artlfs.openeuler.openatom.cn/src-openEuler/poppler

110
backport-CVE-2020-36023.patch Normal file
View File

@ -0,0 +1,110 @@
From 182914fd1e41183282630675594c255e519f580a Mon Sep 17 00:00:00 2001
From: xiongyi <xiongyi@uniontech.com>
Date: Wed, 29 Nov 2023 14:29:46 +0800
Subject: [PATCH] backport-CVE-2020-36023
Signed-off-by: xiongyi <xiongyi@uniontech.com>
---
fofi/FoFiType1C.cc | 20 +++++++++++++++-----
fofi/FoFiType1C.h | 4 +++-
2 files changed, 18 insertions(+), 6 deletions(-)
diff --git a/fofi/FoFiType1C.cc b/fofi/FoFiType1C.cc
index 9a39063..c8241f2 100644
--- a/fofi/FoFiType1C.cc
+++ b/fofi/FoFiType1C.cc
@@ -551,8 +551,9 @@ void FoFiType1C::convertToCIDType0(const char *psName, const int *codeMap, int n
if (!ok) {
subrIdx.pos = -1;
}
+ std::set<int> offsetBeingParsed;
cvtGlyph(val.pos, val.len, charStrings,
- &subrIdx, &privateDicts[fdSelect ? fdSelect[gid] : 0], true);
+ &subrIdx, &privateDicts[fdSelect ? fdSelect[gid] : 0], true, offsetBeingParsed);
}
}
}
@@ -1183,7 +1184,8 @@ void FoFiType1C::eexecCvtGlyph(Type1CEexecBuf *eb, const char *glyphName,
// generate the charstring
charBuf = new GooString();
- cvtGlyph(offset, nBytes, charBuf, subrIdx, pDict, true);
+ std::set<int> offsetBeingParsed;
+ cvtGlyph(offset, nBytes, charBuf, subrIdx, pDict, true, offsetBeingParsed);
buf = GooString::format("/{0:s} {1:d} RD ", glyphName, charBuf->getLength());
eexecWrite(eb, buf->c_str());
@@ -1197,7 +1199,7 @@ void FoFiType1C::eexecCvtGlyph(Type1CEexecBuf *eb, const char *glyphName,
void FoFiType1C::cvtGlyph(int offset, int nBytes, GooString *charBuf,
const Type1CIndex *subrIdx, const Type1CPrivateDict *pDict,
- bool top) {
+ bool top, std::set<int> &offsetBeingParsed) {
Type1CIndexVal val;
bool ok, dFP;
double d, dx, dy;
@@ -1205,6 +1207,12 @@ void FoFiType1C::cvtGlyph(int offset, int nBytes, GooString *charBuf,
unsigned char byte;
int pos, subrBias, start, i, k;
+ if (offsetBeingParsed.find(offset) != offsetBeingParsed.end()) {
+ return;
+ }
+
+ auto offsetEmplaceResult = offsetBeingParsed.emplace(offset);
+
start = charBuf->getLength();
if (top) {
charBuf->append('\x49'); //73;
@@ -1362,7 +1370,7 @@ void FoFiType1C::cvtGlyph(int offset, int nBytes, GooString *charBuf,
ok = true;
getIndexVal(subrIdx, k, &val, &ok);
if (likely(ok && val.pos != offset)) {
- cvtGlyph(val.pos, val.len, charBuf, subrIdx, pDict, false);
+ cvtGlyph(val.pos, val.len, charBuf, subrIdx, pDict, false, offsetBeingParsed);
}
} else {
//~ error(-1, "Too few args to Type 2 callsubr");
@@ -1597,7 +1605,7 @@ void FoFiType1C::cvtGlyph(int offset, int nBytes, GooString *charBuf,
ok = true;
getIndexVal(&gsubrIdx, k, &val, &ok);
if (likely(ok && val.pos != offset)) {
- cvtGlyph(val.pos, val.len, charBuf, subrIdx, pDict, false);
+ cvtGlyph(val.pos, val.len, charBuf, subrIdx, pDict, false, offsetBeingParsed);
}
} else {
//~ error(-1, "Too few args to Type 2 callgsubr");
@@ -1825,6 +1833,8 @@ void FoFiType1C::cvtGlyph(int offset, int nBytes, GooString *charBuf,
r2 = (byte + r2) * 52845 + 22719;
}
}
+
+ offsetBeingParsed.erase(offsetEmplaceResult.first);
}
void FoFiType1C::cvtGlyphWidth(bool useOp, GooString *charBuf,
diff --git a/fofi/FoFiType1C.h b/fofi/FoFiType1C.h
index 067ab99..b1b48fe 100644
--- a/fofi/FoFiType1C.h
+++ b/fofi/FoFiType1C.h
@@ -27,6 +27,8 @@
#include "FoFiBase.h"
+#include <set>
+
class GooString;
//------------------------------------------------------------------------
@@ -210,7 +212,7 @@ private:
const Type1CPrivateDict *pDict);
void cvtGlyph(int offset, int nBytes, GooString *charBuf,
const Type1CIndex *subrIdx, const Type1CPrivateDict *pDict,
- bool top);
+ bool top, std::set<int> &offsetBeingParsed);
void cvtGlyphWidth(bool useOp, GooString *charBuf,
const Type1CPrivateDict *pDict);
void cvtNum(double x, bool isFP, GooString *charBuf) const;
--
2.33.0

36
backport-CVE-2024-4141.patch Normal file
View File

@ -0,0 +1,36 @@
From 54e89f45560a3e73e172061a5551cf56b049256d Mon Sep 17 00:00:00 2001
From: lingsheng <lingsheng1@h-partners.com>
Date: Tue, 24 Sep 2024 11:34:58 +0000
Subject: [PATCH] fix CVE-2024-4141
Origin:https://bugzilla.suse.com/show_bug.cgi?id=1223375#c3
---
fofi/FoFiType1.cc | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fofi/FoFiType1.cc b/fofi/FoFiType1.cc
index a4d82f2..dbb502c 100644
--- a/fofi/FoFiType1.cc
+++ b/fofi/FoFiType1.cc
@@ -212,7 +212,8 @@ void FoFiType1::parse() {
char *line, *line1, *firstLine, *p, *p2;
char buf[256];
char c;
- int n, code, base, i, j;
+ unsigned int code;
+ int n, base, i, j;
char *tokptr;
bool gotMatrix, continueLine;
@@ -304,7 +305,7 @@ void FoFiType1::parse() {
}
++p;
for (p2 = p; *p2 && *p2 != ' ' && *p2 != '\t'; ++p2) ;
- if (code >= 0 && code < 256) {
+ if (code < 256) {
c = *p2;
*p2 = '\0';
gfree(encoding[code]);
--
2.33.0

72
backport-CVE-2024-56378.patch Normal file
View File

@ -0,0 +1,72 @@
From ade9b5ebed44b0c15522c27669ef6cdf93eff84e Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Tue, 17 Dec 2024 18:59:01 +0100
Subject: [PATCH] JBIG2Bitmap::combine: Fix crash on malformed files
Fixes #1553
---
poppler/JBIG2Stream.cc | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index f482a123f..b2f96e149 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -857,7 +857,7 @@
void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y,
unsigned int combOp) {
- int x0, x1, y0, y1, xx, yy;
+ int x0, x1, y0, y1, xx, yy, yyy;
unsigned char *srcPtr, *destPtr;
unsigned int src0, src1, src, dest, s1, s2, m1, m2, m3;
bool oneByte;
@@ -902,13 +902,16 @@
oneByte = x0 == ((x1 - 1) & ~7);
for (yy = y0; yy < y1; ++yy) {
- if (unlikely((y + yy >= h) || (y + yy < 0)))
+ if (unlikely(checkedAdd(y, yy, &yyy))) {
+ continue;
+ }
+ if (unlikely((yyy >= h) || (yyy < 0)))
continue;
// one byte per line -- need to mask both left and right side
if (oneByte) {
if (x >= 0) {
- destPtr = data + (y + yy) * line + (x >> 3);
+ destPtr = data + yyy * line + (x >> 3);
srcPtr = bitmap->data + yy * bitmap->line;
dest = *destPtr;
src1 = *srcPtr;
@@ -931,7 +934,7 @@
}
*destPtr = dest;
} else {
- destPtr = data + (y + yy) * line;
+ destPtr = data + yyy * line;
srcPtr = bitmap->data + yy * bitmap->line + (-x >> 3);
dest = *destPtr;
src1 = *srcPtr;
@@ -961,7 +964,7 @@
// left-most byte
if (x >= 0) {
- destPtr = data + (y + yy) * line + (x >> 3);
+ destPtr = data + yyy * line + (x >> 3);
srcPtr = bitmap->data + yy * bitmap->line;
src1 = *srcPtr++;
dest = *destPtr;
@@ -985,7 +988,7 @@
*destPtr++ = dest;
xx = x0 + 8;
} else {
- destPtr = data + (y + yy) * line;
+ destPtr = data + yyy * line;
srcPtr = bitmap->data + yy * bitmap->line + (-x >> 3);
src1 = *srcPtr++;
xx = x0;
--
GitLab

128
backport-CVE-2024-6239.patch Normal file
View File

@ -0,0 +1,128 @@
From 0554731052d1a97745cb179ab0d45620589dd9c4 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Fri, 7 Jun 2024 00:54:55 +0200
Subject: [PATCH] pdfinfo: Fix crash in broken documents when using -dests
Reference:https://gitlab.freedesktop.org/poppler/poppler/-/commit/0554731052d1a97745cb179ab0d45620589dd9c4
Conflict:add StdTextStringToUCS4() to avoid header interface change;remove unnecessary changes in version 0.90.0
---
utils/pdfinfo.cc | 62 ++++++++++++++++++++++++++++++++++--------------
1 file changed, 44 insertions(+), 18 deletions(-)
diff --git a/utils/pdfinfo.cc b/utils/pdfinfo.cc
index 2b5eb02..009298e 100644
--- a/utils/pdfinfo.cc
+++ b/utils/pdfinfo.cc
@@ -59,6 +59,7 @@
#include "Page.h"
#include "PDFDoc.h"
#include "PDFDocFactory.h"
+#include "PDFDocEncoding.h"
#include "CharTypes.h"
#include "UnicodeMap.h"
#include "UTF.h"
@@ -297,12 +298,6 @@ static void printStruct(const StructElement *element, unsigned indent) {
}
}
-struct GooStringCompare {
- bool operator() (GooString* lhs, GooString* rhs) const {
- return lhs->cmp(const_cast<GooString*>(rhs)) < 0;
- }
-};
-
static void printLinkDest(const std::unique_ptr<LinkDest>& dest) {
GooString s;
@@ -374,30 +369,62 @@ static void printLinkDest(const std::unique_ptr<LinkDest>& dest) {
printf("%s", s.c_str());
}
+static int StdTextStringToUCS4(const std::string &textStr, Unicode **ucs4)
+{
+ int i, len;
+ const char *s;
+ Unicode *u;
+
+ len = textStr.size();
+ s = textStr.c_str();
+ if (len == 0) {
+ *ucs4 = nullptr;
+ return 0;
+ }
+
+ if (GooString::hasUnicodeMarker(textStr)) {
+ Unicode *utf16;
+ len = len/2 - 1;
+ if (len > 0) {
+ utf16 = new Unicode[len];
+ for (i = 0 ; i < len; i++) {
+ utf16[i] = (s[2 + i*2] & 0xff) << 8 | (s[3 + i*2] & 0xff);
+ }
+ len = UTF16toUCS4(utf16, len, &u);
+ delete[] utf16;
+ } else {
+ u = nullptr;
+ }
+ } else {
+ u = (Unicode*)gmallocn(len, sizeof(Unicode));
+ for (i = 0 ; i < len; i++) {
+ u[i] = pdfDocEncoding[s[i] & 0xff];
+ }
+ }
+ *ucs4 = u;
+ return len;
+}
+
static void printDestinations(PDFDoc *doc, const UnicodeMap *uMap) {
- std::map<Ref,std::map<GooString*,std::unique_ptr<LinkDest>,GooStringCompare> > map;
+ std::map<Ref, std::map<std::string, std::unique_ptr<LinkDest>>> map;
int numDests = doc->getCatalog()->numDestNameTree();
for (int i = 0; i < numDests; i++) {
- GooString *name = new GooString(doc->getCatalog()->getDestNameTreeName(i));
+ const GooString *name = doc->getCatalog()->getDestNameTreeName(i);
std::unique_ptr<LinkDest> dest = doc->getCatalog()->getDestNameTreeDest(i);
- if (dest && dest->isPageRef()) {
+ if (name && dest && dest->isPageRef()) {
Ref pageRef = dest->getPageRef();
- map[pageRef].insert(std::make_pair(name, std::move(dest)));
- } else {
- delete name;
+ map[pageRef].insert(std::make_pair(name->toStr(), std::move(dest)));
}
}
numDests = doc->getCatalog()->numDests();
for (int i = 0; i < numDests; i++) {
- GooString *name = new GooString(doc->getCatalog()->getDestsName(i));
+ const char *name = doc->getCatalog()->getDestsName(i);
std::unique_ptr<LinkDest> dest = doc->getCatalog()->getDestsDest(i);
- if (dest && dest->isPageRef()) {
+ if (name && dest && dest->isPageRef()) {
Ref pageRef = dest->getPageRef();
map[pageRef].insert(std::make_pair(name, std::move(dest)));
- } else {
- delete name;
}
}
@@ -413,14 +440,13 @@ static void printDestinations(PDFDoc *doc, const UnicodeMap *uMap) {
printf(" \"");
Unicode *u;
char buf[8];
- const int len = TextStringToUCS4(it.first, &u);
+ const int len = StdTextStringToUCS4(it.first, &u);
for (int j = 0; j < len; j++) {
const int n = uMap->mapUnicode(u[j], buf, sizeof(buf));
fwrite(buf, 1, n, stdout);
}
gfree(u);
printf("\"\n");
- delete it.first;
}
}
}
--
GitLab

25
backport-CVE-2025-32364.patch Normal file
View File

@ -0,0 +1,25 @@
From d87bc726c7cc98f8c26b60ece5f20236e9de1bc3 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Mon, 24 Mar 2025 00:44:54 +0100
Subject: [PATCH] PSStack::roll: Protect against doing int = -INT_MIN
---
poppler/Function.cc | 2 +-
1 file changed, 1 insertion(+), deletion(-)
diff --git a/poppler/Function.cc b/poppler/Function.cc
index d84c4e350..f3168f191 100644
--- a/poppler/Function.cc
+++ b/poppler/Function.cc
@@ -1099,7 +1099,7 @@
PSObject obj;
int i, k;
- if (unlikely(n == 0)) {
+ if (unlikely(n == 0 || j == INT_MIN)) {
return;
}
if (j >= 0) {
--
GitLab

27
backport-CVE-2025-32365.patch Normal file
View File

@ -0,0 +1,27 @@
From 1f151565bbca5be7449ba8eea6833051cc1baa41 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Mon, 31 Mar 2025 14:35:49 +0200
Subject: [PATCH] Move isOk check to inside JBIG2Bitmap::combine
---
poppler/JBIG2Stream.cc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index cf9e0c984..4e81d4a8c 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -862,6 +862,10 @@
unsigned int src0, src1, src, dest, s1, s2, m1, m2, m3;
bool oneByte;
+ if (unlikely(!isOk())) {
+ return;
+ }
+
// check for the pathological case where y = -2^31
if (y < -0x7fffffff) {
return;
--
GitLab

BIN
poppler-0.90.0.tar.xz
View File

Binary file not shown.

BIN
poppler-test-2018-12-18-45f55f1e03b9bf3fbd334c31776b6f5e472889ec.tar.xz
View File

Binary file not shown.

31
poppler.spec
View File

@ -4,7 +4,7 @@
Summary: PDF rendering library
Name: poppler
Version: 0.90.0
Release: 6
Release: 11
License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
URL: http://poppler.freedesktop.org/
Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz
@ -22,6 +22,12 @@ Patch6004: backport-CVE-2022-37050.patch
Patch6005: backport-CVE-2022-37051.patch
Patch6006: backport-CVE-2022-37052.patch
Patch6007: backport-CVE-2022-38349.patch
Patch6008: backport-CVE-2020-36023.patch
Patch6009: backport-CVE-2024-6239.patch
Patch6010: backport-CVE-2024-4141.patch
Patch6011: backport-CVE-2024-56378.patch
Patch6012: backport-CVE-2025-32364.patch
Patch6013: backport-CVE-2025-32365.patch
BuildRequires: cmake
BuildRequires: gcc-c++
@ -221,6 +227,29 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
%{_mandir}/man1/*
%changelog
* Sun Apr 06 2025 Funda Wang <fundawang@yeah.net> - 0.90.0-11
- fix CVE-2025-32364, CVE-2025-32365
* Mon Dec 23 2024 Funda Wang <fundawang@yeah.net> - 0.90.0-10
- fix CVE-2024-56378
* Wed Sep 25 2024 lingsheng <lingsheng1@h-partners.com> - 0.90.0-9
- Type:CVE
- CVE:CVE-2024-4141
- SUG:NA
- DESC:fix CVE-2024-4141
* Tue Jun 25 2024 lingsheng <lingsheng1@h-partners.com> - 0.90.0-8
- Type:CVE
- CVE:CVE-2024-6239
- SUG:NA
- DESC:fix CVE-2024-6239
* Wed Nov 29 2023 xiongyi <xiongyi@uniontech.com> - 0.90.0-7
- fix CVE-2020-36023
- fix infinite looping in cvtGlyph with broken files
- patch source:https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013
* Wed Aug 30 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 0.90.0-6
- fix CVE-2022-37050,CVE-2022-37051,CVE-2022-37052,CVE-2022-38349,CVE-2020-23804
- fix install error