From 2ef75e0e2fec1acf61c2b89256a3669b83d298e5b63cedcb8dfdcd1d342dadab Mon Sep 17 00:00:00 2001
From: Ruediger Oertel <ro@suse.de>
Date: Wed, 6 Aug 2025 12:48:41 +0200
Subject: [PATCH] add chromium-139-pdfium-openjpeg-CVE-2025-54874.patch

---
 chromium-139-pdfium-openjpeg-CVE-2025-54874.patch | 11 +++++++++++
 chromium.changes                                  |  7 +++++++
 chromium.spec                                     |  1 +
 3 files changed, 19 insertions(+)
 create mode 100644 chromium-139-pdfium-openjpeg-CVE-2025-54874.patch

diff --git a/chromium-139-pdfium-openjpeg-CVE-2025-54874.patch b/chromium-139-pdfium-openjpeg-CVE-2025-54874.patch
new file mode 100644
index 0000000..56464fd
--- /dev/null
+++ b/chromium-139-pdfium-openjpeg-CVE-2025-54874.patch
@@ -0,0 +1,11 @@
+--- chromium-139.0.7258.66/third_party/pdfium/third_party/libopenjpeg/jp2.c	2025/08/06 10:46:12	1.1
++++ chromium-139.0.7258.66/third_party/pdfium/third_party/libopenjpeg/jp2.c	2025/08/06 10:46:36
+@@ -2899,7 +2899,7 @@
+                               p_image,
+                               p_manager);
+ 
+-    if (p_image && *p_image) {
++    if (ret && p_image && *p_image) {
+         /* Set Image Color Space */
+         if (jp2->enumcs == 16) {
+             (*p_image)->color_space = OPJ_CLRSPC_SRGB;
diff --git a/chromium.changes b/chromium.changes
index 92007c6..72601e2 100644
--- a/chromium.changes
+++ b/chromium.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Aug  6 12:47:40 CEST 2025 - ro@suse.de
+
+- add patch:
+  chromium-139-pdfium-openjpeg-CVE-2025-54874.patch
+  (CVE-2025-54874 bsc#1247661) fir missing error check in openjpeg 
+
 -------------------------------------------------------------------
 Wed Aug  6 12:28:51 CEST 2025 - ro@suse.de
 
diff --git a/chromium.spec b/chromium.spec
index 76b48df..29a5ec9 100644
--- a/chromium.spec
+++ b/chromium.spec
@@ -160,6 +160,7 @@ Patch373:       chromium-134-type-mismatch-error.patch
 Patch375:       chromium-131-fix-qt-ui.pach
 Patch376:       chromium-135-add_map_droppable.patch
 Patch377:       chromium-139-deterministic.patch
+Patch378:       chromium-139-pdfium-openjpeg-CVE-2025-54874.patch
 # conditionally applied patches ppc64le only
 Patch401:       ppc-fedora-add-ppc64-architecture-string.patch
 Patch402:       ppc-fedora-0001-linux-seccomp-bpf-ppc64-glibc-workaround-in-SIGSYS-h.patch