pool/poppler
SHA256
19
0
Fork 2
Code Issues Pull Requests Activity

Compare commits

base: pool:factory
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2
..
compare: pool:slfo-1.2
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2

2 Commits
factory ... slfo-1.2

Author SHA256 Message Date
Petr Gajdos
fec2b196a6 CVE-2025-52885 2025-10-14 14:19:39 +02:00
Adrian Schröter
ae9d84a8ba Sync changes to SLFO-1.2 branch 2025-08-20 10:45:03 +02:00
10 changed files with 139 additions and 157 deletions
Expand all files Collapse all files

BIN
poppler-25.04.0.tar.xz LFS Normal file
View File

Binary file not shown.

16
poppler-25.04.0.tar.xz.sig Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEyiYsbIPeTS+yijMqOmpNuDnqptcFAmfsaScACgkQOmpNuDnq
ptesAg/+N5CZL+UnoPHVEcnM8L5pej/mKlSUkp9QAeqZgDnSerrMdVVDJz9O7BOl
eQRv8Fhy3OArKx2L8zl8t1tY/GiCvjbQQoOG7sgqTGQBFZjA5ZqLPVO3tc316rH2
qsH6vInUJ0xUff9JHEvjx56UcmrFpNYiSBkt55tS/3xo8TN/gat0pX/ZuKggDhw+
kPtpBbeqfu4Cah12buU8aRa77qZfdBhQP+FcgqLFN8Edt8Poqs25T6PHqMHffPqO
kHddHBMm1zVptlVHwlu97nFdhX8UEexHmQX2EszBJf6GkNpppC1NCMbNEY+BOs+r
vDSBYz7oc200fbqmylBYg71N9e0fo/qBnxd1BKd7lxLgF326qA5DqylCFmggFyWg
gzDGq8UGkx9ZylfyBqiDq3fUom+k8dIXvvaeta+5cW2KxtEhSInTeH0l0wAyDBdj
hDz8obuffzkZ6zeS+b6MKc8XDUwCVdwCqHG6BTQMkxAyIfr2azVIyrpWd5kMwlik
hMeKu7t7W0Xnr6z7tQZW7E3zbouizugk//b1kM3ZEuG74OqxIdgq+VM3NWSGjiz+
Fvrb5R+K0gtZnume8d+t8b2SVcMH2eXWSk6V3DBHKXdq8BEV+E1FvrOqPt1i6LJI
ooSsI8XEZqTzrOwlP/2/n6JhjhoG5Sc46ON4Py0skGnnpECkr64=
=MmPd
-----END PGP SIGNATURE-----

3
poppler-25.12.0.tar.xz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c18b40eb36b1a0c5b86e29ca054bf0770304583da4f2cdd42fe86eca6a20de48
size 1992456

16
poppler-25.12.0.tar.xz.sig
View File

@@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEyiYsbIPeTS+yijMqOmpNuDnqptcFAmkt0igACgkQOmpNuDnq
pteYrg/+LFVRQgGxS1hSnfcUlx3pPIlO8wYAAMyfokSPmpShOLoR6UgIK3VcN4/Q
wHJC7rIjPzQupCbB7cf9KrCvW2E1ztiiDzN0d/YC4LLbhHnmD/LqSP1iWX+g/W+X
bJPLI4/xqwWNOpj9rpVGkDlI1MMLFWXg148nYs5XOcbUofjo2bFzfZExCZmhOQfQ
b29E50kRcEQ0tA8FxAlVq/Ap5H2o7T1j9eG4vDn6mWx/CIjAeAs/O3RU/5kaPTBt
klTGnRXkfREw+13ehdHjT1an5hV4K+FiashkcM7UM6RYZEFlSZKaI8cw4tgS3P4d
QPHmAFOXnnwyxdwocqD2wGddwTiFwpL478Cn9Njx0KUR1TnNJpMOW98gA8ohTsJQ
VGcGnHgBgpTRC8aEu5MeJ9YHndvRTpcgG+oGbln3nnsHkoavSA2A52MhCdsR6HRJ
mKk6Ch952/niI3BJsiD+0uyn8CoqQYrVTKnOFSPO5i5dHS/NKwUiVSe52spoR5m+
fGVXJF+p3pkfE+TBavZnZq5SxCMzDyC87Jw2R2pRP/7DNaXNY69JyH1Hri9jtPAI
r5hFzjb/GUaYOSyh9Qx/Widhz96UlaMDcd9hBGsqa7ekCqwWOzk3rv+iA0NtZV8U
PTHqwqvhJ3u/0sX6hZLkut/SiOO/CfGIW/S6z/A336qxt4ptK1k=
=cTzK
-----END PGP SIGNATURE-----

27
poppler-CVE-2025-52885.patch Normal file
View File

@@ -0,0 +1,27 @@
From 4ce27cc826bf90cc8dbbd8a8c87bd913cccd7ec0 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Wed, 3 Sep 2025 14:36:54 +0100
Subject: [PATCH] Check for duplicate entries
---
poppler/StructTreeRoot.cc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/poppler/StructTreeRoot.cc b/poppler/StructTreeRoot.cc
index eb46147bd1..fc7bf4ceb0 100644
--- a/poppler/StructTreeRoot.cc
+++ b/poppler/StructTreeRoot.cc
@@ -136,6 +136,10 @@ void StructTreeRoot::parseNumberTreeNode(const Dict &node)
}
int keyVal = key.getInt();
std::vector<Parent> &vec = parentTree[keyVal];
+ if (!vec.empty()) {
+ error(errSyntaxError, -1, "Nums item at position {0:d} is a duplicate entry for key {1:d}", i, keyVal);
+ continue;
+ }
Object valueArray = nums.arrayGet(i + 1);
if (valueArray.isArray()) {
--
GitLab

52
poppler-CVE-2025-52886.patch Normal file
View File

@@ -0,0 +1,52 @@
From ac36affcc8486de38e8905a8d6547a3464ff46e5 Mon Sep 17 00:00:00 2001
From: Sune Vuorela <sune@vuorela.dk>
Date: Tue, 3 Jun 2025 00:35:19 +0200
Subject: [PATCH] Limit ammount of annots per document/page
---
poppler/Annot.cc | 4 ++++
poppler/Page.cc | 16 ++++++++++++++++
2 files changed, 20 insertions(+)
Index: poppler-25.04.0/poppler/Annot.cc
===================================================================
--- poppler-25.04.0.orig/poppler/Annot.cc
+++ poppler-25.04.0/poppler/Annot.cc
@@ -1674,6 +1674,10 @@ void Annot::removeReferencedObjects()
void Annot::incRefCnt()
{
+ if (refCnt > 100000) {
+ error(errSyntaxError, -1, "Annotations likely malformed. Too many references. Stopping processing annots on page {0:d}", page);
+ return;
+ }
refCnt++;
}
Index: poppler-25.04.0/poppler/Page.cc
===================================================================
--- poppler-25.04.0.orig/poppler/Page.cc
+++ poppler-25.04.0/poppler/Page.cc
@@ -297,6 +297,22 @@ Page::Page(PDFDoc *docA, int numA, Objec
goto err2;
}
+ if (annotsObj.isArray() && annotsObj.arrayGetLength() > 10000) {
+ error(errSyntaxError, -1, "Page annotations object (page {0:d}) is likely malformed. Too big: ({1:d})", num, annotsObj.arrayGetLength());
+ goto err2;
+ }
+ if (annotsObj.isRef()) {
+ auto resolvedObj = getAnnotsObject();
+ if (resolvedObj.isArray() && resolvedObj.arrayGetLength() > 10000) {
+ error(errSyntaxError, -1, "Page annotations object (page {0:d}) is likely malformed. Too big: ({1:d})", num, resolvedObj.arrayGetLength());
+ goto err2;
+ }
+ if (!resolvedObj.isArray() && !resolvedObj.isNull()) {
+ error(errSyntaxError, -1, "Page annotations object (page {0:d}) is wrong type ({1:s})", num, resolvedObj.getTypeName());
+ goto err2;
+ }
+ }
+
// contents
contents = pageObj.dictLookupNF("Contents").copy();
if (!(contents.isRef() || contents.isArray() || contents.isNull())) {

137
poppler.changes
View File

@@ -1,56 +1,5 @@
-------------------------------------------------------------------
Tue Dec 9 14:12:46 UTC 2025 - Petr Gajdos <pgajdos@suse.com>
- version update to 25.12.0:
core:
* Be less strict about the Page Annots object being correct. Issue #1641
* Fix rendering of some annotations. Issue #1642
* TextOuputDev: change default line ending to \n
* Splash: Performance improvements
* Ignore color operators when painting a Type3 font with d1
* Internal code improvements
* Fix crashes in malformed documents
* NSS Signatures: Tweak the logic that decides which firefox profile to use
* NSS Signatures: call PORT_GetError() only if the preceding CERT_PKIXVerifyCert() fails
* Splash: Performance improvements
* Fix crashes in malformed documents
* Fix image signature getting lost
* Don't embed substitutions for base14 fonts
* Form font improvements
* Handle signatures padded with random data
* Add feature to Ink annotation to render with multiply blend mode
* Internal code improvements
* Fix crashes in malformed documents
utils:
* pdfsig: specify search order for NSS certificate database on the man page
build system:
* Switch to C++23
glib:
* Fix ocsp check for signatures validation
* Fix warning when running glib-mkenums
* Fix signature text
* Add feature to Ink annotation to render with multiply blend mode
cpp:
* Added embedded_file::unicodeName function
- fixes CVE-2025-11896 [bsc#1252337]
CVE-2025-52885 [bsc#1251940]
(removed poppler-CVE-2025-11896.patch and poppler-CVE-2025-52885.patch)
-------------------------------------------------------------------
Tue Dec 9 09:45:39 UTC 2025 - Petr Gajdos <pgajdos@suse.com>
- security update
- added patches
CVE-2025-11896 [bsc#1252337], infinite recursion leading to stack overflow due to object loop in PDF CMap
* poppler-CVE-2025-11896.patch
-------------------------------------------------------------------
Sat Nov 22 21:23:26 CET 2025 - Stanislav Brabec <sbrabec@suse.com>
- Remove unused BuildRequires: update-desktop-files.
-------------------------------------------------------------------
Tue Oct 14 09:19:40 UTC 2025 - pgajdos@suse.com
Tue Oct 14 09:33:22 UTC 2025 - pgajdos@suse.com
- security update
- added patches
@@ -58,86 +7,12 @@ Tue Oct 14 09:19:40 UTC 2025 - pgajdos@suse.com
* poppler-CVE-2025-52885.patch
-------------------------------------------------------------------
Wed Sep 10 08:05:24 UTC 2025 - pgajdos@suse.com
Fri Jul 4 14:09:05 UTC 2025 - pgajdos@suse.com
- version update to 25.09.1:
* Speed improvements when reusing the same document with different output devices
* Speed improvements when reading from network file systems
* Internal code improvements
* Fix generated .pc files when using old gpgme
- version update to 25.09.0:
* Speed improvements when reusing the same document with different output devices
* Speed improvements when reading from network file systems
* Internal code improvements
* Fix crashes in malformed documents
* fix ODR issue with enum
* pdftohtml: Fix text positioning. (Regressed in 25.07.0)
* Better pkgconfig support for static builds
- deleted patches
* reduce-boost-required-version.patch (upstreamed)
* reduce-libtiff-required-version.patch (upstreamed)
-------------------------------------------------------------------
Tue Aug 5 09:57:10 UTC 2025 - pgajdos@suse.com
- version update to 25.08.0
+ core:
* FormWidgetSignature::signDocumentWithAppearance: add imagePath parameter
* Fix parsing Distinguished Names that end with a hex string
* Fix crashes in malformed documents
+ glib:
* Add poppler_page_render_transparent_selection()
* Add missing since to the documentation
- fixes CVE-2025-50420 [bsc#1247590]
-------------------------------------------------------------------
Fri Jul 25 12:06:57 UTC 2025 - Antonio Larrosa <alarrosa@suse.com>
- Do not build the qt5 flavor in SLE16.
-------------------------------------------------------------------
Thu Jul 10 09:06:55 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 25.07.0:
+ core:
- Changed rendering of malformed documents to mimic what Adobe
Reader does
- Improvemenst in signature validation in the NSS backend
- Add more detailed output when signing fails
- Internal code improvements
- Fix crashes in malformed documents
+ utils: pdfsig: command line option for allowing PGP signatures
in GnuPG backend
- Bump sover following upstream changes.
-------------------------------------------------------------------
Thu Jul 3 08:46:24 UTC 2025 - pgajdos@suse.com
- version update to 25.06.0 [bsc#1245625] (CVE-2025-52886)
Release 25.06.0:
core:
* Fix writing dates back to file
* Internal code improvements
* Fix crashes in malformed documents
glib:
* Add the ink annotation type
* Add missing autopointers definitions
utils:
* pdfsig: Add assert-signer feature
* pdfsig: Return error code on error
Release 25.05.0:
core:
* Fix re-fetching after xref reconstruction. Issue #1584
* Fix compilation with ENABLE_ZLIB_UNCOMPRESS=ON
* Various annotation improvements. Issues #642, #1558, #1055
* CairoFontEngine: invalidate broken embedded fonts. Issue #1453
* Splash: Performance improvements
* Internal code improvements
glib:
* Small signature improvements
- modified patches
% reduce-boost-required-version.patch (refreshed)
% reduce-libtiff-required-version.patch (refreshed)
- security update
- added patches
CVE-2025-52886 [bsc#1245625], use of 32-bit `std::atomic_int` for reference counting can lead to an integer overflow and trigger a use-after-free
+ poppler-CVE-2025-52886.patch
-------------------------------------------------------------------
Mon Apr 7 10:46:03 UTC 2025 - pgajdos@suse.com

16
poppler.spec
View File

@@ -2,7 +2,6 @@
# spec file for package poppler
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -25,7 +24,7 @@
%endif
# Actual version of poppler-data:
%define poppler_data_version 0.4.11
%define poppler_sover 155
%define poppler_sover 148
%define poppler_cpp_sover 2
%define poppler_glib_sover 8
%define poppler_qt5_sover 1
@@ -33,7 +32,7 @@
%define poppler_api 0.18
%define poppler_apipkg 0_18
Name: poppler%{?psuffix}
Version: 25.12.0
Version: 25.04.0
Release: 0
Summary: PDF Rendering Library
License: GPL-2.0-only OR GPL-3.0-only
@@ -43,6 +42,12 @@ Source: %{url}/%{sname}-%{version}.tar.xz
Source1: %{url}/%{sname}-%{version}.tar.xz.sig
Source90: poppler.keyring
Source99: baselibs.conf
Patch0: reduce-boost-required-version.patch
Patch1: reduce-libtiff-required-version.patch
# CVE-2025-52886 [bsc#1245625], use of 32-bit `std::atomic_int` for reference counting can lead to an integer overflow and trigger a use-after-free
Patch2: poppler-CVE-2025-52886.patch
# CVE-2025-52885 [bsc#1251940], raw pointers can lead to dangling pointers when the vector is resized
Patch3: poppler-CVE-2025-52885.patch
BuildRequires: cmake >= 3.10
BuildRequires: gtk-doc
@@ -50,6 +55,7 @@ BuildRequires: libboost_headers-devel >= 1.66
BuildRequires: libgpgmepp-devel >= 1.19
BuildRequires: openjpeg2
BuildRequires: pkgconfig
BuildRequires: update-desktop-files
BuildRequires: pkgconfig(cairo) >= 1.10.0
BuildRequires: pkgconfig(cairo-ft)
BuildRequires: pkgconfig(cairo-pdf)
@@ -83,10 +89,6 @@ BuildRequires: extra-cmake-modules
%if "%{flavor}" == "qt6" && (0%{?suse_version} <= 1500 && 0%{?sle_version} <= 150300)
ExclusiveArch: do_not_build
%endif
# Don't build poppler-qt5 on SLE16
%if "%{flavor}" == "qt5" && (0%{suse_version} == 1600 && ! 0%{?is_opensuse})
ExclusiveArch: do_not_build
%endif
%if "%{flavor}" == "qt5"
BuildRequires: pkgconfig(Qt5Core) >= 5.9
BuildRequires: pkgconfig(Qt5Gui)

13
reduce-boost-required-version.patch Normal file
View File

@@ -0,0 +1,13 @@
Index: poppler-24.12.0/CMakeLists.txt
===================================================================
--- poppler-24.12.0.orig/CMakeLists.txt
+++ poppler-24.12.0/CMakeLists.txt
@@ -227,7 +227,7 @@ find_soft_mandatory_package(ENABLE_QT6 Q
# Check for Cairo rendering backend
macro_optional_find_package(Cairo ${CAIRO_VERSION})
-find_package(Boost 1.74.0 CONFIG)
+find_package(Boost 1.66.0 CONFIG)
if(Boost_FOUND)
set(USE_BOOST_HEADERS ON)
elseif(ENABLE_BOOST)

13
reduce-libtiff-required-version.patch Normal file
View File

@@ -0,0 +1,13 @@
Index: poppler-24.12.0/CMakeLists.txt
===================================================================
--- poppler-24.12.0.orig/CMakeLists.txt
+++ poppler-24.12.0/CMakeLists.txt
@@ -168,7 +168,7 @@ endmacro()
find_soft_mandatory_package(ENABLE_NSS3 NSS3 3.68)
find_soft_mandatory_package(ENABLE_GPGME Gpgmepp 1.19)
-find_soft_mandatory_package(ENABLE_LIBTIFF TIFF 4.3)
+find_soft_mandatory_package(ENABLE_LIBTIFF TIFF 4.0.9)
macro_optional_find_package(JPEG)
macro_optional_find_package(PNG)