diff options
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | backport-CVE-2024-56378.patch | 73 | ||||
| -rw-r--r-- | backport-CVE-2024-6239.patch | 108 | ||||
| -rw-r--r-- | poppler-0.90.0-position-independent-code.patch | 12 | ||||
| -rw-r--r-- | poppler-21.01.0-glib-introspection.patch | 11 | ||||
| -rw-r--r-- | poppler.spec | 334 | ||||
| -rw-r--r-- | sources | 2 |
7 files changed, 542 insertions, 0 deletions
@@ -0,0 +1,2 @@ +/poppler-24.03.0.tar.xz +/test-ff3133cdb6cb496ee1d2c3231bfa35006a5e8410.tar.bz2 diff --git a/backport-CVE-2024-56378.patch b/backport-CVE-2024-56378.patch new file mode 100644 index 0000000..7519346 --- /dev/null +++ b/backport-CVE-2024-56378.patch @@ -0,0 +1,73 @@ +From ade9b5ebed44b0c15522c27669ef6cdf93eff84e Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid <aacid@kde.org> +Date: Tue, 17 Dec 2024 18:59:01 +0100 +Subject: [PATCH] JBIG2Bitmap::combine: Fix crash on malformed files + +Fixes #1553 +--- + poppler/JBIG2Stream.cc | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc +index f482a123f..b2f96e149 100644 +--- a/poppler/JBIG2Stream.cc ++++ b/poppler/JBIG2Stream.cc +@@ -762,7 +762,7 @@ void JBIG2Bitmap::duplicateRow(int yDest, int ySrc) + + void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, unsigned int combOp) + { +- int x0, x1, y0, y1, xx, yy; ++ int x0, x1, y0, y1, xx, yy, yyy; + unsigned char *srcPtr, *destPtr; + unsigned int src0, src1, src, dest, s1, s2, m1, m2, m3; + bool oneByte; +@@ -809,14 +809,17 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, unsigned int combOp + oneByte = x0 == ((x1 - 1) & ~7); + + for (yy = y0; yy < y1; ++yy) { +- if (unlikely((y + yy >= h) || (y + yy < 0))) { ++ if (unlikely(checkedAdd(y, yy, &yyy))) { ++ continue; ++ } ++ if (unlikely((yyy >= h) || (yyy < 0))) { + continue; + } + + // one byte per line -- need to mask both left and right side + if (oneByte) { + if (x >= 0) { +- destPtr = data + (y + yy) * line + (x >> 3); ++ destPtr = data + yyy * line + (x >> 3); + srcPtr = bitmap->data + yy * bitmap->line; + dest = *destPtr; + src1 = *srcPtr; +@@ -839,7 +842,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, unsigned int combOp + } + *destPtr = dest; + } else { +- destPtr = data + (y + yy) * line; ++ destPtr = data + yyy * line; + srcPtr = bitmap->data + yy * bitmap->line + (-x >> 3); + dest = *destPtr; + src1 = *srcPtr; +@@ -869,7 +872,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, unsigned int combOp + + // left-most byte + if (x >= 0) { +- destPtr = data + (y + yy) * line + (x >> 3); ++ destPtr = data + yyy * line + (x >> 3); + srcPtr = bitmap->data + yy * bitmap->line; + src1 = *srcPtr++; + dest = *destPtr; +@@ -893,7 +896,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, unsigned int combOp + *destPtr++ = dest; + xx = x0 + 8; + } else { +- destPtr = data + (y + yy) * line; ++ destPtr = data + yyy * line; + srcPtr = bitmap->data + yy * bitmap->line + (-x >> 3); + src1 = *srcPtr++; + xx = x0; +-- +GitLab + diff --git a/backport-CVE-2024-6239.patch b/backport-CVE-2024-6239.patch new file mode 100644 index 0000000..a90c60e --- /dev/null +++ b/backport-CVE-2024-6239.patch @@ -0,0 +1,108 @@ +From 0554731052d1a97745cb179ab0d45620589dd9c4 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid <aacid@kde.org> +Date: Fri, 7 Jun 2024 00:54:55 +0200 +Subject: [PATCH] pdfinfo: Fix crash in broken documents when using -dests + +--- + utils/pdfinfo.cc | 35 +++++++++++++++-------------------- + 1 file changed, 15 insertions(+), 20 deletions(-) + +diff --git a/utils/pdfinfo.cc b/utils/pdfinfo.cc +index 5d37ef64f..7d569749b 100644 +--- a/utils/pdfinfo.cc ++++ b/utils/pdfinfo.cc +@@ -15,7 +15,7 @@ + // under GPL version 2 or later + // + // Copyright (C) 2006 Dom Lachowicz <cinamod@hotmail.com> +-// Copyright (C) 2007-2010, 2012, 2016-2022 Albert Astals Cid <aacid@kde.org> ++// Copyright (C) 2007-2010, 2012, 2016-2022, 2024 Albert Astals Cid <aacid@kde.org> + // Copyright (C) 2010 Hib Eris <hib@hiberis.nl> + // Copyright (C) 2011 Vittal Aithal <vittal.aithal@cognidox.com> + // Copyright (C) 2012, 2013, 2016-2018, 2021 Adrian Johnson <ajohnson@redneon.com> +@@ -113,16 +113,21 @@ static const ArgDesc argDesc[] = { { "-f", argInt, &firstPage, 0, "first page to + { "-?", argFlag, &printHelp, 0, "print usage information" }, + {} }; + +-static void printTextString(const GooString *s, const UnicodeMap *uMap) ++static void printStdTextString(const std::string &s, const UnicodeMap *uMap) + { + char buf[8]; +- std::vector<Unicode> u = TextStringToUCS4(s->toStr()); ++ const std::vector<Unicode> u = TextStringToUCS4(s); + for (const auto &c : u) { + int n = uMap->mapUnicode(c, buf, sizeof(buf)); + fwrite(buf, 1, n, stdout); + } + } + ++static void printTextString(const GooString *s, const UnicodeMap *uMap) ++{ ++ printStdTextString(s->toStr(), uMap); ++} ++ + static void printUCS4String(const Unicode *u, int len, const UnicodeMap *uMap) + { + char buf[8]; +@@ -294,11 +299,6 @@ static void printStruct(const StructElement *element, unsigned indent) + } + } + +-struct GooStringCompare +-{ +- bool operator()(GooString *lhs, GooString *rhs) const { return lhs->cmp(const_cast<GooString *>(rhs)) < 0; } +-}; +- + static void printLinkDest(const std::unique_ptr<LinkDest> &dest) + { + GooString s; +@@ -369,29 +369,25 @@ static void printLinkDest(const std::unique_ptr<LinkDest> &dest) + + static void printDestinations(PDFDoc *doc, const UnicodeMap *uMap) + { +- std::map<Ref, std::map<GooString *, std::unique_ptr<LinkDest>, GooStringCompare>> map; ++ std::map<Ref, std::map<std::string, std::unique_ptr<LinkDest>>> map; + + int numDests = doc->getCatalog()->numDestNameTree(); + for (int i = 0; i < numDests; i++) { +- GooString *name = new GooString(doc->getCatalog()->getDestNameTreeName(i)); ++ const GooString *name = doc->getCatalog()->getDestNameTreeName(i); + std::unique_ptr<LinkDest> dest = doc->getCatalog()->getDestNameTreeDest(i); +- if (dest && dest->isPageRef()) { ++ if (name && dest && dest->isPageRef()) { + Ref pageRef = dest->getPageRef(); +- map[pageRef].insert(std::make_pair(name, std::move(dest))); +- } else { +- delete name; ++ map[pageRef].insert(std::make_pair(name->toStr(), std::move(dest))); + } + } + + numDests = doc->getCatalog()->numDests(); + for (int i = 0; i < numDests; i++) { +- GooString *name = new GooString(doc->getCatalog()->getDestsName(i)); ++ const char *name = doc->getCatalog()->getDestsName(i); + std::unique_ptr<LinkDest> dest = doc->getCatalog()->getDestsDest(i); +- if (dest && dest->isPageRef()) { ++ if (name && dest && dest->isPageRef()) { + Ref pageRef = dest->getPageRef(); + map[pageRef].insert(std::make_pair(name, std::move(dest))); +- } else { +- delete name; + } + } + +@@ -405,9 +401,8 @@ static void printDestinations(PDFDoc *doc, const UnicodeMap *uMap) + printf("%4d ", i); + printLinkDest(it.second); + printf(" \""); +- printTextString(it.first, uMap); ++ printStdTextString(it.first, uMap); + printf("\"\n"); +- delete it.first; + } + } + } +-- +GitLab + diff --git a/poppler-0.90.0-position-independent-code.patch b/poppler-0.90.0-position-independent-code.patch new file mode 100644 index 0000000..12c879e --- /dev/null +++ b/poppler-0.90.0-position-independent-code.patch @@ -0,0 +1,12 @@ +--- poppler-0.90.0/CMakeLists.txt ++++ poppler-0.90.0/CMakeLists.txt +@@ -17,6 +17,9 @@ else() + + include(MacroOptionalFindPackage) + find_package(PkgConfig) ++ ++set(CMAKE_POSITION_INDEPENDENT_CODE ON) ++ + include(TestBigEndian) + test_big_endian(WORDS_BIGENDIAN) + include(CheckFileOffsetBits) diff --git a/poppler-21.01.0-glib-introspection.patch b/poppler-21.01.0-glib-introspection.patch new file mode 100644 index 0000000..6b82738 --- /dev/null +++ b/poppler-21.01.0-glib-introspection.patch @@ -0,0 +1,11 @@ +--- poppler-21.01.0/glib/CMakeLists.txt ++++ poppler-21.01.0/glib/CMakeLists.txt +@@ -121,7 +121,7 @@ if (HAVE_INTROSPECTION AND BUILD_SHARED_ + + # General gir: Reset object-list for introspection & load tool args + set(INTROSPECTION_GIRS) +- set(INTROSPECTION_SCANNER_ARGS "--add-include-path=${CMAKE_CURRENT_SOURCE_DIR}" "--warn-all") ++ set(INTROSPECTION_SCANNER_ARGS "--add-include-path=${CMAKE_CURRENT_SOURCE_DIR}" "--warn-all" "--sources-top-dirs=${CMAKE_SOURCE_DIR}" "--sources-top-dirs=${CMAKE_BINARY_DIR}") + set(INTROSPECTION_COMPILER_ARGS ${INTROSPECTION_COMPILER_ARGS} "--includedir=${CMAKE_CURRENT_SOURCE_DIR}") + + # Poppler: Assign package to gir & export keys diff --git a/poppler.spec b/poppler.spec new file mode 100644 index 0000000..590ac89 --- /dev/null +++ b/poppler.spec @@ -0,0 +1,334 @@ +%global __cmake_in_source_build 0 + +%global test_sha ff3133cdb6cb496ee1d2c3231bfa35006a5e8410 +%global qt6 1 + +Name: poppler +Version: 24.03.0 +Release: 5 +Summary: PDF rendering library +License: GPLv2+ and LGPLv2+ and MIT +URL: http://poppler.freedesktop.org/ +Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz +Source1: https://gitlab.freedesktop.org/poppler/test/-/archive/%{test_sha}/test-%{test_sha}.tar.bz2 + +Patch1: poppler-0.90.0-position-independent-code.patch +Patch3: poppler-21.01.0-glib-introspection.patch + +Patch6000: backport-CVE-2024-6239.patch +Patch6001: backport-CVE-2024-56378.patch + +BuildRequires: make +BuildRequires: cmake +BuildRequires: gcc-c++ +BuildRequires: gettext-devel +BuildRequires: pkgconfig(cairo) +BuildRequires: pkgconfig(cairo-ft) +BuildRequires: pkgconfig(cairo-pdf) +BuildRequires: pkgconfig(cairo-ps) +BuildRequires: pkgconfig(cairo-svg) +BuildRequires: pkgconfig(fontconfig) +BuildRequires: pkgconfig(freetype2) +BuildRequires: pkgconfig(gdk-pixbuf-2.0) +BuildRequires: pkgconfig(gio-2.0) +BuildRequires: pkgconfig(gobject-2.0) +BuildRequires: pkgconfig(gobject-introspection-1.0) +BuildRequires: pkgconfig(gtk+-3.0) +BuildRequires: pkgconfig(gtk-doc) +BuildRequires: pkgconfig(lcms2) +BuildRequires: pkgconfig(libjpeg) +BuildRequires: pkgconfig(libopenjp2) +BuildRequires: pkgconfig(libpng) +BuildRequires: pkgconfig(libtiff-4) +BuildRequires: pkgconfig(nss) +BuildRequires: pkgconfig(poppler-data) +BuildRequires: pkgconfig(Qt5Core) +BuildRequires: pkgconfig(Qt5Gui) +BuildRequires: pkgconfig(Qt5Test) +BuildRequires: pkgconfig(Qt5Widgets) +BuildRequires: pkgconfig(Qt5Xml) +%if 0%{?qt6} +BuildRequires: cmake(Qt6Core) +BuildRequires: cmake(Qt6Gui) +BuildRequires: cmake(Qt6Test) +BuildRequires: cmake(Qt6Widgets) +BuildRequires: cmake(Qt6Xml) +%endif +BuildRequires: boost-devel +BuildRequires: gpgme-devel +BuildRequires: cpp-gpgme +BuildRequires: libcurl-devel + +Requires: poppler-data +Obsoletes: poppler-glib-demos < 0.60.1-1 + +%description +%{name} is a PDF rendering library. + +%package devel +Summary: Libraries and headers for poppler +Requires: %{name} = %{version}-%{release} + +%description devel +You should install the poppler-devel package if you would like to +compile applications based on poppler. + +%package glib +Summary: Glib wrapper for poppler +Requires: %{name} = %{version}-%{release} + +%description glib +%{summary}. + +%package glib-devel +Summary: Development files for glib wrapper +Requires: %{name}-glib = %{version}-%{release} +Requires: %{name}-devel = %{version}-%{release} +Suggests: %{name}-doc = %{version}-%{release} + +%description glib-devel +%{summary}. + +%package glib-doc +Summary: Documentation for glib wrapper +BuildArch: noarch + +%description glib-doc +%{summary}. + +%package qt5 +Summary: Qt5 wrapper for poppler +Requires: %{name} = %{version}-%{release} +Obsoletes: %{name}-qt < 0.90.0-9 +%description qt5 +%{summary}. + +%package qt5-devel +Summary: Development files for Qt5 wrapper +Requires: %{name}-qt5 = %{version}-%{release} +Requires: %{name}-devel = %{version}-%{release} +Requires: qt5-qtbase-devel +Obsoletes: %{name}-qt-devel < 0.90.0-9 +%description qt5-devel +%{summary}. + +%if 0%{?qt6} +%package qt6 +Summary: Qt6 wrapper for poppler +Requires: %{name} = %{version}-%{release} +%description qt6 +%{summary}. + +%package qt6-devel +Summary: Development files for Qt6 wrapper +Requires: %{name}-qt6 = %{version}-%{release} +Requires: %{name}-devel = %{version}-%{release} +Requires: qt6-qtbase-devel +%description qt6-devel +%{summary}. +%endif + +%package cpp +Summary: Pure C++ wrapper for poppler +Requires: %{name} = %{version}-%{release} + +%description cpp +%{summary}. + +%package cpp-devel +Summary: Development files for C++ wrapper +Requires: %{name}-cpp = %{version}-%{release} +Requires: %{name}-devel = %{version}-%{release} + +%description cpp-devel +%{summary}. + +%package utils +Summary: Command line utilities for converting PDF files +Requires: %{name} = %{version}-%{release} +%description utils +Command line tools for manipulating PDF files and converting them to +other formats. + +%package_help + +%prep +%autosetup -p1 +tar xf %{S:1} +chmod -x poppler/CairoFontEngine.cc +# disable test check_signature_basics, it will timeout +sed -i "/check_signature_basics/d" {qt5,qt6}/tests/CMakeLists.txt + +%build +%cmake \ + -DENABLE_CMS=lcms2 \ + -DENABLE_DCTDECODER=libjpeg \ + -DENABLE_GTK_DOC=ON \ + -DENABLE_LIBOPENJPEG=openjpeg2 \ + -DENABLE_UNSTABLE_API_ABI_HEADERS=ON \ + -DENABLE_ZLIB=OFF \ + -DTESTDATADIR=%{_builddir}/%{name}-%{version}/test-%{test_sha} +%cmake_build + +%install +%cmake_install + +%check +%ctest +export PKG_CONFIG_PATH=%{buildroot}%{_datadir}/pkgconfig:%{buildroot}%{_libdir}/pkgconfig +test "$(pkg-config --modversion poppler)" = "%{version}" +test "$(pkg-config --modversion poppler-cpp)" = "%{version}" +test "$(pkg-config --modversion poppler-glib)" = "%{version}" +test "$(pkg-config --modversion poppler-qt5)" = "%{version}" +%if 0%{?qt6} +test "$(pkg-config --modversion poppler-qt6)" = "%{version}" +%endif + +%files +%doc README.md +%license COPYING +%{_libdir}/libpoppler.so.135* + +%files devel +%{_libdir}/pkgconfig/poppler.pc +%{_libdir}/libpoppler.so +%dir %{_includedir}/poppler/ +# xpdf headers +%{_includedir}/poppler/*.h +%{_includedir}/poppler/fofi/ +%{_includedir}/poppler/goo/ +%{_includedir}/poppler/splash/ + +%files glib +%{_libdir}/libpoppler-glib.so.8* +%{_libdir}/girepository-1.0/Poppler-0.18.typelib + +%files glib-devel +%{_libdir}/pkgconfig/poppler-glib.pc +%{_libdir}/libpoppler-glib.so +%{_datadir}/gir-1.0/Poppler-0.18.gir +%{_includedir}/poppler/glib/ + +%files glib-doc +%license COPYING +%{_datadir}/gtk-doc/ + +%files qt5 +%{_libdir}/libpoppler-qt5.so.1* + +%files qt5-devel +%{_libdir}/libpoppler-qt5.so +%{_libdir}/pkgconfig/poppler-qt5.pc +%{_includedir}/poppler/qt5/ + +%files cpp +%{_libdir}/libpoppler-cpp.so.0* + +%files cpp-devel +%{_libdir}/pkgconfig/poppler-cpp.pc +%{_libdir}/libpoppler-cpp.so +%{_includedir}/poppler/cpp + +%files utils +%{_bindir}/pdf* +%{_mandir}/man1/* + +%if 0%{?qt6} +%files qt6 +%{_libdir}/libpoppler-qt6.so.3* + +%files qt6-devel +%{_libdir}/libpoppler-qt6.so +%{_libdir}/pkgconfig/poppler-qt6.pc +%{_includedir}/poppler/qt6/ +%endif + +%files help +%doc README.md +%{_mandir}/man1/* + +%changelog +* Tue Dec 24 2024 lingsheng <lingsheng1@h-partners.com> - 24.03.0-5 +- fix CVE-2024-56378 + +* Tue Dec 17 2024 lingsheng <lingsheng1@h-partners.com> - 24.03.0-4 +- fix force out-of-source build +- disable test check_signature_basics + +* Thu Nov 21 2024 Funda Wang <fundawang@yeah.net> - 24.03.0-3 +- adopt to new cmake macro +- force out-of-source build +- update test tarball + +* Mon Jun 24 2024 Zhao Mengmeng <zhaomengmeng@kylinos.cn> - 24.03.0-2 +- Type:CVE +- CVE:CVE-2024-6239 +- SUG:NA +- DESC:fix CVE-2024-6239 + +* Tue Apr 02 2024 liweigang <liweiganga@uniontech.com> - 24.03.0-1 +- update to version 24.03.0 + +* Thu Dec 28 2023 Paul Thomas <paulthomas100199@gmail.com> - 23.12.0-1 +- update to version 23.12.0 + +* Tue Aug 08 2023 yajun<yajun@kylinos.cn> - 23.08.0-1 +- update to upstream version 23.08.0 + +* Tue Mar 14 2023 zhangpan <zhangpan103@h-partners.com> - 22.01.0-3 +- Type:CVE +- CVE:CVE-2022-27337 +- SUG:NA +- DESC:fix CVE-2022-27337 + +* Tue Sep 06 2022 qz_cx <wangqingzheng@kylinos.cn> - 22.01.0-2 +- Type:CVE +- CVE:CVE-2022-38784 +- SUG:NA +- DESC: fix CVE-2022-38784 +- fix CVE-2022-38784 + +* Mon Jun 13 2022 lin zhang <lin.zhang@turbolinux.com.cn> - 22.01.0-1 +- Update to 22.01.0 + +* Tue Sep 07 2021 chenchen <chen_aka_jan@163.com> - 0.90.0-2 +- add help moudle for ISO creating + +* Tue Aug 24 2021 chenchen <chen_aka_jan@163.com> - 0.90.0-1 +- update to 0.90.0 + +* Fri Jul 30 2021 chenyanpanHW <chenyanpan@huawei.com> - 0.67.0-8 +- DESC: delete -S git from %autosetup, and delete BuildRequires git + +* Sat Jan 23 2021 wangye <wangye70@huawei.com> - 0.67.0-7 +- Type:cves +- Id:NA +- SUG:NA +- DESC:fix CVE-2018-16646 CVE-2018-18897 CVE-2018-19060 CVE-2018-20481 CVE-2019-14494 CVE-2019-7310 + +* Thu Oct 29 2020 yanan <yanan@huawei.com> - 0.67.0-6 +- Type:cves +- Id:NA +- SUG:NA +- DESC:fix CVE-2019-10872 + +* Mon Jan 20 2020 openEuler Buildteam <buildteam@openeuler.org> - 0.67.0-5 +- Type:bugfix +- Id:NA +- SUG:NA +- DESC:fix cves + +* Mon Jan 20 2020 openEuler Buildteam <buildteam@openeuler.org> - 0.67.0-4 +- Type:cve +- Id:NA +- SUG:NA +- DESC:fix cves + +* Mon Oct 14 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.67.0-3 +- Type:enhancement +- Id:NA +- SUG:NA +- DESC:Adjust sub-package relationship + +* Fri Sep 20 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.67.0-2 +- Package init @@ -0,0 +1,2 @@ +2d50c3c8e0011d1fa14572c744cd33bb poppler-24.03.0.tar.xz +d260dfc1d762f4482d4cf46b7586b81a test-ff3133cdb6cb496ee1d2c3231bfa35006a5e8410.tar.bz2 |