From df81c3eb68931d19d3de1a1742d3c75371dda00e Mon Sep 17 00:00:00 2001 From: wency_cn Date: Fri, 13 Feb 2026 18:17:00 +0800 Subject: [PATCH] Update code from upstream --- poppler-24.02.0-check-bitmap-in-combine.patch | 40 +++++++++++++++++++ poppler.spec | 22 ++++++++-- 2 files changed, 58 insertions(+), 4 deletions(-) create mode 100644 poppler-24.02.0-check-bitmap-in-combine.patch diff --git a/poppler-24.02.0-check-bitmap-in-combine.patch b/poppler-24.02.0-check-bitmap-in-combine.patch new file mode 100644 index 0000000..7ae2ed3 --- /dev/null +++ b/poppler-24.02.0-check-bitmap-in-combine.patch @@ -0,0 +1,40 @@ +From 1f151565bbca5be7449ba8eea6833051cc1baa41 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Mon, 31 Mar 2025 14:35:49 +0200 +Subject: Move isOk check to inside JBIG2Bitmap::combine + + +diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc +index cf9e0c98..4e81d4a8 100644 +--- poppler-24.02.0/poppler/JBIG2Stream.cc ++++ poppler-24.02.0/poppler/JBIG2Stream.cc +@@ -15,7 +15,7 @@ + // + // Copyright (C) 2006 Raj Kumar + // Copyright (C) 2006 Paul Walmsley +-// Copyright (C) 2006-2010, 2012, 2014-2022 Albert Astals Cid ++// Copyright (C) 2006-2010, 2012, 2014-2022, 2025 Albert Astals Cid + // Copyright (C) 2009 David Benjamin + // Copyright (C) 2011 Edward Jiang + // Copyright (C) 2012 William Bader +@@ -771,6 +771,9 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *b + unsigned int src0, src1, src, dest, s1, s2, m1, m2, m3; + bool oneByte; + ++ if (unlikely(!isOk())) { ++ return; ++ } + // check for the pathological case where y = -2^31 + if (y < -0x7fffffff) { + return; +@@ -2199,9 +2202,7 @@ void JBIG2Stream::readTextRegionSeg(unsi + if (pageH == 0xffffffff && y + h > curPageH) { + pageBitmap->expand(y + h, pageDefPixel); + } +- if (pageBitmap->isOk()) { +- pageBitmap->combine(bitmap.get(), x, y, extCombOp); +- } ++ pageBitmap->combine(bitmap.get(), x, y, extCombOp); + + // store the region bitmap + } else { diff --git a/poppler.spec b/poppler.spec index cae292e..04c7d9b 100644 --- a/poppler.spec +++ b/poppler.spec @@ -1,4 +1,5 @@ -%define anolis_release 1 +ExclusiveArch: x86_64 aarch64 +%define anolis_release 4 Summary: PDF rendering library Name: poppler @@ -14,8 +15,10 @@ Patch1: poppler-0.90.0-position-independent-code.patch Patch3: poppler-21.01.0-glib-introspection.patch Patch4: poppler-24.02.0-pdfinfo-dests.patch #https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e -Patch5: fix-CVE-2024-56378.patch -Patch6: poppler-24.02.0-covscan.patch +Patch5: poppler-24.02.0-covscan.patch +Patch6: poppler-24.02.0-check-bitmap-in-combine.patch +#https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e +Patch7: fix-CVE-2024-56378.patch BuildRequires: make BuildRequires: cmake @@ -42,7 +45,7 @@ BuildRequires: pkgconfig(libopenjp2) BuildRequires: pkgconfig(libpng) BuildRequires: pkgconfig(libtiff-4) BuildRequires: pkgconfig(nss) >= 3.19 -BuildRequires: pkgconfig(poppler-data) +# BuildRequires: pkgconfig(poppler-data) - removed as poppler-data doesn't provide pkg-config file BuildRequires: pkgconfig(Qt5Core) >= 5.12 BuildRequires: pkgconfig(Qt5Gui) >= 5.12 BuildRequires: pkgconfig(Qt5Test) >= 5.12 @@ -225,6 +228,17 @@ test "$(pkg-config --modversion poppler-qt5)" = "%{version}" %{_mandir}/man1/* %changelog +* Thu Feb 13 2026 wency_cn - 24.02.0-4 +- Integrate upstream patch to check bitmap validity centrally in combine() for security +- Eliminate redundant bitmap validity checks in JBIG2 text region processing +- Remove pkgconfig(poppler-data) build requirement as it's not provided +- Improve security and maintainability by centralizing bitmap validation +- Resolves: RHEL-131783, RHEL-131782 + +* Mon Dec 15 2025 Marek Kasik - 24.02.0-2 +- Check bitmap in combine() +- Resolves: RHEL-131783, RHEL-131782 + * Thu Mar 20 2025 Zhao Hang - 24.02.0-1 - Update to 24.02.0-1 from 23.05.0-4 - Migrated to SPDX license -- Gitee