fix CVE-2025-32364, CVE-2025-32365

(cherry picked from commit 440eff5b3edae345e20ba371dde80ed9533daeea)
2025-04-06 14:04:45 +08:00 · 2025-04-06 14:04:45 +08:00 · 5119f3f66b
commit 5119f3f66b
parent c033ee74db
7 changed files with 71 additions and 1 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1 @@
+*.xz filter=lfs diff=lfs merge=lfs -text
--- a/.lfsconfig
+++ b/.lfsconfig
@ -0,0 +1,2 @@
+[lfs]
+	url = https://artlfs.openeuler.openatom.cn/src-openEuler/poppler
--- a/backport-CVE-2025-32364.patch
+++ b/backport-CVE-2025-32364.patch
@ -0,0 +1,25 @@
+From d87bc726c7cc98f8c26b60ece5f20236e9de1bc3 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Mon, 24 Mar 2025 00:44:54 +0100
+Subject: [PATCH] PSStack::roll: Protect against doing int = -INT_MIN
+
+---
+ poppler/Function.cc | 2 +-
+ 1 file changed, 1 insertion(+),  deletion(-)
+
+diff --git a/poppler/Function.cc b/poppler/Function.cc
+index d84c4e350..f3168f191 100644
+--- a/poppler/Function.cc
+++ b/poppler/Function.cc
+@@ -1068,7 +1068,7 @@ void PSStack::roll(int n, int j)
+     PSObject obj;
+     int i, k;
+ 
+-    if (unlikely(n == 0)) {
+    if (unlikely(n == 0 || j == INT_MIN)) {
+         return;
+     }
+     if (j >= 0) {
+-- 
+GitLab
+
--- a/backport-CVE-2025-32365.patch
+++ b/backport-CVE-2025-32365.patch
@ -0,0 +1,37 @@
+From 1f151565bbca5be7449ba8eea6833051cc1baa41 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Mon, 31 Mar 2025 14:35:49 +0200
+Subject: [PATCH] Move isOk check to inside JBIG2Bitmap::combine
+
+---
+ poppler/JBIG2Stream.cc | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
+index cf9e0c984..4e81d4a8c 100644
+--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
+@@ -768,6 +768,9 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, unsigned int combOp
+     unsigned int src0, src1, src, dest, s1, s2, m1, m2, m3;
+     bool oneByte;
+ 
+    if (unlikely(!isOk())) {
+        return;
+    }
+     // check for the pathological case where y = -2^31
+     if (y < -0x7fffffff) {
+         return;
+@@ -2198,9 +2201,7 @@ void JBIG2Stream::readTextRegionSeg(unsigned int segNum, bool imm, bool lossless
+             if (pageH == 0xffffffff && y + h > curPageH) {
+                 pageBitmap->expand(y + h, pageDefPixel);
+             }
+-            if (pageBitmap->isOk()) {
+-                pageBitmap->combine(bitmap.get(), x, y, extCombOp);
+-            }
+            pageBitmap->combine(bitmap.get(), x, y, extCombOp);
+ 
+             // store the region bitmap
+         } else {
+-- 
+GitLab
+
--- a/poppler-23.12.0.tar.xz
+++ b/poppler-23.12.0.tar.xz
--- a/poppler-test-2021-01-11-03a4b9eb854a06a83c465e82de601796c458bbe9.tar.xz
+++ b/poppler-test-2021-01-11-03a4b9eb854a06a83c465e82de601796c458bbe9.tar.xz
--- a/poppler.spec
+++ b/poppler.spec
@ -8,7 +8,7 @@

 Name:    poppler
 Version: 23.12.0
-Release: 4
+Release: 5
 Summary: PDF rendering library
 License: GPLv2+ and LGPLv2+ and MIT
 URL:     http://poppler.freedesktop.org/
@ -20,6 +20,8 @@ Patch3:  poppler-21.01.0-glib-introspection.patch

 Patch6000: backport-CVE-2024-6239.patch
 Patch6001: backport-CVE-2024-56378.patch
+Patch6002: backport-CVE-2025-32364.patch
+Patch6003: backport-CVE-2025-32365.patch

 BuildRequires: make
 BuildRequires: cmake
@ -263,6 +265,9 @@ test "$(pkg-config --modversion poppler-qt6)" = "%{version}"
 %{_mandir}/man1/*

 %changelog
+* Sun Apr 06 2025 Funda Wang <fundawang@yeah.net> - 23.12.0-5
+- fix CVE-2025-32364, CVE-2025-32365
+
 * Mon Dec 23 2024 Funda Wang <fundawang@yeah.net> - 23.12.0-4
 - fix CVE-2024-56378