import poppler-0.66.0-26.el8

SOURCES/poppler-0.66.0-JPXStream-length.patch

@@ -0,0 +1,26 @@
+From 68ef84e5968a4249c2162b839ca6d7975048a557 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Mon, 15 Jul 2019 23:24:22 +0200
+Subject: [PATCH] JPXStream::init: ignore dict Length if clearly broken
+
+Fixes issue #805
+---
+ poppler/JPEG2000Stream.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/poppler/JPEG2000Stream.cc b/poppler/JPEG2000Stream.cc
+index 0eea3a2d..8e6902f4 100644
+--- a/poppler/JPEG2000Stream.cc
++++ b/poppler/JPEG2000Stream.cc
+@@ -219,7 +219,7 @@ void JPXStream::init()
+   }
+ 
+   int bufSize = BUFFER_INITIAL_SIZE;
+-  if (oLen.isInt()) bufSize = oLen.getInt();
++  if (oLen.isInt() && oLen.getInt() > 0) bufSize = oLen.getInt();
+ 
+   GBool indexed = gFalse;
+   if (cspace.isArray() && cspace.arrayGetLength() > 0) {
+-- 
+2.21.0
+

SOURCES/poppler-0.66.0-PSOutputDev-rgb.patch

@@ -0,0 +1,372 @@
+From 64aa150a92ccb082db6a3383fa734a6ac91cf1bf Mon Sep 17 00:00:00 2001
+From: Marek Kasik <mkasik@redhat.com>
+Date: Tue, 30 Apr 2019 18:47:44 +0200
+Subject: [PATCH] PSOutputDev: Don't read outside of image buffer
+
+Check whether input image is RGB or BGR to not treat
+it as CMYK in those cases in PSOutputDev::checkPageSlice().
+
+Fixes #751
+---
+ poppler/PSOutputDev.cc | 248 ++++++++++++++++++++++++++++++++---------
+ 1 file changed, 196 insertions(+), 52 deletions(-)
+
+diff --git a/poppler/PSOutputDev.cc b/poppler/PSOutputDev.cc
+index 0d201835..155a8cbe 100644
+--- a/poppler/PSOutputDev.cc
++++ b/poppler/PSOutputDev.cc
+@@ -3385,13 +3385,21 @@ GBool PSOutputDev::checkPageSlice(Page *
+       }
+       break;
+     case psLevel1Sep:
++      GfxColor inputColor;
++      GfxCMYK cmyk;
++      unsigned char cmykColor[4];
++      GfxDeviceRGBColorSpace *rgbCS;
++      SplashColorMode colorMode;
++
++      colorMode = bitmap->getMode();
++
+       p = bitmap->getDataPtr();
+       // Check for an all gray image
+       if (getOptimizeColorSpace()) {
+         isGray = gTrue;
+         for (y = 0; y < h; ++y) {
+ 	  for (x = 0; x < w; ++x) {
+-	    if (p[4*x] != p[4*x + 1] || p[4*x] != p[4*x + 2]) {
++	    if (p[numComps*x] != p[numComps*x + 1] || p[numComps*x] != p[numComps*x + 2]) {
+ 	      isGray = gFalse;
+ 	      y = h;
+ 	      break;
+@@ -3411,7 +3419,9 @@ GBool PSOutputDev::checkPageSlice(Page *
+       col[0] = col[1] = col[2] = col[3] = 0;
+       if (isGray) {
+         int g;
+-        if ((psProcessBlack & processColors) == 0) {
++        if ((psProcessBlack & processColors) == 0 &&
++            colorMode != splashModeRGB8 &&
++            colorMode != splashModeBGR8) {
+ 	  // Check if the image uses black
+ 	  for (y = 0; y < h; ++y) {
+ 	    for (x = 0; x < w; ++x) {
+@@ -3425,59 +3435,23 @@ GBool PSOutputDev::checkPageSlice(Page *
+ 	  }
+           p = bitmap->getDataPtr() + (h - 1) * bitmap->getRowSize();
+         }
+-        for (y = 0; y < h; ++y) {
+-	  if (useBinary) {
+-	    // Binary gray image
+-	    for (x = 0; x < w; ++x) {
+-	      g = p[4*x] + p[4*x + 3];
+-	      g = 255 - g;
+-	      if (g < 0) g = 0;
+-	      hexBuf[i++] = (Guchar) g;
+-	      if (i >= 64) {
+-	        writePSBuf(hexBuf, i);
+-	        i = 0;
+-	      }
+-	    }
+-	  } else {
+-	    // Hex gray image
+-	    for (x = 0; x < w; ++x) {
+-	      g = p[4*x] + p[4*x + 3];
+-	      g = 255 - g;
+-	      if (g < 0) g = 0;
+-	      digit = g / 16;
+-	      hexBuf[i++] = digit + ((digit >= 10)? 'a' - 10: '0');
+-	      digit = g % 16;
+-	      hexBuf[i++] = digit + ((digit >= 10)? 'a' - 10: '0');
+-	      if (i >= 64) {
+-	        hexBuf[i++] = '\n';
+-	        writePSBuf(hexBuf, i);
+-	        i = 0;
+-	      }
+-	    }
+-          }
+-          p -= bitmap->getRowSize();
+-        }
+-      } else if (((psProcessCyan | psProcessMagenta | psProcessYellow | psProcessBlack) & ~processColors) != 0) {
+-	// Color image, need to check color flags for each dot
+-        for (y = 0; y < h; ++y) {
+-          for (comp = 0; comp < 4; ++comp) {
++        if (colorMode == splashModeRGB8 || colorMode != splashModeBGR8) {
++          for (y = 0; y < h; ++y) {
+ 	    if (useBinary) {
+-	      // Binary color image
++	      // Binary gray image
+ 	      for (x = 0; x < w; ++x) {
+-	        col[comp] |= p[4*x + comp];
+-	        hexBuf[i++] = p[4*x + comp];
++	        hexBuf[i++] = (Guchar) p[3*x];
+ 	        if (i >= 64) {
+ 	          writePSBuf(hexBuf, i);
+ 	          i = 0;
+ 	        }
+ 	      }
+ 	    } else {
+-	      // Gray color image
++	      // Hex gray image
+ 	      for (x = 0; x < w; ++x) {
+-	        col[comp] |= p[4*x + comp];
+-	        digit = p[4*x + comp] / 16;
++	        digit = p[3*x] / 16;
+ 	        hexBuf[i++] = digit + ((digit >= 10)? 'a' - 10: '0');
+-	        digit = p[4*x + comp] % 16;
++	        digit = p[3*x] % 16;
+ 	        hexBuf[i++] = digit + ((digit >= 10)? 'a' - 10: '0');
+ 	        if (i >= 64) {
+ 	          hexBuf[i++] = '\n';
+@@ -3485,29 +3459,31 @@ GBool PSOutputDev::checkPageSlice(Page *
+ 	          i = 0;
+ 	        }
+ 	      }
+-	    }
++            }
+           }
+-          p -= bitmap->getRowSize();
+-        }
+-      } else {
+-	// Color image, do not need to check color flags
+-        for (y = 0; y < h; ++y) {
+-          for (comp = 0; comp < 4; ++comp) {
++        } else {
++          for (y = 0; y < h; ++y) {
+ 	    if (useBinary) {
+-	      // Binary color image
++	      // Binary gray image
+ 	      for (x = 0; x < w; ++x) {
+-	        hexBuf[i++] = p[4*x + comp];
++	        g = p[4*x] + p[4*x + 3];
++	        g = 255 - g;
++	        if (g < 0) g = 0;
++	        hexBuf[i++] = (Guchar) g;
+ 	        if (i >= 64) {
+ 	          writePSBuf(hexBuf, i);
+ 	          i = 0;
+ 	        }
+ 	      }
+ 	    } else {
+-	      // Hex color image
++	      // Hex gray image
+ 	      for (x = 0; x < w; ++x) {
+-	        digit = p[4*x + comp] / 16;
++	        g = p[4*x] + p[4*x + 3];
++	        g = 255 - g;
++	        if (g < 0) g = 0;
++	        digit = g / 16;
+ 	        hexBuf[i++] = digit + ((digit >= 10)? 'a' - 10: '0');
+-	        digit = p[4*x + comp] % 16;
++	        digit = g % 16;
+ 	        hexBuf[i++] = digit + ((digit >= 10)? 'a' - 10: '0');
+ 	        if (i >= 64) {
+ 	          hexBuf[i++] = '\n';
+@@ -3515,9 +3491,207 @@ GBool PSOutputDev::checkPageSlice(Page *
+ 	          i = 0;
+ 	        }
+ 	      }
+-	    }
++            }
+           }
+-          p -= bitmap->getRowSize();
++        }
++        p -= bitmap->getRowSize();
++      } else if (((psProcessCyan | psProcessMagenta | psProcessYellow | psProcessBlack) & ~processColors) != 0) {
++	// Color image, need to check color flags for each dot
++        switch (colorMode) {
++          case splashModeRGB8:
++          case splashModeBGR8:
++            rgbCS = new GfxDeviceRGBColorSpace();
++            for (y = 0; y < h; ++y) {
++              for (comp = 0; comp < 4; ++comp) {
++	        if (useBinary) {
++	          // Binary color image
++	          for (x = 0; x < w; ++x) {
++	            if (likely(colorMode == splashModeRGB8)) {
++                      inputColor.c[0] = byteToCol(p[3*x + 0]);
++                      inputColor.c[1] = byteToCol(p[3*x + 1]);
++                      inputColor.c[2] = byteToCol(p[3*x + 2]);
++                    } else {
++                      inputColor.c[0] = byteToCol(p[3*x + 2]);
++                      inputColor.c[1] = byteToCol(p[3*x + 1]);
++                      inputColor.c[2] = byteToCol(p[3*x + 0]);
++                    }
++                    rgbCS->getCMYK(&inputColor, &cmyk);
++                    cmykColor[0] = colToByte(cmyk.c);
++                    cmykColor[1] = colToByte(cmyk.m);
++                    cmykColor[2] = colToByte(cmyk.y);
++                    cmykColor[3] = colToByte(cmyk.k);
++
++	            col[comp] |= cmykColor[comp];
++	            hexBuf[i++] = cmykColor[comp];
++	            if (i >= 64) {
++	              writePSBuf(hexBuf, i);
++	              i = 0;
++	            }
++	          }
++	        } else {
++	          // Gray color image
++	          for (x = 0; x < w; ++x) {
++	            if (likely(colorMode == splashModeRGB8)) {
++                      inputColor.c[0] = byteToCol(p[3*x + 0]);
++                      inputColor.c[1] = byteToCol(p[3*x + 1]);
++                      inputColor.c[2] = byteToCol(p[3*x + 2]);
++                    } else {
++                      inputColor.c[0] = byteToCol(p[3*x + 2]);
++                      inputColor.c[1] = byteToCol(p[3*x + 1]);
++                      inputColor.c[2] = byteToCol(p[3*x + 0]);
++                    }
++                    rgbCS->getCMYK(&inputColor, &cmyk);
++                    cmykColor[0] = colToByte(cmyk.c);
++                    cmykColor[1] = colToByte(cmyk.m);
++                    cmykColor[2] = colToByte(cmyk.y);
++                    cmykColor[3] = colToByte(cmyk.k);
++
++	            col[comp] |= cmykColor[comp];
++	            digit = cmykColor[comp] / 16;
++	            hexBuf[i++] = digit + ((digit >= 10)? 'a' - 10: '0');
++	            digit = cmykColor[comp] % 16;
++	            hexBuf[i++] = digit + ((digit >= 10)? 'a' - 10: '0');
++	            if (i >= 64) {
++	              hexBuf[i++] = '\n';
++	              writePSBuf(hexBuf, i);
++	              i = 0;
++	            }
++	          }
++	        }
++              }
++              p -= bitmap->getRowSize();
++            }
++            delete rgbCS;
++            break;
++          default:
++            for (y = 0; y < h; ++y) {
++              for (comp = 0; comp < 4; ++comp) {
++	        if (useBinary) {
++	          // Binary color image
++	          for (x = 0; x < w; ++x) {
++	            col[comp] |= p[4*x + comp];
++	            hexBuf[i++] = p[4*x + comp];
++	            if (i >= 64) {
++	              writePSBuf(hexBuf, i);
++	              i = 0;
++	            }
++	          }
++	        } else {
++	          // Gray color image
++	          for (x = 0; x < w; ++x) {
++	            col[comp] |= p[4*x + comp];
++	            digit = p[4*x + comp] / 16;
++	            hexBuf[i++] = digit + ((digit >= 10)? 'a' - 10: '0');
++	            digit = p[4*x + comp] % 16;
++	            hexBuf[i++] = digit + ((digit >= 10)? 'a' - 10: '0');
++	            if (i >= 64) {
++	              hexBuf[i++] = '\n';
++	              writePSBuf(hexBuf, i);
++	              i = 0;
++	            }
++	          }
++	        }
++              }
++              p -= bitmap->getRowSize();
++            }
++          break;
++        }
++      } else {
++	// Color image, do not need to check color flags
++        switch (colorMode) {
++          case splashModeRGB8:
++          case splashModeBGR8:
++            rgbCS = new GfxDeviceRGBColorSpace();
++            for (y = 0; y < h; ++y) {
++              for (comp = 0; comp < 4; ++comp) {
++	        if (useBinary) {
++	          // Binary color image
++	          for (x = 0; x < w; ++x) {
++	            if (likely(colorMode == splashModeRGB8)) {
++                      inputColor.c[0] = byteToCol(p[3*x + 0]);
++                      inputColor.c[1] = byteToCol(p[3*x + 1]);
++                      inputColor.c[2] = byteToCol(p[3*x + 2]);
++                    } else {
++                      inputColor.c[0] = byteToCol(p[3*x + 2]);
++                      inputColor.c[1] = byteToCol(p[3*x + 1]);
++                      inputColor.c[2] = byteToCol(p[3*x + 0]);
++                    }
++                    rgbCS->getCMYK(&inputColor, &cmyk);
++                    cmykColor[0] = colToByte(cmyk.c);
++                    cmykColor[1] = colToByte(cmyk.m);
++                    cmykColor[2] = colToByte(cmyk.y);
++                    cmykColor[3] = colToByte(cmyk.k);
++
++	            hexBuf[i++] = cmykColor[comp];
++	            if (i >= 64) {
++	              writePSBuf(hexBuf, i);
++	              i = 0;
++	            }
++	          }
++	        } else {
++	          // Hex color image
++	          for (x = 0; x < w; ++x) {
++	            if (likely(colorMode == splashModeRGB8)) {
++                      inputColor.c[0] = byteToCol(p[3*x + 0]);
++                      inputColor.c[1] = byteToCol(p[3*x + 1]);
++                      inputColor.c[2] = byteToCol(p[3*x + 2]);
++                    } else {
++                      inputColor.c[0] = byteToCol(p[3*x + 2]);
++                      inputColor.c[1] = byteToCol(p[3*x + 1]);
++                      inputColor.c[2] = byteToCol(p[3*x + 0]);
++                    }
++                    rgbCS->getCMYK(&inputColor, &cmyk);
++                    cmykColor[0] = colToByte(cmyk.c);
++                    cmykColor[1] = colToByte(cmyk.m);
++                    cmykColor[2] = colToByte(cmyk.y);
++                    cmykColor[3] = colToByte(cmyk.k);
++
++	            digit = cmykColor[comp] / 16;
++	            hexBuf[i++] = digit + ((digit >= 10)? 'a' - 10: '0');
++	            digit = cmykColor[comp] % 16;
++	            hexBuf[i++] = digit + ((digit >= 10)? 'a' - 10: '0');
++	            if (i >= 64) {
++	              hexBuf[i++] = '\n';
++	              writePSBuf(hexBuf, i);
++	              i = 0;
++	            }
++	          }
++	        }
++              }
++              p -= bitmap->getRowSize();
++            }
++            delete rgbCS;
++            break;
++          default:
++            for (y = 0; y < h; ++y) {
++              for (comp = 0; comp < 4; ++comp) {
++	        if (useBinary) {
++	          // Binary color image
++	          for (x = 0; x < w; ++x) {
++	            hexBuf[i++] = p[4*x + comp];
++	            if (i >= 64) {
++	              writePSBuf(hexBuf, i);
++	              i = 0;
++	            }
++	          }
++	        } else {
++	          // Hex color image
++	          for (x = 0; x < w; ++x) {
++	            digit = p[4*x + comp] / 16;
++	            hexBuf[i++] = digit + ((digit >= 10)? 'a' - 10: '0');
++	            digit = p[4*x + comp] % 16;
++	            hexBuf[i++] = digit + ((digit >= 10)? 'a' - 10: '0');
++	            if (i >= 64) {
++	              hexBuf[i++] = '\n';
++	              writePSBuf(hexBuf, i);
++	              i = 0;
++	            }
++	          }
++	        }
++              }
++              p -= bitmap->getRowSize();
++            }
++          break;
+         }
+       }
+       if (i != 0) {

SOURCES/poppler-0.66.0-jpeg2000-component-size.patch

@@ -0,0 +1,41 @@
+From 89a5367d49b2556a2635dbb6d48d6a6b182a2c6c Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Thu, 23 May 2019 00:54:29 +0200
+Subject: [PATCH] JPEG2000Stream: fail gracefully if not all components have
+ the same WxH
+
+I think this is just a mistake, or at least the only file we have with
+this scenario is a fuzzed one
+---
+ poppler/JPEG2000Stream.cc | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/poppler/JPEG2000Stream.cc b/poppler/JPEG2000Stream.cc
+index 15bbcae4..0eea3a2d 100644
+--- a/poppler/JPEG2000Stream.cc
++++ b/poppler/JPEG2000Stream.cc
+@@ -4,7 +4,7 @@
+ //
+ // A JPX stream decoder using OpenJPEG
+ //
+-// Copyright 2008-2010, 2012, 2017, 2018 Albert Astals Cid <aacid@kde.org>
++// Copyright 2008-2010, 2012, 2017-2019 Albert Astals Cid <aacid@kde.org>
+ // Copyright 2011 Daniel Glöckner <daniel-gl@gmx.net>
+ // Copyright 2014, 2016 Thomas Freitag <Thomas.Freitag@alfa.de>
+ // Copyright 2013, 2014 Adrian Johnson <ajohnson@redneon.com>
+@@ -253,6 +253,12 @@ void JPXStream::init()
+         close();
+         break;
+       }
++      const int componentPixels = priv->image->comps[component].w * priv->image->comps[component].h;
++      if (componentPixels != priv->npixels) {
++        error(errSyntaxWarning, -1, "Component {0:d} has different WxH than component 0", component);
++        close();
++        break;
++      }
+       unsigned char *cdata = (unsigned char *)priv->image->comps[component].data;
+       int adjust = 0;
+       int depth = priv->image->comps[component].prec;
+-- 
+2.21.0
+

SPECS/poppler.spec

@@ -4,7 +4,7 @@
 Summary: PDF rendering library
 Name:    poppler
 Version: 0.66.0
-Release: 20%{?dist}
+Release: 26%{?dist}
 License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
 URL:     http://poppler.freedesktop.org/
 Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz
@@ -70,6 +70,18 @@ Patch19: poppler-0.66.0-rescale-filter.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1691724
 Patch20: poppler-0.66.0-stack-overflow.patch
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=1618766
+Patch21: poppler-0.66.0-nss.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1713582
+Patch22:  poppler-0.66.0-jpeg2000-component-size.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1732340
+Patch23: poppler-0.66.0-JPXStream-length.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1696636
+Patch24: poppler-0.66.0-PSOutputDev-rgb.patch
+
 BuildRequires: cmake
 BuildRequires: gettext-devel
 BuildRequires: pkgconfig(cairo)
@@ -187,6 +199,7 @@ export CC="gcc -fPIC" # hack to make the cmake call pass
   -DENABLE_LIBOPENJPEG=openjpeg2 \
   -DENABLE_XPDF_HEADERS=ON \
   -DENABLE_ZLIB=OFF \
+  -DENABLE_NSS=ON \
   ..
 unset CC
 make %{?_smp_mflags}
@@ -222,7 +235,7 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
 %files
 %doc README
 %license COPYING
-%{_libdir}/libpoppler.so.77*
+%{_libdir}/libpoppler.so.78*
 
 %files devel
 %{_libdir}/pkgconfig/poppler.pc
@@ -271,6 +284,32 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
 %{_mandir}/man1/*
 
 %changelog
+* Tue Aug 13 2019 Marek Kasik <mkasik@redhat.com> - 0.66.0-26
+- Coverity scan related fixes
+- Related: #1618766
+
+* Tue Aug 13 2019 Marek Kasik <mkasik@redhat.com> - 0.66.0-25
+- Check whether input is RGB in PSOutputDev::checkPageSlice()
+- also when using "-optimizecolorspace" flag
+- Resolves: #1697576
+
+* Fri Aug 9 2019 Marek Kasik <mkasik@redhat.com> - 0.66.0-24
+- Check whether input is RGB in PSOutputDev::checkPageSlice()
+- Resolves: #1697576
+
+* Fri Aug 9 2019 Marek Kasik <mkasik@redhat.com> - 0.66.0-23
+- Ignore dict Length if it is broken
+- Resolves: #1733027
+
+* Fri Aug 9 2019 Marek Kasik <mkasik@redhat.com> - 0.66.0-22
+- Fail gracefully if not all components of JPEG2000Stream
+- have the same size
+- Resolves: #1723505
+
+* Fri Jun 28 2019 Marek Kasik <mkasik@redhat.com> - 0.66.0-21
+- Implement crypto functions using NSS
+- Resolves: #1618766
+
 * Wed Apr 3 2019 Marek Kasik <mkasik@redhat.com> - 0.66.0-20
 - Fix stack overflow on broken file
 - Resolves: #1691887