diff --git a/poppler-24.02.0-cert-db.patch b/poppler-24.02.0-cert-db.patch new file mode 100644 index 0000000..29d6c85 --- /dev/null +++ b/poppler-24.02.0-cert-db.patch @@ -0,0 +1,82 @@ +--- poppler-24.02.0/poppler/NSSCryptoSignBackend.cc ++++ poppler-24.02.0/poppler/NSSCryptoSignBackend.cc +@@ -15,7 +15,7 @@ + // Copyright 2020 Thorsten Behrens + // Copyright 2020 Klarälvdalens Datakonsult AB, a KDAB Group company, . Work sponsored by Technische Universität Dresden + // Copyright 2021 Theofilos Intzoglou +-// Copyright 2021 Marek Kasik ++// Copyright 2021, 2025, 2026 Marek Kasik + // Copyright 2022 Erich E. Hoover + // Copyright 2023 Tobias Deiminger + // Copyright 2023 g10 Code GmbH, Author: Sune Stolborg Vuorela +@@ -31,6 +31,7 @@ + + #include + #include ++#include + + #include + +@@ -679,28 +680,54 @@ std::unique_ptr NSS + + static std::optional getDefaultFirefoxCertDB() + { ++ std::vector firefoxPaths; ++ + #ifdef _WIN32 + const char *env = getenv("APPDATA"); + if (!env) { + return {}; + } +- const std::string firefoxPath = std::string(env) + "/Mozilla/Firefox/Profiles/"; ++ firefoxPaths.emplace_back(std::string(env) + "/Mozilla/Firefox/Profiles/"); + #else + const char *env = getenv("HOME"); ++ const char *xdg_config_home = getenv("XDG_CONFIG_HOME"); ++ const char *legacy = getenv("MOZ_LEGACY_HOME"); + if (!env) { + return {}; + } +- const std::string firefoxPath = std::string(env) + "/.mozilla/firefox/"; ++ const std::string firefoxLegacyPath = std::string(env) + "/.mozilla/firefox/"; ++ ++ if (legacy == nullptr || legacy[0] != '1') { ++ if (xdg_config_home != nullptr) { ++ firefoxPaths.emplace_back(std::string(xdg_config_home) + "/mozilla/firefox/"); ++ } else { ++ firefoxPaths.emplace_back(std::string(env) + "/.config/mozilla/firefox/"); ++ } ++ } ++ firefoxPaths.emplace_back(firefoxLegacyPath); + #endif + +- GDir firefoxDir(firefoxPath.c_str()); +- std::unique_ptr entry; +- while (entry = firefoxDir.getNextEntry(), entry != nullptr) { +- if (entry->isDir() && entry->getName()->toStr().find("default") != std::string::npos) { +- return entry->getFullPath()->toStr(); ++ std::error_code ec; // ensures directory_iterator doesn't throw exceptions ++ std::optional latestDir; ++ std::filesystem::file_time_type latestWriteTime; ++ for (const std::string &firefoxPath : firefoxPaths) { ++ for (const auto &entry : std::filesystem::directory_iterator { firefoxPath, ec }) { ++ if (entry.is_directory() && entry.path().string().find("default") != std::string::npos) { ++ const auto certPath = entry.path() / "cert9.db"; ++ if (std::filesystem::exists(certPath, ec) && std::filesystem::is_regular_file(certPath, ec)) { ++ const auto writeTime = std::filesystem::last_write_time(certPath, ec); ++ if (!latestDir.has_value() || writeTime > latestWriteTime) { ++ latestWriteTime = writeTime; ++ latestDir = entry.path().string(); ++ } ++ } ++ } ++ } ++ if (latestDir.has_value()) { ++ break; + } + } +- return {}; ++ return latestDir; + } + + std::string NSSSignatureConfiguration::sNssDir; diff --git a/poppler.spec b/poppler.spec index ae4136d..4804439 100644 --- a/poppler.spec +++ b/poppler.spec @@ -17,7 +17,7 @@ Summary: PDF rendering library Name: poppler Version: 24.02.0 -Release: 7%{?dist} +Release: 8%{?dist} License: (GPL-2.0-only OR GPL-3.0-only) AND GPL-2.0-or-later AND LGPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: http://poppler.freedesktop.org/ Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz @@ -35,6 +35,8 @@ Patch5: poppler-24.02.0-covscan.patch Patch6: poppler-24.02.0-check-bitmap-in-combine.patch +Patch7: poppler-24.02.0-cert-db.patch + BuildRequires: make BuildRequires: cmake BuildRequires: gcc-c++ @@ -287,6 +289,10 @@ test "$(pkg-config --modversion poppler-qt6)" = "%{version}" %{_mandir}/man1/* %changelog +* Thu Mar 5 2026 Marek Kasik - 24.02.0-8 +- Search for signing certificates in more places +- Resolves: RHEL-145379 + * Mon Dec 15 2025 Marek Kasik - 24.02.0-7 - Check bitmap in combine() - Resolves: RHEL-131783, RHEL-131782