Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package poppler for openSUSE:Factory checked in at 2025-12-17 17:32:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/poppler (Old) and /work/SRC/openSUSE:Factory/.poppler.new.1939 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "poppler" Wed Dec 17 17:32:46 2025 rev:221 rq:1323155 version:25.12.0 Changes: -------- --- /work/SRC/openSUSE:Factory/poppler/poppler.changes 2025-12-10 15:29:34.139808088 +0100 +++ /work/SRC/openSUSE:Factory/.poppler.new.1939/poppler.changes 2025-12-17 17:36:16.191400340 +0100 @@ -1,0 +2,38 @@ +Tue Dec 9 14:12:46 UTC 2025 - Petr Gajdos <[email protected]> + +- version update to 25.12.0: + core: + * Be less strict about the Page Annots object being correct. Issue #1641 + * Fix rendering of some annotations. Issue #1642 + * TextOuputDev: change default line ending to \n + * Splash: Performance improvements + * Ignore color operators when painting a Type3 font with d1 + * Internal code improvements + * Fix crashes in malformed documents + * NSS Signatures: Tweak the logic that decides which firefox profile to use + * NSS Signatures: call PORT_GetError() only if the preceding CERT_PKIXVerifyCert() fails + * Splash: Performance improvements + * Fix crashes in malformed documents + * Fix image signature getting lost + * Don't embed substitutions for base14 fonts + * Form font improvements + * Handle signatures padded with random data + * Add feature to Ink annotation to render with multiply blend mode + * Internal code improvements + * Fix crashes in malformed documents + utils: + * pdfsig: specify search order for NSS certificate database on the man page + build system: + * Switch to C++23 + glib: + * Fix ocsp check for signatures validation + * Fix warning when running glib-mkenums + * Fix signature text + * Add feature to Ink annotation to render with multiply blend mode + cpp: + * Added embedded_file::unicodeName function +- fixes CVE-2025-11896 [bsc#1252337] + CVE-2025-52885 [bsc#1251940] + (removed poppler-CVE-2025-11896.patch and poppler-CVE-2025-52885.patch) + +------------------------------------------------------------------- Old: ---- poppler-25.09.1.tar.xz poppler-25.09.1.tar.xz.sig poppler-CVE-2025-11896.patch poppler-CVE-2025-52885.patch New: ---- poppler-25.12.0.tar.xz poppler-25.12.0.tar.xz.sig ----------(Old B)---------- Old: CVE-2025-52885 [bsc#1251940] (removed poppler-CVE-2025-11896.patch and poppler-CVE-2025-52885.patch) Old: CVE-2025-52885 [bsc#1251940] (removed poppler-CVE-2025-11896.patch and poppler-CVE-2025-52885.patch) ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ poppler.spec ++++++ --- /var/tmp/diff_new_pack.kUyJwF/_old 2025-12-17 17:36:17.239444386 +0100 +++ /var/tmp/diff_new_pack.kUyJwF/_new 2025-12-17 17:36:17.243444553 +0100 @@ -1,6 +1,7 @@ # # spec file for package poppler # +# Copyright (c) 2025 SUSE LLC # Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties @@ -24,7 +25,7 @@ %endif # Actual version of poppler-data: %define poppler_data_version 0.4.11 -%define poppler_sover 153 +%define poppler_sover 155 %define poppler_cpp_sover 2 %define poppler_glib_sover 8 %define poppler_qt5_sover 1 @@ -32,7 +33,7 @@ %define poppler_api 0.18 %define poppler_apipkg 0_18 Name: poppler%{?psuffix} -Version: 25.09.1 +Version: 25.12.0 Release: 0 Summary: PDF Rendering Library License: GPL-2.0-only OR GPL-3.0-only @@ -42,10 +43,6 @@ Source1: %{url}/%{sname}-%{version}.tar.xz.sig Source90: poppler.keyring Source99: baselibs.conf -# CVE-2025-52885 [bsc#1251940], raw pointers can lead to dangling pointers when the vector is resized -Patch0: poppler-CVE-2025-52885.patch -# CVE-2025-11896 [bsc#1252337], infinite recursion leading to stack overflow due to object loop in PDF CMap -Patch1: poppler-CVE-2025-11896.patch BuildRequires: cmake >= 3.10 BuildRequires: gtk-doc ++++++ poppler-25.09.1.tar.xz -> poppler-25.12.0.tar.xz ++++++ ++++ 14272 lines of diff (skipped)
