Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-PyPDF2 for openSUSE:Factory checked in at 2026-03-10 17:57:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-PyPDF2 (Old) and /work/SRC/openSUSE:Factory/.python-PyPDF2.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-PyPDF2" Tue Mar 10 17:57:06 2026 rev:15 rq:1337928 version:2.11.1 Changes: -------- --- /work/SRC/openSUSE:Factory/python-PyPDF2/python-PyPDF2.changes 2026-03-04 21:05:28.129056082 +0100 +++ /work/SRC/openSUSE:Factory/.python-PyPDF2.new.8177/python-PyPDF2.changes 2026-03-10 18:01:43.808374813 +0100 @@ -1,0 +2,7 @@ +Tue Mar 10 08:54:29 UTC 2026 - Daniel Garcia <[email protected]> + +- CVE-2026-28804: Denial of Service via crafted PDF with ASCIIHexDecode filter, bsc#1259404 + Add security patch: CVE-2026-28804.patch +- Update sources with osc run download_files + +------------------------------------------------------------------- New: ---- CVE-2026-28804.patch ----------(New B)---------- New:- CVE-2026-28804: Denial of Service via crafted PDF with ASCIIHexDecode filter, bsc#1259404 Add security patch: CVE-2026-28804.patch - Update sources with osc run download_files ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-PyPDF2.spec ++++++ --- /var/tmp/diff_new_pack.RVRePb/_old 2026-03-10 18:01:46.644491416 +0100 +++ /var/tmp/diff_new_pack.RVRePb/_new 2026-03-10 18:01:46.668492403 +0100 @@ -37,6 +37,8 @@ Patch4: CVE-2026-27628.patch # PATCH-FIX-UPSTREAM CVE-2026-27888.patch bsc#1258934 Patch5: CVE-2026-27888.patch +# PATCH-FIX-UPSTREAM CVE-2026-28804.patch bsc#1259404 +Patch6: CVE-2026-28804.patch BuildRequires: %{python_module pip} BuildRequires: %{python_module setuptools} BuildRequires: %{python_module wheel} @@ -61,7 +63,7 @@ It is therefore a useful tool for websites that manage or manipulate PDFs. %prep -%autosetup -p1 -n PyPDF2-%{version} +%autosetup -p1 -n pypdf-%{version} #remove unwanted shebang sed -i '/^#!/ d' PyPDF2/pagerange.py ++++++ 2.11.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-PyPDF2/2.11.1.tar.gz /work/SRC/openSUSE:Factory/.python-PyPDF2.new.8177/2.11.1.tar.gz differ: char 28, line 1 ++++++ CVE-2026-28804.patch ++++++ Index: PyPDF2-2.11.1/tests/test_filters.py =================================================================== --- PyPDF2-2.11.1.orig/tests/test_filters.py +++ PyPDF2-2.11.1/tests/test_filters.py @@ -228,3 +228,9 @@ def test_issue_399(): name = "tika-976970.pdf" reader = PdfReader(BytesIO(get_pdf_from_url(url, name=name))) reader.pages[1].extract_text() + + [email protected](10) +def test_asciihexdecode__speed(): + encoded = (b"41" * 1_200_000) + b">" + ASCIIHexDecode.decode(encoded) Index: PyPDF2-2.11.1/PyPDF2/filters.py =================================================================== --- PyPDF2-2.11.1.orig/PyPDF2/filters.py +++ PyPDF2-2.11.1/PyPDF2/filters.py @@ -34,6 +34,7 @@ See TABLE H.1 Abbreviations for standard __author__ = "Mathieu Fenniak" __author_email__ = "[email protected]" +import binascii import math import struct import zlib @@ -49,7 +50,7 @@ except ImportError: # For older Python versions, the backport typing_extensions is necessary: from typing_extensions import Literal # type: ignore[misc] -from ._utils import b_, deprecate_with_replacement, ord_, paeth_predictor +from ._utils import b_, deprecate_with_replacement, ord_, paeth_predictor, logger_warning from .constants import CcittFaxDecodeParameters as CCITT from .constants import ColorSpaces from .constants import FilterTypeAbbreviations as FTA @@ -242,25 +243,29 @@ class ASCIIHexDecode: if "decodeParms" in kwargs: # pragma: no cover deprecate_with_replacement("decodeParms", "parameters", "4.0.0") decode_parms = kwargs["decodeParms"] # noqa: F841 - retval = "" - hex_pair = "" - index = 0 - while True: - if index >= len(data): - raise PdfStreamError("Unexpected EOD in ASCIIHexDecode") - char = data[index] - if char == ">": - break - elif char.isspace(): - index += 1 - continue - hex_pair += char - if len(hex_pair) == 2: - retval += chr(int(hex_pair, base=16)) - hex_pair = "" - index += 1 - assert hex_pair == "" - return retval + + if isinstance(data, str): + data = data.encode() + + # Stop at EOD + eod = data.find(b">") + if eod == -1: + logger_warning( + "missing EOD in ASCIIHexDecode, check if output is OK", + __name__, + ) + hex_data = data + else: + hex_data = data[:eod] + + # Remove whitespace + hex_data = b"".join(hex_data.split()) + + # Pad if odd length + if len(hex_data) % 2 == 1: + hex_data += b"0" + + return binascii.unhexlify(hex_data).decode() class LZWDecode:
