Resolves: rhbz#1456828 CVE-2017-7511 Null pointer deference

0001-pdfunite-Fix-crash-with-broken-documents.patch

@@ -0,0 +1,60 @@
+From 5c9b08a875b07853be6c44e43ff5f7f059df666a Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Sat, 27 May 2017 00:09:17 +0200
+Subject: [PATCH] pdfunite: Fix crash with broken documents
+
+Sometimes we can't parse pages so check before accessing them
+
+Thanks to Jiaqi Peng for the report
+
+Fixes bugs #101153 and #101149
+---
+ utils/pdfunite.cc | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/utils/pdfunite.cc b/utils/pdfunite.cc
+index dfe48bf..c32e201 100644
+--- a/utils/pdfunite.cc
++++ b/utils/pdfunite.cc
+@@ -7,7 +7,7 @@
+ // Copyright (C) 2011-2015, 2017 Thomas Freitag <Thomas.Freitag@alfa.de>
+ // Copyright (C) 2012 Arseny Solokha <asolokha@gmx.com>
+ // Copyright (C) 2012 Fabio D'Urso <fabiodurso@hotmail.it>
+-// Copyright (C) 2012, 2014 Albert Astals Cid <aacid@kde.org>
++// Copyright (C) 2012, 2014, 2017 Albert Astals Cid <aacid@kde.org>
+ // Copyright (C) 2013 Adrian Johnson <ajohnson@redneon.com>
+ // Copyright (C) 2013 Hib Eris <hib@hiberis.nl>
+ // Copyright (C) 2015 Arthur Stavisky <vovodroid@gmail.com>
+@@ -268,15 +268,15 @@ int main (int argc, char *argv[])
+     catDict->lookup("OutputIntents", &intents);
+     catDict->lookupNF("AcroForm", &afObj);
+     Ref *refPage = docs[0]->getCatalog()->getPageRef(1);
+-    if (!afObj.isNull()) {
++    if (!afObj.isNull() && refPage) {
+       docs[0]->markAcroForm(&afObj, yRef, countRef, 0, refPage->num, refPage->num);
+     }
+     catDict->lookupNF("OCProperties", &ocObj);
+-    if (!ocObj.isNull() && ocObj.isDict()) {
++    if (!ocObj.isNull() && ocObj.isDict() && refPage) {
+       docs[0]->markPageObjects(ocObj.getDict(), yRef, countRef, 0, refPage->num, refPage->num);
+     }
+     catDict->lookup("Names", &names);
+-    if (!names.isNull() && names.isDict()) {
++    if (!names.isNull() && names.isDict() && refPage) {
+       docs[0]->markPageObjects(names.getDict(), yRef, countRef, 0, refPage->num, refPage->num);
+     }
+     if (intents.isArray() && intents.arrayGetLength() > 0) {
+@@ -353,6 +353,10 @@ int main (int argc, char *argv[])
+ 
+   for (i = 0; i < (int) docs.size(); i++) {
+     for (j = 1; j <= docs[i]->getNumPages(); j++) {
++      if (!docs[i]->getCatalog()->getPage(j)) {
++        continue;
++      }
++
+       PDFRectangle *cropBox = NULL;
+       if (docs[i]->getCatalog()->getPage(j)->isCropped())
+         cropBox = docs[i]->getCatalog()->getPage(j)->getCropBox();
+-- 
+2.9.3
+

poppler.spec

@@ -4,7 +4,7 @@
 Summary: PDF rendering library
 Name:    poppler
 Version: 0.55.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
 URL:     http://poppler.freedesktop.org/
 Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz
@@ -13,6 +13,7 @@ Source1: %{name}-test-%{test_date}_%{test_sha}.tar.xz
 
 # https://bugzilla.redhat.com/show_bug.cgi?id=1185007
 Patch0:  poppler-0.30.0-rotated-words-selection.patch
+Patch1:  0001-pdfunite-Fix-crash-with-broken-documents.patch
 
 BuildRequires: gettext-devel
 BuildRequires: pkgconfig(cairo)
@@ -277,6 +278,9 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
 %{_bindir}/poppler-glib-demo
 
 %changelog
+* Tue May 30 2017 Caolán McNamara <caolanm@redhat.com> - 0.51.0-2
+- Resolves: rhbz#1456828 CVE-2017-7511 Null pointer deference
+
 * Tue May 23 2017 David Tardon <dtardon@redhat.com> - 0.55.0-1
 - new upstream release