Hello community, here is the log from the commit of package poppler for openSUSE:Factory checked in at 2017-06-16 10:53:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/poppler (Old) and /work/SRC/openSUSE:Factory/.poppler.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "poppler" Fri Jun 16 10:53:49 2017 rev:138 rq:503259 version:0.55.0 Changes: -------- --- /work/SRC/openSUSE:Factory/poppler/poppler-qt.changes 2017-06-01 16:29:06.897745289 +0200 +++ /work/SRC/openSUSE:Factory/.poppler.new/poppler-qt.changes 2017-06-16 10:53:50.879399624 +0200 @@ -1,0 +2,9 @@ +Sun Jun 11 16:56:04 UTC 2017 - zai...@opensuse.org + +- Add poppler-pdfunite-fix-crash-with-broken-documents.patch: + pdfunite: Fix crash with broken documents. Sometimes we can't + parse pages so check before accessing them (bsc#1043088, + bsc#1041783, CVE-2017-7515, CVE-2017-7511, fdo#101153, + fdo#101149). + +------------------------------------------------------------------- poppler-qt5.changes: same change poppler.changes: same change New: ---- poppler-pdfunite-fix-crash-with-broken-documents.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ poppler-qt.spec ++++++ --- /var/tmp/diff_new_pack.j3TFSA/_old 2017-06-16 10:53:52.579160344 +0200 +++ /var/tmp/diff_new_pack.j3TFSA/_new 2017-06-16 10:53:52.583159782 +0200 @@ -38,6 +38,8 @@ Group: System/Libraries Source: http://poppler.freedesktop.org/%{_name}-%{version}.tar.xz Source99: baselibs.conf +# PATCH-FIX-UPSTREAM poppler-pdfunite-fix-crash-with-broken-documents.patch fdo#101153 fdo#101149 zai...@opensuse.org -- pdfunite: Fix crash with broken documents +Patch0: poppler-pdfunite-fix-crash-with-broken-documents.patch BuildRequires: gcc-c++ BuildRequires: gobject-introspection-devel BuildRequires: libjpeg-devel @@ -226,6 +228,7 @@ %prep %setup -q -n poppler-%{version} +%patch0 -p1 %build %if %build_qt5 poppler-qt5.spec: same change ++++++ poppler.spec ++++++ --- /var/tmp/diff_new_pack.j3TFSA/_old 2017-06-16 10:53:52.643151336 +0200 +++ /var/tmp/diff_new_pack.j3TFSA/_new 2017-06-16 10:53:52.643151336 +0200 @@ -38,6 +38,8 @@ Group: System/Libraries Source: http://poppler.freedesktop.org/%{_name}-%{version}.tar.xz Source99: baselibs.conf +# PATCH-FIX-UPSTREAM poppler-pdfunite-fix-crash-with-broken-documents.patch fdo#101153 fdo#101149 zai...@opensuse.org -- pdfunite: Fix crash with broken documents +Patch0: poppler-pdfunite-fix-crash-with-broken-documents.patch BuildRequires: gcc-c++ BuildRequires: gobject-introspection-devel BuildRequires: libjpeg-devel @@ -226,6 +228,7 @@ %prep %setup -q -n poppler-%{version} +%patch0 -p1 %build %if %build_qt5 ++++++ poppler-pdfunite-fix-crash-with-broken-documents.patch ++++++ >From 5c9b08a875b07853be6c44e43ff5f7f059df666a Mon Sep 17 00:00:00 2001 From: Albert Astals Cid <aa...@kde.org> Date: Sat, 27 May 2017 00:09:17 +0200 Subject: pdfunite: Fix crash with broken documents Sometimes we can't parse pages so check before accessing them Thanks to Jiaqi Peng for the report Fixes bugs #101153 and #101149 diff --git a/utils/pdfunite.cc b/utils/pdfunite.cc index dfe48bf..c32e201 100644 --- a/utils/pdfunite.cc +++ b/utils/pdfunite.cc @@ -7,7 +7,7 @@ // Copyright (C) 2011-2015, 2017 Thomas Freitag <thomas.frei...@alfa.de> // Copyright (C) 2012 Arseny Solokha <asolo...@gmx.com> // Copyright (C) 2012 Fabio D'Urso <fabiodu...@hotmail.it> -// Copyright (C) 2012, 2014 Albert Astals Cid <aa...@kde.org> +// Copyright (C) 2012, 2014, 2017 Albert Astals Cid <aa...@kde.org> // Copyright (C) 2013 Adrian Johnson <ajohn...@redneon.com> // Copyright (C) 2013 Hib Eris <h...@hiberis.nl> // Copyright (C) 2015 Arthur Stavisky <vovodr...@gmail.com> @@ -268,15 +268,15 @@ int main (int argc, char *argv[]) catDict->lookup("OutputIntents", &intents); catDict->lookupNF("AcroForm", &afObj); Ref *refPage = docs[0]->getCatalog()->getPageRef(1); - if (!afObj.isNull()) { + if (!afObj.isNull() && refPage) { docs[0]->markAcroForm(&afObj, yRef, countRef, 0, refPage->num, refPage->num); } catDict->lookupNF("OCProperties", &ocObj); - if (!ocObj.isNull() && ocObj.isDict()) { + if (!ocObj.isNull() && ocObj.isDict() && refPage) { docs[0]->markPageObjects(ocObj.getDict(), yRef, countRef, 0, refPage->num, refPage->num); } catDict->lookup("Names", &names); - if (!names.isNull() && names.isDict()) { + if (!names.isNull() && names.isDict() && refPage) { docs[0]->markPageObjects(names.getDict(), yRef, countRef, 0, refPage->num, refPage->num); } if (intents.isArray() && intents.arrayGetLength() > 0) { @@ -353,6 +353,10 @@ int main (int argc, char *argv[]) for (i = 0; i < (int) docs.size(); i++) { for (j = 1; j <= docs[i]->getNumPages(); j++) { + if (!docs[i]->getCatalog()->getPage(j)) { + continue; + } + PDFRectangle *cropBox = NULL; if (docs[i]->getCatalog()->getPage(j)->isCropped()) cropBox = docs[i]->getCatalog()->getPage(j)->getCropBox(); -- cgit v0.10.2