[Pkg-cups-devel] r660 - in cupsys/trunk/debian: . local local/filters
Kenshi Muto
kmuto at alioth.debian.org
Wed Dec 19 08:16:03 UTC 2007
Author: kmuto
Date: Wed Dec 19 08:16:02 2007
New Revision: 660
Log:
updates pdftops. haven't tested yet...
Added:
cupsys/trunk/debian/local/acroread.conf
cupsys/trunk/debian/local/pdftops.conf
Modified:
cupsys/trunk/debian/changelog
cupsys/trunk/debian/cupsys.install
cupsys/trunk/debian/local/filters/pdftops
Modified: cupsys/trunk/debian/changelog
==============================================================================
--- cupsys/trunk/debian/changelog (original)
+++ cupsys/trunk/debian/changelog Wed Dec 19 08:16:02 2007
@@ -1,3 +1,11 @@
+cupsys (1.3.4-5) UNRELEASED; urgency=high
+
+ [ Kenshi Muto]
+ * Update pdftops.pl to 1.20. It fixes overwriting arbitary files
+ via symlink attack. (CVE-2007-6358, closes: #456960)
+
+ -- Kenshi Muto <kmuto at debian.org> Wed, 19 Dec 2007 17:07:05 +0900
+
cupsys (1.3.4-4) unstable; urgency=high
[ Kenshi Muto]
Modified: cupsys/trunk/debian/cupsys.install
==============================================================================
--- cupsys/trunk/debian/cupsys.install (original)
+++ cupsys/trunk/debian/cupsys.install Wed Dec 19 08:16:02 2007
@@ -39,3 +39,5 @@
../local/*.ppd usr/share/ppd/cups-included/
../local/*.types usr/share/cups/mime/
../local/*.convs usr/share/cups/mime/
+../local/pdftops.conf etc/cups/
+../local/acroread.conf etc/cups/
Added: cupsys/trunk/debian/local/acroread.conf
==============================================================================
--- (empty file)
+++ cupsys/trunk/debian/local/acroread.conf Wed Dec 19 08:16:02 2007
@@ -0,0 +1,43 @@
+#
+# Configuration file for acroread as alternate pdftops filter
+#
+# 2006-09-26/Bl
+# initial
+#
+# This configuration file sets some useful default options for use of
+# the Adobe readder (acroread) as an alternate pdftops filter.
+#
+# Most of these options may be overridden by using the commandline options
+# of pdftops prefixed with 'pdf'. Example: to expand the PDF pages to match
+# the specified media size, add
+# pdf-expand
+# to the command line options.
+# We use the option names of xpdf's pdftops utility for compatibility reasons;
+# for use with acroread they are translated by the pdftops wrapper. For
+# details see the script itself.
+
+#
+# Paper size handling
+# We default to the media size in the PDF file. If acroread uses
+# the media box or the crop box is unknown to me and cannot be modified
+# by command line options, but we use the shrink to fit option by default.
+#
+shrink
+
+#
+# By default, we use level2 output, as most printers only support level2.
+# Note that acroread does no longer support level1, thus level1 will be
+# silently ignored.
+#
+level2
+
+#
+# As we convert to PostScript for printing only, we do not output comments
+# or annotations and emit all used fonts once at the beginning of the document.
+#
+optimizeForSpeed
+commentsOff
+annotsOff
+transQuality 3
+
+
Modified: cupsys/trunk/debian/local/filters/pdftops
==============================================================================
--- cupsys/trunk/debian/local/filters/pdftops (original)
+++ cupsys/trunk/debian/local/filters/pdftops Wed Dec 19 08:16:02 2007
@@ -3,22 +3,27 @@
# ==============================================================================
# 1.00 - 2004-10-05/Bl
# Initial implementation
+# 1.10 - 2006-09-27/Bl
+# Alternatively, use Adobe Reader in place of Xpdf's pdftops
+# 1.20 - 2007-12-03/Bl
+# Safe temp file creation (fix gentoo bug # 201042)
#
-# Copyright: Helge Blischke / SRZ Berlin 2004
+# Copyright: Helge Blischke / SRZ Berlin 2004-2006
# This program is free seoftware and governed by the GNU Public License Version 2.
#
# Description:
# ------------
# This program wraps the pdftops utility from the xpdf 3.00 (and higher) suite
# to behave as a CUPS filter as a replacement for the original pdftops filter.
+# As an alternative the Adobe Reader may be used.
#
# The main purpose of this approach is to keep the properties of a PDF to be
# printed as undesturbed as possible, especially with respect to page size,
# scaling, and positioning.
#
-# The pdftops utility reads a configuration file 'pdftops.conf' in the
-# CUPS_SERVERROOT directory, which must exist but may be empty. The sample
-# configuration file accompanying this program sets the defaults which
+# The pdftops utility reads a configuration file 'pdftops.conf' or 'acroread.conf',
+# respectively, in the CUPS_SERVERROOT directory, which must exist but may be empty.
+# The sample configuration file accompanying this program sets the defaults which
# seem plausible to me with respect to high end production printers.
#
# To give the user highest possible flexibility, this program accepts and
@@ -27,18 +32,26 @@
#
# pdf-pages=<f>,<l>
# expands to the -f and -l options of pdftops
+# or the -start and -end options of acroread, respectively
# to select a page range to process. This is independent
# of the page-ranges attribute and may significantly
# increase throughput when printing page ranges.
# Either of these numbers may be omitted.
#
# pdf-paper=<name>
+# For pdftops, <name> may be one of "letter", "legal",
+# "A4", "A3", or "match"; for acroread, the permetted values
+# are "letter", "legal", "tabloid", "ledger", "executive",
+# "a3", "a4", "a5", "b4", "b5", respectively (without the
+# quotes; the names are treated case independent).
+# In case of acroread, no paper specification is equivalent
+# to pdsftops's "match".
# pdf-paper=<width>x<height>
# <name> may be one of letter, legal , A4, A3, or match;
# <width> and <height> are the paper width and height
# in printers points (1/72 inch). This expands to
# either the -paper or the -paperh and -paperw options
-# of pdftops
+# of pdftops or the -size option of acroread.
#
# pdf-opw=<password>
# pdf-upw=<password>
@@ -51,23 +64,46 @@
# opi, nocrop, expand, noshrink, nocenter.
# See the pdftops manpage for a detailed description of
# the respective options.
+# In case of acroread, the options level1, level?sep, opi,
+# nocrop, noshrink, and nocenter are silently ignored.
#
# All other pdftops commandline options are refused.
#
-# When printing from STDIN, the program copies the input to a temporary file
-# in TMPDIR, which is deleted on exit.
-#
-# The return code of the pdftops utility, if nonzero, is used as the exit code
+# The return code of the pdftops utility or acroread, if nonzero, is used as the exit code
# of this program; error messages of the pdftops utility are only visible
# if 'debug' is specified as LogLevel in cupsd.conf.
+#
+# NOTE:
+# -----
+# This wrapper script has been initially designed to use the original pdftops utility
+# as a CUPS filter and now extended to alternately use acroread.
+# But there are situations where you need to be able to select either variant, thus it
+# is possible to configure the wrapper to both programs but select one of them by default;
+# the other one then may be selected by command line option:
+#
+# use-pdftops selects pdftops
+# use-acroread selects acroread
+#
+# if both are configured (by defining the appropriate configuration file).
+#
#
# Site specific parameters - modify as needed
-# ------------------------------------------------------------------------------
-$pdftops_path = "/usr/bin/pdftops"; # path to the xpdf utility
-# ------------------------------------------------------------------------------
+# ----------------------------------------------------------------------------------
+$pdftops_path = "/usr/bin/pdftops"; # path to the xpdf utility
+$acroread_path = "/usr/bin/acroread"; # path to Adobe Reader
+$default_app = 'use-pdftops'; # the default if both are configured
+# ----------------------------------------------------------------------------------
+
+use File::Temp qw( tempfile );
-use File::Copy;
+#
+# Check which app to use - pdftops or acroread
+#
+$rootdir = $ENV{CUPS_SERVERROOT} || die ("ERROR: CUPS server root directory undefined\n");
+$use_pdftops = -f "$rootdir/pdftops.conf" && -r "$rootdir/pdftops.conf";
+$use_acroread = -f "$rootdir/acroread.conf" && -r "$rootdir/acroread.conf";
+$use_both = $use_pdftops && $use_acroread;
#
# Check the arguments
@@ -82,37 +118,114 @@
$options = shift; # Textual representation of job attributes
$pdffile = shift; # Pathname of PDF file to process
-# If we are reading from STDIN, we must copy the input to a temporary file
-# as the PDF consumer needs a seekable input.
+if (defined $use_both && $use_both)
+{
+ my $optstr = " $options ";
+ my $to_use = '';
+ if ($optstr =~ /\s+(use-acroread|use-pdftops)\s+/)
+ {
+ $to_use = $1;
+ }
+ else
+ {
+ $to_use = $default_app;
+ }
+ if ($to_use eq 'use-acroread')
+ {
+ undef $use_pdftops;
+ }
+ elsif ($to_use eq 'use-pdftops')
+ {
+ undef $use_acroread;
+ }
+ else
+ {
+ die ("ERROR: cannot use both pdftops and acroread simultaneously\n");
+ }
+}
+
-if (! defined $pdffile)
+if (defined $use_pdftops)
{
- my $tmpfile = $ENV{TMPDIR} . "pdfin.$$.tmp";
- open (TEMP, ">$tmpfile") || die ("ERROR: pdftops wrapper: $tmpfile: $!\n");
- if (! copy (\*STDIN, \*TEMP))
- {
- close (TEMP);
- unlink $tmpfile;
- die ("ERROR: pdftops wrapper: $tmpfile: $!\n");
- }
- close (TEMP);
- $pdffile = $tmpfile;
- $delete_input = 1; # for deleting the temp file after converting
+ # If we are reading from STDIN, we must copy the input to a temporary file
+ # as the PDF consumer needs a seekable input.
+ if (! defined $pdffile)
+ {
+ my $template = "pdfinXXXXXX";
+ my $tmpdir = $ENV{TMPDIR};
+ my ($bytes, $buffer);
+ my ($tmpfh, $tmpfile) = tempfile ($template, OPEN => 1, DIR => $tmpdir, UNLINK => 0, SUFFIX => '.tmp');
+ while (($bytes = read (STDIN, $buffer, 1024)) > 0)
+ {
+ print $tmpfh "$buffer";
+ }
+ if ($bytes < 0)
+ {
+ close ($tmpfh);
+ unlink $tmpfile;
+ die ("ERROR: pdftops wrapper: $tmpfile: $!\n");
+ }
+ close ($tmpfh);
+ $pdffile = $tmpfile;
+ $delete_input = 1; # for deleting the temp file after converting
+ }
}
+
#
# Check the options string for options to modify the bahaviour of the pdftops utility:
#
@optarr = split (/\s+/, $options);
-$cfgfile = $ENV{CUPS_SERVERROOT} . "/pdftops.conf";
-if (-e $cfgfile) {
- $cmdopt = "-cfg " . $ENV{CUPS_SERVERROOT} . "/pdftops.conf"; # This cannot be changed
-} else {
- $cmdopt = "";
-}
-# The following are the (parameterless) command line options that may be used to change the
-# defaults defiend by pdftops.conf
-$simple = 'level1|level1sep|level2|level2sep|level3|level3sep|opi|nocrop|expand|noshrink|nocenter';
+if (defined $use_pdftops)
+{
+ $cmdopt = "-cfg " . $ENV{CUPS_SERVERROOT} . "/pdftops.conf"; # This cannot be changed
+ # The following are the (parameterless) command line options that may be used to change the
+ # defaults defiend by pdftops.conf
+ $simple = 'level1|level1sep|level2|level2sep|level3|level3sep|opi|nocrop|expand|noshrink|nocenter';
+ %papernames = (
+ 'letter' => '-paper letter',
+ 'tabloid' => '-paperw 792 -paperh 1224',
+ 'ledger' => '-paperw 1224 -paperh 792',
+ 'legal' => '-paper legal',
+ 'executive' => '-paperw 756 -paperh 522',
+ 'a3' => '-paper A3',
+ 'a4' => '-paper A4',
+ 'a5' => '-paperw 421 -paperh 595',
+ 'b4' => '-paperw 709 -paperh 1002',
+ 'b5' => '-paperw 501 -paperh 709',
+ 'match' => '-paper match'
+ );
+}
+else
+{
+ open (CFG, "<$rootdir/acroread.conf") || die ("ERROR: acroread.conf: $!\n");
+ $cmdopt = '-toPostScript';
+ while (<CFG>)
+ {
+ chomp;
+ next if (/^\s*#/); # skip comment lines
+ next if (/^\s*$/); # skip blank lines
+ s/^-\s*//; # discard leading '-' and white space, as it will be generated later
+ s/\s+$//; # discard trailing white space
+ $cmdopt .= " -$_";
+ }
+ close (CFG);
+ $simple = 'level1|level1sep|level2|level2sep|level3|level3sep|opi|nocrop|expand|noshrink|nocenter';
+ %papernames = (
+ 'letter' => '-size letter',
+ 'tabloid' => '-size tabloid',
+ 'ledger' => '-size ledger',
+ 'legal' => '-size legal',
+ 'executive' => '-size executive',
+ 'a3' => '-size a3',
+ 'a4' => '-size a4',
+ 'a5' => '-size a5',
+ 'b4' => '-size b4',
+ 'b5' => '-size b5',
+ 'match' => '' # this is the default with acroread
+ );
+}
+
foreach my $option (@optarr)
{
if ($option =~ /^pdf-(.+)$/)
@@ -125,24 +238,62 @@
# to be omitted.
my $first = $1;
my $lastp = $2;
- $cmdopt .= " -f $1" if ($1); # first page
- $cmdopt .= " -l $2" if ($2); # last page
+ if (defined $use_pdftops)
+ {
+ $cmdopt .= " -f $1" if ($1); # first page
+ $cmdopt .= " -l $2" if ($2); # last page
+ }
+ else
+ {
+ $cmdopt .= " -start $1" if ($1); # first page
+ $cmdopt .= " -end $2" if ($2); # last page
+ }
}
- elsif ($optkey =~ /^paper=(letter|legal|A4|A3|match)$/)
+ elsif ($optkey =~ /^paper=(letter|tabloid|ledger|legal|[Aa]3|[Aa]4|[Aa]5|[Bb]4|[Bb]5|match)$/)
{
- $cmdopt .= " -paper $1"; # paper name
+ # evaluate paper name
+ my $paper = $1;
+ $paper =~ tr/A-Z/a-z/;
+ my $value = $papernames{$paper};
+ $cmdopt .= " $value" if ($value);
}
elsif ($optkey =~ /^paper=(\d+)x(\d+)$/)
{
- $cmdopt .= " -paperw $1 -paperh $2"; # paper dimensions
+ # evaluate paper dimensions
+ if (defined $use_pdftops)
+ {
+ $cmdopt .= " -paperw $1 -paperh $2";
+ }
+ else
+ {
+ $cmdopt .= " -size $1" . 'x' . "$2";
+ }
}
elsif ($optkey =~ /^(o|u)pw=(\S+)$/)
{
- $cmdopt .= " $1" . 'pw ' . $2; # owner/user password
+ $cmdopt .= " $1" . 'pw ' . $2 if (defined $use_pdftops); # owner/user password
}
elsif ($optkey =~ /^($simple)$/)
{
- $cmdopt .= ' -' . $1; # allowed simple options
+ my $thisopt = $1;
+ if (defined $use_pdftops)
+ {
+ $cmdopt .= ' -' . $1; # allowed simple options
+ }
+ else
+ {
+ $thisopt =~ s/sep$//; # ignore the ...sep suffix
+ if ($thisopt =~ /level1|opi|nocrop|nocenter/)
+ {
+ $thisopt = '';
+ }
+ elsif ($thisopt eq 'noshrink')
+ {
+ $thisopt = '';
+ $cmdopt =~ s/ -shrink//;
+ }
+ $cmdopt .= " -" . $thisopt if ($thisopt);
+ }
}
else
{
@@ -154,13 +305,35 @@
#
# Complete the command
#
-warn ("ERROR: pdftops-options: $cmdopt\n");
-$rc = system ("$pdftops_path $cmdopt $pdffile -");
+if (defined $use_pdftops)
+{
+ warn ("ERROR: pdftops-options: $cmdopt\n");
+}
+else
+{
+ warn ("ERROR: acroread-options: $cmdopt\n");
+}
+if (defined $use_pdftops)
+{
+ $rc = system ("$pdftops_path $cmdopt $pdffile -");
+}
+else
+{
+ if (defined $pdffile && $pdffile)
+ {
+ $rc = system ("$acroread_path $cmdopt < $pdffile")
+ }
+ else
+ {
+ $rc = system ("$acroread_path $cmdopt");
+ }
+}
if ($rc)
{
$ir = $rc & 127;
$rc >>= 8;
- warn ("ERROR: pdftops_path exited with ", ($ir) ? "signal $ir, " : " exit code $rc", "\n");
+ my $temp = (defined $use_pdftops) ? $pdftops_path : $acroread_path;
+ warn ("ERROR: $temp exited with ", ($ir) ? "signal $ir, " : " exit code $rc", "\n");
exit $rc;
}
unlink ($pdffile) if (defined $delete_input); # Delete the temp file if any
Added: cupsys/trunk/debian/local/pdftops.conf
==============================================================================
--- (empty file)
+++ cupsys/trunk/debian/local/pdftops.conf Wed Dec 19 08:16:02 2007
@@ -0,0 +1,61 @@
+#
+# Configuration file for the alternate pdftops filter
+#
+# 2004-10-05/Bl
+# initial
+#
+# This configuration file defaults the configuration settings for xpdf's pdftops
+# utility for use as a CUPS filter (under the pdftops wrapper). Short of
+# unicode handling, those options are listed which are (or seem to me) relevant
+# to convert PDFs to PostScript suitable for production printers.
+#
+# Most of these options may be overridden by osing the commandline options
+# pr pdftops prefixed with 'pdf'. Example: to enable OPI handling, add
+# pdf-opi
+# to the command line options. For the details see the pdftops wrapper.
+
+#
+# Where to search for fonts not embedded in the PDF (currently, Type1 fonts only)
+#
+fontDir /PostScript/pfa
+
+#
+# Paper size handling
+# We default to the media size specified in the PDF file.
+# If a crop box is specified, it wil be used, otherwise the media box instead.
+# By default, we use this size as imageable area.
+#
+psPaperSize match
+psCrop yes
+psExpandSmaller no
+psShrinkLarger no
+psCenter yes
+
+#
+# As we have (level 2) printers which don't understand CID fonts, we produce level 2
+# output.
+#
+psLevel level2
+
+#
+# Font handling.
+# We embed all fonts embedded in the PDF in the generated PS (level2 compatible composite
+# fonts in case of CID fonts.
+#
+psEmbedType1Fonts yes
+psEmbedTrueTypeFonts yes
+psEmbedCIDTrueTypeFonts yes
+psEmbedCIDPostScriptFonts yes
+
+#
+# OPI.
+# As OPI handling is rather uncommon to printers, disable it by default. But it may be
+# enabled by print command attribute.
+#
+psOPI no
+
+#
+# Use ASCII85 encoding.
+#
+psASCIIHex no
+
More information about the Pkg-cups-devel
mailing list