Bug#607018: marked as done (generates random owner password if only user password is set)

[Debian Bug Tracking System]

Your message dated Tue, 14 Dec 2010 20:33:53 +0000
with message-id <e1psbzj-0005q2...@franck.debian.org>
and subject line Bug#607018: fixed in pdftk 1.41+dfsg-10
has caused the Debian Bug report #607018,
regarding generates random owner password if only user password is set
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
607018: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607018
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: pdftk
Version: 1.41+dfsg-9
Severity: serious
Tags: patch

The command
 pdftk file.pdf output file-encrypted.pdf user_pw thePassword
sets not only a user password, but a random owner password.
Therefore the encryption pdf file is not usable for further usage by
pdftk or other pdf tools due to the fact that the owner password is
unknown.

The attached patch solve this by setting the owner password to the user
password in this case which means that no owner password is set
according to the PDF specification [1].


[1]: Section 3.5.2 of
http://partners.adobe.com/public/developer/en/pdf/PDFReference16.pdf

Description: Set 'no owner password' by setting the owner password to the user password.
 This patch solves the issue of generating random owner passwords by the
 setEncryption routine of itext if the supplied owner password has zero length.

 According to the PDF specification, the meaning of 'no owner password' is archived
 by setting the owner password equal to the user password.

Author: Johann Felix Soden <joh...@gmx.de>

--- a/pdftk/pdftk.cc
+++ b/pdftk/pdftk.cc
@@ -2193,6 +2193,10 @@
 			prompt_for_password( "user", "the output PDF", m_output_user_pw );
 		}
 
+		if( m_output_owner_pw.empty() && !m_output_user_pw.empty() ) {
+			m_output_owner_pw= m_output_user_pw;
+		}
+
 		jbyteArray output_owner_pw_p= JvNewByteArray( m_output_owner_pw.size() ); {
 			jbyte* pw_p= elements(output_owner_pw_p);
 			memcpy( pw_p, m_output_owner_pw.c_str(), m_output_owner_pw.size() ); 

--- End Message ---

--- Begin Message ---

Source: pdftk
Source-Version: 1.41+dfsg-10

We believe that the bug you reported is fixed in the latest version of
pdftk, which is due to be installed in the Debian FTP archive:

pdftk_1.41+dfsg-10.debian.tar.gz
  to main/p/pdftk/pdftk_1.41+dfsg-10.debian.tar.gz
pdftk_1.41+dfsg-10.dsc
  to main/p/pdftk/pdftk_1.41+dfsg-10.dsc
pdftk_1.41+dfsg-10_i386.deb
  to main/p/pdftk/pdftk_1.41+dfsg-10_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 607...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Johann Felix Soden <joh...@gmx.de> (supplier of updated pdftk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 14 Dec 2010 20:36:20 +0100
Source: pdftk
Binary: pdftk
Architecture: source i386
Version: 1.41+dfsg-10
Distribution: unstable
Urgency: high
Maintainer: Johann Felix Soden <joh...@gmx.de>
Changed-By: Johann Felix Soden <joh...@gmx.de>
Description: 
 pdftk      - tool for manipulating PDF documents
Closes: 607018
Changes: 
 pdftk (1.41+dfsg-10) unstable; urgency=high
 .
   * Do not create a random owner password if only user password should
     be set. (Closes: #607018)
Checksums-Sha1: 
 0a36718cfd4c56394f3f96e348833c8da51d124d 1878 pdftk_1.41+dfsg-10.dsc
 ff77f65545c3a39ac052e515644d347f1aaf4410 31161 pdftk_1.41+dfsg-10.debian.tar.gz
 894865f601859d6596a04562cbf58b5fd67a759e 85798 pdftk_1.41+dfsg-10_i386.deb
Checksums-Sha256: 
 87b621ebbb35d9aa6d50eff48257ade7ae0c3706480bc571ccb02b6bfdf71478 1878 
pdftk_1.41+dfsg-10.dsc
 4af85a85ca0959b93c38161e451544546d3f7f1a5b6766013aaeac312fd91f70 31161 
pdftk_1.41+dfsg-10.debian.tar.gz
 b19bd196a8e20d0a1ab3eae6f551503f1e79e9af290d4166a189f23148b57f0d 85798 
pdftk_1.41+dfsg-10_i386.deb
Files: 
 49089fa12a1255d4a6f171dbcabaf0f3 1878 text optional pdftk_1.41+dfsg-10.dsc
 602a2958d02a6c107720528b7ac117c0 31161 text optional 
pdftk_1.41+dfsg-10.debian.tar.gz
 183076dfb65da5d7d4c44e5ac924ba55 85798 text optional 
pdftk_1.41+dfsg-10_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCgAGBQJNB85MAAoJEINZGTv9ywnEwckP/3jR7orXSTT+T/vPQvnSvfaa
qYRnnGL5ZatJqZtEcm/YilgQgmHZ4JJn6S+PKoEAxIx8T2PqSSEG4KCGgZWgLuJ4
8AeJ0HsbZdiXftkec5Ot1bjr7OoNiVVxtVbx7gI1mjkPpDTFbvxfV2ehVMbVswnD
avEG9VkLxgwDnK5W7kzBGnZHyIEsa/+p1pgzIH9LpuXnH4twv026/1V5ZHF03c+M
akyj7v0T6/CsdbE1a9EXQlpOPc/6Hb89ymf3ShkgDNm6CU+MTmAA22h6FG6shud8
JGRB+soWUathzaEnnQmH+Dxcv5JYq+OGZjjIUBXVCpleqTSZR5Fl0RBIPDsvKCsc
AD2vaLupUYtgRA1LcjjVMSEDeHdDyTHCnqhNyXQy6Okm48g5hPSLtjplf+bx7DEA
AG+ZV+q4wTl+h8jnUB/l5dt6rfbt39noP2ntMrg2AB5m67NWs5biYVK2BQlKLVta
ZoZXdVe9Y5ywcKO6Ngv1gH9r5XNjIXSoCSM/N+FZ1sjnv/BE24EIYPf9Pz7/gIwd
2oU3fOmbfVkdZdwX8p3n3aum/JZVR2vYlRb8/Mcg+BYCcCozStf4dstdPUcS+LK1
ZYiswJdgFO30GQ7hE//MLsmgLxFN+A2KLOo5O0B0+ofuEwPKbf71uTeNuO02as/Q
b36PidyojYM8T19msYdN
=7Jm3
-----END PGP SIGNATURE-----

--- End Message ---