Thanks Albert for merging it.
Yes it's not finished and I'm intending to pick up last summer's work on the
glib frontend part.
I agree that we should close this bug and open specific ones to track
the frontend development or any other issue we find with the core code.
--
You received this bug
Thanks Albert for merging it.
Yes it's not finished and I'm intending to pick up last summer's work on the
glib frontend part.
I agree that we should close this bug and open specific ones to track
the frontend development or any other issue we find with the core code.
--
You received this bug
I'm in favour of Adrian's patch. It's an improvement with additional sanity
checks on the ByteRange values.
Indeed I tried to see if you could check if a given ByteRange covers the whole
document and also found no easy way to do it with existing poppler
functions/APIs.
--
You received this
I'm in favour of Adrian's patch. It's an improvement with additional sanity
checks on the ByteRange values.
Indeed I tried to see if you could check if a given ByteRange covers the whole
document and also found no easy way to do it with existing poppler
functions/APIs.
--
You received this
Created attachment 120992
Load NSS root certs module
This change is needed to actually do certificate validation, because as
it is NSS is trying to load the module which contains all the builtin
root certs from the Firefox profile directory where it is usually
missing. This way it will load the
Created attachment 120992
Load NSS root certs module
This change is needed to actually do certificate validation, because as
it is NSS is trying to load the module which contains all the builtin
root certs from the Firefox profile directory where it is usually
missing. This way it will load the
Created attachment 120434
Improve robustness of SignatureHandler::validateCertificate
This patch adds additional NULL-checking in
SignatureHandler::validateCertificate() which avoids segfault for some
signatures like the one contained here:
Created attachment 120434
Improve robustness of SignatureHandler::validateCertificate
This patch adds additional NULL-checking in
SignatureHandler::validateCertificate() which avoids segfault for some
signatures like the one contained here:
(In reply to Adrian Johnson from comment #79)
> + r_values[0] = r2.isInt64() ? r2.getInt64() : r2.getInt();
> + r_values[1] = r3.isInt64() ? r3.getInt64() : r3.getInt();
> + r_values[2] = r4.isInt64() ? r4.getInt64() : r4.getInt();
>
> According the PDF Reference, the ByteRange array contains
Created attachment 119283
Manpage improvement
Here's an improvement to the manpage.
Corrected a typo and added some missing context
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
Created attachment 119283
Manpage improvement
Here's an improvement to the manpage.
Corrected a typo and added some missing context
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to poppler in Ubuntu.
(In reply to Adrian Johnson from comment #79)
> + r_values[0] = r2.isInt64() ? r2.getInt64() : r2.getInt();
> + r_values[1] = r3.isInt64() ? r3.getInt64() : r3.getInt();
> + r_values[2] = r4.isInt64() ? r4.getInt64() : r4.getInt();
>
> According the PDF Reference, the ByteRange array contains
Created attachment 118745
Incremental hashing + large file support
With this patch I've implemented the incremental hashing plus the large
file support.
This is still untested with files larger than 2GB but is correct for all
the regular test cases I gathered before.
--
You received this bug
Created attachment 118745
Incremental hashing + large file support
With this patch I've implemented the incremental hashing plus the large
file support.
This is still untested with files larger than 2GB but is correct for all
the regular test cases I gathered before.
--
You received this bug
Created attachment 118398
Fix for Buffer overflow
Regarding the illegal ByteRange values which would cause overflow this
patch should fix it
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
@Adrian
Thanks for the tips on support for large files, progressive hashing and
the NSS includes. We'll be posting our attempts to improve these issues
as individual patches.
I also thought of adding the feature to pdfinfo but it seems wrong to
mix up something which performs various
@Adrian
Thanks for the tips on support for large files, progressive hashing and
the NSS includes. We'll be posting our attempts to improve these issues
as individual patches.
I also thought of adding the feature to pdfinfo but it seems wrong to
mix up something which performs various
Created attachment 118446
NSS conditional build
This patch makes the NSS dependency optional in the CMake and Autotools
build systems.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to poppler in Ubuntu.
Created attachment 118449
Support for adbe.pkcs7.sha1 signatures
This patch, to be applied over the previous one, adds support for
adbe.pkcs7.sha1 signatures so now we should have a more complete
coverage of actual signed PDFs.
--
You received this bug notification because you are a member of
Created attachment 118398
Fix for Buffer overflow
Regarding the illegal ByteRange values which would cause overflow this
patch should fix it
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to poppler in Ubuntu.
Created attachment 118449
Support for adbe.pkcs7.sha1 signatures
This patch, to be applied over the previous one, adds support for
adbe.pkcs7.sha1 signatures so now we should have a more complete
coverage of actual signed PDFs.
--
You received this bug notification because you are a member of
Created attachment 118446
NSS conditional build
This patch makes the NSS dependency optional in the CMake and Autotools
build systems.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
@Albert
Thanks for the improvements.
Regarding your 3 questions:
1- I've no objection to make the feature optional. I understand there
are people building more minimal versions of poppler that dislike
additional dependencies.
2- Yes we should. Our defaults are meant to take advantage of the
@Albert
Thanks for the improvements.
Regarding your 3 questions:
1- I've no objection to make the feature optional. I understand there
are people building more minimal versions of poppler that dislike
additional dependencies.
2- Yes we should. Our defaults are meant to take advantage of the
Created attachment 118193
poppler nss signature support - v5 - refactor
Here's a new patch following Albert's recommendations.
We've expanded the FormFieldSignature and FormFieldWidget classes to expose the
signature method.
We also added checking for non-supported signature types as we only
Created attachment 118195
poppler nss signature support - v6
Sorry, there were still some missing NULL checks and a useless new(),
here's a new one.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
Created attachment 118195
poppler nss signature support - v6
Sorry, there were still some missing NULL checks and a useless new(),
here's a new one.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to poppler in Ubuntu.
Created attachment 118193
poppler nss signature support - v5 - refactor
Here's a new patch following Albert's recommendations.
We've expanded the FormFieldSignature and FormFieldWidget classes to expose the
signature method.
We also added checking for non-supported signature types as we only
Created attachment 118036
poppler nss signature support - v3
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1085526
Title:
ubuntu pdf doc viewer will not let me sign a document
Sorry for the succession of patches. This one fixes some remaining leaks
in the new PDFDoc methods and improves the indentation
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1085526
Sorry for the succession of patches. This one fixes some remaining leaks
in the new PDFDoc methods and improves the indentation
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to poppler in Ubuntu.
https://bugs.launchpad.net/bugs/740506
Created attachment 118036
poppler nss signature support - v3
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to poppler in Ubuntu.
https://bugs.launchpad.net/bugs/740506
Title:
verify digital signatures
To manage notifications about
Created attachment 117885
PDF signature verification using NSS
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to poppler in Ubuntu.
https://bugs.launchpad.net/bugs/740506
Title:
verify digital signatures
To manage notifications
Sorry for the long absence and here's another attempt at solving this
issue.
I just attached a patch developed by me and André Esser which adds signature
verification support to poppler core and the glib frontend.
It uses the NSS CMS API for the crypto operations (signature and certificate
Created attachment 117885
PDF signature verification using NSS
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1085526
Title:
ubuntu pdf doc viewer will not let me sign a document
Sorry for the long absence and here's another attempt at solving this
issue.
I just attached a patch developed by me and André Esser which adds signature
verification support to poppler core and the glib frontend.
It uses the NSS CMS API for the crypto operations (signature and certificate
So if I understood correctly Qt is only using the dlopen approach to overcome
restrictions to crypto exports but not (L)GPL incompatibilities, like stated
here:
http://qt-project.org/doc/qt-4.8/ssl.html
Getting back to our point I'll need the definitive opinion from Poppler
maintainers on
OK, NSS with shared DB is what I'll pursue from now on.
Thanks everyone for the input.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to poppler in Ubuntu.
https://bugs.launchpad.net/bugs/740506
Title:
verify digital signatures
To
Created attachment 66786
PDF Signature verification support
Here's an initial attempt at solving this issue.
This patch adds signature verification support to poppler core.
It uses OpenSSL PKCS7 API for the crypto operations (signature and certificate
Validations).
4 new functions were added
@Albert
OK, I can see the problem for poppler in terms of licensing.
A quick evaluation of the alternatives:
gnutls seems to be unsuited for this because it doesn't have a decent PKCS7 API
that would allow me to parse the signature and access each component.
I've only found this in the docs:
Also I can see merit in Fedora's effort of consolidation around NSS but
I think it's a really herculean effort to port over so many packages.
http://fedoraproject.org/wiki/CryptoConsolidationScorecard
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which
(In reply to comment #21)
(In reply to comment #19)
I know that LibreOffice uses NSS as when I look at digital signatures my
certificates from Firefox is availble. However, I don't think the LibreOffice
Ubuntu packages require the whole Firefox to be installed.
Yes it doesn't require
What's missing in gnutls is a way to parse all the relevant components
of the PKCS#7 object as present in a PDF signature.
It seems that in gnutls they assume those objects can only contain
certificates and CRLs as you can confirm if you go through the functions
that take gnutls_pkcs7_t as
Regarding the dlopen workaround I'll take a look at it this week.
I'll try to minimize the pitfall of possible missing/different symbols
by targeting only the last major version of openssl (1.0).
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is
44 matches
Mail list logo
