201042 2007-12-03 00:32 0000 net-print/cups < 1.2.12-r4 insecure temporary file creation in pdftops (CVE-2007-6358) 2007-12-18 22:29:31 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://www.cups.org/articles.php?L515 A3 [glsa] P2 normal --- 1 pipping@gentoo.org security@gentoo.org printing@gentoo.org pipping@gentoo.org 2007-12-03 00:32:07 0000 files/pdftops.pl uses insecurely created files in /tmp, same kind of issue than bug #198231. the offending line (90) is: my $tmpfile = $ENV{TMPDIR} . "pdfin.$$.tmp"; pipping@gentoo.org 2007-12-03 00:32:37 0000 remove leftover from cloning a bug rbu@gentoo.org 2007-12-03 00:49:04 0000 This problem lies not within CUPS' pdftops filter, but in our alternative filter which is credited as follows. I'll try to contact the author about this. # pdftops.pl - wrapper script for xpdf's pdftops utility to act as a CUPS filter # ============================================================================== # 1.00 - 2004-10-05/Bl # Initial implementation # # Copyright: Helge Blischke / SRZ Berlin 2004 # This program is free seoftware and governed by the GNU Public License Version 2. rbu@gentoo.org 2007-12-03 17:15:09 0000 Upstream provided a new version. rbu@gentoo.org 2007-12-03 17:15:26 0000 Created an attachment (id=137630) pdftops-1.20 rbu@gentoo.org 2007-12-03 17:25:19 0000 The temporary file is created when reading a PDF file from stdin. Does CUPS use the filter this way, or is it handing over a local file? rbu@gentoo.org 2007-12-04 17:52:00 0000 On my cups installation, the cupsd saves PDF files to print in /var/spool/cups/ and calls pdftops with that file as a paramater: 22844 execve("/usr/libexec/cups/filter/pdftops", ["null"..., "18"..., "rbu"..., "gentoo-bash.pdf"..., "1"..., "job-uuid=urn:uuid:d2f67463-b293-"..., "/var/spool/cups/d00018-002"...], [/* 24 vars */] <unfinished ...> Under what circumstances would it call the filter via stdin? rbu@gentoo.org 2007-12-06 16:22:31 0000 More details: Filename pattern $TMPDIR/pdfin.$$.tmp privileges: "lp" user This vulnerability appears when more than one filter is triggered in CUPS (i.e. you print an XML file and have an XML->PDF and PDF-PS converter), because if you only convert PDF to PS, cups will hand over the pdf file in "/var/spool" via filename, pdftops will not use its stdin code. rbu@gentoo.org 2007-12-06 16:23:16 0000 printing, please bump with the new version. rbu@gentoo.org 2007-12-06 17:10:05 0000 Created an attachment (id=137890) pdftops-1.10-1.20.patch patch from 1.10 to 1.20 rbu@gentoo.org 2007-12-18 21:35:33 0000 This will be GLSA'd with bug 201570. rbu@gentoo.org 2007-12-18 22:29:31 0000 GLSA 200712-14, thanks everyone. 137630 2007-12-03 17:15 0000 pdftops-1.20 pdftops-1.20 text/plain IyEvdXNyL2Jpbi9wZXJsIC13CiMgcGRmdG9wcy5wbCAtIHdyYXBwZXIgc2NyaXB0IGZvciB4cGRm J3MgcGRmdG9wcyB1dGlsaXR5IHRvIGFjdCBhcyBhIENVUFMgZmlsdGVyCiMgPT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09CiMgMS4wMCAtIDIwMDQtMTAtMDUvQmwKIwlJbml0aWFsIGltcGxlbWVudGF0aW9u CiMgMS4xMCAtIDIwMDYtMDktMjcvQmwKIwlBbHRlcm5hdGl2ZWx5LCB1c2UgQWRvYmUgUmVhZGVy IGluIHBsYWNlIG9mIFhwZGYncyBwZGZ0b3BzCiMgMS4yMCAtIDIwMDctMTItMDMvQmwKIwlTYWZl IHRlbXAgZmlsZSBjcmVhdGlvbiAoZml4IGdlbnRvbyBidWcgIyAyMDEwNDIpCiMKIyBDb3B5cmln aHQ6IEhlbGdlIEJsaXNjaGtlIC8gU1JaIEJlcmxpbiAyMDA0LTIwMDYKIyBUaGlzIHByb2dyYW0g aXMgZnJlZSBzZW9mdHdhcmUgYW5kIGdvdmVybmVkIGJ5IHRoZSBHTlUgUHVibGljIExpY2Vuc2Ug VmVyc2lvbiAyLgojCiMgRGVzY3JpcHRpb246CiMgLS0tLS0tLS0tLS0tCiMJVGhpcyBwcm9ncmFt IHdyYXBzIHRoZSBwZGZ0b3BzIHV0aWxpdHkgZnJvbSB0aGUgeHBkZiAzLjAwIChhbmQgaGlnaGVy KSBzdWl0ZQojCXRvIGJlaGF2ZSBhcyBhIENVUFMgZmlsdGVyIGFzIGEgcmVwbGFjZW1lbnQgZm9y IHRoZSBvcmlnaW5hbCBwZGZ0b3BzIGZpbHRlci4KIwlBcyBhbiBhbHRlcm5hdGl2ZSB0aGUgQWRv YmUgUmVhZGVyIG1heSBiZSB1c2VkLgojCiMJVGhlIG1haW4gcHVycG9zZSBvZiB0aGlzIGFwcHJv YWNoIGlzIHRvIGtlZXAgdGhlIHByb3BlcnRpZXMgb2YgYSBQREYgdG8gYmUKIwlwcmludGVkIGFz IHVuZGVzdHVyYmVkIGFzIHBvc3NpYmxlLCBlc3BlY2lhbGx5IHdpdGggcmVzcGVjdCB0byBwYWdl IHNpemUsCiMJc2NhbGluZywgYW5kIHBvc2l0aW9uaW5nLgojCiMJVGhlIHBkZnRvcHMgdXRpbGl0 eSByZWFkcyBhIGNvbmZpZ3VyYXRpb24gZmlsZSAncGRmdG9wcy5jb25mJyBvciAnYWNyb3JlYWQu Y29uZicsCiMJcmVzcGVjdGl2ZWx5LCBpbiB0aGUgQ1VQU19TRVJWRVJST09UIGRpcmVjdG9yeSwg d2hpY2ggbXVzdCBleGlzdCBidXQgbWF5IGJlIGVtcHR5LiAKIwlUaGUgc2FtcGxlIGNvbmZpZ3Vy YXRpb24gZmlsZSBhY2NvbXBhbnlpbmcgdGhpcyBwcm9ncmFtIHNldHMgdGhlIGRlZmF1bHRzIHdo aWNoCiMJc2VlbSBwbGF1c2libGUgdG8gbWUgd2l0aCByZXNwZWN0IHRvIGhpZ2ggZW5kIHByb2R1 Y3Rpb24gcHJpbnRlcnMuCiMKIwlUbyBnaXZlIHRoZSB1c2VyIGhpZ2hlc3QgcG9zc2libGUgZmxl eGliaWxpdHksIHRoaXMgcHJvZ3JhbSBhY2NlcHRzIGFuZAojCWV2YWx1YXRlcyBhIHNldCBvZiBq b2IgYXR0cmlidXRlcyBzcGVjaWFsIHRvIHRoaXMgZmlsdGVyLCB3aGljaCBhcmUgCiMJZGVzY3Jp YmVkIGJlbG93OgojCQojCQlwZGYtcGFnZXM9PGY+LDxsPgojCQkJCWV4cGFuZHMgdG8gdGhlIC1m IGFuZCAtbCBvcHRpb25zIG9mIHBkZnRvcHMKIwkJCQlvciB0aGUgLXN0YXJ0IGFuZCAtZW5kIG9w dGlvbnMgb2YgYWNyb3JlYWQsIHJlc3BlY3RpdmVseQojCQkJCXRvIHNlbGVjdCBhIHBhZ2UgcmFu Z2UgdG8gcHJvY2Vzcy4gVGhpcyBpcyBpbmRlcGVuZGVudAojCQkJCW9mIHRoZSBwYWdlLXJhbmdl cyBhdHRyaWJ1dGUgYW5kIG1heSBzaWduaWZpY2FudGx5CiMJCQkJaW5jcmVhc2UgdGhyb3VnaHB1 dCB3aGVuIHByaW50aW5nIHBhZ2UgcmFuZ2VzLgojCQkJCUVpdGhlciBvZiB0aGVzZSBudW1iZXJz IG1heSBiZSBvbWl0dGVkLgojCiMJCXBkZi1wYXBlcj08bmFtZT4KIwkJCQlGb3IgcGRmdG9wcywg PG5hbWU+IG1heSBiZSBvbmUgb2YgImxldHRlciIsICJsZWdhbCIsCiMJCQkJIkE0IiwgIkEzIiwg b3IgIm1hdGNoIjsgZm9yIGFjcm9yZWFkLCB0aGUgcGVybWV0dGVkIHZhbHVlcwojCQkJCWFyZSAi bGV0dGVyIiwgImxlZ2FsIiwgInRhYmxvaWQiLCAibGVkZ2VyIiwgImV4ZWN1dGl2ZSIsCiMJCQkJ ImEzIiwgImE0IiwgImE1IiwgImI0IiwgImI1IiwgcmVzcGVjdGl2ZWx5ICh3aXRob3V0IHRoZQoj CQkJCXF1b3RlczsgdGhlIG5hbWVzIGFyZSB0cmVhdGVkIGNhc2UgaW5kZXBlbmRlbnQpLgojCQkJ CUluIGNhc2Ugb2YgYWNyb3JlYWQsIG5vIHBhcGVyIHNwZWNpZmljYXRpb24gaXMgZXF1aXZhbGVu dAojCQkJCXRvIHBkc2Z0b3BzJ3MgIm1hdGNoIi4KIwkJcGRmLXBhcGVyPTx3aWR0aD54PGhlaWdo dD4KIwkJCQk8bmFtZT4gbWF5IGJlIG9uZSBvZiBsZXR0ZXIsIGxlZ2FsICwgQTQsIEEzLCBvciBt YXRjaDsKIwkJCQk8d2lkdGg+IGFuZCA8aGVpZ2h0PiBhcmUgdGhlIHBhcGVyIHdpZHRoIGFuZCBo ZWlnaHQKIwkJCQlpbiBwcmludGVycyBwb2ludHMgKDEvNzIgaW5jaCkuIFRoaXMgZXhwYW5kcyB0 bwojCQkJCWVpdGhlciB0aGUgLXBhcGVyIG9yIHRoZSAtcGFwZXJoIGFuZCAtcGFwZXJ3IG9wdGlv bnMKIwkJCQlvZiBwZGZ0b3BzIG9yIHRoZSAtc2l6ZSBvcHRpb24gb2YgYWNyb3JlYWQuCiMKIwkJ cGRmLW9wdz08cGFzc3dvcmQ+CiMJCXBkZi11cHc9PHBhc3N3b3JkPgojCQkJCWV4cGFuZCB0byB0 aGUgLW9wdyBhbmQgLXVwdyBvcHRpb25zIG9mIHBkZnRvcHMsCiMJCQkJcmVzcGVjdGl2ZWx5IGFu ZCBwZXJtaXQgcHJpbnRpbmcgb2YgcGFzc3dvcmQKIwkJCQlwcm90ZWN0ZWQgUERGcy4KIwojCQlw ZGYtPG9wdGlvbj4Jd2hlcmUgPG9wdGlvbj4gaXMgb25lIG9mCiMJCQkJbGV2ZWwxLCBsZXZlbDFz ZXAsIGxldmVsMiwgbGV2ZWwyc2VwLCBsZXZlbDMsIGxldmVsM3NlcCwKIwkJCQlvcGksIG5vY3Jv cCwgZXhwYW5kLCBub3Nocmluaywgbm9jZW50ZXIuCiMJCQkJU2VlIHRoZSBwZGZ0b3BzIG1hbnBh Z2UgZm9yIGEgZGV0YWlsZWQgZGVzY3JpcHRpb24gb2YKIwkJCQl0aGUgcmVzcGVjdGl2ZSBvcHRp b25zLgojCQkJCUluIGNhc2Ugb2YgYWNyb3JlYWQsIHRoZSBvcHRpb25zIGxldmVsMSwgbGV2ZWw/ c2VwLCBvcGksCiMJCQkJbm9jcm9wLCBub3NocmluaywgYW5kIG5vY2VudGVyIGFyZSBzaWxlbnRs eSBpZ25vcmVkLgojCiMJQWxsIG90aGVyIHBkZnRvcHMgY29tbWFuZGxpbmUgb3B0aW9ucyBhcmUg cmVmdXNlZC4KIwojCVRoZSByZXR1cm4gY29kZSBvZiB0aGUgcGRmdG9wcyB1dGlsaXR5IG9yIGFj cm9yZWFkLCBpZiBub256ZXJvLCBpcyB1c2VkIGFzIHRoZSBleGl0IGNvZGUKIwlvZiB0aGlzIHBy b2dyYW07IGVycm9yIG1lc3NhZ2VzIG9mIHRoZSBwZGZ0b3BzIHV0aWxpdHkgYXJlIG9ubHkgdmlz aWJsZQojCWlmICdkZWJ1ZycgaXMgc3BlY2lmaWVkIGFzIExvZ0xldmVsIGluIGN1cHNkLmNvbmYu CiMKIwlOT1RFOgojCS0tLS0tCiMJVGhpcyB3cmFwcGVyIHNjcmlwdCBoYXMgYmVlbiBpbml0aWFs bHkgZGVzaWduZWQgdG8gdXNlIHRoZSBvcmlnaW5hbCBwZGZ0b3BzIHV0aWxpdHkKIwlhcyBhIENV UFMgZmlsdGVyIGFuZCBub3cgZXh0ZW5kZWQgdG8gYWx0ZXJuYXRlbHkgdXNlIGFjcm9yZWFkLgoj CUJ1dCB0aGVyZSBhcmUgc2l0dWF0aW9ucyB3aGVyZSB5b3UgbmVlZCB0byBiZSBhYmxlIHRvIHNl bGVjdCBlaXRoZXIgdmFyaWFudCwgdGh1cyBpdAojCWlzIHBvc3NpYmxlIHRvIGNvbmZpZ3VyZSB0 aGUgd3JhcHBlciB0byBib3RoIHByb2dyYW1zIGJ1dCBzZWxlY3Qgb25lIG9mIHRoZW0gYnkgZGVm YXVsdDsKIwl0aGUgb3RoZXIgb25lIHRoZW4gbWF5IGJlIHNlbGVjdGVkIGJ5IGNvbW1hbmQgbGlu ZSBvcHRpb246CiMKIwl1c2UtcGRmdG9wcwkJc2VsZWN0cyBwZGZ0b3BzCiMJdXNlLWFjcm9yZWFk CQlzZWxlY3RzIGFjcm9yZWFkCiMKIwlpZiBib3RoIGFyZSBjb25maWd1cmVkIChieSBkZWZpbmlu ZyB0aGUgYXBwcm9wcmlhdGUgY29uZmlndXJhdGlvbiBmaWxlKS4KIwoKIwojIFNpdGUgc3BlY2lm aWMgcGFyYW1ldGVycyAtIG1vZGlmeSBhcyBuZWVkZWQKIyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tCiRwZGZ0b3BzX3BhdGggPSAiL3Vzci9sb2NhbC9iaW4vcGRmdG9wcyI7CSMgcGF0aCB0byB0 aGUgeHBkZiB1dGlsaXR5CiRhY3JvcmVhZF9wYXRoID0gIi91c3IvYmluL2Fjcm9yZWFkIjsJCSMg cGF0aCB0byBBZG9iZSBSZWFkZXIKJGRlZmF1bHRfYXBwID0gJ3VzZS1wZGZ0b3BzJzsJCQkjIHRo ZSBkZWZhdWx0IGlmIGJvdGggYXJlIGNvbmZpZ3VyZWQKIyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tCgp1c2UgRmlsZTo6VGVtcCBxdyggdGVtcGZpbGUgKTsKCiMKIyBDaGVjayB3aGljaCBhcHAg dG8gdXNlIC0gcGRmdG9wcyBvciBhY3JvcmVhZAojCiRyb290ZGlyID0gJEVOVntDVVBTX1NFUlZF UlJPT1R9IHx8IGRpZSAoIkVSUk9SOiBDVVBTIHNlcnZlciByb290IGRpcmVjdG9yeSB1bmRlZmlu ZWRcbiIpOwokdXNlX3BkZnRvcHMgPSAtZiAiJHJvb3RkaXIvcGRmdG9wcy5jb25mIiAmJiAtciAi JHJvb3RkaXIvcGRmdG9wcy5jb25mIjsKJHVzZV9hY3JvcmVhZCA9IC1mICIkcm9vdGRpci9hY3Jv cmVhZC5jb25mIiAmJiAtciAiJHJvb3RkaXIvYWNyb3JlYWQuY29uZiI7CiR1c2VfYm90aCA9ICR1 c2VfcGRmdG9wcyAmJiAkdXNlX2Fjcm9yZWFkOwoKIwojIENoZWNrIHRoZSBhcmd1bWVudHMKIwpk aWUgKCJFUlJPUjogd3JvbmcgbnVtYmVyIG9mIGFyZ3VtZW50c1xuIikgaWYgKHNjYWxhciBAQVJH ViA8IDUpOwoKJGpvYmlkID0gJHVzZXJuYW1lID0gJHRpdGxlID0gJGNvcGllcyA9IHVuZGVmOwok am9iaWQgPSBzaGlmdDsJCQkJCSMgSm9iIElECiR1c2VybmFtZSA9IHNoaWZ0OwkJCQkjIEpvYiBy ZXF1ZXN0aW5nIHVzZXIgbmFtZQokdGl0bGUgPSBzaGlmdDsJCQkJCSMgSm9iIHRpdGxlCiRjb3Bp ZXMgPSBzaGlmdDsJCQkJIyBOdW1iZXIgb2YgcmVxdWVzdGVkIGNvcGllcwokb3B0aW9ucyA9IHNo aWZ0OwkJCQkjIFRleHR1YWwgcmVwcmVzZW50YXRpb24gb2Ygam9iIGF0dHJpYnV0ZXMKJHBkZmZp bGUgPSBzaGlmdDsJCQkJIyBQYXRobmFtZSBvZiBQREYgZmlsZSB0byBwcm9jZXNzCgppZiAoZGVm aW5lZCAkdXNlX2JvdGggJiYgJHVzZV9ib3RoKQp7CglteSAkb3B0c3RyID0gIiAkb3B0aW9ucyAi OwoJbXkgJHRvX3VzZSA9ICcnOwoJaWYgKCRvcHRzdHIgPX4gL1xzKyh1c2UtYWNyb3JlYWR8dXNl LXBkZnRvcHMpXHMrLykKCXsKCQkkdG9fdXNlID0gJDE7Cgl9CgllbHNlCgl7CgkJJHRvX3VzZSA9 ICRkZWZhdWx0X2FwcDsKCX0KCWlmICgkdG9fdXNlIGVxICd1c2UtYWNyb3JlYWQnKQoJewoJCXVu ZGVmICR1c2VfcGRmdG9wczsKCX0KCWVsc2lmICgkdG9fdXNlIGVxICd1c2UtcGRmdG9wcycpCgl7 CgkJdW5kZWYgJHVzZV9hY3JvcmVhZDsKCX0KCWVsc2UKCXsKCQlkaWUgKCJFUlJPUjogY2Fubm90 IHVzZSBib3RoIHBkZnRvcHMgYW5kIGFjcm9yZWFkIHNpbXVsdGFuZW91c2x5XG4iKTsKCX0KfQoK CmlmIChkZWZpbmVkICR1c2VfcGRmdG9wcykKewoJIyBJZiB3ZSBhcmUgcmVhZGluZyBmcm9tIFNU RElOLCB3ZSBtdXN0IGNvcHkgdGhlIGlucHV0IHRvIGEgdGVtcG9yYXJ5IGZpbGUKCSMgYXMgdGhl IFBERiBjb25zdW1lciBuZWVkcyBhIHNlZWthYmxlIGlucHV0LgoJaWYgKCEgZGVmaW5lZCAkcGRm ZmlsZSkKCXsKCQlteSAkdGVtcGxhdGUgPSAicGRmaW5YWFhYWFgiOwoJCW15ICR0bXBkaXIgPSAk RU5We1RNUERJUn07CgkJbXkgKCRieXRlcywgJGJ1ZmZlcik7CgkJbXkgKCR0bXBmaCwgJHRtcGZp bGUpID0gdGVtcGZpbGUgKCR0ZW1wbGF0ZSwgT1BFTiA9PiAxLCBESVIgPT4gJHRtcGRpciwgVU5M SU5LID0+IDAsIFNVRkZJWCA9PiAnLnRtcCcpOwoJCXdoaWxlICgoJGJ5dGVzID0gcmVhZCAoU1RE SU4sICRidWZmZXIsIDEwMjQpKSA+IDApCgkJewoJCQlwcmludCAkdG1wZmggIiRidWZmZXIiOwoJ CX0KCQlpZiAoJGJ5dGVzIDwgMCkKCQl7CgkJCWNsb3NlICgkdG1wZmgpOwoJCQl1bmxpbmsgJHRt cGZpbGU7CgkJCWRpZSAoIkVSUk9SOiBwZGZ0b3BzIHdyYXBwZXI6ICR0bXBmaWxlOiAkIVxuIik7 CgkJfQoJCWNsb3NlICgkdG1wZmgpOwoJCSRwZGZmaWxlID0gJHRtcGZpbGU7CgkJJGRlbGV0ZV9p bnB1dCA9IDE7CQkJIyBmb3IgZGVsZXRpbmcgdGhlIHRlbXAgZmlsZSBhZnRlciBjb252ZXJ0aW5n Cgl9Cn0KCQkKCiMgCiMgQ2hlY2sgdGhlIG9wdGlvbnMgc3RyaW5nIGZvciBvcHRpb25zIHRvIG1v ZGlmeSB0aGUgYmFoYXZpb3VyIG9mIHRoZSBwZGZ0b3BzIHV0aWxpdHk6CiMKQG9wdGFyciA9IHNw bGl0ICgvXHMrLywgJG9wdGlvbnMpOwppZiAoZGVmaW5lZCAkdXNlX3BkZnRvcHMpCnsKCSRjbWRv cHQgPSAiLWNmZyAiIC4gJEVOVntDVVBTX1NFUlZFUlJPT1R9IC4gIi9wZGZ0b3BzLmNvbmYiOwkj IFRoaXMgY2Fubm90IGJlIGNoYW5nZWQKCSMgVGhlIGZvbGxvd2luZyBhcmUgdGhlIChwYXJhbWV0 ZXJsZXNzKSBjb21tYW5kIGxpbmUgb3B0aW9ucyB0aGF0IG1heSBiZSB1c2VkIHRvIGNoYW5nZSB0 aGUgCgkjIGRlZmF1bHRzIGRlZmllbmQgYnkgcGRmdG9wcy5jb25mCgkkc2ltcGxlID0gJ2xldmVs MXxsZXZlbDFzZXB8bGV2ZWwyfGxldmVsMnNlcHxsZXZlbDN8bGV2ZWwzc2VwfG9waXxub2Nyb3B8 ZXhwYW5kfG5vc2hyaW5rfG5vY2VudGVyJzsKCSVwYXBlcm5hbWVzID0gKAoJCSdsZXR0ZXInCT0+ CSctcGFwZXIgbGV0dGVyJywKCQkndGFibG9pZCcJPT4JJy1wYXBlcncgNzkyIC1wYXBlcmggMTIy NCcsCgkJJ2xlZGdlcicJPT4JJy1wYXBlcncgMTIyNCAtcGFwZXJoIDc5MicsCgkJJ2xlZ2FsJwkJ PT4JJy1wYXBlciBsZWdhbCcsCgkJJ2V4ZWN1dGl2ZScJPT4JJy1wYXBlcncgNzU2IC1wYXBlcmgg NTIyJywKCQknYTMnCQk9PgknLXBhcGVyIEEzJywKCQknYTQnCQk9PgknLXBhcGVyIEE0JywKCQkn YTUnCQk9PgknLXBhcGVydyA0MjEgLXBhcGVyaCA1OTUnLAoJCSdiNCcJCT0+CSctcGFwZXJ3IDcw OSAtcGFwZXJoIDEwMDInLAoJCSdiNScJCT0+CSctcGFwZXJ3IDUwMSAtcGFwZXJoIDcwOScsCgkJ J21hdGNoJwkJPT4JJy1wYXBlciBtYXRjaCcKCSk7Cn0KZWxzZQp7CglvcGVuIChDRkcsICI8JHJv b3RkaXIvYWNyb3JlYWQuY29uZiIpIHx8IGRpZSAoIkVSUk9SOiBhY3JvcmVhZC5jb25mOiAkIVxu Iik7CgkkY21kb3B0ID0gJy10b1Bvc3RTY3JpcHQnOwoJd2hpbGUgKDxDRkc+KQoJewoJCWNob21w OwoJCW5leHQgaWYgKC9eXHMqIy8pOwkJCSMgc2tpcCBjb21tZW50IGxpbmVzCgkJbmV4dCBpZiAo L15ccyokLyk7CQkJIyBza2lwIGJsYW5rIGxpbmVzCgkJcy9eLVxzKi8vOwkJCQkjIGRpc2NhcmQg bGVhZGluZyAnLScgYW5kIHdoaXRlIHNwYWNlLCBhcyBpdCB3aWxsIGJlIGdlbmVyYXRlZCBsYXRl cgoJCXMvXHMrJC8vOwkJCQkjIGRpc2NhcmQgdHJhaWxpbmcgd2hpdGUgc3BhY2UKCQkkY21kb3B0 IC49ICIgLSRfIjsKCX0KCWNsb3NlIChDRkcpOwoJJHNpbXBsZSA9ICdsZXZlbDF8bGV2ZWwxc2Vw fGxldmVsMnxsZXZlbDJzZXB8bGV2ZWwzfGxldmVsM3NlcHxvcGl8bm9jcm9wfGV4cGFuZHxub3No cmlua3xub2NlbnRlcic7CgklcGFwZXJuYW1lcyA9ICgKCQknbGV0dGVyJwk9PgknLXNpemUgbGV0 dGVyJywKCQkndGFibG9pZCcJPT4JJy1zaXplIHRhYmxvaWQnLAoJCSdsZWRnZXInCT0+CSctc2l6 ZSBsZWRnZXInLAoJCSdsZWdhbCcJCT0+CSctc2l6ZSBsZWdhbCcsCgkJJ2V4ZWN1dGl2ZScJPT4J Jy1zaXplIGV4ZWN1dGl2ZScsCgkJJ2EzJwkJPT4JJy1zaXplIGEzJywKCQknYTQnCQk9PgknLXNp emUgYTQnLAoJCSdhNScJCT0+CSctc2l6ZSBhNScsCgkJJ2I0JwkJPT4JJy1zaXplIGI0JywKCQkn YjUnCQk9PgknLXNpemUgYjUnLAoJCSdtYXRjaCcJCT0+CScnCQkjIHRoaXMgaXMgdGhlIGRlZmF1 bHQgd2l0aCBhY3JvcmVhZAoJKTsKfQoKZm9yZWFjaCBteSAkb3B0aW9uIChAb3B0YXJyKQp7Cglp ZiAoJG9wdGlvbiA9fiAvXnBkZi0oLispJC8pCgl7CSMgV2UgYXNzdW1lIHRoaXMgaXMgYW4gb3B0 aW9uIHRvIGV2YWx1YXRlCgkJbXkgJG9wdGtleSA9ICQxOwkJIyBwb3NzaWJsZSBwZGZ0b3BzIG9w dGlvbgoJCWlmICgkb3B0a2V5ID1+IC9ecGFnZXM9KFxkKiksKFxkKikkLykKCQl7CgkJCSMgV2Ug ZG8gdGhpcyBoYWNrIGhlcmUgdG8gYXZvaWQgY2xhc2hlcyB3aXRoIHRoZSBwYWdlLXJhbmdlcyBh dHJyaWJ1dGUKCQkJIyB3aGljaCBpcyBoYW5kbGVkIGJ5IHRoZSBwc3RvcHMgZmlsdGVyLiBBbmQg d2UgYWxsb3cgb25lIG9mIHRoZSBudW1iZXJzCgkJCSMgdG8gYmUgb21pdHRlZC4KCQkJbXkgJGZp cnN0ID0gJDE7CgkJCW15ICRsYXN0cCA9ICQyOwoJCQlpZiAoZGVmaW5lZCAkdXNlX3BkZnRvcHMp CgkJCXsKCQkJCSRjbWRvcHQgLj0gIiAtZiAkMSIgaWYgKCQxKTsJCSMgZmlyc3QgcGFnZQoJCQkJ JGNtZG9wdCAuPSAiIC1sICQyIiBpZiAoJDIpOwkJIyBsYXN0IHBhZ2UKCQkJfQoJCQllbHNlCgkJ CXsKCQkJCSRjbWRvcHQgLj0gIiAtc3RhcnQgJDEiIGlmICgkMSk7CSMgZmlyc3QgcGFnZQoJCQkJ JGNtZG9wdCAuPSAiIC1lbmQgJDIiIGlmICgkMik7CQkjIGxhc3QgcGFnZQoJCQl9CgkJfQoJCWVs c2lmICgkb3B0a2V5ID1+IC9ecGFwZXI9KGxldHRlcnx0YWJsb2lkfGxlZGdlcnxsZWdhbHxbQWFd M3xbQWFdNHxbQWFdNXxbQmJdNHxbQmJdNXxtYXRjaCkkLykKCQl7CgkJCSMgZXZhbHVhdGUgcGFw ZXIgbmFtZQoJCQlteSAkcGFwZXIgPSAkMTsKCQkJJHBhcGVyID1+IHRyL0EtWi9hLXovOwoJCQlt eSAkdmFsdWUgPSAkcGFwZXJuYW1lc3skcGFwZXJ9OwoJCQkkY21kb3B0IC49ICIgJHZhbHVlIiBp ZiAoJHZhbHVlKTsKCQl9CgkJZWxzaWYgKCRvcHRrZXkgPX4gL15wYXBlcj0oXGQrKXgoXGQrKSQv KQoJCXsKCQkJIyBldmFsdWF0ZSBwYXBlciBkaW1lbnNpb25zCgkJCWlmIChkZWZpbmVkICR1c2Vf cGRmdG9wcykKCQkJewoJCQkJJGNtZG9wdCAuPSAiIC1wYXBlcncgJDEgLXBhcGVyaCAkMiI7CgkJ CX0KCQkJZWxzZQoJCQl7CgkJCQkkY21kb3B0IC49ICIgLXNpemUgJDEiIC4gJ3gnIC4gIiQyIjsK CQkJfQoJCX0KCQllbHNpZiAoJG9wdGtleSA9fiAvXihvfHUpcHc9KFxTKykkLykKCQl7CgkJCSRj bWRvcHQgLj0gIiAkMSIgLiAncHcgJyAuICQyIGlmIChkZWZpbmVkICR1c2VfcGRmdG9wcyk7CSMg b3duZXIvdXNlciBwYXNzd29yZAoJCX0KCQllbHNpZiAoJG9wdGtleSA9fiAvXigkc2ltcGxlKSQv KQoJCXsKCQkJbXkgJHRoaXNvcHQgPSAkMTsKCQkJaWYgKGRlZmluZWQgJHVzZV9wZGZ0b3BzKQoJ CQl7CgkJCQkkY21kb3B0IC49ICcgLScgLiAkMTsJCQkJIyBhbGxvd2VkIHNpbXBsZSBvcHRpb25z CgkJCX0KCQkJZWxzZQoJCQl7CgkJCQkkdGhpc29wdCA9fiBzL3NlcCQvLzsJCQkJIyBpZ25vcmUg dGhlIC4uLnNlcCBzdWZmaXgKCQkJCWlmICgkdGhpc29wdCA9fiAvbGV2ZWwxfG9waXxub2Nyb3B8 bm9jZW50ZXIvKQoJCQkJewoJCQkJCSR0aGlzb3B0ID0gJyc7CgkJCQl9CgkJCQllbHNpZiAoJHRo aXNvcHQgZXEgJ25vc2hyaW5rJykKCQkJCXsKCQkJCQkkdGhpc29wdCA9ICcnOwoJCQkJCSRjbWRv cHQgPX4gcy8gLXNocmluay8vOwoJCQkJfQoJCQkJJGNtZG9wdCAuPSAiIC0iIC4gJHRoaXNvcHQg aWYgKCR0aGlzb3B0KTsKCQkJfQoJCX0KCQllbHNlCgkJewoJCQl3YXJuICgiRVJST1I6IHBkZnRv cHMgd3JhcHBlcjogaWxsZWdhbCBhdHRyaWJ1dGUgXCJwZGYtJG9wdGtleVwiXG4iKTsKCQl9Cgl9 CgkjIEFsbCBvdGhlciBhdHRyaWJ1dGVzIGFyZSBwcm9jZXNzZWQgZWxzZXdoZXJlCn0KIwojIENv bXBsZXRlIHRoZSBjb21tYW5kCiMKaWYgKGRlZmluZWQgJHVzZV9wZGZ0b3BzKQp7Cgl3YXJuICgi RVJST1I6IHBkZnRvcHMtb3B0aW9uczogJGNtZG9wdFxuIik7Cn0KZWxzZQp7Cgl3YXJuICgiRVJS T1I6IGFjcm9yZWFkLW9wdGlvbnM6ICRjbWRvcHRcbiIpOwp9CmlmIChkZWZpbmVkICR1c2VfcGRm dG9wcykKewoJJHJjID0gc3lzdGVtICgiJHBkZnRvcHNfcGF0aCAkY21kb3B0ICRwZGZmaWxlIC0i KTsKfQplbHNlCnsKCWlmIChkZWZpbmVkICRwZGZmaWxlICYmICRwZGZmaWxlKQoJewoJCSRyYyA9 IHN5c3RlbSAoIiRhY3JvcmVhZF9wYXRoICRjbWRvcHQgPCAkcGRmZmlsZSIpCgl9CgllbHNlCgl7 CgkJJHJjID0gc3lzdGVtICgiJGFjcm9yZWFkX3BhdGggJGNtZG9wdCIpOwoJfQp9CmlmICgkcmMp CnsKCSRpciA9ICRyYyAmIDEyNzsKCSRyYyA+Pj0gODsKCW15ICR0ZW1wID0gKGRlZmluZWQgJHVz ZV9wZGZ0b3BzKSA/ICRwZGZ0b3BzX3BhdGggOiAkYWNyb3JlYWRfcGF0aDsKCXdhcm4gKCJFUlJP UjogJHRlbXAgZXhpdGVkIHdpdGggIiwgKCRpcikgPyAic2lnbmFsICRpciwgIiA6ICIgZXhpdCBj b2RlICRyYyIsICJcbiIpOwoJZXhpdCAkcmM7Cn0KdW5saW5rICgkcGRmZmlsZSkgaWYgKGRlZmlu ZWQgJGRlbGV0ZV9pbnB1dCk7CQkjIERlbGV0ZSB0aGUgdGVtcCBmaWxlIGlmIGFueQpleGl0IDA7 Cg== 137890 2007-12-06 17:10 0000 pdftops-1.10-1.20.patch pdftops-1.10-1.20.patch text/plain LS0tIHBkZnRvcHMtMS4xMAkyMDA3LTEyLTA2IDE4OjA4OjQ0LjAwMDAwMDAwMCArMDEwMAorKysg cGRmdG9wcy0xLjIwCTIwMDctMTItMDMgMTY6MzM6MzcuMDAwMDAwMDAwICswMTAwCkBAIC01LDYg KzUsOCBAQAogIwlJbml0aWFsIGltcGxlbWVudGF0aW9uCiAjIDEuMTAgLSAyMDA2LTA5LTI3L0Js CiAjCUFsdGVybmF0aXZlbHksIHVzZSBBZG9iZSBSZWFkZXIgaW4gcGxhY2Ugb2YgWHBkZidzIHBk ZnRvcHMKKyMgMS4yMCAtIDIwMDctMTItMDMvQmwKKyMJU2FmZSB0ZW1wIGZpbGUgY3JlYXRpb24g KGZpeCBnZW50b28gYnVnICMgMjAxMDQyKQogIwogIyBDb3B5cmlnaHQ6IEhlbGdlIEJsaXNjaGtl IC8gU1JaIEJlcmxpbiAyMDA0LTIwMDYKICMgVGhpcyBwcm9ncmFtIGlzIGZyZWUgc2VvZnR3YXJl IGFuZCBnb3Zlcm5lZCBieSB0aGUgR05VIFB1YmxpYyBMaWNlbnNlIFZlcnNpb24gMi4KQEAgLTkz LDcgKzk1LDcgQEAKICRkZWZhdWx0X2FwcCA9ICd1c2UtcGRmdG9wcyc7CQkJIyB0aGUgZGVmYXVs dCBpZiBib3RoIGFyZSBjb25maWd1cmVkCiAjIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KIAot dXNlIEZpbGU6OkNvcHk7Cit1c2UgRmlsZTo6VGVtcCBxdyggdGVtcGZpbGUgKTsKIAogIwogIyBD aGVjayB3aGljaCBhcHAgdG8gdXNlIC0gcGRmdG9wcyBvciBhY3JvcmVhZApAQCAtMTQ5LDE1ICsx NTEsMjEgQEAKIAkjIGFzIHRoZSBQREYgY29uc3VtZXIgbmVlZHMgYSBzZWVrYWJsZSBpbnB1dC4K IAlpZiAoISBkZWZpbmVkICRwZGZmaWxlKQogCXsKLQkJbXkgJHRtcGZpbGUgPSAkRU5We1RNUERJ Un0gLiAicGRmaW4uJCQudG1wIjsKLQkJb3BlbiAoVEVNUCwgIj4kdG1wZmlsZSIpIHx8IGRpZSAo IkVSUk9SOiBwZGZ0b3BzIHdyYXBwZXI6ICR0bXBmaWxlOiAkIVxuIik7Ci0JCWlmICghIGNvcHkg KFNURElOLCBURU1QKSkKKwkJbXkgJHRlbXBsYXRlID0gInBkZmluWFhYWFhYIjsKKwkJbXkgJHRt cGRpciA9ICRFTlZ7VE1QRElSfTsKKwkJbXkgKCRieXRlcywgJGJ1ZmZlcik7CisJCW15ICgkdG1w ZmgsICR0bXBmaWxlKSA9IHRlbXBmaWxlICgkdGVtcGxhdGUsIE9QRU4gPT4gMSwgRElSID0+ICR0 bXBkaXIsIFVOTElOSyA9PiAwLCBTVUZGSVggPT4gJy50bXAnKTsKKwkJd2hpbGUgKCgkYnl0ZXMg PSByZWFkIChTVERJTiwgJGJ1ZmZlciwgMTAyNCkpID4gMCkKIAkJewotCQkJY2xvc2UgKFRFTVAp OworCQkJcHJpbnQgJHRtcGZoICIkYnVmZmVyIjsKKwkJfQorCQlpZiAoJGJ5dGVzIDwgMCkKKwkJ eworCQkJY2xvc2UgKCR0bXBmaCk7CiAJCQl1bmxpbmsgJHRtcGZpbGU7CiAJCQlkaWUgKCJFUlJP UjogcGRmdG9wcyB3cmFwcGVyOiAkdG1wZmlsZTogJCFcbiIpOwogCQl9Ci0JCWNsb3NlIChURU1Q KTsKKwkJY2xvc2UgKCR0bXBmaCk7CiAJCSRwZGZmaWxlID0gJHRtcGZpbGU7CiAJCSRkZWxldGVf aW5wdXQgPSAxOwkJCSMgZm9yIGRlbGV0aW5nIHRoZSB0ZW1wIGZpbGUgYWZ0ZXIgY29udmVydGlu ZwogCX0K