I don't think NSS should be mandatory. It is not required for rendering PDFs. configure/cmake should include NSS in the "building poppler with support for" summary.
> byte_range->arrayGet(1, &r2); > byte_range->arrayGet(2, &r3); > byte_range->arrayGet(3, &r4); > > unsigned int signed_data_len = r2.getInt()+r4.getInt(); > unsigned char *to_check = (unsigned char *)gmalloc(signed_data_len); > > //Read the 2 slices of data that are signed > doc->getBaseStream()->setPos(0); > doc->getBaseStream()->doGetChars(r2.getInt(), to_check); > doc->getBaseStream()->setPos(r3.getInt()); > doc->getBaseStream()->doGetChars(r4.getInt(), to_check+r2.getInt()); This does not support large files (> 2GB). The code should check if the objects in byte_range are int64 and use the Goffset type for setting file offsets. It would be better to process the range in chunks instead of reading the entire range into a buffer. We don't know how big the range could be and it is not necessary to read it all at once as HASH_Begin/HASH_Update/HASH_End can be used to process it in chunks. I would prefer it if all the NSS includes were only included in the .cc files similar to what we do with the image formats (JPEG2000Stream.h, JpegWriter.h etc). It speeds up compilation, avoids clashes with other include files, and makes it easier to replace NSS and/or support other security libraries if we choose to do so in future. The pdfsigutil utility doesn't seem to do much. Unless there are plans to add a lot of extra options and functionality would it be better to add an option to pdfinfo to check signatures instead of adding a new util? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/740506 Title: verify digital signatures Status in Evince: Confirmed Status in Poppler: Confirmed Status in poppler package in Ubuntu: Triaged Bug description: Binary package hint: evince This is a feature request to verify digital signatures. I'm receiving more and more digitally signed PDF's and evince already acknowledges them with: Signature Not Verified Digitally signed by <signer> Date: <time stamp> Reason: <reason> Location: <location> but it would be great if Evince would be integrated into the distro's ca-certificate infrastructure to verify these signatures. To manage notifications about this bug go to: https://bugs.launchpad.net/evince/+bug/740506/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp