Ghostscript and Mupdf Status Openprinting Summit April 2016
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Vulnerability Report Attacks Bypassing Confidentiality in Encrypted PDF
Vulnerability Report Attacks bypassing confidentiality in encrypted PDF Jens M¨uller1, Fabian Ising2, Vladislav Mladenov1, Christian Mainka1, Sebastian Schinzel2, J¨orgSchwenk1 May 16, 2019 1Chair for Network and Data Security 2FH M¨unsterUniversity of Applied Sciences Abstract In this report, we analyze PDF encryption and show two novel techniques for breaking the confidentiality of encrypted documents. Firstly, we abuse the PDF feature of partially encrypted documents to wrap the encrypted part of the document within attacker-controlled content and therefore, exfiltrate the plaintext once the document is opened by a legitimate user. Secondly, we abuse a flaw in the PDF encryption specification allowing an attacker to arbitrarily manipulate encrypted content without knowing the cor- responding key/password. The only requirement is one single block of known plaintext, which we show is fulfilled by design. By using exfiltration channels our attacks allow the recovery of the entire plaintext or parts of it within an encrypted document. The attacks rely only on standard compliant PDF features. We evaluated our attacks on 27 widely used PDF viewers and found all of them vulnerable. 1 Contents 1 Background4 1.1 Portable Document Format (PDF) . .4 1.2 PDF Encryption . .6 1.3 PDF Interactive Features . .7 2 Attacker Model8 3 PDF Encryption: Security Analysis9 3.1 Partial Encryption . .9 3.2 CBC Malleability . 10 3.3 PDF Interactive Features . 12 4 How To Break PDF Encryption 14 4.1 Direct Exfiltration (Attack A) . 14 4.1.1 Requirements . 15 4.1.2 Direct Exfiltration through PDF Forms (A1) . 15 4.1.3 Direct Exfiltration via Hyperlinks (A2) . -
B.Casselman,Mathematical Illustrations,A Manual Of
1 0 0 setrgbcolor newpath 0 0 1 0 360 arc stroke newpath Preface 1 0 1 0 360 arc stroke This book will show how to use PostScript for producing mathematical graphics, at several levels of sophistication. It includes also some discussion of the mathematics involved in computer graphics as well as a few remarks about good style in mathematical illustration. To explain mathematics well often requires good illustrations, and computers in our age have changed drastically the potential of graphical output for this purpose. There are many aspects to this change. The most apparent is that computers allow one to produce graphics output of sheer volume never before imagined. A less obvious one is that they have made it possible for amateurs to produce their own illustrations of professional quality. Possible, but not easy, and certainly not as easy as it is to produce their own mathematical writing with Donald Knuth’s program TEX. In spite of the advances in technology over the past 50 years, it is still not a trivial matter to come up routinely with figures that show exactly what you want them to show, exactly where you want them to show it. This is to some extent inevitable—pictures at their best contain a lot of information, and almost by definition this means that they are capable of wide variety. It is surely not possible to come up with a really simple tool that will let you create easily all the graphics you want to create—the range of possibilities is just too large. -
Living Without Google on Android
Alternative for Google Apps on Android - living without Google on Android Android without any Google App? What to use instead of Hangouts, Map, Gmail? Is that even possible? And why would anyone want to live without Google? I've been using a lot of different custom ROMs on my devices, so far the two best: plain Cyanogenmod 11 snapshot on the Nexus 4[^1], and MIUI 2.3.2 on the HTC Desire G7[^2]. All the others ( MUIU 5, MIUI 6 unofficial, AOKP, Kaos, Slim, etc ) were either ugly, unusable, too strange or exceptionally problematic on battery life. For a long time, the first step for me was to install the Google Apps, gapps packages for Plays Store, Maps, and so on, but lately they require so much rights on the phone that I started to have a bad taste about them. Then I started to look for alternatives. 1 of 5 So, what to replace with what? Play Store I've been using F-Droid[^3] as my primary app store for a while now, but since it's strictly Free Software[^4] store only, sometimes there's just no app present for your needs; aptoide[^5] comes very handy in that cases. Hangouts I never liked Hangouts since the move from Gtalk although for a little while it was exceptional for video - I guess it ended when the mass started to use it in replacement of Skype and its recent suckyness. For chat only, check out: ChatSecure[^6], Conversations[^7] or Xabber[^8]. All of them is good for Gtalk-like, oldschool client and though Facebook can be configured as XMPP as well, I'd recommend Xabber for that, the other two is a bit flaky with Facebook. -
Font HOWTO Font HOWTO
Font HOWTO Font HOWTO Table of Contents Font HOWTO......................................................................................................................................................1 Donovan Rebbechi, elflord@panix.com..................................................................................................1 1.Introduction...........................................................................................................................................1 2.Fonts 101 −− A Quick Introduction to Fonts........................................................................................1 3.Fonts 102 −− Typography.....................................................................................................................1 4.Making Fonts Available To X..............................................................................................................1 5.Making Fonts Available To Ghostscript...............................................................................................1 6.True Type to Type1 Conversion...........................................................................................................2 7.WYSIWYG Publishing and Fonts........................................................................................................2 8.TeX / LaTeX.........................................................................................................................................2 9.Getting Fonts For Linux.......................................................................................................................2 -
Breaking PDF Encryption
Practical Decryption exFiltration: Breaking PDF Encryption Jens Müller Fabian Ising Vladislav Mladenov [email protected] [email protected] [email protected] Ruhr University Bochum, Chair for Münster University of Applied Ruhr University Bochum, Chair for Network and Data Security Sciences Network and Data Security Christian Mainka Sebastian Schinzel Jörg Schwenk [email protected] [email protected] [email protected] Ruhr University Bochum, Chair for Münster University of Applied Ruhr University Bochum, Chair for Network and Data Security Sciences Network and Data Security ABSTRACT Home/Trusted Environment The Portable Document Format, better known as PDF, is one of the Decrypted Document 1. Victim opens 2. Exfiltrating Tax Declaration decrypted content most widely used document formats worldwide, and in order to en- an encrypted PDF file Scrooge McDuck with their password via the Internet sure information confidentiality, this file format supports document TOP SECRET Victim encryption. In this paper, we analyze PDF encryption and show Attacker two novel techniques for breaking the confidentiality of encrypted Victim’s PC documents. First, we abuse the PDF feature of partially encrypted documents to wrap the encrypted part of the document within Figure 1: An overview of the attack scenario: The victim attacker-controlled content and therefore, exfiltrate the plaintext opens an encrypted PDF document and unintentionally once the document is opened by a legitimate user. Second, we abuse leaks the decrypted content to an attacker-controlled server. a flaw in the PDF encryption specification to arbitrarily manipulate The encrypted PDF file was manipulated by the attacker be- encrypted content. -
Chapter 13, Using Fonts with X
13 Using Fonts With X Most X clients let you specify the font used to display text in the window, in menus and labels, or in other text fields. For example, you can choose the font used for the text in fvwm menus or in xterm windows. This chapter gives you the information you need to be able to do that. It describes what you need to know to select display fonts for use with X client applications. Some of the topics the chapter covers are: The basic characteristics of a font. The font-naming conventions and the logical font description. The use of wildcards and aliases for simplifying font specification The font search path. The use of a font server for accessing fonts resident on other systems on the network. The utilities available for managing fonts. The use of international fonts and character sets. The use of TrueType fonts. Font technology suffers from a tension between what printers want and what display monitors want. For example, printers have enough intelligence built in these days to know how best to handle outline fonts. Sending a printer a bitmap font bypasses this intelligence and generally produces a lower quality printed page. With a monitor, on the other hand, anything more than bitmapped information is wasted. Also, printers produce more attractive print with variable-width fonts. While this is true for monitors as well, the utility of monospaced fonts usually overrides the aesthetic of variable width for most contexts in which we’re looking at text on a monitor. This chapter is primarily concerned with the use of fonts on the screen. -
Complete Issue 40:3 As One
TUGBOAT Volume 40, Number 3 / 2019 General Delivery 211 From the president / Boris Veytsman 212 Editorial comments / Barbara Beeton TEX Users Group 2019 sponsors; Kerning between lowercase+uppercase; Differential “d”; Bibliographic archives in BibTEX form 213 Ukraine at BachoTEX 2019: Thoughts and impressions / Yevhen Strakhov Publishing 215 An experience of trying to submit a paper in LATEX in an XML-first world / David Walden 217 Studying the histories of computerizing publishing and desktop publishing, 2017–19 / David Walden Resources 229 TEX services at texlive.info / Norbert Preining 231 Providing Docker images for TEX Live and ConTEXt / Island of TEX 232 TEX on the Raspberry Pi / Hans Hagen Software & Tools 234 MuPDF tools / Taco Hoekwater 236 LATEX on the road / Piet van Oostrum Graphics 247 A Brazilian Portuguese work on MetaPost, and how mathematics is embedded in it / Estev˜aoVin´ıcius Candia LATEX 251 LATEX news, issue 30, October 2019 / LATEX Project Team Methods 255 Understanding scientific documents with synthetic analysis on mathematical expressions and natural language / Takuto Asakura Fonts 257 Modern Type 3 fonts / Hans Hagen Multilingual 263 Typesetting the Bangla script in Unicode TEX engines—experiences and insights Document Processing / Md Qutub Uddin Sajib Typography 270 Typographers’ Inn / Peter Flynn Book Reviews 272 Book review: Hermann Zapf and the World He Designed: A Biography by Jerry Kelly / Barbara Beeton 274 Book review: Carol Twombly: Her brief but brilliant career in type design by Nancy Stock-Allen / Karl -
Ghostscript 5
Ghostscript 5 Was kann Ghostscript? Installation von Ghostscript Erzeugen von Ghostscript aus den C-Quellen Schnellkurs zur Ghostscript-Benutzung Ghostscript-Referenz Weitere Anwendungsmöglichkeiten Ghostscript-Manual © Thomas Merz 1996-97 ([email protected]) Dieses Manual ist ein modifizierter Auszug aus dem Buch »Die PostScript- & Acrobat-Bibel. Was Sie schon immer über PostScript und Acrobat/PDF wissen wollten« von Thomas Merz; Thomas Merz Verlag München 1996, ISBN 3-9804943-0-6, 440 Seiten plus CD- ROM. Das Buch und dieses Manual sind auch auf Englisch erhältlich (Springer Verlag Berlin Heidelberg New York 1997, ISBN 3-540-60854-0). Das Ghostscript-Manual darf in digitaler oder gedruckter Form kopiert und weitergegeben werden, falls keine Zahlung damit verbunden ist. Kommerzielle Reproduktion ist verboten. Das Manual darf jeoch beliebig zusammen mit der Ghostscript- Software weitergegeben werden, sofern die Lizenzbedingungen von Ghostscript beachtet werden. Das Ghostscript-Manual ist unter folgendem URL erhältlich: http://www.muc.de/~tm. 1 Was kann Ghostscript? L. Peter Deutsch, Inhaber der Firma Aladdin Enterprises im ka- lifornischen Palo Alto, schrieb den PostScript-Interpreter Ghostscript in der Programmiersprache C . Das Programm läuft auf MS-DOS, Windows 3.x, Windows 95, Windows NT, OS/2, Macintosh, Unix und VAX/VMS. Die Ursprünge von Ghost- script reichen bis 1988 zurück. Seither steht das Programmpa- ket kostenlos zur Verfügung und mauserte sich unter tatkräfti- ger Mitwirkung vieler Anwender und Entwickler aus dem In- ternet zu einem wesentlichen Bestandteil vieler Computerinstallationen. Peter Deutsch vertreibt auch eine kommerzielle Version von Ghostscript mit kundenspezifischen Anpassungen und entsprechendem Support. Die wichtigsten Einsatzmöglichkeiten von Ghostscript sind: Bildschirmausgabe. Ghostscript stellt PostScript- und PDF- Dateien am Bildschirm dar. -
Incorporer Les Polices Dans Un Document Libreoffice Une Police D’Écriture Ou Police De Caractères Est Une Manière D'écrire Les Caractères
Incorporer les polices dans un document LibreOffice Une police d’écriture ou police de caractères est une manière d'écrire les caractères. Il en existe énormément et pour à peu près tous les usages. Si vous communiquez électroniquement avec d'autres, il est fort probable qu'ils n'aient pas toutes vos polices numériques. De plus, certaines sont couvertes par un droit d'auteur strict (au sens où l'auteur ne donne pas plus de droits aux utilisateurs que la loi lui oblige) et le droit des marques. C'est un véritable problème. En effet, les polices de caractères informatiques déterminent beaucoup de choses, dont la taille des caractères, l'apparence des caractères et l'espacement entre ceux-ci. Si votre correspondant n'a pas les mêmes polices que vous, votre texte peut donc être visuellement déformé. Les logiciels essayent généralement de trouver la police la plus proche, mais ce n'est pas toujours une grande réussite. Pour combler ce problème, il faut intégrer les polices aux documents que vous transmettez. Bien entendu, cela rendra plus lourd vos documents étant donné qu'ils auront les polices en plus. La bonne nouvelle est que LibreOffice (au moins à partir de la version 4.3) permet cela ! Dans un document OpenDocument OpenDocument est un format ouvert et standardisé qui est utilisé par défaut dans LibreOffice, OpenOffice et Calligra. Les fichiers OpenDocument ont généralement une extension .odx, avec "x" un caractère quelconque. Pour incorporer les polices d'un document au format OpenDocument, suivez les étapes suivantes. 1. Ouvrez votre document au format OpenDocument avec LibreOffice. -
Typesetting Music with PMX
Typesetting music with PMX by Cornelius C. Noack — Version 2.7 / January 2012 (PMX features up to version 2.617 included) II Acknowledgement This tutorial owes its very existence to the work by Luigi Cataldi, who a few years ago produced a wonderful manual for PMX in Italian. Luigi’s manual features many examples which help greatly in understanding some of the arguably arcane PMX notation. Even though the Cataldi manual is, as Don Simons has aptly remarked, “written in the language of music”, it nevertheless seemed useful to have access to it for non-Italian speakers, so Don asked around for help on a ‘retranslation’. In fact, that is what the present tutorial started out with: essentially a retranslation of the PMX part of Luigis manual back into English, us- ing, where that seemed feasible, Don’s original PMX manual. I had been thinking for some time of producing some examples (and an index) for the updated (PMX 2.40) version of that manual, and now, taking Luigis italian version as a basis, it seemed an easy thing to do. Of course, as such projects go: soon after the first version had appeared in 2002, it tended to get out of hand — Don Simons actively produced one new beta version of PMX after the other, and I simply could not keep up with his pace. So alas: 5 long years went by before the first update of the tutorial – re- flecting all PMX changes from Version 2.40 to Version 2.514 , in one giant step! – had become possible. -
Pymupdf 1.12.2 Documentation » Next | Index Pymupdf Documentation
PyMuPDF 1.12.2 documentation » next | index PyMuPDF Documentation Introduction Note on the Name fitz License Covered Version Installation Option 1: Install from Sources Step 1: Download PyMuPDF Step 2: Download and Generate MuPDF Step 3: Build / Setup PyMuPDF Option 2: Install from Binaries Step 1: Download Binary Step 2: Install PyMuPDF MD5 Checksums Targeting Parallel Python Installations Using UPX Tutorial Importing the Bindings Opening a Document Some Document Methods and Attributes Accessing Meta Data Working with Outlines Working with Pages Inspecting the Links of a Page Rendering a Page Saving the Page Image in a File Displaying the Image in Dialog Managers Extracting Text Searching Text PDF Maintenance Modifying, Creating, Re-arranging and Deleting Pages Joining and Splitting PDF Documents Saving Closing Example: Dynamically Cleaning up Corrupt PDF Documents Further Reading Classes Annot Example Colorspace Document Remarks on select() select() Examples setMetadata() Example setToC() Example insertPDF() Examples Other Examples Identity IRect Remark IRect Algebra Examples Link linkDest Matrix Remarks 1 Remarks 2 Matrix Algebra Examples Shifting Flipping Shearing Rotating Outline Page Description of getLinks() Entries Notes on Supporting Links Homologous Methods of Document and Page Pixmap Supported Input Image Types Details on Saving Images with writeImage() Pixmap Example Code Snippets Point Remark Point Algebra Examples Shape Usage Examples Common Parameters Rect Remark Rect Algebra Examples Operator Algebra for Geometry Objects -
Osspolice - Identifying Open-Source License Violation and 1-Day Security Risk at Large Scale
OSSPolice - Identifying Open-Source License Violation and 1-day Security Risk at Large Scale Ruian Duan, Ashish Bijlani, Meng Xu Taesoo Kim, Wenke Lee ACM CCS 2017 1 Background • Open SourCe Software (OSS) is gaining popularity, e.g. GitHub reported 20M users and 57M repos • Mobile app market grows fast with over 2M apps on Play Store • Developers reuse OSS as is for lots of benefits • Legal risks and seCurity risks arise 2 Risks in OSS use • OSS liCenses have Constraints (e.g. For now, GNU GPL is an GNU GPL requires derivative works enforceable contract, says US to open sourCe) federal judge! Artifex Slaps Palm with PDF Reader Copyright Suit Equifax blames open-source • 1-day vulnerabilities in stale OSS software for its record-breaking versions are exploited by haCkers security breach Community Health Systems Breach Possible due to Heartbleed Vulnerability 3 Goal • Design a tool, OSSPoliCe, to analyze Android apps for open-sourCe license violation and 1-day seCurity risk by deteCting reuse of OSS and their versions at large sCale • Requirements • AcCurate deteCtion for hundreds of thousands of OSS • AcCurate version pinpointing • EffiCient resourCe usage • Fast search to support vetting a large number of Android apps 4 Overview and challenges • Feature selection • Source vs binary: automatiCally building sourCe Code is hard, due to dependenCies, various build configs etC. • Compare App against OSS • Fused app binaries: multiple OSS Can be linked or compiled into a single file • Partial builds and internal code clones: not all OSS features