Description of problem: pdfmerge relies on the postscript run primitive which is potentially dangerous if applied to untrusted files. The latest version(s?) of ghostscript has a ps2pdf script that automatically adds -dSAFER - this causes Version-Release number of selected component (if applicable): pdfmerge-1.0-4.fc12.noarch How reproducible: pdfmerge file1.pdf file2.pdf output.pdf Actual results: Any pdf files will fail. Expected results: output.pdf should contain the concatenation of file1.pdf and file2.pdf Additional info: Attached patch requires the patch in #657694 to have any effect.
Created attachment 463513 [details] Workaround to automatically accept files in the current directory as safe for ps2pdf
Since 657694 got rejected, here is a second, partial solution to the problem that does not require any changes to ps2pdf but will only work for files in the current directory. In addition I added a few lines to reduce some frustration for users in the help text.
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Hi Knut, since the upstream project seems pretty dead (last release on SourceForge was 2004) I'm going to continue this project upstream and also continue the packaging for Fedora. I already applied your patch upstream: https://github.com/dmaphy/pdfmerge Thanks very much for your efforts on this :)
Well, thank you for taking the responsibility for this :) it is a very useful utility as it is a "missing link" in that many programs are able to read, create and process PDF files but one often ends up with multiple smaller files as output. It is also quite elegant in it's simplicity, given the not trivial knowledge of postscript and pdf required.
Hi Knut, since this bug refers to the same topic as #642427, I'll close this one as duplicate. A fix is already available in koji: http://koji.fedoraproject.org/koji/packageinfo?packageID=6563 :) *** This bug has been marked as a duplicate of bug 642427 ***