Changelog:
qpdf 10.6.2
This is qpdf version 10.6.2. There are a few more character encoding fixes in
this release. A new version of pikepdf is also being released to get them back
in sync.
qpdf 10.6.1
This is qpdf version 10.6.1. This release fixes a compilation error on some
platforms because of a missing header file.
qpdf 10.6.0
This is qpdf version 10.6.0.
This release includes a few significant changes:
* All functionality previously available only from the qpdf CLI has been
exposed to the library using a new QPDFJob API, which includes fluent
interfaces as well as a JSON format that's equivalent to qpdf's
command-line arguments.
* Many new interfaces have been added to QPDFObjectHandle and the C API to
allow more convient ways querying types and accessing object values in a
more type-safe fashion.
* qpdf --help has been revamped so that help is divided into categories, and
help is available for each option
* The Running qpdf section of the manual has been rewritten. The manual now
includes an index of command-line arguments.
In qpdf 11, PointerHolder will be replaced by std::shared_ptr in QPDF's API. A
backward-compatible PointerHolder API will be available. See Smart Pointers for
details including things you can do now to prepare. See also comments in
PointerHolder.hh.
Changelog:
10.5.0: December 21, 2021
+ Packaging changes
o Pre-built documentation is no longer distributed with the source
distribution. The AppImage and Windows binary distributions still
contain embedded documentation, and a separate doc distribution
file is available from the qpdf release site. Documentation is now
available at https://qpdf.readthedocs.io for every major/minor
version starting with version 10.5. Please see Packaging
Documentation for details on how packagers should handle
documentation.
o The documentation sources have been switched from docbook to
reStructuredText processed with Sphinx. This will break previous
documentation links. A redirect is in place on the main website. A
top-to-bottom review of the documentation is planned for an
upcoming release.
+ Library Enhancements
o Since qpdf version 8, using object accessor methods on an instance
of QPDFObjectHandle may create warnings if the object is not of the
expected type. These warnings now have an error code of
qpdf_e_object instead of qpdf_e_damaged_pdf. Also, comments have
been added to QPDFObjectHandle.hh to explain in more detail what
the behavior is. See Object Accessor Methods for a more in-depth
discussion.
o Add Pl_Buffer::getMallocBuffer() to initialize a buffer allocated
with malloc() for better cross-language interoperability.
+ C API Enhancements
o Many thanks to M. Holger whose contributions have heavily
influenced these C API enhancements. His several suggestions, pull
requests, questions, and critical reading of documentation and
comments have resulted in significant usability improvements to the
C API.
o Overhaul error handling for the object handle functions C API. Some
rare error conditions that would previously have caused a crash are
now trapped and reported, and the functions that generate them
return fallback values. See comments in the ERROR HANDLING section
of include/qpdf/qpdf-c.h for details. In particular, exceptions
thrown by the underlying C++ code when calling object accessors are
caught and converted into errors. The errors can be checked by
calling qpdf_has_error. Use qpdf_silence_errors to prevent the
error from being written to stderr.
o Add qpdf_get_last_string_length to the C API to get the length of
the last string that was returned. This is needed to handle strings
that contain embedded null characters.
o Add qpdf_oh_is_initialized and qpdf_oh_new_uninitialized to the C
API to make it possible to work with uninitialized objects.
o Add qpdf_oh_new_object to the C API. This allows you to clone an
object handle.
o Add qpdf_get_object_by_id, qpdf_make_indirect_object, and
qpdf_replace_object, exposing the corresponding methods in QPDF and
QPDFObjectHandle.
o Add several functions for working with pages. See PAGE FUNCTIONS in
include/qpdf/qpdf-c.h for details.
o Add several functions for working with streams. See STREAM
FUNCTIONS in include/qpdf/qpdf-c.h for details.
o Add qpdf_oh_get_type_code and qpdf_oh_get_type_name.
o Add qpdf_oh_get_binary_string_value and qpdf_oh_new_binary_string
for making it easier to deal with strings that contain embedded
null characters.
Changelog:
10.4.0: November 16, 2021
+ Handling of Weak Cryptography Algorithms
o From the qpdf CLI, the --allow-weak-crypto is now required to
suppress a warning when explicitly creating PDF files using RC4
encryption. While qpdf will always retain the ability to read and
write such files, doing so will require explicit acknowledgment
moving forward. For qpdf 10.4, this change only affects the
command-line tool. Starting in qpdf 11, there will be small API
changes to require explicit acknowledgment in those cases as well.
For additional information, see Chapter 6, Weak Cryptography.
+ Bug Fixes
o Fix potential bounds error when handling shell completion that
could occur when given bogus input.
o Properly handle overlay/underlay on completely empty pages (with no
resource dictionary).
o Fix crash that could occur under certain conditions when using
--pages with files that had form fields.
+ Library Enhancements
o Make QPDF::findPage functions public.
o Add methods to Pl_Flate to be able to receive warnings on certain
recoverable conditions.
o Add an extra check to the library to detect when foreign objects
are inserted directly (instead of using QPDF::copyForeignObject) at
the time of insertion rather than when the file is written.
Catching the error sooner makes it much easier to locate the
incorrect code.
+ CLI Enhancements
o Improve diagnostics around parsing --pages command-line options
+ Packaging Changes
o The Windows binary distribution is now built with crypto provided
by OpenSSL 3.0.
Changelog:
This is qpdf version 10.3.2. It contains small fixes and enhancements
including fixing an 11-year-old bug in which unreferenced objects
were retained in preserved object streams as well as a portability
fix for timezone code.
Changelog:
10.3.1
This is qpdf version 10.3.1. It contains just one bug fix from
10.3.0 which could cause perfectly valid files to fail to go through
page splitting if their document-level form dictionary had a
particular characteristic. There is also code to better handle
future such problems if any are still lurking.
10.3.0
This is qpdf version 10.3.0. This release includes a few minor
fixes and some rework of the form field handling code from 10.2.0.
It turns out the code in 10.2.0 was not complete and didn't handle
several import cases including resolving conflicts when merging
the same fields more than once or fields with conflicting names
and defaults from multiple files.
10.2.0
This is qpdf version 10.2.0. This release includes several enhancements
to the API and CLI including better handling of form fields with
page splitting and merging, support for file attachments, an added
way to read a password from stdin, several enhancements to form
field and annotation helpers, and rewritten support for name and
number trees. This release also requires a C++-14 compiler. I have
no plans to require anything newer than C++-14 in the foreseeable
future. There are also a few bug fixes.
Changelog:
10.1.0
This is qpdf version 10.1.0. This release includes several enhancements
to the API including increased support for form XObjects and addition
of user-providable stream filter decoders. There are also several
enhancements to the C API including functions to work with objects.
There are also a few bug fixes and performance enhancements.
10.0.4
This is qpdf version 10.0.4. This includes a few fixes to integer
overflow conditions.
10.0.3
This is qpdf version 10.0.3. One of the fixes in 10.0.2 introduced
a new bug, which is fixed in 10.0.3.
Changelog:
This is qpdf version 10.0.2. This release includes several fixes
and performance improvements over 10.0.1. This release includes
prebuilt Linux binaries in a zip file for use in docker containers
or AWS Lambda. Also, the Windows releases are built with the latest
versions of dependent libraries and now use the OpenSSL crypto
provider by default. This is also the first release of qpdf to be
built with GitHub Actions.
* Bump forgotten BUILDLINK_API_DEPENDS.
Changelog:
This is qpdf version 10.0.1. This release includes some small bug
fixes over 10.0.0 including a fix to one regression in
QPDFObjectHandle::getStreamData. If you use that method in your
code, you should definitely take 10.0.1 over 10.0.0.
Changelog:
This is qpdf version 10.0.0. This release includes several notable
improvements: substantially improved performance over the 8.x and
9.x releases, an openssl crypto provider, delegation of random
number generation to the crypto provider, fast and automatic
determination of whether to run slow unreferenced resource removal
whens splitting pages (though you can force the behavior to be on
or off as well), and a few others.
There is a small Perl program that computes an SHA1 hash. This program is
required to run the fuzzing tests as part of the build. Without Perl, the
build contains about 40 of these messages:
fuzz/build.mk:82: warning: overriding recipe for target
'fuzz/build/qpdf_fuzzer_seed_corpus/'
fuzz/build.mk:82: warning: ignoring old recipe for target
'fuzz/build/qpdf_fuzzer_seed_corpus/'
Chaneglog:
This is qpdf version 9.1.1. This release contains a few small
enhancements and bug fixes. Most notably, fix-qdf is now a proper
executable rather than a perl script, so qpdf no longer has a
runtime dependency on perl.
pkglint --only "https instead of http" -r -F
With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.
This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.
Changelog:
2019-11-17 Jay Berkenbilt <ejb@ql.org>
* 9.1.0: release
2019-11-09 Jay Berkenbilt <ejb@ql.org>
* 9.1.rc1: release
* Improve behavior of wildcard expansion for msvc executable when
run from the Windows cmd.exe shell. Unlike in UNIX environments,
Windows leaves it up to the executable to expand its own
wildcards. Fixes#224.
* When reading /P from the encryption dictionary, use static_cast
instead of QIntC to convert the value to a signed integer. The
value of /P is a bit field, and PDF files have been found in the
wild where /P is represented as an unsigned integer even though
the spec states that it is a signed 32-bit value. By using
static_cast, we allow qpdf to compensate for writers that
incorrectly represent the correct bit field as an unsigned value.
Fixes#382.
2019-11-05 Jay Berkenbilt <ejb@ql.org>
* Add support for pluggable crypto providers, enabling multiple
implementations of the cryptographic functions needed by qpdf.
This feature was added by request of Red Hat, which recognized the
use of qpdf's native crypto implementations as a potential
security liability, preferring instead to get all crypto
functionality from a third-party library that receives a lot of
scrutiny. However it was also important to me to not impose any
unnecessary third party dependencies on my users or packagers,
some of which build qpdf for lots of environments, some of which
may not easily support gnutls. Starting in qpdf 9.1.0, it is be
possible to build qpdf with both the native and gnutls crypto
providers or with either in isolation. In support of this feature,
new classes QPDFCryptoProvider and QPDFCryptoImpl have been added
to the public interface. See QPDFCryptoImpl.hh for details about
adding your own crypto provider and QPDFCryptoProvider.hh for
details about choosing which one is used. Note that selection of
crypto providers is invisible to anyone who doesn't explicitly
care. Neither end users nor developers have to be concerned about
it.
* The environment variable QPDF_CRYPTO_PROVIDER can be used to
override qpdf's default choice of crypto provider. The
--show-crypto flag to the qpdf CLI can be used to present a list
of supported crypto providers with the default provider always
listed first.
* Add gnutls crypto provider. Thanks to Zdenek Dohnal for
contributing the code that I ultimately used in the gnutls crypto
provider and for engaging in an extended discussion about this
feature. Fixes#218.
2019-10-22 Jay Berkenbilt <ejb@ql.org>
* Incorporate changes from Masamichi Hosoda <trueroad@trueroad.jp>
to properly handle signature in the following ways:
- Always represent /Contents in a signature dictionary as a hex
string
- Do not compress signature dictionaries when generating object
streams
- Do not encrypt/decrypt the /Contents field of the signature
dictionary when creating or reading encrypted files
* Incorporate changes from Masamichi Hosoda <trueroad@trueroad.jp>
to add additional methods for making it possible to gain deeper
insight into cross reference tables and object renumbering. These
new API calls make it possible for applications to go into PDF
files created by qpdf and make changes to them that go beyond
working with the PDF at the object level. The specific use case
for these changes was to write an external tool to perform digital
signature, but there could be other uses as well. New methods
include the following, all of which are described in their
respective headers:
- QPDF::getXRefTable()
- QPDFObjectHandle::getParsedOffset()
- QPDFWriter::getRenumberedObjGen(QPDFObjGen)
- QPDFWriter::getWrittenXRefTable()
Changelog:
This is qpdf version 9.0.1. It contains a small number of minor
fixes and enhancements, including fixes to the build for big-endian
systems and systems with char being unsigned by default.
Changelog:
9.0.0: August 31, 2019
Incompatible API (source-level) Changes (minor)
The method QUtil::strcasecmp has been renamed to QUtil::str_compare_nocase. This incompatible change is necessary to enable qpdf to build on platforms that define strcasecmp as a macro.
The QPDF::copyForeignObject method had an overloaded version that took a boolean parameter that was not used. If you were using this version, just omit the extra parameter.
There was a version QPDFTokenizer::expectInlineImage that took no arguments. This version has been removed since it caused the tokenizer to return incorrect inline images. A new version was added some time ago that produces correct output. This is a very low level method that doesn't make sense to call outside of qpdf's lexical engine. There are higher level methods for tokenizing content streams.
Change QPDFOutlineDocumentHelper::getTopLevelOutlines and QPDFOutlineObjectHelper::getKids to return a std::vector instead of a std::list of QPDFOutlineObjectHelper objects.
Remove method QPDFTokenizer::allowPoundAnywhereInName. This function would allow creation of name tokens whose value would change when unparsed, which is never the correct behavior.
When qpdf --check or qpdf --check-linearization encounters a file with linearization warnings but not errors, it now properly exits with exit code 3 instead of 2.
CLI Enhancements
The --replace-input option may be given in place of an output file name. This causes qpdf to overwrite the input file with the output. See the description of --replace-input in Section 3.3, “Basic Options” for more details.
The --recompress-flate instructs qpdf to recompress streams that are already compressed with /FlateDecode. Useful with --compression-level.
The --compression-level=level sets the zlib compression level used for any streams compressed by /FlateDecode. Most effective when combined with --recompress-flate.
Library Enhancements
A new namespace QIntC, provided by qpdf/QIntC.hh, provides safe conversion methods between different integer types. These conversion methods do range checking to ensure that the cast can be performed with no loss of information. Every use of static_cast in the library was inspected to see if it could use one of these safe converters instead. See Section 7.5, “Casting Policy” for additional details.
Method QPDF::anyWarnings tells whether there have been any warnings without clearing the list of warnings.
Method QPDF::closeInputSource closes or otherwise releases the input source. This enables the input file to be deleted or renamed.
New methods have been added to QUtil for converting back and forth between strings and unsigned integers: uint_to_string, uint_to_string_base, string_to_uint, and string_to_ull.
New methods have been added to QPDFObjectHandle that return the value of Integer objects as int or unsigned int with range checking and sensible fallback values, and a new method was added to return an unsigned value. This makes it easier to write code that is safe from unintentional data loss. Functions: getUIntValue, getIntVauleAsInt, getUIntValueAsUInt.
When parsing content streams with QPDFObjectHandle::ParserCallbacks, in place of the method handleObject(QPDFObjectHandle), the developer may override handleObject(QPDFObjectHandle, size_t offset, size_t length). If this method is defined, it will be invoked with the object along with its offset and length within the overall contents being parsed. Intervening spaces and comments are not included in offset and length. Additionally, a new method contentSize(size_t) may be implemented. If present, it will be called prior to the first call to handleObject with the total size in bytes of the combined contents.
New methods QPDF::userPasswordMatched and QPDF::ownerPasswordMatched have been added to enable a caller to determine whether the supplied password was the user password, the owner password, or both. This information is also displayed by qpdf --show-encryption and qpdf --check.
Static method Pl_Flate::setCompressionLevel can be called to set the zlib compression level globally used by all instances of Pl_Flate in deflate mode.
The method QPDFWriter::setRecompressFlate can be called to tell QPDFWriter to uncompress and recompress streams already compressed with /FlateDecode.
The underlying implementation of QPDF arrays has been enhanced to be much more memory efficient when dealing with arrays with lots of nulls. This enables qpdf to use drastically less memory for certain types of files.
When traversing the pages tree, if nodes are encountered with invalid types, the types are fixed, and a warning is issued.
A new helper method QUtil::read_file_into_memory was added.
All conditions previously reported by QPDF::checkLinearization() as errors are now presented as warnings.
Name tokens containing the # character not preceded by two hexadecimal digits, which is invalid in PDF 1.2 and above, are properly handled by the library: a warning is generated, and the name token is properly preserved, even if invalid, in the output. See ChangeLog for a more complete description of this change.
Bug Fixes
A small handful of memory issues, assertion failures, and unhandled exceptions that could occur on badly mangled input files have been fixed. Most of these problems were found by Google's OSS-Fuzz project.
When qpdf --check or qpdf --check-linearization encounters a file with linearization warnings but not errors, it now properly exits with exit code 3 instead of 2.
The --completion-bash and --completion-zsh options now work properly when qpdf is invoked as an AppImage.
Calling QPDFWriter::set*EncryptionParameters on a QPDFWriter object whose output filename has not yet been set no longer produces a segmentation fault.
When reading encrypted files, follow the spec more closely regarding encryption key length. This allows qpdf to open encrypted files in most cases when they have invalid or missing /Length keys in the encryption dictionary.
When qpdf --check or qpdf --check-linearization encounters a file with linearization warnings but not errors, it now properly exits with exit code 3 instead of 2.
Build Changes
On platforms that support it, qpdf now builds with -fvisibility=hidden. If you build qpdf with your own build system, this is now safe to use. This prevents methods that are not part of the public API from being exported by the shared library, and makes qpdf's ELF shared libraries (used on Linux, MacOS, and most other UNIX flavors) behave more like the Windows DLL. Since the DLL already behaves in much this way, it is unlikely that there are any methods that were accidentally not exported. However, with ELF shared libraries, typeinfo for some classes has to be explicitly exported. If there are problems in dynamically linked code catching exceptions or subclassing, this could be the reason. If you see this, please report a bug at pikepdf.
QPDF is now compiled with integer conversion and sign conversion warnings enabled. Numerous changes were made to the library to make this safe.
QPDF's make install target explicitly specifies the mode to use when installing files instead of relying the user's umask. It was previously doing this for some files but not others.
If pkg-config is available, use it to locate libjpeg and zlib dependencies, falling back on old behavior if unsuccessful.
Other Notes
QPDF has been fully integrated into Google's OSS-Fuzz project. This project exercises code with randomly mutated inputs and is great for discovering hidden security crashes and security issues. Several bugs found by oss-fuzz have already been fixed in qpdf.
Changelog:
This is qpdf version 8.4.1. It contains a small handful of minor
CLI enhancements and a few bug fixes from 8.4.0 including handling
of Unicode filenames in Windows, a performance bug with --split-pages
and a few others. For a full list of changes, please see the release
notes.
Changelog:
This is qpdf version 8.4.0. It contains many enhancements and fixes
including better handling of Unicode passwords, enhancements to
image optimization and appearance generation, overlay/underlay and
other changes. It also includes an important bug fix for page
splitting. For a full list of changes, please see the release notes.
Changelog:
2019-01-07 Jay Berkenbilt <ejb@ql.org>
* 8.3.0: release
* Add sample completion files in completions. These can be used by
packagers to install on the system wherever bash and zsh keep
their vendor-supplied completions.
* Add configure flag --enable-check-autofiles, which is on by
default. Packagers whose packaging systems automatically refresh
autoconf or libtool files should pass --disable-check-autofiles to
./configure to suppress warnings about automatically generated
files being outdated.
2019-01-06 Jay Berkenbilt <ejb@ql.org>
* Remove the restriction in most cases that the source QPDF used
in a copyForeignObject call has to stick around until the
destination QPDF is written. The exceptional case is when the
source stream gets is data using a
QPDFObjectHandle::StreamDataProvider. For a more in-depth
discussion, see comments around copyForeignObject in QPDF.hh.
Fixes#219.
2019-01-05 Jay Berkenbilt <ejb@ql.org>
* When generating appearances, if the font uses one of the
standard, built-in encodings, restrict the character set to that
rather than just to ASCII. This will allow most appearances to
contain characters from the ISO-Latin-1 range plus a few
additional characters.
* Add methods QUtil::utf8_to_win_ansi and
QUtil::utf8_to_mac_roman.
* Add method QUtil::utf8_to_utf16.
2019-01-04 Jay Berkenbilt <ejb@ql.org>
* Add new option --optimize-images, which recompresses every image
using DCT (JPEG) compression as long as the image is not already
compressed with lossy compression and recompressing the image
reduces its size. The additional options --oi-min-width,
--oi-min-height, and --oi-min-area prevent recompression of images
whose width, height, or pixel area (width * height) are below a
specified threshold.
* Add new option --collate. When specified, the semantics of
--pages change from concatenation to collation. See the manual for
a more detailed discussion. Fixes#259.
* Add new method QPDFWriter::getFinalVersion, which returns the
PDF version that will ultimately be written to the final file. See
comments in QPDFWriter.hh for some restrictions on its use. Fixes
#266.
* When unexpected errors are found while checking linearization
data, print an error message instead of calling assert, which
cause the program to crash. Fixes#209, #231.
* Detect and recover from dangling references. If a PDF file
contained an indirect reference to a non-existent object (which is
valid), when adding a new object to the file, it was possible for
the new object to take the object ID of the dangling reference,
thereby causing the dangling reference to point to the new object.
This case is now prevented. Fixes#240.
2019-01-03 Jay Berkenbilt <ejb@ql.org>
* Add --generate-appearances flag to the qpdf command-line tool to
trigger generation of appearance streams.
* Fix behavior of form field value setting to handle the following
cases:
- Strings are always written as UTF-16
- Check boxes and radio buttons are handled properly with
synchronization of values and appearance states
* Define constants in qpdf/Constants.h for interpretation of
annotation and form field flags
* Add QPDFAnnotationObjectHelper::getFlags
* Add many new methods to QPDFFormFieldObjectHelper for querying
flags and field types
* Add new methods for appearance stream generation. See comments
in QPDFFormFieldObjectHelper.hh for generateAppearance() for a
description of limitations.
- QPDFAcroFormDocumentHelper::generateAppearancesIfNeeded
- QPDFFormFieldObjectHelper::generateAppearance
* Bug fix: when writing form field values, always write string
values encoded as UTF-16.
* Add method QUtil::utf8_to_ascii, which returns an ASCII string
for a UTF-8 string, replacing out-of-range characters with a
specified substitute.
2019-01-02 Jay Berkenbilt <ejb@ql.org>
* Add method QPDFObjectHandle::getResourceNames that returns a set
of strings representing all second-level keys in a dictionary
(i.e. all keys of all direct dictionary members).
2018-12-31 Jay Berkenbilt <ejb@ql.org>
* Add --flatten-annotations flag to the qpdf command-line tool for
annotation flattening.
* Add methods for flattening form fields and annotations:
- QPDFPageDocumentHelper::flattenAnnotations - integrate
annotation appearance streams into page contents with special
handling for form fields: if appearance streams are up to date
(/NeedAppearances is false in /AcroForm), the /AcroForm key of
the document catalog is removed. Otherwise, a warning is
issued, and form fields are ignored. Non-form-field
annotations are always flattened if an appearance stream can
be found.
- QPDFAnnotationObjectHelper::getPageContentForAppearance -
generate the content stream fragment to render an appearance
stream in a page's content stream as a form xobject. Called by
flattenAnnotations.
* Add method QPDFObjectHandle::mergeResources(), which merges
resource dictionaries. See detailed description in
QPDFObjectHandle.hh.
* Add QPDFObjectHandle::Matrix, similar to
QPDFObjectHandle::Rectangle, as a convenience class for
six-element arrays that are used as matrices.
2018-12-23 Jay Berkenbilt <ejb@ql.org>
* When specifying @arg on the command line, if the file "arg" does
not exist, just treat this is a normal argument. This makes it
easier to deal with files whose names start with the @ character.
Fixes#265.
* Tweak completion so it works with zsh as well using
bashcompinit.
2018-12-22 Jay Berkenbilt <ejb@ql.org>
* Add new options --json, --json-key, and --json-object to
generate a json representation of the PDF file. This is described
in more depth in the manual. You can also run qpdf --json-help to
get a description of the json format.
2018-12-21 Jay Berkenbilt <ejb@ql.org>
* Allow --show-object=trailer for showing the document trailer.
* You can now use eval $(qpdf --completion-bash) to enable bash
completion for qpdf. It's not perfect, but it works pretty well.
2018-12-19 Jay Berkenbilt <ejb@ql.org>
* When splitting pages using --split-pages, the outlines
dictionary and some supporting metadata are copied into the split
files. The result is that all bookmarks from the original file
appear, and those that point to pages that are preserved work
while those that point to pages that are not preserved don't do
anything. This is an interim step toward proper support for
bookmark preservation in split files.
* Add QPDFOutlineDocumentHelper and QPDFOutlineObjectHelper for
handling outlines (bookmarks) including bidirectionally mapping
between bookmarks and pages. Initially there is no support for
modifying the outlines hierarchy.
2018-12-18 Jay Berkenbilt <ejb@ql.org>
* New method QPDFObjectHandle::getJSON() returns a JSON object
with a partial representation of the object. See
QPDFObjectHandle.hh for a detailed description.
* Add a simple JSON serializer. This is not a complete or
general-purpose JSON library. It allows assembly and serialization
of JSON structures with some restrictions, which are described in
the header file.
* Add QPDFNameTreeObjectHelper class. This class provides useful
methods for dealing with name trees, which are discussed in
section 7.9.6 of the PDF spec (ISO-32000).
* Preserve page labels when merging and splitting files. Prior
versions of qpdf simply preserved the page label information from
the first file, which usually wouldn't make any sense in the
merged file. Now any page that had a page number in any original
file will have the same page number after merging or splitting.
* Add QPDFPageLabelDocumentHelper class. This is a document helper
class that provides useful methods for dealing with page labels.
It abstracts the fact that they are stored as number trees and
deals with interpolating intermediate values that are not in the
tree. It also has helper functions used by the qpdf command line
tool to preserve page labels when merging and splitting files.
* Add QPDFNumberTreeObjectHelper class. This class provides useful
methods for dealing with number trees, which are discussed in
section 7.9.7 of the PDF spec (ISO-32000). Page label dictionaries
are represented as number trees.
* New method QPDFObjectHandle::wrapInArray returns the object
itself if it is an array. Otherwise, it returns an array
containing the object. This is useful for dealing with PDF data
that is sometimes expressed as a single element and sometimes
expressed as an array, which is a somewhat common PDF idiom.
2018-10-11 Jay Berkenbilt <ejb@ql.org>
* Files generated by autogen.sh are now committed so that it is
possible to build on platforms without autoconf directly from a
clean checkout of the repository. The configure script detects if
the files are out of date when it also determines that the tools
are present to regenerate them.
* Add build in Azure Pipelines, now that it is free for open
source projects.
Changelog:
This is qpdf version 8.2.1. It contains just a new command line flag to
the CLI. There are no library changes from 8.2.0.
This is qpdf version 8.2.0. It contains a few bug fixes and performance
improvements, some minor API enhancements, and a few other small changes.
Changelog:
8.1.0: June 23, 2018
Usability Improvements
When splitting files, qpdf detects fonts and images that the document metadata claims are referenced from a page but are not actually referenced and omits them from the output file. This change can cause a significant reduction in the size of split PDF files for files created by some software packages. Prior versions of qpdf would believe the document metadata and sometimes include all the images from all the other pages even though the pages were no longer present. In the unlikely event that the old behavior should be desired, it can be enabled by specifying --preserve-unreferenced-resources. For additional details, please see Section 3.6, “Advanced Transformation Options”.
When merging multiple PDF files, qpdf no longer leaves all the files open. This makes it possible to merge numbers of files that may exceed the operating system's limit for the maximum number of open files.
The --rotate option's syntax has been extended to make the page range optional. If you specify --rotate=angle without specifying a page range, the rotation will be applied to all pages. This can be especially useful for adjusting a PDF created from a multi-page document that was scanned upside down.
When merging multiple files, the --verbose option now prints information about each file as it operates on that file.
When the --progress option is specified, qpdf will print a running indicator of its best guess at how far through the writing process it is. Note that, as with all progress meters, it's an approximation. This option is implemented in a way that makes it useful for software that uses the qpdf library; see API Enhancements below.
Bug Fixes
Properly decrypt files that use revision 3 of the standard security handler but use 40 bit keys (even though revision 3 supports 128-bit keys).
Limit depth of nested data structures to prevent crashes from certain types of malformed (malicious) PDFs.
In “newline before endstream” mode, insert the required extra newline before the endstream at the end of object streams. This one case was previously omitted.
API Enhancements
The first round of higher level “helper” interfaces has been introduced. These are designed to provide a more convenient way of interacting with certain document features than using QPDFObjectHandle directly. For details on helpers, see Section 6.3, “Helper Classes”. Specific additional interfaces are described below.
Add two new document helper classes: QPDFPageDocumentHelper for working with pages, and QPDFAcroFormDocumentHelper for working with interactive forms. No old methods have been removed, but QPDFPageDocumentHelper is now the preferred way to perform operations on pages rather than calling the old methods in QPDFObjectHandle and QPDF directly. Comments in the header files direct you to the new interfaces. Please see the header files and ChangeLog for additional details.
Add three new object helper class: QPDFPageObjectHelper for pages, QPDFFormFieldObjectHelper for interactive form fields, and QPDFAnnotationObjectHelper for annotations. All three classes are fairly sparse at the moment, but they have some useful, basic functionality.
A new example program examples/pdf-set-form-values.cc has been added that illustrates use of the new document and object helpers.
The method QPDFWriter::registerProgressReporter has been added. This method allows you to register a function that is called by QPDFWriter to update your idea of the percentage it thinks it is through writing its output. Client programs can use this to implement reasonably accurate progress meters. The qpdf command line tool uses this to implement its --progress option.
New methods QPDFObjectHandle::newUnicodeString and QPDFObject::unparseBinary have been added to allow for more convenient creation of strings that are explicitly encoded using big-endian UTF-16. This is useful for creating strings that appear outside of content streams, such as labels, form fields, outlines, document metadata, etc.
A new class QPDFObjectHandle::Rectangle has been added to ease working with PDF rectangles, which are just arrays of four numeric values.
Changelog:
8.0.2:
Version 8.0.2 contains two small bug fixes: proper handling of pages
with no content, and better handling of files with loops following cross
reference tables.
8.0.1:
This is a very minor update from 8.0.0. It just contains two small
enhancements that missed the train: handle zlib streams with data checksum
errors, and, in the command line tool, allow specification of page numbers
counting from the end in page ranges.
Changelog:
2018-02-25 Jay Berkenbilt <ejb@ql.org>
* 8.0.0: release
2018-02-17 Jay Berkenbilt <ejb@ql.org>
* Fix QPDFObjectHandle::getUTF8Val() to properly handle strings
that are encoded with PDF Doc Encoding. Fixes#179.
* Add qpdf_check_pdf to the "C" API. This method just attempts to
read the entire file and produce no output, making possible to
assess whether the file has any errors that qpdf can detect.
* Major enhancements to handling of type errors within the qpdf
library. This fix is intended to eliminate those annoying cases
where qpdf would exit with a message like "operation for
dictionary object attemped on object of wrong type" without
providing any context. Now qpdf keeps enough context to be able to
issue a proper warning and to handle such conditions in a sensible
way. This should greatly increase the number of bad files that
qpdf can recover, and it should make it much easier to figure out
what's broken when a file contains errors.
* Error message fix: replace "file position" with "offset" in
error messages that report lexical or parsing errors. Sometimes
it's an offset in an object stream or a content stream rather than
a file position, so this makes the error message less confusing in
those cases. It still requires some knowledge to find the exact
position of the error, since when it's not a file offset, it's
probably an offset into a stream after uncompressing it.
* Error message fix: correct some cases in which the object that
contained a lexical error was omitted from the error message.
* Error message fix: improve file name in the error message when
there is a parser error inside an object stream.
2018-02-11 Jay Berkenbilt <ejb@ql.org>
* Add QPDFObjectHandle::filterPageContents method to provide a
different interface for applying token filters to page contents
without modifying the ultimate output.
2018-02-04 Jay Berkenbilt <ejb@ql.org>
* Changes listed on today's date are numerous and reflect
significant enhancements to qpdf's lexical layer. While many
nuances are discussed and a handful of small bugs were fixed, it
should be emphasized that none of these issues have any impact on
any output or behavior of qpdf under "normal" operation. There are
some changes that have an effect on content stream normalization
as with qdf mode or on code that interacts with PDF files
lexically using QPDFTokenizer. There are no incompatible changes
for normal operation. There are a few changes that will affect the
exact error messages issued on certain bad files, and there is a
small non-compatible enhancement regarding the behavior of
manually constructed QPDFTokenizer::Token objects. Users of the
qpdf command line tool will see no changes other than the addition
of a new command-line flag and possibly some improved error
messages.
* Significant lexer (tokenizer) enhancements. These are changes to
the QPDFTokenizer class. These changes are of concern only to
people who are operating with PDF files at the lexical layer using
qpdf. They have little or no impact on most high-level interfaces
or the command-line tool.
New token types tt_space and tt_comment to recognize whitespace
and comments. this makes it possible to tokenize a PDF file or
stream and preserve everything about it.
For backward compatibility, space and comment tokens are not
returned by the tokenizer unless QPDFTokenizer.includeIgnorable()
is called.
Better handling of null bytes. These are now included in space
tokens rather than being their own "tt_word" tokens. This should
have no impact on any correct PDF file and has no impact on
output, but it may change offsets in some error messages when
trying to parse contents of bad files. Under default operation,
qpdf does not attempt to parse content streams, so this change is
mostly invisible.
Bug fix to handling of bad tokens at ends of streams. Now, when
allowEOF() has been called, these are treated as bad tokens
(tt_bad or an exception, depending on invocation), and a
separate tt_eof token is returned. Before the bad token
contents were returned as the value of a tt_eof token. tt_eof
tokens are always empty now.
Fix a bug that would, on rare occasions, report the offset in an
error message in the wrong space because of spaces or comments
adjacent to a bad token.
Clarify in comments exactly where the input source is positioned
surrounding calls to readToken and getToken.
* Add a new token type for inline images. This token type is only
returned by QPDFTokenizer immediately following a call to
expectInlineImage(). This change includes internal refactoring of
a handful of places that all separately handled inline images, The
logic of detecting inline images in content streams is now handled
in one place in the code. Also we are more flexible about what
characters may surround the EI operator that marks the end of an
inline image.
* New method QPDFObjectHandle::parsePageContents() to improve upon
QPDFObjectHandle::parseContentStream(). The parseContentStream
method used to operate on a single content stream, but was fixed
to properly handle pages with contents split across multiple
streams in an earlier release. The new method parsePageContents()
can be called on the page object rather than the value of the
page dictionary's /Contents key. This removes a few lines of
boiler-plate code from any code that uses parseContentStream, and
it also enables creation of more helpful error messages if
problems are encountered as the error messages can include
information about which page the streams come from.
* Update content stream parsing example
(examples/pdf-parse-content.cc) to use new
QPDFObjectHandle::parsePageContents() method in favor of the older
QPDFObjectHandle::parseContentStream() method.
* Bug fix: change where the trailing newline is added to a stream
in QDF mode when content normalization is enabled (the default for
QDF mode). Before, the content normalizer ensured that the output
ended with a trailing newline, but this had the undesired side
effect of including the newline in the stream data for purposes of
length computation. QPDFWriter already appends a newline without
counting in length for better readability. Ordinarily this makes
no difference, but in the rare case of a page's contents being
split in the middle of a token, the old behavior could cause the
extra newline to be interprted as part of the token. This bug
could only be triggered in qdf mode, which is a mode intended for
manual inspection of PDF files' contents, so it is very unlikely
to have caused any actual problems for people using qpdf for
production use. Even if it did, it would be very unusual for a PDF
file to actually be adversely affected by this issue.
* Add support for coalescing a page's contents into a single
stream if they are represented as an array of streams. This can be
performed from the command line using the --coalesce-contents
option. Coalescing content streams can simplify things for
software that wants to operate on a page's content streams without
having to handle weird edge cases like content streams split in
the middle of tokens. Note that
QPDFObjectHandle::parsePageContents and
QPDFObjectHandle::parseContentStream already handled split content
streams. This is mainly to set the stage for new methods of
operating on page contents. The new method
QPDFObjectHandle::pipeContentStreams will pipe all of a page's
content streams though a single pipeline. The new method
QPDFObjectHandle.coalesceContentStreams, when called on a page
object, will do nothing if the page's contents are a single
stream, but if they are an array of streams, it will replace the
page's contents with a single stream whose contents are the
concatenation of the original streams.
* A few library routines throw exceptions if called on non-page
objects. These constraints have been relaxed somewhat to make qpdf
more tolerant of files whose page dictionaries are not properly
marked as such. Mostly exceptions about page operations being
called on non page objects will only be thrown in cases where the
operation had no chance of succeeding anyway. This change has no
impact on any default mode operations, but it could allow
applications that use page-level APIs in QPDFObjectHandle to be
more tolerant of certain types of damaged files.
* Add QPDFObjectHandle::TokenFilter class and methods to use it to
perform lexical filtering on content streams. You can call
QPDFObjectHandle::addTokenFilter on stream object, or you can call
the higher level QPDFObjectHandle::addContentTokenFilter on a page
object to cause the stream's contents to passed through a token
filter while being retrieved by QPDFWriter or any other consumer.
For details on using TokenFilter, please see comments in
QPDFObjectHandle.hh.
* Enhance the string, type QPDFTokenizer::Token constructor to
initialize a raw value in addition to a value. Tokens have a
value, which is a canonical representation, and a raw value. For
all tokens except strings and names, the raw value and the value
are the same. For strings, the value excludes the outer delimiters
and has non-printing characters normalized. For names, the value
resolves non-printing characters. In order to better facilitate
token filters that mostly preserve contents and to enable
developers to be mostly unconcerned about the nuances of token
values and raw values, creating string and name tokens now
properly handles this subtlety of values and raw values. When
constructing string tokens, take care to avoid passing in the
outer delimiters. This has always been the case, but it is now
clarified in comments in QPDFObjectHandle.hh::TokenFilter. This
has no impact on any existing code unless there's some code
somewhere that was relying on Token::getRawValue() returning an
empty string for a manually constructed token. The token class's
operator== method still only looks at type and value, not raw
value. For example, string tokens for <41> and (A) would still be
equal because both are representations of the string "A".
* Add QPDFObjectHandle::isDataModified method. This method just
returns true if addTokenFilter has been called on the stream. It
enables a caller to determine whether it is safe to optimize away
piping of stream data in cases where the input and output are
expected to be the same. QPDFWriter uses this internally to skip
the optimization of not re-compressing already compressed streams
if addTokenFilter has been called. Most developers will not have
to worry about this as it is used internally in the library in the
places that need it. If you are manually retrieving stream data
with QPDFObjectHandle::getStreamData or
QPDFObjectHandle::pipeStreamData, you don't need to worry about
this at all.
* Provide heavily annoated examples/pdf-filter-tokens.cc example
that illustrates use of some simple token filters.
* When normalizing content streams, as in qdf mode, issue warning
about bad tokens. Content streams are only normalized when this is
explicitly requested, so this has no impact on normal operation.
However, in qdf mode, if qpdf detects a bad token, it means that
either there's a bug in qpdf's lexer, that the file is damaged, or
that the page's contents are split in a weird way. In any of those
cases, qpdf could potentially damage the stream's contents by
replacing carrige returns with newlines or otherwise messing with
spaces. The mostly likely case of this would be an inline image's
compressed data being divided across two streams and having the
compressed data in the second stream contain a carriage return as
part of its binary data. If you are using qdf mode just to look at
PDF files in text editors, this usually doesn't matter. In cases
of contents split across multiple streams, coalescing streams
would eliminate the problem, so the warning mentions this. Prior
to this enhancement, the chances of qdf mode writing incorrect
data were already very low. This change should make it nearly
impossible for qdf mode to unknowingly write invalid data.
2018-02-04 Jay Berkenbilt <ejb@ql.org>
* Add QPDFWriter::setLinearizationPass1Filename method and
--linearize-pass1 command line option to allow specification of a
file into which QPDFWriter will write its intermediate
linearization pass 1 file. This is useful only for debugging qpdf.
qpdf creates linearized files by computing the output in two
passes. Ordinarily the first pass is discarded and not written
anywhere. This option allows it to be inspected.
7.1.1: release
* Bug fix: properly linearize files whose /ID has a length of
other than 16 bytes.
* Rename some test files to avoid files with three dots in their
names.
* Fix various build and compilation issues on some platforms and
compilers.
* Fix a few typos and clarify a few comments in header files.
Changelog:
2018-01-14 Jay Berkenbilt <ejb@ql.org>
* 7.1.0: release
* Allow raw encryption key to be specified in libary and command
line with the QPDF::setPasswordIsHexKey method and
--password-is-hex-key option. Allow encryption key to be displayed
with --show-encryption-key option. Thanks to Didier Stevens
<didier.stevens@gmail.com> for the idea and contribution of one
implementation of this idea. See his blog post at
https://blog.didierstevens.com/2017/12/28/cracking-encrypted-pdfs-part-3/
for a discussion of using this for cracking encrypted PDFs. I hope
that a future release of qpdf will include some additional
recovery options that may also make use of this capability.
2018-01-13 Jay Berkenbilt <ejb@ql.org>
* Fix lexical error: the PDF specification allows floating point
numbers to end with ".". Fixes#165.
* Fix link order in the build to avoid conflicts when building
from source while an older version of qpdf is installed. Fixes#158.
* Add support for TIFF predictor for LZW and Flate streams. Now
all predictor functions are supported. Fixes#171.
2017-12-25 Jay Berkenbilt <ejb@ql.org>
* Clarify documentation around options that control parsing but
not output creation. Two options: --suppress-recovery and
--ignore-xref-streams, were documented in the "Advanced
Transformation Options" section of the manual and --help output
even though they are not related to output. These are now
described in a separate section called "Advanced Parsing Options."
* Implement remaining PNG filters for decode. Prior versions could
decode only the "up" filter. Now all PNG filters (sub, up,
average, Paeth, optimal) are supported for decoding. Thanks to
Tobias Hoffmann for providing a test PDF file that has images with
all PNG filters along with different numbers of bits per sample
and samples per pixel, and thanks to Casey Rojas for providing
implementations of the remaining PNG filters.
The implementation of the remaining PNG filters changed the
interface to the private Pl_PNGFilter class, but this class's
header file is not in the installation, and there is no public
interface to the class. Within the library, the class is never
allocated on the stack; it is only ever dynamically allocated. As
such, this does not actually break binary compatibility of the
library.
graphics/jpeg does not provide any `.pc' file this will lead in failures when
invoking pkg-config agaisnt `libqpdf'. Adjust `Requires.private:' in
libqpdf.pc.in to omit libjpeg.
Bump PKGREVISION since the new installed libqpdf.pc file will fix packages that
depends on print/qpdf.
OK by <pgoyette> and <ryoon>, thanks!
Changelog:
2017-09-15 Jay Berkenbilt <ejb@ql.org>
* 7.0.0: release
2017-09-12 Jay Berkenbilt <ejb@ql.org>
* Relicense qpdf under version 2.0 of the Apache License rather
than version 2.0 of the Artistic License. Both are fine, but the
Apache License is in more widespread use, and I like it a little
better than Artistic-2.0. It is my intention that there be no
change in what you can or can't do with qpdf. Versions of qpdf
prior to version 7 were released under the terms of version 2.0 of
the Artistic License. At your option, you may continue to consider
qpdf to be licensed under those terms. Please see the manual for
additional information.
* Improve the error message that is issued when QPDFWriter
encounters a stream that can't be decoded. In particular, mention
that the stream will be copied without filtering to avoid data
loss.
* Add new methods to the C API to correspond to new additions to
QPDFWriter:
- qpdf_set_compress_streams
- qpdf_set_decode_level
- qpdf_set_preserve_unreferenced_objects
- qpdf_set_newline_before_endstream
2017-08-25 Jay Berkenbilt <ejb@ql.org>
* Re-implement parser iteratively to avoid stack overflow on very
deeply nested arrays and dictionaries. Fixes#146.
* Detect infinite loop while finding additional xref tables. Fixes
#149.
2017-08-22 Jay Berkenbilt <ejb@ql.org>
* 7.0.b1: release
* Convert all README files to markdown. Names changed as follows:
- README --> README.md
- README.hardening --> README-hardening.md
- README.maintainer --> README-maintainer.md
- README-what-to-download.txt --> README-what-to-download.md
- README-windows.txt --> README-windows.md
The file README-windows-install.txt remains a text file.
2017-08-21 Jay Berkenbilt <ejb@ql.org>
* Add support for writing PCLm files. Most of the work was done by
Sahil Arora <sahilarora.535@gmail.com> as part of a Google Summer
of Code project in 2017. PCLm support is useful only for clients
that specifically know how to create PCLm files. Support in qpdf
is just for ensuring that objects are written in the correct order
and for including some additional material in the output that is
required by the PCLm standard.
2017-08-19 Jay Berkenbilt <ejb@ql.org>
* Remove --precheck-streams. This is enabled by default now
without any efficiency cost. This feature was never released.
* Update pdf-create example to illustrate use of additional image
compression filters.
* Add support for /RunLengthDecode and /DCTDecode:
- New pipeline types Pl_RunLength and Pl_DCT
- New command-line flags --compress-streams and --decode-level
to replace/enhance --stream-data
- New QPDFWriter::setCompressStreams and
QPDFWriter::setDecodeLevel methods
Please see documentation, header files, and help messages for
details on these new features.
2017-08-12 Jay Berkenbilt <ejb@ql.org>
* Add QPDFObjectHandle::rotatePage to apply rotation to a page
object. Add --rotate option to qpdf to specify page rotation from
the command line.
* Provide --verbose option that causes qpdf to print an indication
of what files it is writing.
* Change --single-pages to --split-pages and make it take an
optional argument specifying the number of pages per file.
2017-08-11 Jay Berkenbilt <ejb@ql.org>
* Fix --newline-before-endstream to always add a newline before
endstream even if the last character was already a newline. This
is actually what's required by PDF/A. Fixes#133.
* Handle encrypted files whose encryption parameters are too
short. Fixes#96.
2017-08-10 Jay Berkenbilt <ejb@ql.org>
* Remove dependency on libpcre.
* Be more forgiving of certain types of errors in the xref table
that don't interfere with interpreting the table.
* Remove unused "tracing" parameter from PointerHolder's
(T*, bool) constructor. This change breaks source code
compatibility, but since this argument to PointerHolder has not
used for a long time and the presence of a boolean parameter in
the primary constructor makes it too easy to use that by mistake
when trying to use PointerHolder for arrays, it seems like it's
finally time to take it out. If you have a compile error because
of this change, please check to see whether you intended to use
the (bool, T*) version of the constructor instead. If not, just
remove the second parameter.
2017-08-09 Jay Berkenbilt <ejb@ql.org>
* When recovering stream length, find endobj without endstream as
well as just looking for endstream. Be a little more lax about
where we allow it to be found.
2017-08-05 Jay Berkenbilt <ejb@ql.org>
* Add --single-pages option to cause output to be written to a
separate file for each page rather than one big file.
* Process --pages options earlier so that certain inspection
options, like --show-pages, can show the state after the merging
operations.
2017-08-02 Jay Berkenbilt <ejb@ql.org>
* Fix off-by-one error in parsing pages options. Fixes#129.
2017-07-29 Jay Berkenbilt <ejb@ql.org>
* Support @filename and @- in the qpdf command-line tool to read
command-line arguments, one per line, from the named file. @-
reads from standard input. Fixes#16.
* Detect when input file and output file are the same and exit to
avoid overwriting and losing input file. Fixes#29.
* When passing multiple inspection arguments, run --check first,
and defer exit until after all the checks have been run. This
makes it possible to force operations such as --show-xref to be
delayed until after recovery attempts have been made. For example,
if you have a file with a syntactically valid xref table that has
some offsets that are incorrect, running qpdf --check --show-xref
on that file will first recover the xref and the dump the
recovered xref, while just running qpdf --show-xref will show the
xref table as present in the file. Fixes#42.
* When recovering stream length, indicate the recovered length.
Fixes#44.
* Add --newline-before-endstream command-line option and
setNewlineBeforeEndstream method to QPDFWriter. This forces qpdf
to always add a newline before the endstream keyword. It is a
necessary but not sufficient condition for PDF/A compliance. Fixes
#103.
* Handle zlib data errors when decoding streams. Fixes#106.
* Improve handling of files where the "stream" keyword is not
followed by proper line terminators. Fixes#104.
* Fix content stream parsing to handle cases of structures within
the stream split across stream boundaries. Fixes#73.
2017-07-28 Jay Berkenbilt <ejb@ql.org>
* Add --preserve-unreferenced command-line option and
setPreserveUnreferencedObjects method to QPDFWriter. This option
causes QPDFWriter to write all objects from the input file to the
output file regardless of whether the objects are referenced.
Objects are written to the output file in numerical order from the
input file. This option has no effect for linearized files.
2017-07-27 Jay Berkenbilt <ejb@ql.org>
* Add --precheck-streams command-line option and setStreamPrecheck
method to QPDFWriter to tell QPDFWriter to attempt decoding a
stream fully before deciding whether to filter it or not.
* Recover gracefully from streams that aren't filterable because
the filter parameters are invalid in the stream dictionary or the
dictionary itself is invalid.
* Significantly improve recoverability from invalid qpdf objects.
Most conditions in basic object parsing that used to cause qpdf to
exit are now warnings. There are still many more opportunities for
improvements of this sort beyond just object parsing.
2017-07-26 Jay Berkenbilt <ejb@ql.org>
* Fixes to infinite loops below also fix problems reported in
other issues and cover CVE-2017-11624, CVE-2017-11625,
CVE-2017-11626, and CVE-2017-11627.
* Don't attempt to interpret syntactic keywords (like R and
endobj) found while parsing content streams.
* Detect infinite loops while resolving objects. This could happen
if something inside an object that had to be resolved during
parsing, such as a stream length, recursively referenced the
object being resolved.
* CVE-2017-9208: Handle references to and appearance of object 0
as a special case. Object 0 is not allowed, and qpdf was using it
internally to represent direct objects.
* CVE-2017-9209: Fix infinite loop caused by attempting to
reconstruct the xref table while already in the process of
reconstructing the xref table.
* CVE-2017-9210: Fix infinite loop caused by attempting to unparse
an object for inclusion in the text of an exception.
Changelog:
2015-11-10 Jay Berkenbilt <ejb@ql.org>
* 6.0.0: release
* No changes from 5.2.0. The 5.2.0 release broke binary
compatibility and was withdrawn.
2015-10-31 Jay Berkenbilt <ejb@ql.org>
* 5.2.0: release
* libqpdf/QPDF.cc (read_xrefTable): Be tolerant of some malformed
xref tables that don't have the required trailing space after each
line.
2015-10-29 Jay Berkenbilt <ejb@ql.org>
* Implement QPDFWriter::setDeterministicID and --deterministic-id
commandline-flag to qpdf to request generation of a deterministic
/ID for non-encrypted files.
Problems found locating distfiles:
Package acroread7: missing distfile AdobeReader_enu-7.0.9-1.i386.tar.gz
Package acroread8: missing distfile AdobeReader_enu-8.1.7-1.sparc.tar.gz
Package cups-filters: missing distfile cups-filters-1.1.0.tar.xz
Package dvidvi: missing distfile dvidvi-1.0.tar.gz
Package lgrind: missing distfile lgrind.tar.bz2
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
Changelog:
2015-05-24 Jay Berkenbilt <ejb@ql.org>
* 5.1.3: release
* Bug fix: fix-qdf was not handling object streams with more than
255 objects in them.
* Handle Microsoft crypt provider initialization properly for case
where no keys have been previously created, such as in a fresh
Windows installation.
* Include time.h in QUtil.hh for time_t
---------------------
2014-06-07 Jay Berkenbilt <ejb@ql.org>
* 5.1.2: release
* MS Visual C++ build: explicitly target Windows 5.0.1 (XP)
* New example program: pdf-split-pages: efficiently split PDF
files into individual pages.
* Bug fix: don't fail on files that contain streams where /Filter
or /DecodeParms references a stream. Before, qpdf would try to
convert these to direct objects, which would fail because of the
stream.
2014-02-22 Jay Berkenbilt <ejb@ql.org>
* Bug fix: if the last object in the first part of a linearized
file had an offset that was below 65536 by less than the size of
the hint stream, the xref stream was invalid and the resulting file
is not usable. This is now fixed.
2014-01-14 Jay Berkenbilt <ejb@ql.org>
* 5.1.1: release
2013-12-26 Jay Berkenbilt <ejb@ql.org>
* Bug fix: when copying foreign objects (which occurs during page
splitting among other cases), avoid traversing the same object
more than once if it appears more than once in the same direct
object. This bug is performance-only and does not affect the
actual output.
2013-12-17 Jay Berkenbilt <ejb@ql.org>
* 5.1.0: release
2013-12-16 Jay Berkenbilt <ejb@ql.org>
* Document and make explicit that passing null to
QUtil::setRandomDataProvider() resets the random data provider.
* Provide QUtil::getRandomDataProvider().
2013-12-14 Jay Berkenbilt <ejb@ql.org>
* Allow anyspace rather than just newline to follow xref header.
This allows qpdf to read a wider range of damaged files.
2013-11-30 Jay Berkenbilt <ejb@ql.org>
* Allow user-supplied random data provider to be used in place of
OS-provided or insecure random number generation. See
documentation for 5.1.0 for details.
* Add configure option --enable-os-secure-random (enabled by
default). Pass --disable-os-secure-random or define
SKIP_OS_SECURE_RANDOM to avoid attempts to use the operating
system-provided secure random number generation. This can be
especially useful on Windows if you wish to avoid any dependency
on Microsoft's cryptography system.
2013-11-29 Jay Berkenbilt <ejb@ql.org>
* If NO_GET_ENVIRONMENT is #defined, for Windows only,
QUtil::get_env will always return false. This was added to
support a user who needs to avoid calling GetEnvironmentVariable
from the Windows API. QUtil::get_env is not used for any
functionality in qpdf and exists only to support the test suite
including test coverage support with QTC (part of qtest).
* Add /FS to msvc builds to allow parallel builds to work with
Visual C++ 2013.
* Add missing #include <algorithm> in some files that use std::min
and std::max.
2013-11-21 Jay Berkenbilt <ejb@ql.org>
* Change image comparison tests, which are disabled by default, to
use tiff files with 8 bits per sample rather than 4. This works
around a bug in tiffcmp but also increases time and disk space for
image comparison tests.
2013-10-28 Jay Berkenbilt <ejb@ql.org>
* Fix MacOS compilation errors by adding a missing #include
<string> in a header file.
