Commit graph

54 commits

Author SHA1 Message Date
wiz
6eae1297d5 *: recursive bump for perl 5.34 2021-05-24 19:49:01 +00:00
ryoon
57d2090033 qpdf: Update to 10.3.2
Changelog:
This is qpdf version 10.3.2. It contains small fixes and enhancements
including fixing an 11-year-old bug in which unreferenced objects
were retained in preserved object streams as well as a portability
fix for timezone code.
2021-05-17 15:54:41 +00:00
ryoon
cccd77a961 qpdf: Update to 10.3.1
Changelog:

10.3.1
This is qpdf version 10.3.1. It contains just one bug fix from
10.3.0 which could cause perfectly valid files to fail to go through
page splitting if their document-level form dictionary had a
particular characteristic. There is also code to better handle
future such problems if any are still lurking.

10.3.0
This is qpdf version 10.3.0. This release includes a few minor
fixes and some rework of the form field handling code from 10.2.0.
It turns out the code in 10.2.0 was not complete and didn't handle
several import cases including resolving conflicts when merging
the same fields more than once or fields with conflicting names
and defaults from multiple files.

10.2.0
This is qpdf version 10.2.0. This release includes several enhancements
to the API and CLI including better handling of form fields with
page splitting and merging, support for file attachments, an added
way to read a password from stdin, several enhancements to form
field and annotation helpers, and rewritten support for name and
number trees. This release also requires a C++-14 compiler. I have
no plans to require anything newer than C++-14 in the foreseeable
future. There are also a few bug fixes.
2021-04-16 17:18:57 +00:00
ryoon
57d3f1c638 qpdf: Update to 10.1.0
Changelog:
10.1.0
This is qpdf version 10.1.0. This release includes several enhancements
to the API including increased support for form XObjects and addition
of user-providable stream filter decoders. There are also several
enhancements to the C API including functions to work with objects.
There are also a few bug fixes and performance enhancements.

10.0.4
This is qpdf version 10.0.4. This includes a few fixes to integer
overflow conditions.

10.0.3
This is qpdf version 10.0.3. One of the fixes in 10.0.2 introduced
a new bug, which is fixed in 10.0.3.
2021-01-08 19:29:48 +00:00
nia
2c8d590893 Normalize handling packages that require 64-bit atomic ops. 2020-12-31 20:04:11 +00:00
yhardy
c7b6521371 print/qpdf: make the libtool tags explicit
This fixes compiling on NetBSD/i386 (tested in a pbulk build),
in other cases the package build should remain unchanged.
2020-12-24 20:35:25 +00:00
yhardy
c400d17e9a print/qpdf: Requires 64-bit atomic operations
This (partially) fixes the build on NetBSD/i386 for i586 class processors
and NetBSD/powerpc.
2020-12-24 20:29:14 +00:00
ryoon
e77ef6e32b qpdf: Update to 10.0.2
Changelog:
This is qpdf version 10.0.2. This release includes several fixes
and performance improvements over 10.0.1. This release includes
prebuilt Linux binaries in a zip file for use in docker containers
or AWS Lambda. Also, the Windows releases are built with the latest
versions of dependent libraries and now use the OpenSSL crypto
provider by default. This is also the first release of qpdf to be
built with GitHub Actions.
2020-10-30 15:13:31 +00:00
wiz
00da7815c0 *: bump PKGREVISION for perl-5.32. 2020-08-31 18:06:29 +00:00
ryoon
368f95dff1 qpdf: Update to 10.0.1
* Bump forgotten BUILDLINK_API_DEPENDS.

Changelog:
This is qpdf version 10.0.1. This release includes some small bug
fixes over 10.0.0 including a fix to one regression in
QPDFObjectHandle::getStreamData. If you use that method in your
code, you should definitely take 10.0.1 over 10.0.0.
2020-04-12 07:50:24 +00:00
ryoon
08690155ce qpdf: Update to 10.0.0
Changelog:
This is qpdf version 10.0.0. This release includes several notable
improvements: substantially improved performance over the 8.x and
9.x releases, an openssl crypto provider, delegation of random
number generation to the crypto provider, fast and automatic
determination of whether to run slow unreferenced resource removal
whens splitting pages (though you can force the behavior to be on
or off as well), and a few others.
2020-04-07 13:54:12 +00:00
rillig
a57dcaf0a2 print/qpdf: require Perl for building the package
There is a small Perl program that computes an SHA1 hash. This program is
required to run the fuzzing tests as part of the build. Without Perl, the
build contains about 40 of these messages:

fuzz/build.mk:82: warning: overriding recipe for target
  'fuzz/build/qpdf_fuzzer_seed_corpus/'
fuzz/build.mk:82: warning: ignoring old recipe for target
  'fuzz/build/qpdf_fuzzer_seed_corpus/'
2020-03-23 22:42:26 +00:00
nia
4b51d9715f *: Convert broken sourceforge HOMEPAGEs back to http 2020-03-20 11:57:53 +00:00
ryoon
e442b7a399 qpdf: Update to 9.1.1
Chaneglog:
This is qpdf version 9.1.1. This release contains a few small
enhancements and bug fixes. Most notably, fix-qdf is now a proper
executable rather than a perl script, so qpdf no longer has a
runtime dependency on perl.
2020-02-10 13:00:04 +00:00
rillig
b686dd9180 all: migrate several HOMEPAGEs to https
pkglint --only "https instead of http" -r -F

With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.

This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.
2020-01-18 23:30:43 +00:00
ryoon
2a0d418a02 Update to 9.1.0
Changelog:
2019-11-17  Jay Berkenbilt  <ejb@ql.org>

	* 9.1.0: release

2019-11-09  Jay Berkenbilt  <ejb@ql.org>

	* 9.1.rc1: release

	* Improve behavior of wildcard expansion for msvc executable when
	run from the Windows cmd.exe shell. Unlike in UNIX environments,
	Windows leaves it up to the executable to expand its own
	wildcards. Fixes #224.

	* When reading /P from the encryption dictionary, use static_cast
	instead of QIntC to convert the value to a signed integer. The
	value of /P is a bit field, and PDF files have been found in the
	wild where /P is represented as an unsigned integer even though
	the spec states that it is a signed 32-bit value. By using
	static_cast, we allow qpdf to compensate for writers that
	incorrectly represent the correct bit field as an unsigned value.
	Fixes #382.

2019-11-05  Jay Berkenbilt  <ejb@ql.org>

	* Add support for pluggable crypto providers, enabling multiple
	implementations of the cryptographic functions needed by qpdf.
	This feature was added by request of Red Hat, which recognized the
	use of qpdf's native crypto implementations as a potential
	security liability, preferring instead to get all crypto
	functionality from a third-party library that receives a lot of
	scrutiny. However it was also important to me to not impose any
	unnecessary third party dependencies on my users or packagers,
	some of which build qpdf for lots of environments, some of which
	may not easily support gnutls. Starting in qpdf 9.1.0, it is be
	possible to build qpdf with both the native and gnutls crypto
	providers or with either in isolation. In support of this feature,
	new classes QPDFCryptoProvider and QPDFCryptoImpl have been added
	to the public interface. See QPDFCryptoImpl.hh for details about
	adding your own crypto provider and QPDFCryptoProvider.hh for
	details about choosing which one is used. Note that selection of
	crypto providers is invisible to anyone who doesn't explicitly
	care. Neither end users nor developers have to be concerned about
	it.

	* The environment variable QPDF_CRYPTO_PROVIDER can be used to
	override qpdf's default choice of crypto provider. The
	--show-crypto flag to the qpdf CLI can be used to present a list
	of supported crypto providers with the default provider always
	listed first.

	* Add gnutls crypto provider. Thanks to Zdenek Dohnal for
	contributing the code that I ultimately used in the gnutls crypto
	provider and for engaging in an extended discussion about this
	feature. Fixes #218.

2019-10-22  Jay Berkenbilt  <ejb@ql.org>

	* Incorporate changes from Masamichi Hosoda <trueroad@trueroad.jp>
	to properly handle signature in the following ways:
	  - Always represent /Contents in a signature dictionary as a hex
	    string
	  - Do not compress signature dictionaries when generating object
	    streams
	  - Do not encrypt/decrypt the /Contents field of the signature
	    dictionary when creating or reading encrypted files

	* Incorporate changes from Masamichi Hosoda <trueroad@trueroad.jp>
	to add additional methods for making it possible to gain deeper
	insight into cross reference tables and object renumbering. These
	new API calls make it possible for applications to go into PDF
	files created by qpdf and make changes to them that go beyond
	working with the PDF at the object level. The specific use case
	for these changes was to write an external tool to perform digital
	signature, but there could be other uses as well. New methods
	include the following, all of which are described in their
	respective headers:
	  - QPDF::getXRefTable()
	  - QPDFObjectHandle::getParsedOffset()
	  - QPDFWriter::getRenumberedObjGen(QPDFObjGen)
	  - QPDFWriter::getWrittenXRefTable()
2019-12-04 13:05:20 +00:00
ryoon
e99a66bf7e Update to 9.0.2
Changelog:
This is qpdf version 9.0.2.
It contains one small bug fix to the --replace-input option.
2019-10-15 13:27:15 +00:00
ryoon
79d26bfa64 Update to 9.0.1
Changelog:
This is qpdf version 9.0.1. It contains a small number of minor
fixes and enhancements, including fixes to the build for big-endian
systems and systems with char being unsigned by default.
2019-10-03 12:17:52 +00:00
ryoon
6e3bed385e Update to 9.0.0
Changelog:
9.0.0: August 31, 2019

        Incompatible API (source-level) Changes (minor)

            The method QUtil::strcasecmp has been renamed to QUtil::str_compare_nocase. This incompatible change is necessary to enable qpdf to build on platforms that define strcasecmp as a macro.

            The QPDF::copyForeignObject method had an overloaded version that took a boolean parameter that was not used. If you were using this version, just omit the extra parameter.

            There was a version QPDFTokenizer::expectInlineImage that took no arguments. This version has been removed since it caused the tokenizer to return incorrect inline images. A new version was added some time ago that produces correct output. This is a very low level method that doesn't make sense to call outside of qpdf's lexical engine. There are higher level methods for tokenizing content streams.

            Change QPDFOutlineDocumentHelper::getTopLevelOutlines and QPDFOutlineObjectHelper::getKids to return a std::vector instead of a std::list of QPDFOutlineObjectHelper objects.

            Remove method QPDFTokenizer::allowPoundAnywhereInName. This function would allow creation of name tokens whose value would change when unparsed, which is never the correct behavior.

            When qpdf --check or qpdf --check-linearization encounters a file with linearization warnings but not errors, it now properly exits with exit code 3 instead of 2.

        CLI Enhancements

            The --replace-input option may be given in place of an output file name. This causes qpdf to overwrite the input file with the output. See the description of --replace-input in Section 3.3, “Basic Options” for more details.

            The --recompress-flate instructs qpdf to recompress streams that are already compressed with /FlateDecode. Useful with --compression-level.

            The --compression-level=level sets the zlib compression level used for any streams compressed by /FlateDecode. Most effective when combined with --recompress-flate.

        Library Enhancements

            A new namespace QIntC, provided by qpdf/QIntC.hh, provides safe conversion methods between different integer types. These conversion methods do range checking to ensure that the cast can be performed with no loss of information. Every use of static_cast in the library was inspected to see if it could use one of these safe converters instead. See Section 7.5, “Casting Policy” for additional details.

            Method QPDF::anyWarnings tells whether there have been any warnings without clearing the list of warnings.

            Method QPDF::closeInputSource closes or otherwise releases the input source. This enables the input file to be deleted or renamed.

            New methods have been added to QUtil for converting back and forth between strings and unsigned integers: uint_to_string, uint_to_string_base, string_to_uint, and string_to_ull.

            New methods have been added to QPDFObjectHandle that return the value of Integer objects as int or unsigned int with range checking and sensible fallback values, and a new method was added to return an unsigned value. This makes it easier to write code that is safe from unintentional data loss. Functions: getUIntValue, getIntVauleAsInt, getUIntValueAsUInt.

            When parsing content streams with QPDFObjectHandle::ParserCallbacks, in place of the method handleObject(QPDFObjectHandle), the developer may override handleObject(QPDFObjectHandle, size_t offset, size_t length). If this method is defined, it will be invoked with the object along with its offset and length within the overall contents being parsed. Intervening spaces and comments are not included in offset and length. Additionally, a new method contentSize(size_t) may be implemented. If present, it will be called prior to the first call to handleObject with the total size in bytes of the combined contents.

            New methods QPDF::userPasswordMatched and QPDF::ownerPasswordMatched have been added to enable a caller to determine whether the supplied password was the user password, the owner password, or both. This information is also displayed by qpdf --show-encryption and qpdf --check.

            Static method Pl_Flate::setCompressionLevel can be called to set the zlib compression level globally used by all instances of Pl_Flate in deflate mode.

            The method QPDFWriter::setRecompressFlate can be called to tell QPDFWriter to uncompress and recompress streams already compressed with /FlateDecode.

            The underlying implementation of QPDF arrays has been enhanced to be much more memory efficient when dealing with arrays with lots of nulls. This enables qpdf to use drastically less memory for certain types of files.

            When traversing the pages tree, if nodes are encountered with invalid types, the types are fixed, and a warning is issued.

            A new helper method QUtil::read_file_into_memory was added.

            All conditions previously reported by QPDF::checkLinearization() as errors are now presented as warnings.

            Name tokens containing the # character not preceded by two hexadecimal digits, which is invalid in PDF 1.2 and above, are properly handled by the library: a warning is generated, and the name token is properly preserved, even if invalid, in the output. See ChangeLog for a more complete description of this change.

        Bug Fixes

            A small handful of memory issues, assertion failures, and unhandled exceptions that could occur on badly mangled input files have been fixed. Most of these problems were found by Google's OSS-Fuzz project.

            When qpdf --check or qpdf --check-linearization encounters a file with linearization warnings but not errors, it now properly exits with exit code 3 instead of 2.

            The --completion-bash and --completion-zsh options now work properly when qpdf is invoked as an AppImage.

            Calling QPDFWriter::set*EncryptionParameters on a QPDFWriter object whose output filename has not yet been set no longer produces a segmentation fault.

            When reading encrypted files, follow the spec more closely regarding encryption key length. This allows qpdf to open encrypted files in most cases when they have invalid or missing /Length keys in the encryption dictionary.

            When qpdf --check or qpdf --check-linearization encounters a file with linearization warnings but not errors, it now properly exits with exit code 3 instead of 2.

        Build Changes

            On platforms that support it, qpdf now builds with -fvisibility=hidden. If you build qpdf with your own build system, this is now safe to use. This prevents methods that are not part of the public API from being exported by the shared library, and makes qpdf's ELF shared libraries (used on Linux, MacOS, and most other UNIX flavors) behave more like the Windows DLL. Since the DLL already behaves in much this way, it is unlikely that there are any methods that were accidentally not exported. However, with ELF shared libraries, typeinfo for some classes has to be explicitly exported. If there are problems in dynamically linked code catching exceptions or subclassing, this could be the reason. If you see this, please report a bug at pikepdf.

            QPDF is now compiled with integer conversion and sign conversion warnings enabled. Numerous changes were made to the library to make this safe.

            QPDF's make install target explicitly specifies the mode to use when installing files instead of relying the user's umask. It was previously doing this for some files but not others.

            If pkg-config is available, use it to locate libjpeg and zlib dependencies, falling back on old behavior if unsuccessful.

        Other Notes

            QPDF has been fully integrated into Google's OSS-Fuzz project. This project exercises code with randomly mutated inputs and is great for discovering hidden security crashes and security issues. Several bugs found by oss-fuzz have already been fixed in qpdf.
2019-09-15 00:11:29 +00:00
wiz
84e123ddd2 Bump PKGREVISIONs for perl 5.30.0 2019-08-11 13:17:48 +00:00
ryoon
ef0faa1005 Update to 8.4.2
Changelog:
2019-05-18  Jay Berkenbilt  <ejb@ql.org>

        * 8.4.2: release

2019-05-16  Jay Berkenbilt  <ejb@ql.org>

        * Fix memory error in Windows-only code from typo. Fixes #330.
2019-08-01 13:36:50 +00:00
ryoon
ba5e853dde Update to 8.4.1
Changelog:
This is qpdf version 8.4.1. It contains a small handful of minor
CLI enhancements and a few bug fixes from 8.4.0 including handling
of Unicode filenames in Windows, a performance bug with --split-pages
and a few others. For a full list of changes, please see the release
notes.
2019-05-02 11:25:23 +00:00
ryoon
a24afb5a1a Update to 8.4.0
Changelog:
This is qpdf version 8.4.0. It contains many enhancements and fixes
including better handling of Unicode passwords, enhancements to
image optimization and appearance generation, overlay/underlay and
other changes. It also includes an important bug fix for page
splitting. For a full list of changes, please see the release notes.
2019-04-27 03:12:41 +00:00
ryoon
f0290ed009 Update to 8.3.0
Changelog:
2019-01-07  Jay Berkenbilt  <ejb@ql.org>

	* 8.3.0: release

	* Add sample completion files in completions. These can be used by
	packagers to install on the system wherever bash and zsh keep
	their vendor-supplied completions.

	* Add configure flag --enable-check-autofiles, which is on by
	default. Packagers whose packaging systems automatically refresh
	autoconf or libtool files should pass --disable-check-autofiles to
	./configure to suppress warnings about automatically generated
	files being outdated.

2019-01-06  Jay Berkenbilt  <ejb@ql.org>

	* Remove the restriction in most cases that the source QPDF used
	in a copyForeignObject call has to stick around until the
	destination QPDF is written. The exceptional case is when the
	source stream gets is data using a
	QPDFObjectHandle::StreamDataProvider. For a more in-depth
	discussion, see comments around copyForeignObject in QPDF.hh.
	Fixes #219.

2019-01-05  Jay Berkenbilt  <ejb@ql.org>

	* When generating appearances, if the font uses one of the
	standard, built-in encodings, restrict the character set to that
	rather than just to ASCII. This will allow most appearances to
	contain characters from the ISO-Latin-1 range plus a few
	additional characters.

	* Add methods QUtil::utf8_to_win_ansi and
	QUtil::utf8_to_mac_roman.

	* Add method QUtil::utf8_to_utf16.

2019-01-04  Jay Berkenbilt  <ejb@ql.org>

	* Add new option --optimize-images, which recompresses every image
	using DCT (JPEG) compression as long as the image is not already
	compressed with lossy compression and recompressing the image
	reduces its size. The additional options --oi-min-width,
	--oi-min-height, and --oi-min-area prevent recompression of images
	whose width, height, or pixel area (width * height) are below a
	specified threshold.

	* Add new option --collate. When specified, the semantics of
	--pages change from concatenation to collation. See the manual for
	a more detailed discussion. Fixes #259.

	* Add new method QPDFWriter::getFinalVersion, which returns the
	PDF version that will ultimately be written to the final file. See
	comments in QPDFWriter.hh for some restrictions on its use. Fixes
	#266.

	* When unexpected errors are found while checking linearization
	data, print an error message instead of calling assert, which
	cause the program to crash. Fixes #209, #231.

	* Detect and recover from dangling references. If a PDF file
	contained an indirect reference to a non-existent object (which is
	valid), when adding a new object to the file, it was possible for
	the new object to take the object ID of the dangling reference,
	thereby causing the dangling reference to point to the new object.
	This case is now prevented. Fixes #240.

2019-01-03  Jay Berkenbilt  <ejb@ql.org>

        * Add --generate-appearances flag to the qpdf command-line tool to
	trigger generation of appearance streams.

	* Fix behavior of form field value setting to handle the following
	cases:
	  - Strings are always written as UTF-16
	  - Check boxes and radio buttons are handled properly with
	    synchronization of values and appearance states

	* Define constants in qpdf/Constants.h for interpretation of
	annotation and form field flags

	* Add QPDFAnnotationObjectHelper::getFlags

	* Add many new methods to QPDFFormFieldObjectHelper for querying
	flags and field types

	* Add new methods for appearance stream generation. See comments
	in QPDFFormFieldObjectHelper.hh for generateAppearance() for a
	description of limitations.
	  - QPDFAcroFormDocumentHelper::generateAppearancesIfNeeded
	  - QPDFFormFieldObjectHelper::generateAppearance

	* Bug fix: when writing form field values, always write string
	values encoded as UTF-16.

	* Add method QUtil::utf8_to_ascii, which returns an ASCII string
	for a UTF-8 string, replacing out-of-range characters with a
	specified substitute.

2019-01-02  Jay Berkenbilt  <ejb@ql.org>

	* Add method QPDFObjectHandle::getResourceNames that returns a set
	of strings representing all second-level keys in a dictionary
	(i.e. all keys of all direct dictionary members).

2018-12-31  Jay Berkenbilt  <ejb@ql.org>

	* Add --flatten-annotations flag to the qpdf command-line tool for
	annotation flattening.

	* Add methods for flattening form fields and annotations:
	  - QPDFPageDocumentHelper::flattenAnnotations - integrate
	    annotation appearance streams into page contents with special
	    handling for form fields: if appearance streams are up to date
	    (/NeedAppearances is false in /AcroForm), the /AcroForm key of
	    the document catalog is removed. Otherwise, a warning is
	    issued, and form fields are ignored. Non-form-field
	    annotations are always flattened if an appearance stream can
	    be found.
	  - QPDFAnnotationObjectHelper::getPageContentForAppearance -
	    generate the content stream fragment to render an appearance
	    stream in a page's content stream as a form xobject. Called by
	    flattenAnnotations.

	* Add method QPDFObjectHandle::mergeResources(), which merges
	resource dictionaries. See detailed description in
	QPDFObjectHandle.hh.

	* Add QPDFObjectHandle::Matrix, similar to
	QPDFObjectHandle::Rectangle, as a convenience class for
	six-element arrays that are used as matrices.

2018-12-23  Jay Berkenbilt  <ejb@ql.org>

	* When specifying @arg on the command line, if the file "arg" does
	not exist, just treat this is a normal argument. This makes it
	easier to deal with files whose names start with the @ character.
	Fixes #265.

	* Tweak completion so it works with zsh as well using
	bashcompinit.

2018-12-22  Jay Berkenbilt  <ejb@ql.org>

	* Add new options --json, --json-key, and --json-object to
	generate a json representation of the PDF file. This is described
	in more depth in the manual. You can also run qpdf --json-help to
	get a description of the json format.

2018-12-21  Jay Berkenbilt  <ejb@ql.org>

	* Allow --show-object=trailer for showing the document trailer.

	* You can now use eval $(qpdf --completion-bash) to enable bash
	completion for qpdf. It's not perfect, but it works pretty well.

2018-12-19  Jay Berkenbilt  <ejb@ql.org>

	* When splitting pages using --split-pages, the outlines
	dictionary and some supporting metadata are copied into the split
	files. The result is that all bookmarks from the original file
	appear, and those that point to pages that are preserved work
	while those that point to pages that are not preserved don't do
	anything. This is an interim step toward proper support for
	bookmark preservation in split files.

	* Add QPDFOutlineDocumentHelper and QPDFOutlineObjectHelper for
	handling outlines (bookmarks) including bidirectionally mapping
	between bookmarks and pages. Initially there is no support for
	modifying the outlines hierarchy.

2018-12-18  Jay Berkenbilt  <ejb@ql.org>

	* New method QPDFObjectHandle::getJSON() returns a JSON object
	with a partial representation of the object. See
	QPDFObjectHandle.hh for a detailed description.

	* Add a simple JSON serializer. This is not a complete or
	general-purpose JSON library. It allows assembly and serialization
	of JSON structures with some restrictions, which are described in
	the header file.

	* Add QPDFNameTreeObjectHelper class. This class provides useful
	methods for dealing with name trees, which are discussed in
	section 7.9.6 of the PDF spec (ISO-32000).

	* Preserve page labels when merging and splitting files. Prior
	versions of qpdf simply preserved the page label information from
	the first file, which usually wouldn't make any sense in the
	merged file. Now any page that had a page number in any original
	file will have the same page number after merging or splitting.

	* Add QPDFPageLabelDocumentHelper class. This is a document helper
	class that provides useful methods for dealing with page labels.
	It abstracts the fact that they are stored as number trees and
	deals with interpolating intermediate values that are not in the
	tree. It also has helper functions used by the qpdf command line
	tool to preserve page labels when merging and splitting files.

	* Add QPDFNumberTreeObjectHelper class. This class provides useful
	methods for dealing with number trees, which are discussed in
	section 7.9.7 of the PDF spec (ISO-32000). Page label dictionaries
	are represented as number trees.

	* New method QPDFObjectHandle::wrapInArray returns the object
	itself if it is an array. Otherwise, it returns an array
	containing the object. This is useful for dealing with PDF data
	that is sometimes expressed as a single element and sometimes
	expressed as an array, which is a somewhat common PDF idiom.

2018-10-11  Jay Berkenbilt  <ejb@ql.org>

	* Files generated by autogen.sh are now committed so that it is
	possible to build on platforms without autoconf directly from a
	clean checkout of the repository. The configure script detects if
	the files are out of date when it also determines that the tools
	are present to regenerate them.

	* Add build in Azure Pipelines, now that it is free for open
	source projects.
2019-01-08 16:29:33 +00:00
ryoon
99a2689de3 Update to 8.2.1
Changelog:
This is qpdf version 8.2.1. It contains just a new command line flag to
the CLI. There are no library changes from 8.2.0.

This is qpdf version 8.2.0. It contains a few bug fixes and performance
improvements, some minor API enhancements, and a few other small changes.
2018-11-07 12:59:44 +00:00
wiz
93b46879c7 Recursive bump for perl5-5.28.0 2018-08-22 09:43:40 +00:00
ryoon
66bbc5d636 Update to 8.1.0
Changelog:
8.1.0: June 23, 2018

        Usability Improvements

            When splitting files, qpdf detects fonts and images that the document metadata claims are referenced from a page but are not actually referenced and omits them from the output file. This change can cause a significant reduction in the size of split PDF files for files created by some software packages. Prior versions of qpdf would believe the document metadata and sometimes include all the images from all the other pages even though the pages were no longer present. In the unlikely event that the old behavior should be desired, it can be enabled by specifying --preserve-unreferenced-resources. For additional details, please see Section 3.6, “Advanced Transformation Options”.

            When merging multiple PDF files, qpdf no longer leaves all the files open. This makes it possible to merge numbers of files that may exceed the operating system's limit for the maximum number of open files.

            The --rotate option's syntax has been extended to make the page range optional. If you specify --rotate=angle without specifying a page range, the rotation will be applied to all pages. This can be especially useful for adjusting a PDF created from a multi-page document that was scanned upside down.

            When merging multiple files, the --verbose option now prints information about each file as it operates on that file.

            When the --progress option is specified, qpdf will print a running indicator of its best guess at how far through the writing process it is. Note that, as with all progress meters, it's an approximation. This option is implemented in a way that makes it useful for software that uses the qpdf library; see API Enhancements below.

        Bug Fixes

            Properly decrypt files that use revision 3 of the standard security handler but use 40 bit keys (even though revision 3 supports 128-bit keys).

            Limit depth of nested data structures to prevent crashes from certain types of malformed (malicious) PDFs.

            In “newline before endstream” mode, insert the required extra newline before the endstream at the end of object streams. This one case was previously omitted.

        API Enhancements

            The first round of higher level “helper” interfaces has been introduced. These are designed to provide a more convenient way of interacting with certain document features than using QPDFObjectHandle directly. For details on helpers, see Section 6.3, “Helper Classes”. Specific additional interfaces are described below.

            Add two new document helper classes: QPDFPageDocumentHelper for working with pages, and QPDFAcroFormDocumentHelper for working with interactive forms. No old methods have been removed, but QPDFPageDocumentHelper is now the preferred way to perform operations on pages rather than calling the old methods in QPDFObjectHandle and QPDF directly. Comments in the header files direct you to the new interfaces. Please see the header files and ChangeLog for additional details.

            Add three new object helper class: QPDFPageObjectHelper for pages, QPDFFormFieldObjectHelper for interactive form fields, and QPDFAnnotationObjectHelper for annotations. All three classes are fairly sparse at the moment, but they have some useful, basic functionality.

            A new example program examples/pdf-set-form-values.cc has been added that illustrates use of the new document and object helpers.

            The method QPDFWriter::registerProgressReporter has been added. This method allows you to register a function that is called by QPDFWriter to update your idea of the percentage it thinks it is through writing its output. Client programs can use this to implement reasonably accurate progress meters. The qpdf command line tool uses this to implement its --progress option.

            New methods QPDFObjectHandle::newUnicodeString and QPDFObject::unparseBinary have been added to allow for more convenient creation of strings that are explicitly encoded using big-endian UTF-16. This is useful for creating strings that appear outside of content streams, such as labels, form fields, outlines, document metadata, etc.

            A new class QPDFObjectHandle::Rectangle has been added to ease working with PDF rectangles, which are just arrays of four numeric values.
2018-07-15 23:37:37 +00:00
ryoon
2eaed03b34 Update to 8.0.2
Changelog:
8.0.2:
Version 8.0.2 contains two small bug fixes: proper handling of pages
with no content, and better handling of files with loops following cross
reference tables.

8.0.1:
This is a very minor update from 8.0.0. It just contains two small
enhancements that missed the train: handle zlib streams with data checksum
errors, and, in the command line tool, allow specification of page numbers
counting from the end in page ranges.
2018-04-03 03:06:09 +00:00
ryoon
81f7b18656 Update to 8.0.0
Changelog:
2018-02-25  Jay Berkenbilt  <ejb@ql.org>

	* 8.0.0: release

2018-02-17  Jay Berkenbilt  <ejb@ql.org>

	* Fix QPDFObjectHandle::getUTF8Val() to properly handle strings
	that are encoded with PDF Doc Encoding. Fixes #179.

	* Add qpdf_check_pdf to the "C" API. This method just attempts to
	read the entire file and produce no output, making possible to
	assess whether the file has any errors that qpdf can detect.

	* Major enhancements to handling of type errors within the qpdf
	library. This fix is intended to eliminate those annoying cases
	where qpdf would exit with a message like "operation for
	dictionary object attemped on object of wrong type" without
	providing any context. Now qpdf keeps enough context to be able to
	issue a proper warning and to handle such conditions in a sensible
	way. This should greatly increase the number of bad files that
	qpdf can recover, and it should make it much easier to figure out
	what's broken when a file contains errors.

	* Error message fix: replace "file position" with "offset" in
	error messages that report lexical or parsing errors. Sometimes
	it's an offset in an object stream or a content stream rather than
	a file position, so this makes the error message less confusing in
	those cases. It still requires some knowledge to find the exact
	position of the error, since when it's not a file offset, it's
	probably an offset into a stream after uncompressing it.

	* Error message fix: correct some cases in which the object that
	contained a lexical error was omitted from the error message.

	* Error message fix: improve file name in the error message when
	there is a parser error inside an object stream.

2018-02-11  Jay Berkenbilt  <ejb@ql.org>

	* Add QPDFObjectHandle::filterPageContents method to provide a
	different interface for applying token filters to page contents
	without modifying the ultimate output.

2018-02-04  Jay Berkenbilt  <ejb@ql.org>

        * Changes listed on today's date are numerous and reflect
	significant enhancements to qpdf's lexical layer. While many
	nuances are discussed and a handful of small bugs were fixed, it
	should be emphasized that none of these issues have any impact on
	any output or behavior of qpdf under "normal" operation. There are
	some changes that have an effect on content stream normalization
	as with qdf mode or on code that interacts with PDF files
	lexically using QPDFTokenizer. There are no incompatible changes
	for normal operation. There are a few changes that will affect the
	exact error messages issued on certain bad files, and there is a
	small non-compatible enhancement regarding the behavior of
	manually constructed QPDFTokenizer::Token objects. Users of the
	qpdf command line tool will see no changes other than the addition
	of a new command-line flag and possibly some improved error
	messages.

	* Significant lexer (tokenizer) enhancements. These are changes to
	the QPDFTokenizer class. These changes are of concern only to
	people who are operating with PDF files at the lexical layer using
	qpdf. They have little or no impact on most high-level interfaces
	or the command-line tool.

	New token types tt_space and tt_comment to recognize whitespace
	and comments. this makes it possible to tokenize a PDF file or
	stream and preserve everything about it.

	For backward compatibility, space and comment tokens are not
	returned by the tokenizer unless QPDFTokenizer.includeIgnorable()
	is called.

	Better handling of null bytes. These are now included in space
	tokens rather than being their own "tt_word" tokens. This should
	have no impact on any correct PDF file and has no impact on
	output, but it may change offsets in some error messages when
	trying to parse contents of bad files. Under default operation,
	qpdf does not attempt to parse content streams, so this change is
	mostly invisible.

	Bug fix to handling of bad tokens at ends of streams. Now, when
	allowEOF() has been called, these are treated as bad tokens
	(tt_bad or an exception, depending on invocation), and a
	separate tt_eof token is returned. Before the bad token
	contents were returned as the value of a tt_eof token. tt_eof
	tokens are always empty now.

	Fix a bug that would, on rare occasions, report the offset in an
	error message in the wrong space because of spaces or comments
	adjacent to a bad token.

	Clarify in comments exactly where the input source is positioned
	surrounding calls to readToken and getToken.

	* Add a new token type for inline images. This token type is only
	returned by QPDFTokenizer immediately following a call to
	expectInlineImage(). This change includes internal refactoring of
	a handful of places that all separately handled inline images, The
	logic of detecting inline images in content streams is now handled
	in one place in the code. Also we are more flexible about what
	characters may surround the EI operator that marks the end of an
	inline image.

	* New method QPDFObjectHandle::parsePageContents() to improve upon
	QPDFObjectHandle::parseContentStream(). The parseContentStream
	method used to operate on a single content stream, but was fixed
	to properly handle pages with contents split across multiple
	streams in an earlier release. The new method parsePageContents()
	can be called on the page object rather than the value of the
	page dictionary's /Contents key. This removes a few lines of
	boiler-plate code from any code that uses parseContentStream, and
	it also enables creation of more helpful error messages if
	problems are encountered as the error messages can include
	information about which page the streams come from.

	* Update content stream parsing example
	(examples/pdf-parse-content.cc) to use new
	QPDFObjectHandle::parsePageContents() method in favor of the older
	QPDFObjectHandle::parseContentStream() method.

	* Bug fix: change where the trailing newline is added to a stream
	in QDF mode when content normalization is enabled (the default for
	QDF mode). Before, the content normalizer ensured that the output
	ended with a trailing newline, but this had the undesired side
	effect of including the newline in the stream data for purposes of
	length computation. QPDFWriter already appends a newline without
	counting in length for better readability. Ordinarily this makes
	no difference, but in the rare case of a page's contents being
	split in the middle of a token, the old behavior could cause the
	extra newline to be interprted as part of the token. This bug
	could only be triggered in qdf mode, which is a mode intended for
	manual inspection of PDF files' contents, so it is very unlikely
	to have caused any actual problems for people using qpdf for
	production use. Even if it did, it would be very unusual for a PDF
	file to actually be adversely affected by this issue.

	* Add support for coalescing a page's contents into a single
	stream if they are represented as an array of streams. This can be
	performed from the command line using the --coalesce-contents
	option. Coalescing content streams can simplify things for
	software that wants to operate on a page's content streams without
	having to handle weird edge cases like content streams split in
	the middle of tokens. Note that
	QPDFObjectHandle::parsePageContents and
	QPDFObjectHandle::parseContentStream already handled split content
	streams. This is mainly to set the stage for new methods of
	operating on page contents. The new method
	QPDFObjectHandle::pipeContentStreams will pipe all of a page's
	content streams though a single pipeline. The new method
	QPDFObjectHandle.coalesceContentStreams, when called on a page
	object, will do nothing if the page's contents are a single
	stream, but if they are an array of streams, it will replace the
	page's contents with a single stream whose contents are the
	concatenation of the original streams.

	* A few library routines throw exceptions if called on non-page
	objects. These constraints have been relaxed somewhat to make qpdf
	more tolerant of files whose page dictionaries are not properly
	marked as such. Mostly exceptions about page operations being
	called on non page objects will only be thrown in cases where the
	operation had no chance of succeeding anyway. This change has no
	impact on any default mode operations, but it could allow
	applications that use page-level APIs in QPDFObjectHandle to be
	more tolerant of certain types of damaged files.

	* Add QPDFObjectHandle::TokenFilter class and methods to use it to
	perform lexical filtering on content streams. You can call
	QPDFObjectHandle::addTokenFilter on stream object, or you can call
	the higher level QPDFObjectHandle::addContentTokenFilter on a page
	object to cause the stream's contents to passed through a token
	filter while being retrieved by QPDFWriter or any other consumer.
	For details on using TokenFilter, please see comments in
	QPDFObjectHandle.hh.

	* Enhance the string, type QPDFTokenizer::Token constructor to
	initialize a raw value in addition to a value. Tokens have a
	value, which is a canonical representation, and a raw value. For
	all tokens except strings and names, the raw value and the value
	are the same. For strings, the value excludes the outer delimiters
	and has non-printing characters normalized. For names, the value
	resolves non-printing characters. In order to better facilitate
	token filters that mostly preserve contents and to enable
	developers to be mostly unconcerned about the nuances of token
	values and raw values, creating string and name tokens now
	properly handles this subtlety of values and raw values. When
	constructing string tokens, take care to avoid passing in the
	outer delimiters. This has always been the case, but it is now
	clarified in comments in QPDFObjectHandle.hh::TokenFilter. This
	has no impact on any existing code unless there's some code
	somewhere that was relying on Token::getRawValue() returning an
	empty string for a manually constructed token. The token class's
	operator== method still only looks at type and value, not raw
	value. For example, string tokens for <41> and (A) would still be
	equal because both are representations of the string "A".

	* Add QPDFObjectHandle::isDataModified method. This method just
	returns true if addTokenFilter has been called on the stream. It
	enables a caller to determine whether it is safe to optimize away
	piping of stream data in cases where the input and output are
	expected to be the same. QPDFWriter uses this internally to skip
	the optimization of not re-compressing already compressed streams
	if addTokenFilter has been called. Most developers will not have
	to worry about this as it is used internally in the library in the
	places that need it. If you are manually retrieving stream data
	with QPDFObjectHandle::getStreamData or
	QPDFObjectHandle::pipeStreamData, you don't need to worry about
	this at all.

	* Provide heavily annoated examples/pdf-filter-tokens.cc example
	that illustrates use of some simple token filters.

	* When normalizing content streams, as in qdf mode, issue warning
	about bad tokens. Content streams are only normalized when this is
	explicitly requested, so this has no impact on normal operation.
	However, in qdf mode, if qpdf detects a bad token, it means that
	either there's a bug in qpdf's lexer, that the file is damaged, or
	that the page's contents are split in a weird way. In any of those
	cases, qpdf could potentially damage the stream's contents by
	replacing carrige returns with newlines or otherwise messing with
	spaces. The mostly likely case of this would be an inline image's
	compressed data being divided across two streams and having the
	compressed data in the second stream contain a carriage return as
	part of its binary data. If you are using qdf mode just to look at
	PDF files in text editors, this usually doesn't matter. In cases
	of contents split across multiple streams, coalescing streams
	would eliminate the problem, so the warning mentions this. Prior
	to this enhancement, the chances of qdf mode writing incorrect
	data were already very low. This change should make it nearly
	impossible for qdf mode to unknowingly write invalid data.

2018-02-04  Jay Berkenbilt  <ejb@ql.org>

	* Add QPDFWriter::setLinearizationPass1Filename method and
	--linearize-pass1 command line option to allow specification of a
	file into which QPDFWriter will write its intermediate
	linearization pass 1 file. This is useful only for debugging qpdf.
	qpdf creates linearized files by computing the output in two
	passes. Ordinarily the first pass is discarded and not written
	anywhere. This option allows it to be inspected.
2018-02-27 12:37:20 +00:00
adam
2e8904d1b1 qpdf: updated to 7.1.1
7.1.1: release
* Bug fix: properly linearize files whose /ID has a length of
  other than 16 bytes.
* Rename some test files to avoid files with three dots in their
  names.
* Fix various build and compilation issues on some platforms and
  compilers.
* Fix a few typos and clarify a few comments in header files.
2018-02-23 06:25:23 +00:00
ryoon
e8ee20ac89 Update to 7.1.0
Changelog:
2018-01-14  Jay Berkenbilt  <ejb@ql.org>

	* 7.1.0: release

	* Allow raw encryption key to be specified in libary and command
	line with the QPDF::setPasswordIsHexKey method and
	--password-is-hex-key option. Allow encryption key to be displayed
	with --show-encryption-key option. Thanks to Didier Stevens
	<didier.stevens@gmail.com> for the idea and contribution of one
	implementation of this idea. See his blog post at
	https://blog.didierstevens.com/2017/12/28/cracking-encrypted-pdfs-part-3/
	for a discussion of using this for cracking encrypted PDFs. I hope
	that a future release of qpdf will include some additional
	recovery options that may also make use of this capability.

2018-01-13  Jay Berkenbilt  <ejb@ql.org>

	* Fix lexical error: the PDF specification allows floating point
	numbers to end with ".". Fixes #165.

	* Fix link order in the build to avoid conflicts when building
	from source while an older version of qpdf is installed. Fixes #158.

	* Add support for TIFF predictor for LZW and Flate streams. Now
	all predictor functions are supported. Fixes #171.

2017-12-25  Jay Berkenbilt  <ejb@ql.org>

	* Clarify documentation around options that control parsing but
	not output creation. Two options: --suppress-recovery and
	--ignore-xref-streams, were documented in the "Advanced
	Transformation Options" section of the manual and --help output
	even though they are not related to output. These are now
	described in a separate section called "Advanced Parsing Options."

	* Implement remaining PNG filters for decode. Prior versions could
	decode only the "up" filter. Now all PNG filters (sub, up,
	average, Paeth, optimal) are supported for decoding. Thanks to
	Tobias Hoffmann for providing a test PDF file that has images with
	all PNG filters along with different numbers of bits per sample
	and samples per pixel, and thanks to Casey Rojas for providing
	implementations of the remaining PNG filters.

	The implementation of the remaining PNG filters changed the
	interface to the private Pl_PNGFilter class, but this class's
	header file is not in the installation, and there is no public
	interface to the class. Within the library, the class is never
	allocated on the stack; it is only ever dynamically allocated. As
	such, this does not actually break binary compatibility of the
	library.
2018-02-05 13:39:05 +00:00
leot
a5d0a65690 qpdf: Delete reference to libjpeg in the libqpdf `.pc' file
graphics/jpeg does not provide any `.pc' file this will lead in failures when
invoking pkg-config agaisnt `libqpdf'. Adjust `Requires.private:' in
libqpdf.pc.in to omit libjpeg.

Bump PKGREVISION since the new installed libqpdf.pc file will fix packages that
depends on print/qpdf.

OK by <pgoyette> and <ryoon>, thanks!
2017-10-03 08:33:45 +00:00
wiz
e11076b7e0 qpdf: add missing jpeg dependency. Add missing files to PLIST. 2017-09-29 21:11:40 +00:00
wiz
48338b5063 qpdf: Update LICENSE for 7.0.0 2017-09-28 12:57:20 +00:00
ryoon
3c5908dc21 Update to 7.0.0
Changelog:
2017-09-15  Jay Berkenbilt  <ejb@ql.org>

	* 7.0.0: release

2017-09-12  Jay Berkenbilt  <ejb@ql.org>

	* Relicense qpdf under version 2.0 of the Apache License rather
	than version 2.0 of the Artistic License. Both are fine, but the
	Apache License is in more widespread use, and I like it a little
	better than Artistic-2.0. It is my intention that there be no
	change in what you can or can't do with qpdf. Versions of qpdf
	prior to version 7 were released under the terms of version 2.0 of
	the Artistic License. At your option, you may continue to consider
	qpdf to be licensed under those terms. Please see the manual for
	additional information.

	* Improve the error message that is issued when QPDFWriter
	encounters a stream that can't be decoded. In particular, mention
	that the stream will be copied without filtering to avoid data
	loss.

	* Add new methods to the C API to correspond to new additions to
	QPDFWriter:
	- qpdf_set_compress_streams
	- qpdf_set_decode_level
	- qpdf_set_preserve_unreferenced_objects
	- qpdf_set_newline_before_endstream

2017-08-25  Jay Berkenbilt  <ejb@ql.org>

	* Re-implement parser iteratively to avoid stack overflow on very
	deeply nested arrays and dictionaries. Fixes #146.

	* Detect infinite loop while finding additional xref tables. Fixes
	#149.

2017-08-22  Jay Berkenbilt  <ejb@ql.org>

	* 7.0.b1: release

	* Convert all README files to markdown. Names changed as follows:
	  - README --> README.md
	  - README.hardening --> README-hardening.md
	  - README.maintainer --> README-maintainer.md
	  - README-what-to-download.txt --> README-what-to-download.md
	  - README-windows.txt --> README-windows.md
	  The file README-windows-install.txt remains a text file.

2017-08-21  Jay Berkenbilt  <ejb@ql.org>

	* Add support for writing PCLm files. Most of the work was done by
	Sahil Arora <sahilarora.535@gmail.com> as part of a Google Summer
	of Code project in 2017. PCLm support is useful only for clients
	that specifically know how to create PCLm files. Support in qpdf
	is just for ensuring that objects are written in the correct order
	and for including some additional material in the output that is
	required by the PCLm standard.

2017-08-19  Jay Berkenbilt  <ejb@ql.org>

	* Remove --precheck-streams. This is enabled by default now
	without any efficiency cost. This feature was never released.

	* Update pdf-create example to illustrate use of additional image
	compression filters.

	* Add support for /RunLengthDecode and /DCTDecode:
	  - New pipeline types Pl_RunLength and Pl_DCT
	  - New command-line flags --compress-streams and --decode-level
	    to replace/enhance --stream-data
	  - New QPDFWriter::setCompressStreams and
 	    QPDFWriter::setDecodeLevel methods
	  Please see documentation, header files, and help messages for
	  details on these new features.

2017-08-12  Jay Berkenbilt  <ejb@ql.org>

	* Add QPDFObjectHandle::rotatePage to apply rotation to a page
	object. Add --rotate option to qpdf to specify page rotation from
	the command line.

	* Provide --verbose option that causes qpdf to print an indication
	of what files it is writing.

	* Change --single-pages to --split-pages and make it take an
	optional argument specifying the number of pages per file.

2017-08-11  Jay Berkenbilt  <ejb@ql.org>

	* Fix --newline-before-endstream to always add a newline before
	endstream even if the last character was already a newline. This
	is actually what's required by PDF/A. Fixes #133.

	* Handle encrypted files whose encryption parameters are too
	short. Fixes #96.

2017-08-10  Jay Berkenbilt  <ejb@ql.org>

	* Remove dependency on libpcre.

	* Be more forgiving of certain types of errors in the xref table
	that don't interfere with interpreting the table.

	* Remove unused "tracing" parameter from PointerHolder's
	(T*, bool) constructor. This change breaks source code
	compatibility, but since this argument to PointerHolder has not
	used for a long time and the presence of a boolean parameter in
	the primary constructor makes it too easy to use that by mistake
	when trying to use PointerHolder for arrays, it seems like it's
	finally time to take it out. If you have a compile error because
	of this change, please check to see whether you intended to use
	the (bool, T*) version of the constructor instead. If not, just
	remove the second parameter.

2017-08-09  Jay Berkenbilt  <ejb@ql.org>

	* When recovering stream length, find endobj without endstream as
	well as just looking for endstream. Be a little more lax about
	where we allow it to be found.

2017-08-05  Jay Berkenbilt  <ejb@ql.org>

	* Add --single-pages option to cause output to be written to a
	separate file for each page rather than one big file.

	* Process --pages options earlier so that certain inspection
	options, like --show-pages, can show the state after the merging
	operations.

2017-08-02  Jay Berkenbilt  <ejb@ql.org>

	* Fix off-by-one error in parsing pages options. Fixes #129.

2017-07-29  Jay Berkenbilt  <ejb@ql.org>

	* Support @filename and @- in the qpdf command-line tool to read
	command-line arguments, one per line, from the named file. @-
	reads from standard input. Fixes #16.

	* Detect when input file and output file are the same and exit to
	avoid overwriting and losing input file. Fixes #29.

	* When passing multiple inspection arguments, run --check first,
	and defer exit until after all the checks have been run. This
	makes it possible to force operations such as --show-xref to be
	delayed until after recovery attempts have been made. For example,
	if you have a file with a syntactically valid xref table that has
	some offsets that are incorrect, running qpdf --check --show-xref
	on that file will first recover the xref and the dump the
	recovered xref, while just running qpdf --show-xref will show the
	xref table as present in the file. Fixes #42.

	* When recovering stream length, indicate the recovered length.
	Fixes #44.

	* Add --newline-before-endstream command-line option and
	setNewlineBeforeEndstream method to QPDFWriter. This forces qpdf
	to always add a newline before the endstream keyword. It is a
	necessary but not sufficient condition for PDF/A compliance. Fixes
	#103.

	* Handle zlib data errors when decoding streams. Fixes #106.

	* Improve handling of files where the "stream" keyword is not
	followed by proper line terminators. Fixes #104.

	* Fix content stream parsing to handle cases of structures within
	the stream split across stream boundaries. Fixes #73.

2017-07-28  Jay Berkenbilt  <ejb@ql.org>

	* Add --preserve-unreferenced command-line option and
	setPreserveUnreferencedObjects method to QPDFWriter. This option
	causes QPDFWriter to write all objects from the input file to the
	output file regardless of whether the objects are referenced.
	Objects are written to the output file in numerical order from the
	input file. This option has no effect for linearized files.

2017-07-27  Jay Berkenbilt  <ejb@ql.org>

	* Add --precheck-streams command-line option and setStreamPrecheck
	method to QPDFWriter to tell QPDFWriter to attempt decoding a
	stream fully before deciding whether to filter it or not.

	* Recover gracefully from streams that aren't filterable because
	the filter parameters are invalid in the stream dictionary or the
	dictionary itself is invalid.

	* Significantly improve recoverability from invalid qpdf objects.
	Most conditions in basic object parsing that used to cause qpdf to
	exit are now warnings. There are still many more opportunities for
	improvements of this sort beyond just object parsing.

2017-07-26  Jay Berkenbilt  <ejb@ql.org>

	* Fixes to infinite loops below also fix problems reported in
	other issues and cover CVE-2017-11624, CVE-2017-11625,
	CVE-2017-11626, and CVE-2017-11627.

	* Don't attempt to interpret syntactic keywords (like R and
	endobj) found while parsing content streams.

	* Detect infinite loops while resolving objects. This could happen
	if something inside an object that had to be resolved during
	parsing, such as a stream length, recursively referenced the
	object being resolved.

	* CVE-2017-9208: Handle references to and appearance of object 0
	as a special case. Object 0 is not allowed, and qpdf was using it
	internally to represent direct objects.

	* CVE-2017-9209: Fix infinite loop caused by attempting to
	reconstruct the xref table while already in the process of
	reconstructing the xref table.

	* CVE-2017-9210: Fix infinite loop caused by attempting to unparse
	an object for inclusion in the text of an exception.
2017-09-28 12:50:36 +00:00
wiz
73716d23de Bump PKGREVISION for perl-5.24.0 for everything mentioning perl. 2016-07-09 06:38:30 +00:00
ryoon
fb0f9f8d07 Update to 6.0.0
Changelog:
2015-11-10  Jay Berkenbilt  <ejb@ql.org>

        * 6.0.0: release

        * No changes from 5.2.0. The 5.2.0 release broke binary
        compatibility and was withdrawn.

2015-10-31  Jay Berkenbilt  <ejb@ql.org>

        * 5.2.0: release

        * libqpdf/QPDF.cc (read_xrefTable): Be tolerant of some malformed
        xref tables that don't have the required trailing space after each
        line.

2015-10-29  Jay Berkenbilt  <ejb@ql.org>

        * Implement QPDFWriter::setDeterministicID and --deterministic-id
        commandline-flag to qpdf to request generation of a deterministic
        /ID for non-encrypted files.
2016-03-11 15:37:02 +00:00
agc
03010d7bd0 Add SHA512 digests for distfiles for print category
Problems found locating distfiles:
	Package acroread7: missing distfile AdobeReader_enu-7.0.9-1.i386.tar.gz
	Package acroread8: missing distfile AdobeReader_enu-8.1.7-1.sparc.tar.gz
	Package cups-filters: missing distfile cups-filters-1.1.0.tar.xz
	Package dvidvi: missing distfile dvidvi-1.0.tar.gz
	Package lgrind: missing distfile lgrind.tar.bz2

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 01:01:30 +00:00
ryoon
db503e01ed Update to 5.1.3
Changelog:
2015-05-24  Jay Berkenbilt  <ejb@ql.org>

        * 5.1.3: release

        * Bug fix: fix-qdf was not handling object streams with more than
        255 objects in them.

        * Handle Microsoft crypt provider initialization properly for case
        where no keys have been previously created, such as in a fresh
        Windows installation.

        * Include time.h in QUtil.hh for time_t
2015-09-24 22:56:37 +00:00
wiz
2e65d464e8 Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
2015-06-12 10:50:58 +00:00
wiz
ba66dbada6 Remove patch not in distinfo. 2015-01-29 09:29:18 +00:00
mef
01911eba7c Update 5.0.1 to 5.1.2
---------------------
2014-06-07  Jay Berkenbilt  <ejb@ql.org>
	* 5.1.2: release

	* MS Visual C++ build: explicitly target Windows 5.0.1 (XP)

	* New example program: pdf-split-pages: efficiently split PDF
	files into individual pages.

	* Bug fix: don't fail on files that contain streams where /Filter
	or /DecodeParms references a stream. Before, qpdf would try to
	convert these to direct objects, which would fail because of the
	stream.

2014-02-22  Jay Berkenbilt  <ejb@ql.org>
	* Bug fix: if the last object in the first part of a linearized
	file had an offset that was below 65536 by less than the size of
	the hint stream, the xref stream was invalid and the resulting file
	is not usable.  This is now fixed.

2014-01-14  Jay Berkenbilt  <ejb@ql.org>
	* 5.1.1: release

2013-12-26  Jay Berkenbilt  <ejb@ql.org>
	* Bug fix: when copying foreign objects (which occurs during page
	splitting among other cases), avoid traversing the same object
	more than once if it appears more than once in the same direct
	object.  This bug is performance-only and does not affect the
	actual output.

2013-12-17  Jay Berkenbilt  <ejb@ql.org>
	* 5.1.0: release

2013-12-16  Jay Berkenbilt  <ejb@ql.org>
	* Document and make explicit that passing null to
	QUtil::setRandomDataProvider() resets the random data provider.

	* Provide QUtil::getRandomDataProvider().

2013-12-14  Jay Berkenbilt  <ejb@ql.org>
	* Allow anyspace rather than just newline to follow xref header.
	This allows qpdf to read a wider range of damaged files.

2013-11-30  Jay Berkenbilt  <ejb@ql.org>
	* Allow user-supplied random data provider to be used in place of
	OS-provided or insecure random number generation.  See
	documentation for 5.1.0 for details.

	* Add configure option --enable-os-secure-random (enabled by
	default).  Pass --disable-os-secure-random or define
	SKIP_OS_SECURE_RANDOM to avoid attempts to use the operating
	system-provided secure random number generation.  This can be
	especially useful on Windows if you wish to avoid any dependency
	on Microsoft's cryptography system.

2013-11-29  Jay Berkenbilt  <ejb@ql.org>
	* If NO_GET_ENVIRONMENT is #defined, for Windows only,
	QUtil::get_env will always return false.  This was added to
	support a user who needs to avoid calling GetEnvironmentVariable
	from the Windows API.  QUtil::get_env is not used for any
	functionality in qpdf and exists only to support the test suite
	including test coverage support with QTC (part of qtest).

	* Add /FS to msvc builds to allow parallel builds to work with
	Visual C++ 2013.

	* Add missing #include <algorithm> in some files that use std::min
	and std::max.

2013-11-21  Jay Berkenbilt  <ejb@ql.org>
	* Change image comparison tests, which are disabled by default, to
	use tiff files with 8 bits per sample rather than 4.  This works
	around a bug in tiffcmp but also increases time and disk space for
	image comparison tests.

2013-10-28  Jay Berkenbilt  <ejb@ql.org>
	* Fix MacOS compilation errors by adding a missing #include
	<string> in a header file.
2015-01-26 11:54:17 +00:00
wiz
4e7d31614f Reset maintainer, resigned. 2014-10-22 08:01:48 +00:00
wiz
26f1c82419 Add buildlink3.mk file. 2014-06-07 10:44:30 +00:00
wiz
7eeb51b534 Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
2014-05-29 23:35:13 +00:00
asau
042e32590a Pull time.h to define time_t on FreeBSD.
Bump package revision since the affected header file is installed.
2014-04-17 21:37:55 +00:00
joerg
8873e9f488 Missing include. 2013-10-27 21:52:53 +00:00
wiz
4ff222a951 Update to 5.0.1:
2013-10-18  Jay Berkenbilt  <ejb@ql.org>

	* 5.0.1: release

	* Warn when -accessibility=n is specified with a modern encryption
	format (R > 3).  Also, accept this flag (and ignore with warning)
	with 256-bit encryption.  qpdf has always ignored the
	accessibility setting with R > 3, but it previously did so
	silently.

2013-10-05  Jay Berkenbilt  <ejb@ql.org>

	* Replace operator[] in std::string and std::vector with "at" in
	order to get bounds checking.  This reduces the chances that
	incorrect code will result in data exposure or buffer overruns.
	See README.hardening for additional notes.

	* Use cryptographically secure random number generation when
	available.  See additional notes in README.

	* Replace some assert() calls with std::logic_error exceptions.
	Ideally there shouldn't be assert() calls outside of testing.
	This change may make a few more potential code errors in handling
	invalid data recoverable.

	* Security fix: In places where std::vector<T>(size_t) was used,
	either validate that the size parameter is sane or refactor code
	to avoid the need to pre-allocate the vector.  This reduces the
	likelihood of allocating a lot of memory in response to invalid
	data in linearization hint streams.

	* Security fix: sanitize /W array in cross reference stream to
	avoid a potential integer overflow in a multiplication.  It is
	unlikely that any exploits were possible from this bug as
	additional checks were also performed.

	* Security fix: avoid buffer overrun that could be caused by bogus
	data in linearization hint streams.  The incorrect code could only
	be triggered when checking linearization data, which must be
	invoked explicitly.  qpdf does not check linearization data when
	reading or writing linearized files, but the qpdf --check command
	does check linearization data.

	* Security fix: properly handle empty strings in
	QPDF_Name::normalizeName.  The empty string is not a valid name
	and would never be parsed as a name, so there were no known
	conditions where this method could be called with an empty string.

	* Security fix: perform additional argument sanity checks when
	reading bit streams.

	* Security fix: in QUtil::toUTF8, change bounds checking to avoid
	having a pointer point temporarily outside the bounds of an
	array.  Some compiler optimizations could have made the original
	code unsafe.

2013-07-10  Jay Berkenbilt  <ejb@ql.org>

	* 5.0.0: release

	* 4.2.0 turned out to be binary incompatible on some platforms
	even though there were no changes to the public API.  Therefore
	the 4.2.0 release has been withdrawn, and is being replaced with a
	5.0.0 release that acknowledges the ABI change and also removes
	some problematic methods from the public API.

	* Remove methods from public API that were only intended to be
	used by QPDFWriter and really didn't make sense to call from
	anywhere else as they required internal knowledge that only
	QPDFWriter had:
	   - QPDF::getLinearizedParts
	   - QPDF::generateHintStream
	   - QPDF::getObjectStreamData
	   - QPDF::getCompressibleObjGens
	   - QPDF::getCompressibleObjects

2013-07-07  Jay Berkenbilt  <ejb@ql.org>

	* 4.2.0: release [withdrawn]

	* Ignore error case of a stream's decode parameters having invalid
	length when there are no stream filters.

	* qpdf: add --show-npages command-line option, which causes the
	number of pages in the input file to be printed on a line by
	itself.

	* qpdf: allow omission of range in --pages.  If range is omitted
	such that an argument that is supposed to be a range is an invalid
	range and a valid file name, the range of 1-z is assumed.  This
	makes it possible to merge a bunch of files with something like
	qpdf --empty out.pdf --pages *.pdf --

2013-06-15  Jay Berkenbilt  <ejb@ql.org>

	* Handle some additional broken files with missing /ID in trailer
	for encrypted files and with space rather than newline after xref.

2013-06-14  Jay Berkenbilt  <ejb@ql.org>

	* Detect and correct /Outlines dictionary being a direct object
	when linearizing files.  This is not allowed by the spec but has
	been seen in the wild.  Prior to this change, such a file would
	cause an internal error in the linearization code, which assumed
	/Outlines was indirect.

	* Add /Length key to crypt filter dictionary for encrypted files.
	This key is optional, but some version of MacOS reportedly fail to
	open encrypted PDF files without this key.

	* Bug fix: properly handle object stream generation when the
	original file has some compressible objects with generation != 0.

	* Add QPDF::getCompressibleObjGens() and deprecate
	QPDF::getCompressibleObjects(), which had a flaw in its logic.

	* Add new QPDFObjectHandle::getObjGen() method and indiciate in
	comments that its use is favored over getObjectID() and
	getGeneration() for most cases.

	* Add new QPDFObjGen object to represent an object ID/generation
	pair.

2013-04-14  Jay Berkenbilt  <ejb@ql.org>

	* 4.1.0: release

2013-03-25  Jay Berkenbilt  <ejb@ql.org>

	* manual/qpdf-manual.xml: Document the casting policy that is
	followed in qpdf's implementation.

2013-03-11  Jay Berkenbilt  <ejb@ql.org>

	* When creating Windows binary distributions, make sure to only
	copy DLLs of the correct type.  The ensures that the 32-bit
	distributions contain 32-bit DLLs and the 64-bit distributions
	contain 64-bit DLLs.

2013-03-07  Jay Berkenbilt  <ejb@ql.org>

	* Use ./install-sh (already present) instead of "install -c" to
	install executables to fix portability problems against different
	UNIX variants.

2013-03-03  Jay Berkenbilt  <ejb@ql.org>

	* Add protected terminateParsing method to
	QPDFObjectHandle::ParserCallbacks that implementor can call to
	terminate parsing of a content stream.

2013-02-28  Jay Berkenbilt  <ejb@ql.org>

	* Favor fopen_s and strerror_s on MSVC to avoid CRT security
	warnings.  This is useful for people who may want to use qpdf in
	an application that is Windows 8 certified.

	* New method QUtil::safe_fopen to wrap calls to fopen.  This is
	less cumbersome than calling QUtil::fopen_wrapper.

	* Remove all calls to sprintf

	* New method QUtil::int_to_string_base to convert to octal or
	hexademical (or decimal) strings without using sprintf

2013-02-26  Jay Berkenbilt  <ejb@ql.org>

	* Rewrite QUtil::int_to_string and QUtil::double_to_string to
	remove internal length limits but to remain backward compatible
	with the old versions for valid inputs.

2013-02-23  Jay Berkenbilt  <ejb@ql.org>

	* Bug fix: properly handle overridden compressed objects.  When
	caching objects from an object stream, only cache objects that,
	based on the xref table, would actually be resolved into this
	stream.  Prior to this fix, if an object stream A contained an
	object B that was overridden by an appended section of the file,
	qpdf would cache the old value of B if any non-overridden member
	of A was accessed before B.  This commit fixes that bug.

2013-01-31  Jay Berkenbilt  <ejb@ql.org>

	* Do not remove libtool's .la file during the make install step.
	Note to packagers: if your distribution wants to you remove the
	.la file, you will have to do that yourself now.

2013-01-25  Jay Berkenbilt  <ejb@ql.org>

	* New method QUtil::hex_encode to encode binary data as a
	hexadecimal string

	* qpdf --check was exiting with status 0 in some rare cases even
	when errors were found.  It now always exits with one of the
	document error codes (0 for success, 2 for errors, 3 or warnings).

2013-01-24  Jay Berkenbilt  <ejb@ql.org>

	* Make --enable-werror work for MSVC, and generally handle warning
	options better for that compiler.  Warning flags for that compiler
	were previous hard-coded into the build with /WX enabled
	unconditionally.

	* Split warning flags into WFLAGS in autoconf.mk to make them
	easier to override.  Before they were repeated in CFLAGS and
	CXXFLAGS and were commingled with other compiler flags.

	* qpdf --check now does syntactic checks all pages' content
	streams as well as checking overall document structure.  Semantic
	errors are still not checked, and there are no plans to add
	semantic checks.

2013-01-22  Jay Berkenbilt  <ejb@ql.org>

	* Add QPDFObjectHandle::getTypeCode().  This method returns a
	unique integer (enumerated type) value corresponding to the object
	type of the QPDFObjectHandle.  It can be used as an alternative to
	the QPDFObjectHandle::is* methods for type testing, particularly
	where there is a desire to use a switch statement or optimize for
	performance when testing object types.

	* Add QPDFObjectHandle::getTypeName().  This method returns a
	string literal describing the object type.  It is useful for
	testing and debugging.

2013-01-20  Jay Berkenbilt  <ejb@ql.org>

	* Add QPDFObjectHandle::parseContentStream, which parses the
	objects in a content stream and calls handlers in a callback
	class.  The example pdf-parse-content illustrates it use.

	* Add QPDF_Operator and QPDF_InlineImage types along with
	appropriate wrapper methods in QPDFObjectHandle.  These new object
	types are to facilitate content stream parsing.
2013-10-23 09:07:27 +00:00
wiz
d2ca14a3f1 Bump all packages for perl-5.18, that
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package

Like last time, where this caused no complaints.
2013-05-31 12:39:57 +00:00
joerg
8d7098b5ab Add missing include. 2013-05-09 14:01:43 +00:00