pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/print/qpdf Update to 9.0.0

branches:  trunk
changeset: 339727:31624a190962
user:      ryoon <>
date:      Sun Sep 15 00:11:29 2019 +0000

Update to 9.0.0

9.0.0: August 31, 2019

        Incompatible API (source-level) Changes (minor)

            The method QUtil::strcasecmp has been renamed to QUtil::str_compare_nocase. This incompatible change is necessary to enable qpdf to build on platforms that define strcasecmp as a macro.

            The QPDF::copyForeignObject method had an overloaded version that took a boolean parameter that was not used. If you were using this version, just omit the extra parameter.

            There was a version QPDFTokenizer::expectInlineImage that took no arguments. This version has been removed since it caused the tokenizer to return incorrect inline images. A new version 
was added some time ago that produces correct output. This is a very low level method that doesn't make sense to call outside of qpdf's lexical engine. There are higher level methods for tokenizing 
content streams.

            Change QPDFOutlineDocumentHelper::getTopLevelOutlines and QPDFOutlineObjectHelper::getKids to return a std::vector instead of a std::list of QPDFOutlineObjectHelper objects.

            Remove method QPDFTokenizer::allowPoundAnywhereInName. This function would allow creation of name tokens whose value would change when unparsed, which is never the correct behavior.

            When qpdf --check or qpdf --check-linearization encounters a file with linearization warnings but not errors, it now properly exits with exit code 3 instead of 2.

        CLI Enhancements

            The --replace-input option may be given in place of an output file name. This causes qpdf to overwrite the input file with the output. See the description of --replace-input in Section 
3.3, ?Basic Options? for more details.

            The --recompress-flate instructs qpdf to recompress streams that are already compressed with /FlateDecode. Useful with --compression-level.

            The --compression-level=level sets the zlib compression level used for any streams compressed by /FlateDecode. Most effective when combined with --recompress-flate.

        Library Enhancements

            A new namespace QIntC, provided by qpdf/QIntC.hh, provides safe conversion methods between different integer types. These conversion methods do range checking to ensure that the cast can 
be performed with no loss of information. Every use of static_cast in the library was inspected to see if it could use one of these safe converters instead. See Section 7.5, ?Casting Policy? for 
additional details.

            Method QPDF::anyWarnings tells whether there have been any warnings without clearing the list of warnings.

            Method QPDF::closeInputSource closes or otherwise releases the input source. This enables the input file to be deleted or renamed.

            New methods have been added to QUtil for converting back and forth between strings and unsigned integers: uint_to_string, uint_to_string_base, string_to_uint, and string_to_ull.

            New methods have been added to QPDFObjectHandle that return the value of Integer objects as int or unsigned int with range checking and sensible fallback values, and a new method was 
added to return an unsigned value. This makes it easier to write code that is safe from unintentional data loss. Functions: getUIntValue, getIntVauleAsInt, getUIntValueAsUInt.

            When parsing content streams with QPDFObjectHandle::ParserCallbacks, in place of the method handleObject(QPDFObjectHandle), the developer may override handleObject(QPDFObjectHandle, 
size_t offset, size_t length). If this method is defined, it will be invoked with the object along with its offset and length within the overall contents being parsed. Intervening spaces and comments 
are not included in offset and length. Additionally, a new method contentSize(size_t) may be implemented. If present, it will be called prior to the first call to handleObject with the total size in 
bytes of the combined contents.

            New methods QPDF::userPasswordMatched and QPDF::ownerPasswordMatched have been added to enable a caller to determine whether the supplied password was the user password, the owner 
password, or both. This information is also displayed by qpdf --show-encryption and qpdf --check.

            Static method Pl_Flate::setCompressionLevel can be called to set the zlib compression level globally used by all instances of Pl_Flate in deflate mode.

            The method QPDFWriter::setRecompressFlate can be called to tell QPDFWriter to uncompress and recompress streams already compressed with /FlateDecode.

            The underlying implementation of QPDF arrays has been enhanced to be much more memory efficient when dealing with arrays with lots of nulls. This enables qpdf to use drastically less 
memory for certain types of files.

            When traversing the pages tree, if nodes are encountered with invalid types, the types are fixed, and a warning is issued.

            A new helper method QUtil::read_file_into_memory was added.

            All conditions previously reported by QPDF::checkLinearization() as errors are now presented as warnings.

            Name tokens containing the # character not preceded by two hexadecimal digits, which is invalid in PDF 1.2 and above, are properly handled by the library: a warning is generated, and the 
name token is properly preserved, even if invalid, in the output. See ChangeLog for a more complete description of this change.

        Bug Fixes

            A small handful of memory issues, assertion failures, and unhandled exceptions that could occur on badly mangled input files have been fixed. Most of these problems were found by Google's 
OSS-Fuzz project.

            When qpdf --check or qpdf --check-linearization encounters a file with linearization warnings but not errors, it now properly exits with exit code 3 instead of 2.

            The --completion-bash and --completion-zsh options now work properly when qpdf is invoked as an AppImage.

            Calling QPDFWriter::set*EncryptionParameters on a QPDFWriter object whose output filename has not yet been set no longer produces a segmentation fault.

            When reading encrypted files, follow the spec more closely regarding encryption key length. This allows qpdf to open encrypted files in most cases when they have invalid or missing 
/Length keys in the encryption dictionary.

            When qpdf --check or qpdf --check-linearization encounters a file with linearization warnings but not errors, it now properly exits with exit code 3 instead of 2.

        Build Changes

            On platforms that support it, qpdf now builds with -fvisibility=hidden. If you build qpdf with your own build system, this is now safe to use. This prevents methods that are not part of 
the public API from being exported by the shared library, and makes qpdf's ELF shared libraries (used on Linux, MacOS, and most other UNIX flavors) behave more like the Windows DLL. Since the DLL 
already behaves in much this way, it is unlikely that there are any methods that were accidentally not exported. However, with ELF shared libraries, typeinfo for some classes has to be explicitly 
exported. If there are problems in dynamically linked code catching exceptions or subclassing, this could be the reason. If you see this, please report a bug at pikepdf.

            QPDF is now compiled with integer conversion and sign conversion warnings enabled. Numerous changes were made to the library to make this safe.

            QPDF's make install target explicitly specifies the mode to use when installing files instead of relying the user's umask. It was previously doing this for some files but not others.

            If pkg-config is available, use it to locate libjpeg and zlib dependencies, falling back on old behavior if unsuccessful.

        Other Notes

            QPDF has been fully integrated into Google's OSS-Fuzz project. This project exercises code with randomly mutated inputs and is great for discovering hidden security crashes and security 
issues. Several bugs found by oss-fuzz have already been fixed in qpdf.


 print/qpdf/Makefile      |   5 ++---
 print/qpdf/PLIST         |   3 ++-
 print/qpdf/ |   4 ++--
 print/qpdf/distinfo      |  10 +++++-----
 4 files changed, 11 insertions(+), 11 deletions(-)

diffs (64 lines):

diff -r 72fbb6fe3ecc -r 31624a190962 print/qpdf/Makefile
--- a/print/qpdf/Makefile       Sat Sep 14 21:47:22 2019 +0000
+++ b/print/qpdf/Makefile       Sun Sep 15 00:11:29 2019 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.28 2019/08/11 13:22:42 wiz Exp $
+# $NetBSD: Makefile,v 1.29 2019/09/15 00:11:29 ryoon Exp $
-DISTNAME=      qpdf-8.4.2
+DISTNAME=      qpdf-9.0.0
 CATEGORIES=    print
diff -r 72fbb6fe3ecc -r 31624a190962 print/qpdf/PLIST
--- a/print/qpdf/PLIST  Sat Sep 14 21:47:22 2019 +0000
+++ b/print/qpdf/PLIST  Sun Sep 15 00:11:29 2019 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.8 2019/01/08 16:29:33 ryoon Exp $
+@comment $NetBSD: PLIST,v 1.9 2019/09/15 00:11:29 ryoon Exp $
@@ -21,6 +21,7 @@
diff -r 72fbb6fe3ecc -r 31624a190962 print/qpdf/
--- a/print/qpdf/  Sat Sep 14 21:47:22 2019 +0000
+++ b/print/qpdf/  Sun Sep 15 00:11:29 2019 +0000
@@ -1,11 +1,11 @@
-# $NetBSD:,v 1.4 2019/01/08 16:29:33 ryoon Exp $
+# $NetBSD:,v 1.5 2019/09/15 00:11:29 ryoon Exp $
 BUILDLINK_TREE+=       qpdf
 .if !defined(QPDF_BUILDLINK3_MK)
-BUILDLINK_API_DEPENDS.qpdf+=   qpdf>=8.3.0
+BUILDLINK_API_DEPENDS.qpdf+=   qpdf>=9.0.0
 BUILDLINK_PKGSRCDIR.qpdf?=     ../../print/qpdf
diff -r 72fbb6fe3ecc -r 31624a190962 print/qpdf/distinfo
--- a/print/qpdf/distinfo       Sat Sep 14 21:47:22 2019 +0000
+++ b/print/qpdf/distinfo       Sun Sep 15 00:11:29 2019 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.23 2019/08/01 13:36:50 ryoon Exp $
+$NetBSD: distinfo,v 1.24 2019/09/15 00:11:29 ryoon Exp $
-SHA1 (qpdf-8.4.2.tar.gz) = cff70e5436953fb8b84066cf12a42ce9861ba822
-RMD160 (qpdf-8.4.2.tar.gz) = ca28857938d9a7725e81081eb3caef8b58f75af4
-SHA512 (qpdf-8.4.2.tar.gz) = 9cde046fb5e42dc331933294155583fb20408704a0cab3075cc3e97bd4643e3178e4162b8de7434aa2304097e7734f985fdc8e7b05cc028c37193dce91797f7a
-Size (qpdf-8.4.2.tar.gz) = 16988263 bytes
+SHA1 (qpdf-9.0.0.tar.gz) = 9e43d623dd761e257a665f6c8d4fa52105a83373
+RMD160 (qpdf-9.0.0.tar.gz) = 46f83a4ce838b9ae8bd382b5c5f68dc7c4af77f8
+SHA512 (qpdf-9.0.0.tar.gz) = bb20eaf4a12f33ad2ca6933a21123cdfd7d6031da472a881f8c60979881c19bc363db585c2be0635081c7380f0f0819921af7c3a4847de57505013c6e3959ea0
+Size (qpdf-9.0.0.tar.gz) = 18172400 bytes
 SHA1 ( = f592899487bb958a01931afbe4ddf3c749ea103e
 SHA1 ( = 8622d6a446da284269102dde38bf14271363dfdc

Home | Main Index | Thread Index | Old Index