Opened 6 years ago

Closed 6 years ago

#9772 closed enhancement (fixed)


Reported by: bdubbs@… Owned by: bdubbs@…
Priority: normal Milestone: 8.2
Component: BOOK Version: SVN
Severity: normal Keywords:


New major version. Direct jump from version 6.0.0.

Change History (3)

comment:1 by bdubbs@…, 6 years ago

Owner: changed from blfs-book@… to bdubbs@…
Status: newassigned

comment:2 by bdubbs@…, 6 years ago

  • Relicense qpdf under version 2.0 of the Apache License rather than version 2.0 of the Artistic License. Both are fine, but the Apache License is in more widespread use, and I like it a little better than Artistic-2.0. It is my intention that there be no change in what you can or can't do with qpdf. Versions of qpdf prior to version 7 were released under the terms of version 2.0 of the Artistic License. At your option, you may continue to consider qpdf to be licensed under those terms. Please see the manual for additional information.
  • Improve the error message that is issued when QPDFWriter encounters a stream that can't be decoded. In particular, mention that the stream will be copied without filtering to avoid data loss.
  • Add new methods to the C API to correspond to new additions to QPDFWriter:
  • qpdf_set_compress_streams
  • qpdf_set_decode_level
  • qpdf_set_preserve_unreferenced_objects
  • qpdf_set_newline_before_endstream
  • Re-implement parser iteratively to avoid stack overflow on very deeply nested arrays and dictionaries. Fixes #146.
  • Detect infinite loop while finding additional xref tables. Fixes #149.
  • Convert all README files to markdown. Names changed as follows:
    • README -->
    • README.hardening -->
    • README.maintainer -->
    • README-what-to-download.txt -->
    • README-windows.txt --> The file README-windows-install.txt remains a text file.
  • Add support for writing PCLm files. Most of the work was done by Sahil Arora <sahilarora.535@…> as part of a Google Summer of Code project in 2017. PCLm support is useful only for clients that specifically know how to create PCLm files. Support in qpdf is just for ensuring that objects are written in the correct order and for including some additional material in the output that is required by the PCLm standard.
  • Remove --precheck-streams. This is enabled by default now without any efficiency cost. This feature was never released.
  • Update pdf-create example to illustrate use of additional image compression filters.
  • Add support for /RunLengthDecode and /DCTDecode:
    • New pipeline types Pl_RunLength and Pl_DCT
    • New command-line flags --compress-streams and --decode-level to replace/enhance --stream-data
    • New QPDFWriter::setCompressStreams and QPDFWriter::setDecodeLevel methods Please see documentation, header files, and help messages for details on these new features.
  • Add QPDFObjectHandle::rotatePage to apply rotation to a page object. Add --rotate option to qpdf to specify page rotation from the command line.
  • Provide --verbose option that causes qpdf to print an indication of what files it is writing.
  • Change --single-pages to --split-pages and make it take an optional argument specifying the number of pages per file.
  • Fix --newline-before-endstream to always add a newline before endstream even if the last character was already a newline. This is actually what's required by PDF/A. Fixes #133.
  • Handle encrypted files whose encryption parameters are too short. Fixes #96.
  • Remove dependency on libpcre.
  • Be more forgiving of certain types of errors in the xref table that don't interfere with interpreting the table.
  • Remove unused "tracing" parameter from PointerHolder's (T*, bool) constructor. This change breaks source code compatibility, but since this argument to PointerHolder has not used for a long time and the presence of a boolean parameter in the primary constructor makes it too easy to use that by mistake when trying to use PointerHolder for arrays, it seems like it's finally time to take it out. If you have a compile error because of this change, please check to see whether you intended to use the (bool, T*) version of the constructor instead. If not, just remove the second parameter.
  • When recovering stream length, find endobj without endstream as well as just looking for endstream. Be a little more lax about where we allow it to be found.
  • Add --single-pages option to cause output to be written to a separate file for each page rather than one big file.
  • Process --pages options earlier so that certain inspection options, like --show-pages, can show the state after the merging operations.
  • Support @filename and @- in the qpdf command-line tool to read command-line arguments, one per line, from the named file. @- reads from standard input. Fixes #16.
  • Detect when input file and output file are the same and exit to avoid overwriting and losing input file. Fixes #29.
  • When passing multiple inspection arguments, run --check first, and defer exit until after all the checks have been run. This makes it possible to force operations such as --show-xref to be delayed until after recovery attempts have been made. For example, if you have a file with a syntactically valid xref table that has some offsets that are incorrect, running qpdf --check --show-xref on that file will first recover the xref and the dump the recovered xref, while just running qpdf --show-xref will show the xref table as present in the file. Fixes #42.
  • When recovering stream length, indicate the recovered length. Fixes #44.
  • Add --newline-before-endstream command-line option and setNewlineBeforeEndstream method to QPDFWriter. This forces qpdf to always add a newline before the endstream keyword. It is a necessary but not sufficient condition for PDF/A compliance. Fixes #103.
  • Handle zlib data errors when decoding streams. Fixes #106.
  • Improve handling of files where the "stream" keyword is not followed by proper line terminators. Fixes #104.
  • Fix content stream parsing to handle cases of structures within the stream split across stream boundaries. Fixes #73.
  • Add --preserve-unreferenced command-line option and setPreserveUnreferencedObjects method to QPDFWriter. This option causes QPDFWriter to write all objects from the input file to the output file regardless of whether the objects are referenced. Objects are written to the output file in numerical order from the input file. This option has no effect for linearized files.
  • Add --precheck-streams command-line option and setStreamPrecheck method to QPDFWriter to tell QPDFWriter to attempt decoding a stream fully before deciding whether to filter it or not.
  • Recover gracefully from streams that aren't filterable because the filter parameters are invalid in the stream dictionary or the dictionary itself is invalid.
  • Significantly improve recoverability from invalid qpdf objects. Most conditions in basic object parsing that used to cause qpdf to exit are now warnings. There are still many more opportunities for improvements of this sort beyond just object parsing.
  • Fixes to infinite loops below also fix problems reported in other issues and cover CVE-2017-11624, CVE-2017-11625, CVE-2017-11626, and CVE-2017-11627.
  • Don't attempt to interpret syntactic keywords (like R and endobj) found while parsing content streams.
  • Detect infinite loops while resolving objects. This could happen if something inside an object that had to be resolved during parsing, such as a stream length, recursively referenced the object being resolved.
  • CVE-2017-9208: Handle references to and appearance of object 0 as a special case. Object 0 is not allowed, and qpdf was using it internally to represent direct objects.
  • CVE-2017-9209: Fix infinite loop caused by attempting to reconstruct the xref table while already in the process of reconstructing the xref table.
  • CVE-2017-9210: Fix infinite loop caused by attempting to unparse an object for inclusion in the text of an exception.

comment:3 by bdubbs@…, 6 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 19257.

Note: See TracTickets for help on using tickets.