Log message:
qpdf: Update to 9.1.1

Chaneglog:
This is qpdf version 9.1.1. This release contains a few small
enhancements and bug fixes. Most notably, fix-qdf is now a proper
executable rather than a perl script, so qpdf no longer has a
runtime dependency on perl.

Log message:
all: migrate several HOMEPAGEs to https

pkglint --only "https instead of http" -r -F

With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.

This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.

Log message:
Update to 9.1.0

Changelog:
2019-11-17  Jay Berkenbilt  <ejb@ql.org>

	* 9.1.0: release

2019-11-09  Jay Berkenbilt  <ejb@ql.org>

	* 9.1.rc1: release

	* Improve behavior of wildcard expansion for msvc executable when
	run from the Windows cmd.exe shell. Unlike in UNIX environments,
	Windows leaves it up to the executable to expand its own
	wildcards. Fixes #224.

	* When reading /P from the encryption dictionary, use static_cast
	instead of QIntC to convert the value to a signed integer. The
	value of /P is a bit field, and PDF files have been found in the
	wild where /P is represented as an unsigned integer even though
	the spec states that it is a signed 32-bit value. By using
	static_cast, we allow qpdf to compensate for writers that
	incorrectly represent the correct bit field as an unsigned value.
	Fixes #382.

2019-11-05  Jay Berkenbilt  <ejb@ql.org>

	* Add support for pluggable crypto providers, enabling multiple
	implementations of the cryptographic functions needed by qpdf.
	This feature was added by request of Red Hat, which recognized the
	use of qpdf's native crypto implementations as a potential
	security liability, preferring instead to get all crypto
	functionality from a third-party library that receives a lot of
	scrutiny. However it was also important to me to not impose any
	unnecessary third party dependencies on my users or packagers,
	some of which build qpdf for lots of environments, some of which
	may not easily support gnutls. Starting in qpdf 9.1.0, it is be
	possible to build qpdf with both the native and gnutls crypto
	providers or with either in isolation. In support of this feature,
	new classes QPDFCryptoProvider and QPDFCryptoImpl have been added
	to the public interface. See QPDFCryptoImpl.hh for details about
	adding your own crypto provider and QPDFCryptoProvider.hh for
	details about choosing which one is used. Note that selection of
	crypto providers is invisible to anyone who doesn't explicitly
	care. Neither end users nor developers have to be concerned about
	it.

	* The environment variable QPDF_CRYPTO_PROVIDER can be used to
	override qpdf's default choice of crypto provider. The
	--show-crypto flag to the qpdf CLI can be used to present a list
	of supported crypto providers with the default provider always
	listed first.

	* Add gnutls crypto provider. Thanks to Zdenek Dohnal for
	contributing the code that I ultimately used in the gnutls crypto
	provider and for engaging in an extended discussion about this
	feature. Fixes #218.

2019-10-22  Jay Berkenbilt  <ejb@ql.org>

	* Incorporate changes from Masamichi Hosoda <trueroad@trueroad.jp>
	to properly handle signature in the following ways:
	  - Always represent /Contents in a signature dictionary as a hex
	    string
	  - Do not compress signature dictionaries when generating object
	    streams
	  - Do not encrypt/decrypt the /Contents field of the signature
	    dictionary when creating or reading encrypted files

	* Incorporate changes from Masamichi Hosoda <trueroad@trueroad.jp>
	to add additional methods for making it possible to gain deeper
	insight into cross reference tables and object renumbering. These
	new API calls make it possible for applications to go into PDF
	files created by qpdf and make changes to them that go beyond
	working with the PDF at the object level. The specific use case
	for these changes was to write an external tool to perform digital
	signature, but there could be other uses as well. New methods
	include the following, all of which are described in their
	respective headers:
	  - QPDF::getXRefTable()
	  - QPDFObjectHandle::getParsedOffset()
	  - QPDFWriter::getRenumberedObjGen(QPDFObjGen)
	  - QPDFWriter::getWrittenXRefTable()

Log message:
Update to 9.0.2

Changelog:
This is qpdf version 9.0.2.
It contains one small bug fix to the --replace-input option.

Log message:
Update to 9.0.1

Changelog:
This is qpdf version 9.0.1. It contains a small number of minor
fixes and enhancements, including fixes to the build for big-endian
systems and systems with char being unsigned by default.

Log message:
Update to 9.0.0

Changelog:
9.0.0: August 31, 2019

        Incompatible API (source-level) Changes (minor)

            The method QUtil::strcasecmp has been renamed to \ 
QUtil::str_compare_nocase. This incompatible change is necessary to enable qpdf \ 
to build on platforms that define strcasecmp as a macro.

            The QPDF::copyForeignObject method had an overloaded version that \ 
took a boolean parameter that was not used. If you were using this version, just \ 
omit the extra parameter.

            There was a version QPDFTokenizer::expectInlineImage that took no \ 
arguments. This version has been removed since it caused the tokenizer to return \ 
incorrect inline images. A new version was added some time ago that produces \ 
correct output. This is a very low level method that doesn't make sense to call \ 
outside of qpdf's lexical engine. There are higher level methods for tokenizing \ 
content streams.

            Change QPDFOutlineDocumentHelper::getTopLevelOutlines and \ 
QPDFOutlineObjectHelper::getKids to return a std::vector instead of a std::list \ 
of QPDFOutlineObjectHelper objects.

            Remove method QPDFTokenizer::allowPoundAnywhereInName. This function \ 
would allow creation of name tokens whose value would change when unparsed, \ 
which is never the correct behavior.

            When qpdf --check or qpdf --check-linearization encounters a file \ 
with linearization warnings but not errors, it now properly exits with exit code \ 
3 instead of 2.

        CLI Enhancements

            The --replace-input option may be given in place of an output file \ 
name. This causes qpdf to overwrite the input file with the output. See the \ 
description of --replace-input in Section 3.3, “Basic Options” for more \ 
details.

            The --recompress-flate instructs qpdf to recompress streams that are \ 
already compressed with /FlateDecode. Useful with --compression-level.

            The --compression-level=level sets the zlib compression level used \ 
for any streams compressed by /FlateDecode. Most effective when combined with \ 
--recompress-flate.

        Library Enhancements

            A new namespace QIntC, provided by qpdf/QIntC.hh, provides safe \ 
conversion methods between different integer types. These conversion methods do \ 
range checking to ensure that the cast can be performed with no loss of \ 
information. Every use of static_cast in the library was inspected to see if it \ 
could use one of these safe converters instead. See Section 7.5, “Casting \ 
Policy” for additional details.

            Method QPDF::anyWarnings tells whether there have been any warnings \ 
without clearing the list of warnings.

            Method QPDF::closeInputSource closes or otherwise releases the input \ 
source. This enables the input file to be deleted or renamed.

            New methods have been added to QUtil for converting back and forth \ 
between strings and unsigned integers: uint_to_string, uint_to_string_base, \ 
string_to_uint, and string_to_ull.

            New methods have been added to QPDFObjectHandle that return the \ 
value of Integer objects as int or unsigned int with range checking and sensible \ 
fallback values, and a new method was added to return an unsigned value. This \ 
makes it easier to write code that is safe from unintentional data loss. \ 
Functions: getUIntValue, getIntVauleAsInt, getUIntValueAsUInt.

            When parsing content streams with QPDFObjectHandle::ParserCallbacks, \ 
in place of the method handleObject(QPDFObjectHandle), the developer may \ 
override handleObject(QPDFObjectHandle, size_t offset, size_t length). If this \ 
method is defined, it will be invoked with the object along with its offset and \ 
length within the overall contents being parsed. Intervening spaces and comments \ 
are not included in offset and length. Additionally, a new method \ 
contentSize(size_t) may be implemented. If present, it will be called prior to \ 
the first call to handleObject with the total size in bytes of the combined \ 
contents.

            New methods QPDF::userPasswordMatched and QPDF::ownerPasswordMatched \ 
have been added to enable a caller to determine whether the supplied password \ 
was the user password, the owner password, or both. This information is also \ 
displayed by qpdf --show-encryption and qpdf --check.

            Static method Pl_Flate::setCompressionLevel can be called to set the \ 
zlib compression level globally used by all instances of Pl_Flate in deflate \ 
mode.

            The method QPDFWriter::setRecompressFlate can be called to tell \ 
QPDFWriter to uncompress and recompress streams already compressed with \ 
/FlateDecode.

            The underlying implementation of QPDF arrays has been enhanced to be \ 
much more memory efficient when dealing with arrays with lots of nulls. This \ 
enables qpdf to use drastically less memory for certain types of files.

            When traversing the pages tree, if nodes are encountered with \ 
invalid types, the types are fixed, and a warning is issued.

            A new helper method QUtil::read_file_into_memory was added.

            All conditions previously reported by QPDF::checkLinearization() as \ 
errors are now presented as warnings.

            Name tokens containing the # character not preceded by two \ 
hexadecimal digits, which is invalid in PDF 1.2 and above, are properly handled \ 
by the library: a warning is generated, and the name token is properly \ 
preserved, even if invalid, in the output. See ChangeLog for a more complete \ 
description of this change.

        Bug Fixes

            A small handful of memory issues, assertion failures, and unhandled \ 
exceptions that could occur on badly mangled input files have been fixed. Most \ 
of these problems were found by Google's OSS-Fuzz project.

            When qpdf --check or qpdf --check-linearization encounters a file \ 
with linearization warnings but not errors, it now properly exits with exit code \ 
3 instead of 2.

            The --completion-bash and --completion-zsh options now work properly \ 
when qpdf is invoked as an AppImage.

            Calling QPDFWriter::set*EncryptionParameters on a QPDFWriter object \ 
whose output filename has not yet been set no longer produces a segmentation \ 
fault.

            When reading encrypted files, follow the spec more closely regarding \ 
encryption key length. This allows qpdf to open encrypted files in most cases \ 
when they have invalid or missing /Length keys in the encryption dictionary.

            When qpdf --check or qpdf --check-linearization encounters a file \ 
with linearization warnings but not errors, it now properly exits with exit code \ 
3 instead of 2.

        Build Changes

            On platforms that support it, qpdf now builds with \ 
-fvisibility=hidden. If you build qpdf with your own build system, this is now \ 
safe to use. This prevents methods that are not part of the public API from \ 
being exported by the shared library, and makes qpdf's ELF shared libraries \ 
(used on Linux, MacOS, and most other UNIX flavors) behave more like the Windows \ 
DLL. Since the DLL already behaves in much this way, it is unlikely that there \ 
are any methods that were accidentally not exported. However, with ELF shared \ 
libraries, typeinfo for some classes has to be explicitly exported. If there are \ 
problems in dynamically linked code catching exceptions or subclassing, this \ 
could be the reason. If you see this, please report a bug at pikepdf.

            QPDF is now compiled with integer conversion and sign conversion \ 
warnings enabled. Numerous changes were made to the library to make this safe.

            QPDF's make install target explicitly specifies the mode to use when \ 
installing files instead of relying the user's umask. It was previously doing \ 
this for some files but not others.

            If pkg-config is available, use it to locate libjpeg and zlib \ 
dependencies, falling back on old behavior if unsuccessful.

        Other Notes

            QPDF has been fully integrated into Google's OSS-Fuzz project. This \ 
project exercises code with randomly mutated inputs and is great for discovering \ 
hidden security crashes and security issues. Several bugs found by oss-fuzz have \ 
already been fixed in qpdf.

Log message:
Bump PKGREVISIONs for perl 5.30.0

Log message:
Update to 8.4.2

Changelog:
2019-05-18  Jay Berkenbilt  <ejb@ql.org>

        * 8.4.2: release

2019-05-16  Jay Berkenbilt  <ejb@ql.org>

        * Fix memory error in Windows-only code from typo. Fixes #330.

Log message:
Update to 8.4.1

Changelog:
This is qpdf version 8.4.1. It contains a small handful of minor
CLI enhancements and a few bug fixes from 8.4.0 including handling
of Unicode filenames in Windows, a performance bug with --split-pages
and a few others. For a full list of changes, please see the release
notes.

Log message:
Update to 8.4.0

Changelog:
This is qpdf version 8.4.0. It contains many enhancements and fixes
including better handling of Unicode passwords, enhancements to
image optimization and appearance generation, overlay/underlay and
other changes. It also includes an important bug fix for page
splitting. For a full list of changes, please see the release notes.