9.1.0

.gitignore

@@ -22,3 +22,5 @@
 /qpdf-8.3.0.tar.gz
 /qpdf-8.4.0.tar.gz
 /qpdf-8.4.2.tar.gz
+/qpdf-9.0.1.tar.gz
+/qpdf-9.1.0.tar.gz

qpdf-erase-tests-with-generated-object-stream.patch

@@ -1,6 +1,6 @@
-diff -up qpdf-8.1.0/examples/qtest/filter-tokens.test.erase-tests-with-generated-object-stream qpdf-8.1.0/examples/qtest/filter-tokens.test
---- qpdf-8.1.0/examples/qtest/filter-tokens.test.erase-tests-with-generated-object-stream	2018-06-26 16:25:29.028242814 +0200
-+++ qpdf-8.1.0/examples/qtest/filter-tokens.test	2018-06-26 16:27:17.456366872 +0200
+diff -up qpdf-9.0.1/examples/qtest/filter-tokens.test.erase-tests-with-generated-object-stream qpdf-9.0.1/examples/qtest/filter-tokens.test
+--- qpdf-9.0.1/examples/qtest/filter-tokens.test.erase-tests-with-generated-object-stream	2019-09-20 14:07:56.000000000 +0200
++++ qpdf-9.0.1/examples/qtest/filter-tokens.test	2019-10-03 08:05:23.809400490 +0200
 @@ -13,8 +13,4 @@ $td->runtest("filter tokens",
  	     {$td->COMMAND => "pdf-filter-tokens in.pdf a.pdf"},
  	     {$td->STRING => "", $td->EXIT_STATUS => 0});
@@ -11,9 +11,9 @@ diff -up qpdf-8.1.0/examples/qtest/filter-tokens.test.erase-tests-with-generated
 -
 -$td->report(2);
 +$td->report(1);
-diff -up qpdf-8.1.0/examples/qtest/invert-images.test.erase-tests-with-generated-object-stream qpdf-8.1.0/examples/qtest/invert-images.test
---- qpdf-8.1.0/examples/qtest/invert-images.test.erase-tests-with-generated-object-stream	2018-06-23 13:50:11.000000000 +0200
-+++ qpdf-8.1.0/examples/qtest/invert-images.test	2018-06-26 16:25:15.832347910 +0200
+diff -up qpdf-9.0.1/examples/qtest/invert-images.test.erase-tests-with-generated-object-stream qpdf-9.0.1/examples/qtest/invert-images.test
+--- qpdf-9.0.1/examples/qtest/invert-images.test.erase-tests-with-generated-object-stream	2019-09-20 14:07:56.000000000 +0200
++++ qpdf-9.0.1/examples/qtest/invert-images.test	2019-10-03 08:05:23.810400481 +0200
 @@ -19,13 +19,13 @@ $td->runtest("double page size",
  	      $td->EXIT_STATUS => 0},
  	     $td->NORMALIZE_NEWLINES);
@@ -32,9 +32,9 @@ diff -up qpdf-8.1.0/examples/qtest/invert-images.test.erase-tests-with-generated
  
  sub cleanup
  {
-diff -up qpdf-8.1.0/examples/qtest/set-form-values.test.erase-tests-with-generated-object-stream qpdf-8.1.0/examples/qtest/set-form-values.test
---- qpdf-8.1.0/examples/qtest/set-form-values.test.erase-tests-with-generated-object-stream	2018-06-26 16:25:24.971275053 +0200
-+++ qpdf-8.1.0/examples/qtest/set-form-values.test	2018-06-26 16:27:26.641291590 +0200
+diff -up qpdf-9.0.1/examples/qtest/set-form-values.test.erase-tests-with-generated-object-stream qpdf-9.0.1/examples/qtest/set-form-values.test
+--- qpdf-9.0.1/examples/qtest/set-form-values.test.erase-tests-with-generated-object-stream	2019-09-20 14:07:56.000000000 +0200
++++ qpdf-9.0.1/examples/qtest/set-form-values.test	2019-10-03 08:05:23.810400481 +0200
 @@ -14,13 +14,10 @@ cleanup();
  $td->runtest("set form values",
  	     {$td->COMMAND => "pdf-set-form-values form-in.pdf a.pdf soup"},
@@ -50,10 +50,10 @@ diff -up qpdf-8.1.0/examples/qtest/set-form-values.test.erase-tests-with-generat
  
  sub cleanup
  {
-diff -up qpdf-8.1.0/libqpdf/qpdf-c.cc.erase-tests-with-generated-object-stream qpdf-8.1.0/libqpdf/qpdf-c.cc
---- qpdf-8.1.0/libqpdf/qpdf-c.cc.erase-tests-with-generated-object-stream	2018-06-23 13:50:11.000000000 +0200
-+++ qpdf-8.1.0/libqpdf/qpdf-c.cc	2018-06-26 16:25:15.832347910 +0200
-@@ -302,7 +302,6 @@ QPDF_ERROR_CODE qpdf_read_memory(qpdf_da
+diff -up qpdf-9.0.1/libqpdf/qpdf-c.cc.erase-tests-with-generated-object-stream qpdf-9.0.1/libqpdf/qpdf-c.cc
+--- qpdf-9.0.1/libqpdf/qpdf-c.cc.erase-tests-with-generated-object-stream	2019-09-20 14:07:56.000000000 +0200
++++ qpdf-9.0.1/libqpdf/qpdf-c.cc	2019-10-03 08:05:23.811400473 +0200
+@@ -297,7 +297,6 @@ QPDF_ERROR_CODE qpdf_read_memory(qpdf_da
      qpdf->size = size;
      qpdf->password = password;
      status = trap_errors(qpdf, &call_read_memory);
@@ -61,7 +61,7 @@ diff -up qpdf-8.1.0/libqpdf/qpdf-c.cc.erase-tests-with-generated-object-stream q
      return status;
  }
  
-@@ -515,7 +514,6 @@ unsigned char const* qpdf_get_buffer(qpd
+@@ -508,7 +507,6 @@ unsigned char const* qpdf_get_buffer(qpd
  
  void qpdf_set_object_stream_mode(qpdf_data qpdf, qpdf_object_stream_e mode)
  {
@@ -69,31 +69,31 @@ diff -up qpdf-8.1.0/libqpdf/qpdf-c.cc.erase-tests-with-generated-object-stream q
      qpdf->qpdf_writer->setObjectStreamMode(mode);
  }
  
-diff -up qpdf-8.1.0/libqpdf/QPDFWriter.cc.erase-tests-with-generated-object-stream qpdf-8.1.0/libqpdf/QPDFWriter.cc
---- qpdf-8.1.0/libqpdf/QPDFWriter.cc.erase-tests-with-generated-object-stream	2018-06-23 13:50:11.000000000 +0200
-+++ qpdf-8.1.0/libqpdf/QPDFWriter.cc	2018-06-26 16:25:15.833347901 +0200
-@@ -3221,8 +3221,6 @@ QPDFWriter::writeLinearized()
+diff -up qpdf-9.0.1/libqpdf/QPDFWriter.cc.erase-tests-with-generated-object-stream qpdf-9.0.1/libqpdf/QPDFWriter.cc
+--- qpdf-9.0.1/libqpdf/QPDFWriter.cc.erase-tests-with-generated-object-stream	2019-10-03 08:05:23.812400464 +0200
++++ qpdf-9.0.1/libqpdf/QPDFWriter.cc	2019-10-03 08:07:08.083488747 +0200
+@@ -3436,8 +3436,6 @@ QPDFWriter::writeLinearized()
  	{
              if (this->m->deterministic_id)
              {
 -                QTC::TC("qpdf", "QPDFWriter linearized deterministic ID",
 -                        need_xref_stream ? 0 : 1);
                  computeDeterministicIDData();
-                 popPipelineStack();
+                 pp_md5 = 0;
                  assert(this->m->md5_pipeline == 0);
-@@ -3426,8 +3424,6 @@ QPDFWriter::writeStandard()
+@@ -3645,8 +3643,6 @@ QPDFWriter::writeStandard()
  
      if (this->m->deterministic_id)
      {
 -	QTC::TC("qpdf", "QPDFWriter standard deterministic ID",
 -                this->m->object_stream_to_objects.empty() ? 0 : 1);
-         popPipelineStack();
+         pp_md5 = 0;
          assert(this->m->md5_pipeline == 0);
      }
-diff -up qpdf-8.1.0/qpdf/qpdf.testcov.erase-tests-with-generated-object-stream qpdf-8.1.0/qpdf/qpdf.testcov
---- qpdf-8.1.0/qpdf/qpdf.testcov.erase-tests-with-generated-object-stream	2018-06-23 13:50:11.000000000 +0200
-+++ qpdf-8.1.0/qpdf/qpdf.testcov	2018-06-26 16:25:15.833347901 +0200
-@@ -126,7 +126,6 @@ qpdf-c called qpdf_get_user_password 0
+diff -up qpdf-9.0.1/qpdf/qpdf.testcov.erase-tests-with-generated-object-stream qpdf-9.0.1/qpdf/qpdf.testcov
+--- qpdf-9.0.1/qpdf/qpdf.testcov.erase-tests-with-generated-object-stream	2019-09-20 14:07:56.000000000 +0200
++++ qpdf-9.0.1/qpdf/qpdf.testcov	2019-10-03 08:05:23.814400446 +0200
+@@ -123,7 +123,6 @@ qpdf-c called qpdf_get_user_password 0
  qpdf-c called qpdf_is_linearized 0
  qpdf-c called qpdf_is_encrypted 0
  qpdf-c called qpdf_init_write 3
@@ -101,7 +101,7 @@ diff -up qpdf-8.1.0/qpdf/qpdf.testcov.erase-tests-with-generated-object-stream q
  qpdf-c called qpdf_set_stream_data_mode 0
  qpdf-c called qpdf_set_content_normalization 0
  qpdf-c called qpdf_set_qdf_mode 0
-@@ -180,7 +179,6 @@ QPDFObjectHandle append page contents 0
+@@ -177,7 +176,6 @@ QPDFObjectHandle append page contents 0
  QPDF_Stream getRawStreamData 0
  QPDF_Stream getStreamData 0
  QPDF_Stream expand filter abbreviation 0
@@ -109,7 +109,7 @@ diff -up qpdf-8.1.0/qpdf/qpdf.testcov.erase-tests-with-generated-object-stream q
  QPDF stream without newline 0
  QPDF stream with CR only 0
  QPDF stream with CRNL 0
-@@ -264,8 +262,6 @@ qpdf pages range omitted at end 0
+@@ -261,8 +259,6 @@ qpdf pages range omitted at end 0
  qpdf pages range omitted in middle 0
  qpdf npages 0
  QPDF already reserved object 0
@@ -118,10 +118,10 @@ diff -up qpdf-8.1.0/qpdf/qpdf.testcov.erase-tests-with-generated-object-stream q
  QPDFWriter deterministic with no data 0
  qpdf-c called qpdf_set_deterministic_ID 0
  QPDFObjectHandle indirect with 0 objid 0
-diff -up qpdf-8.1.0/qpdf/qtest/qpdf.test.erase-tests-with-generated-object-stream qpdf-8.1.0/qpdf/qtest/qpdf.test
---- qpdf-8.1.0/qpdf/qtest/qpdf.test.erase-tests-with-generated-object-stream	2018-06-23 13:50:11.000000000 +0200
-+++ qpdf-8.1.0/qpdf/qtest/qpdf.test	2018-06-26 16:25:15.834347893 +0200
-@@ -1713,7 +1713,6 @@ my @capi = (
+diff -up qpdf-9.0.1/qpdf/qtest/qpdf.test.erase-tests-with-generated-object-stream qpdf-9.0.1/qpdf/qtest/qpdf.test
+--- qpdf-9.0.1/qpdf/qtest/qpdf.test.erase-tests-with-generated-object-stream	2019-09-20 14:07:56.000000000 +0200
++++ qpdf-9.0.1/qpdf/qtest/qpdf.test	2019-10-03 08:05:23.816400429 +0200
+@@ -2584,7 +2584,6 @@ my @capi = (
      [3, 'normalized content'],
      [4, 'ignore xref streams'],
      [5, 'linearized'],
@@ -129,7 +129,7 @@ diff -up qpdf-8.1.0/qpdf/qtest/qpdf.test.erase-tests-with-generated-object-strea
      [7, 'qdf'],
      [8, 'no original object ids'],
      [9, 'uncompressed streams'],
-@@ -1757,8 +1756,8 @@ $td->runtest("write damaged",
+@@ -2628,8 +2627,8 @@ $td->runtest("write damaged",
  show_ntests();
  # ----------
  $td->notify("--- Deterministic ID Tests ---");

qpdf-relax.patch

@@ -0,0 +1,155 @@
+diff -up qpdf-9.0.1/libqpdf/QPDF.cc.relax qpdf-9.0.1/libqpdf/QPDF.cc
+--- qpdf-9.0.1/libqpdf/QPDF.cc.relax	2019-09-20 14:07:56.000000000 +0200
++++ qpdf-9.0.1/libqpdf/QPDF.cc	2019-10-01 13:15:46.513551565 +0200
+@@ -10,6 +10,10 @@
+ #include <string.h>
+ #include <memory.h>
+ 
++#ifdef HAVE_GNUTLS
++# include <gnutls/crypto.h>
++#endif
++
+ #include <qpdf/QTC.hh>
+ #include <qpdf/QUtil.hh>
+ #include <qpdf/Pipeline.hh>
+@@ -207,7 +211,13 @@ QPDF::processFile(char const* filename,
+ {
+     FileInputSource* fi = new FileInputSource();
+     fi->setFilename(filename);
++#ifdef HAVE_GNUTLS
++    GNUTLS_FIPS140_SET_LAX_MODE();
++#endif
+     processInputSource(fi, password);
++#ifdef HAVE_GNUTLS
++    GNUTLS_FIPS140_SET_STRICT_MODE();
++#endif
+ }
+ 
+ void
+@@ -216,7 +226,13 @@ QPDF::processFile(char const* descriptio
+ {
+     FileInputSource* fi = new FileInputSource();
+     fi->setFile(description, filep, close_file);
++#ifdef HAVE_GNUTLS
++    GNUTLS_FIPS140_SET_LAX_MODE();
++#endif
+     processInputSource(fi, password);
++#ifdef HAVE_GNUTLS
++    GNUTLS_FIPS140_SET_STRICT_MODE();
++#endif
+ }
+ 
+ void
+diff -up qpdf-9.0.1/libqpdf/QPDF_encryption.cc.relax qpdf-9.0.1/libqpdf/QPDF_encryption.cc
+--- qpdf-9.0.1/libqpdf/QPDF_encryption.cc.relax	2019-09-20 14:07:56.000000000 +0200
++++ qpdf-9.0.1/libqpdf/QPDF_encryption.cc	2019-10-01 13:19:56.086467631 +0200
+@@ -1,6 +1,8 @@
+ // This file implements methods from the QPDF class that involve
+ // encryption.
+ 
++#include <qpdf/qpdf-config.h>
++
+ #include <qpdf/QPDF.hh>
+ 
+ #include <qpdf/QPDFExc.hh>
+@@ -18,6 +20,10 @@
+ #include <assert.h>
+ #include <string.h>
+ 
++#ifdef HAVE_GNUTLS
++# include <gnutls/crypto.h>
++#endif
++
+ static unsigned char const padding_string[] = {
+     0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41,
+     0x64, 0x00, 0x4e, 0x56, 0xff, 0xfa, 0x01, 0x08,
+@@ -1140,6 +1146,12 @@ QPDF::getKeyForObject(
+ void
+ QPDF::decryptString(std::string& str, int objid, int generation)
+ {
++#ifdef HAVE_GNUTLS
++    unsigned oldmode = gnutls_fips140_mode_enabled();
++
++    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
++#endif
++
+     if (objid == 0)
+     {
+ 	return;
+@@ -1220,6 +1232,10 @@ QPDF::decryptString(std::string& str, in
+ 		      QUtil::int_to_string(objid) + " " +
+ 		      QUtil::int_to_string(generation) + ": " + e.what());
+     }
++
++#ifdef HAVE_GNUTLS
++    gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
++#endif
+ }
+ 
+ void
+@@ -1231,6 +1247,12 @@ QPDF::decryptStream(PointerHolder<Encryp
+                     bool is_attachment_stream,
+ 		    std::vector<PointerHolder<Pipeline> >& heap)
+ {
++#ifdef HAVE_GNUTLS
++    unsigned oldmode = gnutls_fips140_mode_enabled();
++
++    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
++#endif
++
+     std::string type;
+     if (stream_dict.getKey("/Type").isName())
+     {
+@@ -1360,6 +1382,10 @@ QPDF::decryptStream(PointerHolder<Encryp
+                               toI(key.length()));
+     }
+     heap.push_back(pipeline);
++
++#ifdef HAVE_GNUTLS
++    gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
++#endif
+ }
+ 
+ void
+diff -up qpdf-9.0.1/libqpdf/QPDFWriter.cc.relax qpdf-9.0.1/libqpdf/QPDFWriter.cc
+--- qpdf-9.0.1/libqpdf/QPDFWriter.cc.relax	2019-09-20 14:07:56.000000000 +0200
++++ qpdf-9.0.1/libqpdf/QPDFWriter.cc	2019-10-01 13:16:49.665013937 +0200
+@@ -24,6 +24,10 @@
+ #include <algorithm>
+ #include <stdlib.h>
+ 
++#ifdef HAVE_GNUTLS
++#include <gnutls/crypto.h>
++#endif
++
+ QPDFWriter::Members::Members(QPDF& pdf) :
+     pdf(pdf),
+     filename("unspecified"),
+@@ -321,6 +325,13 @@ void
+ QPDFWriter::setDeterministicID(bool val)
+ {
+     this->m->deterministic_id = val;
++
++#ifdef HAVE_GNUTLS
++    if (val)
++	GNUTLS_FIPS140_SET_LAX_MODE();
++    else
++	GNUTLS_FIPS140_SET_STRICT_MODE();
++#endif
+ }
+ 
+ void
+@@ -342,6 +353,13 @@ void
+ QPDFWriter::setPreserveEncryption(bool val)
+ {
+     this->m->preserve_encryption = val;
++
++#ifdef HAVE_GNUTLS
++    if (val)
++	GNUTLS_FIPS140_SET_STRICT_MODE();
++    else
++	GNUTLS_FIPS140_SET_LAX_MODE();
++#endif
+ }
+ 
+ void

qpdf.spec

@@ -1,7 +1,7 @@
 Summary: Command-line tools and library for transforming PDF files
 Name:    qpdf
-Version: 8.4.2
-Release: 2%{?dist}
+Version: 9.1.0
+Release: 1%{?dist}
 # MIT: e.g. libqpdf/sha2.c
 # upstream uses ASL 2.0 now, but he allowed other to distribute qpdf under
 # old license (see README)
@@ -13,6 +13,8 @@ Patch0:  qpdf-doc.patch
 # zlib has optimalization for aarch64 now, which gives different output after
 # compression - patch erases 3 tests with generated object stream which were failing
 Patch2:  qpdf-erase-tests-with-generated-object-stream.patch
+# make qpdf working under FIPS, downstream patch
+Patch3:  qpdf-relax.patch
 
 # gcc and gcc-c++ are no longer in buildroot by default
 # gcc is needed for qpdf-ctest.c
@@ -24,10 +26,14 @@ BuildRequires: zlib-devel
 BuildRequires: libjpeg-turbo-devel
 BuildRequires: pcre-devel
 
+# for gnutls crypto
+BuildRequires: gnutls-devel
+
 # for fix-qdf and test suite
 BuildRequires: perl-interpreter
 BuildRequires: perl-generators
 BuildRequires: perl(Digest::MD5)
+BuildRequires: perl(Digest::SHA)
 
 # for autoreconf
 BuildRequires: autoconf
@@ -75,6 +81,7 @@ QPDF Manual
 %ifarch aarch64
 %patch2 -p1 -b .erase-tests-with-generated-object-stream
 %endif
+%patch3 -p1 -b .relax
 
 sed -i -e '1s,^#!/usr/bin/env perl,#!/usr/bin/perl,' qpdf/fix-qdf
 
@@ -86,6 +93,8 @@ autoreconf --verbose --force --install
 ./autogen.sh
 
 %configure --disable-static \
+           --enable-crypto-gnutls \
+           --disable-implicit-crypto \
            --enable-show-failed-test-output
 
 %make_build
@@ -109,8 +118,8 @@ make check
 %files libs
 %doc README.md TODO ChangeLog
 %license Artistic-2.0
-%{_libdir}/libqpdf.so.21
-%{_libdir}/libqpdf.so.21.4.2
+%{_libdir}/libqpdf.so.26
+%{_libdir}/libqpdf.so.26.1.0
 
 %files devel
 %doc examples/*.cc examples/*.c
@@ -123,6 +132,9 @@ make check
 
 
 %changelog
+* Tue Nov 19 2019 Zdenek Dohnal <zdohnal@redhat.com> - 9.1.0-1
+- 9.1.0
+
 * Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 8.4.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 

sources

@@ -1 +1 @@
-SHA512 (qpdf-8.4.2.tar.gz) = 9cde046fb5e42dc331933294155583fb20408704a0cab3075cc3e97bd4643e3178e4162b8de7434aa2304097e7734f985fdc8e7b05cc028c37193dce91797f7a
+SHA512 (qpdf-9.1.0.tar.gz) = 7561ffc366dbce9df58cc85ff18480b28b0d46de04733ba463139188bee95690f92cf0960a328619f0c9f34ce865598db490fa1c6aaa76ee87d2c034a5f7f57e