.gitignore

@@ -1,2 +1,34 @@
-SOURCES/qpdf-7.1.1.tar.gz
+/qpdf-3.0.1.tar.gz
+/qpdf-3.0.2.tar.gz
+/qpdf-4.0.0.tar.gz
+/qpdf-4.0.1.tar.gz
+/qpdf-4.1.0.tar.gz
+/qpdf-4.2.0.tar.gz
+/qpdf-5.0.0.tar.gz
+/qpdf-5.0.1.tar.gz
+/qpdf-5.1.0.tar.gz
+/qpdf-5.1.1.tar.gz
+/qpdf-5.1.2.tar.gz
+/qpdf-5.1.3.tar.gz
+/qpdf-5.2.0.tar.gz
+/qpdf-6.0.0.tar.gz
+/qpdf-7.0.0.tar.gz
 /qpdf-7.1.1.tar.gz
+/qpdf-8.0.0.tar.gz
+/qpdf-8.0.1.tar.gz
+/qpdf-8.0.2.tar.gz
+/qpdf-8.1.0.tar.gz
+/qpdf-8.2.1.tar.gz
+/qpdf-8.3.0.tar.gz
+/qpdf-8.4.0.tar.gz
+/qpdf-8.4.2.tar.gz
+/qpdf-9.0.1.tar.gz
+/qpdf-9.1.0.tar.gz
+/qpdf-9.1.1.tar.gz
+/qpdf-10.0.1.tar.gz
+/qpdf-10.0.3.tar.gz
+/qpdf-10.0.4.tar.gz
+/qpdf-10.1.0.tar.gz
+/qpdf-10.2.0.tar.gz
+/qpdf-10.3.0.tar.gz
+/qpdf-10.3.1.tar.gz

gating.yaml

@@ -1,7 +1,8 @@
 --- !Policy
 product_versions:
-    - rhel-8
+    - rhel-9
 decision_context: osci_compose_gate
 rules:
     - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
     - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}
+    - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.acceptance-tier.functional}

qpdf-CVE-2018-9918.patch

@@ -1,55 +0,0 @@
-diff -up qpdf-7.1.1/libqpdf/QPDFObjectHandle.cc.CVE-2018-9918 qpdf-7.1.1/libqpdf/QPDFObjectHandle.cc
---- qpdf-7.1.1/libqpdf/QPDFObjectHandle.cc.CVE-2018-9918	2018-02-05 00:31:42.000000000 +0100
-+++ qpdf-7.1.1/libqpdf/QPDFObjectHandle.cc	2018-04-16 15:35:36.378343714 +0200
-@@ -1054,12 +1054,26 @@ QPDFObjectHandle::parseInternal(PointerH
- 
- 	  case QPDFTokenizer::tt_array_open:
- 	  case QPDFTokenizer::tt_dict_open:
--            olist_stack.push_back(std::vector<QPDFObjectHandle>());
--            state = st_start;
--            offset_stack.push_back(input->tell());
--            state_stack.push_back(
--                (token.getType() == QPDFTokenizer::tt_array_open) ?
--                st_array : st_dictionary);
-+            if (olist_stack.size() > 500)
-+            {
-+		QTC::TC("qpdf", "QPDFObjectHandle too deep");
-+                warn(context,
-+                     QPDFExc(qpdf_e_damaged_pdf, input->getName(),
-+                             object_description,
-+                             input->getLastOffset(),
-+                             "ignoring excessively deeply nested data structure"));
-+                object = newNull();
-+                state = st_top;
-+            }
-+            else
-+            {
-+                olist_stack.push_back(std::vector<QPDFObjectHandle>());
-+                state = st_start;
-+                offset_stack.push_back(input->tell());
-+                state_stack.push_back(
-+                    (token.getType() == QPDFTokenizer::tt_array_open) ?
-+                    st_array : st_dictionary);
-+            }
- 	    break;
- 
- 	  case QPDFTokenizer::tt_bool:
-diff -up qpdf-7.1.1/qpdf/qpdf.testcov.CVE-2018-9918 qpdf-7.1.1/qpdf/qpdf.testcov
---- qpdf-7.1.1/qpdf/qpdf.testcov.CVE-2018-9918	2018-02-05 00:31:42.000000000 +0100
-+++ qpdf-7.1.1/qpdf/qpdf.testcov	2018-04-16 15:35:36.379343705 +0200
-@@ -302,3 +302,4 @@ qpdf-c called qpdf_set_compress_streams
- qpdf-c called qpdf_set_preserve_unreferenced_objects 0
- qpdf-c called qpdf_set_newline_before_endstream 0
- QPDF_Stream TIFF predictor 0
-+QPDFObjectHandle too deep 0
-diff -up qpdf-7.1.1/qpdf/qtest/qpdf/issue-146.out.CVE-2018-9918 qpdf-7.1.1/qpdf/qtest/qpdf/issue-146.out
---- qpdf-7.1.1/qpdf/qtest/qpdf/issue-146.out.CVE-2018-9918	2018-02-05 00:31:42.000000000 +0100
-+++ qpdf-7.1.1/qpdf/qtest/qpdf/issue-146.out	2018-04-16 15:53:17.499476948 +0200
-@@ -1,5 +1,5 @@
- WARNING: issue-146.pdf: file is damaged
- WARNING: issue-146.pdf: can't find startxref
- WARNING: issue-146.pdf: Attempting to reconstruct cross-reference table
--WARNING: issue-146.pdf (trailer, file position 20728): unknown token while reading object; treating as string
--issue-146.pdf (trailer, file position 20732): EOF while reading token
-+WARNING: issue-146.pdf (trailer, file position 695): ignoring excessively deeply nested data structure
-+issue-146.pdf: unable to find trailer dictionary while recovering damaged file

qpdf-doc.patch

@@ -1,6 +1,6 @@
-diff -up qpdf-4.1.0/manual/fix-qdf.1.in.doc qpdf-4.1.0/manual/fix-qdf.1.in
---- qpdf-4.1.0/manual/fix-qdf.1.in.doc	2013-04-14 21:03:51.000000000 +0200
-+++ qpdf-4.1.0/manual/fix-qdf.1.in	2013-05-23 18:12:21.506581935 +0200
+diff -up qpdf-8.2.1/manual/fix-qdf.1.in.doc qpdf-8.2.1/manual/fix-qdf.1.in
+--- qpdf-8.2.1/manual/fix-qdf.1.in.doc	2018-08-18 16:56:19.000000000 +0200
++++ qpdf-8.2.1/manual/fix-qdf.1.in	2018-09-24 14:24:26.340341484 +0200
 @@ -14,5 +14,4 @@ the same file with stream lengths, cross
  object stream offset tables regenerated.
  .PP
@@ -8,18 +8,18 @@ diff -up qpdf-4.1.0/manual/fix-qdf.1.in.doc qpdf-4.1.0/manual/fix-qdf.1.in
 -the qpdf manual, which can be found in @docdir@/qpdf-manual.html or
 -@docdir@/qpdf-manual.pdf.
 +the qpdf manual, which can be found in qpdf-doc package.
-diff -up qpdf-4.1.0/manual/qpdf.1.in.doc qpdf-4.1.0/manual/qpdf.1.in
---- qpdf-4.1.0/manual/qpdf.1.in.doc	2013-04-14 21:03:51.000000000 +0200
-+++ qpdf-4.1.0/manual/qpdf.1.in	2013-05-23 18:12:13.723690019 +0200
+diff -up qpdf-8.2.1/manual/qpdf.1.in.doc qpdf-8.2.1/manual/qpdf.1.in
+--- qpdf-8.2.1/manual/qpdf.1.in.doc	2018-09-24 14:24:26.340341484 +0200
++++ qpdf-8.2.1/manual/qpdf.1.in	2018-09-24 14:26:18.171462618 +0200
 @@ -16,4 +16,4 @@ useful primarily to PDF developers.
  .PP
  For a summary of qpdf's options, please run
- \fBqpdf --help\fR.  A complete manual can be found in
+ \fBqpdf \-\-help\fR.  A complete manual can be found in
 -@docdir@/qpdf-manual.html or @docdir@/qpdf-manual.pdf.
 +qpdf-doc package.
-diff -up qpdf-4.1.0/manual/zlib-flate.1.in.doc qpdf-4.1.0/manual/zlib-flate.1.in
---- qpdf-4.1.0/manual/zlib-flate.1.in.doc	2013-04-14 21:03:51.000000000 +0200
-+++ qpdf-4.1.0/manual/zlib-flate.1.in	2013-05-23 18:12:07.571775453 +0200
+diff -up qpdf-8.2.1/manual/zlib-flate.1.in.doc qpdf-8.2.1/manual/zlib-flate.1.in
+--- qpdf-8.2.1/manual/zlib-flate.1.in.doc	2018-08-18 16:56:19.000000000 +0200
++++ qpdf-8.2.1/manual/zlib-flate.1.in	2018-09-24 14:24:26.340341484 +0200
 @@ -21,6 +21,6 @@ This program should not be used as a gen
  tool.  Use something like gzip(1) instead.
  .PP

qpdf-erase-tests-with-generated-object-stream.patch

@@ -0,0 +1,147 @@
+diff -up qpdf-10.2.0/examples/qtest/filter-tokens.test.erase-tests-with-generated-object-stream qpdf-10.2.0/examples/qtest/filter-tokens.test
+--- qpdf-10.2.0/examples/qtest/filter-tokens.test.erase-tests-with-generated-object-stream	2021-02-24 12:45:32.347357149 +0100
++++ qpdf-10.2.0/examples/qtest/filter-tokens.test	2021-02-24 12:47:01.379611993 +0100
+@@ -15,13 +15,9 @@ $td->runtest("filter tokens",
+ 	     {$td->COMMAND => "pdf-filter-tokens in.pdf a.pdf"},
+ 	     {$td->STRING => "", $td->EXIT_STATUS => 0});
+ 
+-$td->runtest("check output",
+-	     {$td->FILE => "a.pdf"},
+-	     {$td->FILE => "out.pdf"});
+-
+ cleanup();
+ 
+-$td->report(2);
++$td->report(1);
+ 
+ sub cleanup
+ {
+diff -up qpdf-10.2.0/examples/qtest/invert-images.test.erase-tests-with-generated-object-stream qpdf-10.2.0/examples/qtest/invert-images.test
+--- qpdf-10.2.0/examples/qtest/invert-images.test.erase-tests-with-generated-object-stream	2021-02-23 16:41:58.000000000 +0100
++++ qpdf-10.2.0/examples/qtest/invert-images.test	2021-02-24 12:45:32.347357149 +0100
+@@ -19,13 +19,13 @@ $td->runtest("invert images",
+ 	      $td->EXIT_STATUS => 0},
+ 	     $td->NORMALIZE_NEWLINES);
+ 
+-$td->runtest("check output",
+-	     {$td->FILE => "a.pdf"},
+-	     {$td->FILE => "out.pdf"});
++#$td->runtest("check output",
++#	     {$td->FILE => "a.pdf"},
++#	     {$td->FILE => "out.pdf"});
+ 
+ cleanup();
+ 
+-$td->report(2);
++$td->report(1);
+ 
+ sub cleanup
+ {
+diff -up qpdf-10.2.0/examples/qtest/set-form-values.test.erase-tests-with-generated-object-stream qpdf-10.2.0/examples/qtest/set-form-values.test
+--- qpdf-10.2.0/examples/qtest/set-form-values.test.erase-tests-with-generated-object-stream	2021-02-23 16:41:58.000000000 +0100
++++ qpdf-10.2.0/examples/qtest/set-form-values.test	2021-02-24 12:45:32.347357149 +0100
+@@ -14,13 +14,10 @@ cleanup();
+ $td->runtest("set form values",
+ 	     {$td->COMMAND => "pdf-set-form-values form-in.pdf a.pdf soup"},
+ 	     {$td->STRING => "", $td->EXIT_STATUS => 0});
+-$td->runtest("compare files",
+-	     {$td->FILE => "a.pdf"},
+-	     {$td->FILE => "form-out.pdf"});
+ 
+ cleanup();
+ 
+-$td->report(2);
++$td->report(1);
+ 
+ sub cleanup
+ {
+diff -up qpdf-10.2.0/libqpdf/qpdf-c.cc.erase-tests-with-generated-object-stream qpdf-10.2.0/libqpdf/qpdf-c.cc
+--- qpdf-10.2.0/libqpdf/qpdf-c.cc.erase-tests-with-generated-object-stream	2021-02-23 16:41:58.000000000 +0100
++++ qpdf-10.2.0/libqpdf/qpdf-c.cc	2021-02-24 12:45:32.348357141 +0100
+@@ -331,7 +331,6 @@ QPDF_ERROR_CODE qpdf_read_memory(qpdf_da
+     qpdf->size = size;
+     qpdf->password = password;
+     status = trap_errors(qpdf, &call_read_memory);
+-    QTC::TC("qpdf", "qpdf-c called qpdf_read_memory", status);
+     return status;
+ }
+ 
+@@ -542,7 +541,6 @@ unsigned char const* qpdf_get_buffer(qpd
+ 
+ void qpdf_set_object_stream_mode(qpdf_data qpdf, qpdf_object_stream_e mode)
+ {
+-    QTC::TC("qpdf", "qpdf-c called qpdf_set_object_stream_mode");
+     qpdf->qpdf_writer->setObjectStreamMode(mode);
+ }
+ 
+diff -up qpdf-10.2.0/libqpdf/QPDFWriter.cc.erase-tests-with-generated-object-stream qpdf-10.2.0/libqpdf/QPDFWriter.cc
+--- qpdf-10.2.0/libqpdf/QPDFWriter.cc.erase-tests-with-generated-object-stream	2021-02-23 16:41:58.000000000 +0100
++++ qpdf-10.2.0/libqpdf/QPDFWriter.cc	2021-02-24 12:45:32.348357141 +0100
+@@ -3445,8 +3445,6 @@ QPDFWriter::writeLinearized()
+ 	{
+             if (this->m->deterministic_id)
+             {
+-                QTC::TC("qpdf", "QPDFWriter linearized deterministic ID",
+-                        need_xref_stream ? 0 : 1);
+                 computeDeterministicIDData();
+                 pp_md5 = 0;
+                 assert(this->m->md5_pipeline == 0);
+@@ -3654,8 +3652,6 @@ QPDFWriter::writeStandard()
+ 
+     if (this->m->deterministic_id)
+     {
+-	QTC::TC("qpdf", "QPDFWriter standard deterministic ID",
+-                this->m->object_stream_to_objects.empty() ? 0 : 1);
+         pp_md5 = 0;
+         assert(this->m->md5_pipeline == 0);
+     }
+diff -up qpdf-10.2.0/qpdf/qpdf.testcov.erase-tests-with-generated-object-stream qpdf-10.2.0/qpdf/qpdf.testcov
+--- qpdf-10.2.0/qpdf/qpdf.testcov.erase-tests-with-generated-object-stream	2021-02-23 16:41:58.000000000 +0100
++++ qpdf-10.2.0/qpdf/qpdf.testcov	2021-02-24 12:45:32.348357141 +0100
+@@ -123,7 +123,6 @@ qpdf-c called qpdf_get_user_password 0
+ qpdf-c called qpdf_is_linearized 0
+ qpdf-c called qpdf_is_encrypted 0
+ qpdf-c called qpdf_init_write 3
+-qpdf-c called qpdf_set_object_stream_mode 0
+ qpdf-c called qpdf_set_stream_data_mode 0
+ qpdf-c called qpdf_set_content_normalization 0
+ qpdf-c called qpdf_set_qdf_mode 0
+@@ -177,7 +176,6 @@ QPDFObjectHandle append page contents 0
+ QPDF_Stream getRawStreamData 0
+ QPDF_Stream getStreamData 0
+ QPDF_Stream expand filter abbreviation 0
+-qpdf-c called qpdf_read_memory 0
+ QPDF stream without newline 0
+ QPDF stream with CR only 0
+ QPDF stream with CRNL 0
+@@ -260,8 +258,6 @@ qpdf pages range omitted at end 0
+ qpdf pages range omitted in middle 0
+ qpdf npages 0
+ QPDF already reserved object 0
+-QPDFWriter standard deterministic ID 1
+-QPDFWriter linearized deterministic ID 1
+ QPDFWriter deterministic with no data 0
+ qpdf-c called qpdf_set_deterministic_ID 0
+ QPDFObjectHandle indirect with 0 objid 0
+diff -up qpdf-10.2.0/qpdf/qtest/qpdf.test.erase-tests-with-generated-object-stream qpdf-10.2.0/qpdf/qtest/qpdf.test
+--- qpdf-10.2.0/qpdf/qtest/qpdf.test.erase-tests-with-generated-object-stream	2021-02-23 16:41:58.000000000 +0100
++++ qpdf-10.2.0/qpdf/qtest/qpdf.test	2021-02-24 12:45:32.349357133 +0100
+@@ -3254,7 +3254,6 @@ my @capi = (
+     [3, 'normalized content'],
+     [4, 'ignore xref streams'],
+     [5, 'linearized'],
+-    [6, 'object streams'],
+     [7, 'qdf'],
+     [8, 'no original object ids'],
+     [9, 'uncompressed streams'],
+@@ -3298,8 +3297,8 @@ $td->runtest("write damaged",
+ show_ntests();
+ # ----------
+ $td->notify("--- Deterministic ID Tests ---");
+-$n_tests += 11;
+-foreach my $d ('nn', 'ny', 'yn', 'yy')
++$n_tests += 7;
++foreach my $d ('nn', 'yn')
+ {
+     my $linearize = ($d =~ m/^y/);
+     my $ostream = ($d =~ m/y$/);

qpdf-relax.patch

@@ -1,67 +1,67 @@
 diff --git a/libqpdf/QPDF.cc b/libqpdf/QPDF.cc
-index 3475afe..f93ba0d 100644
+index 3eeea86..2a6923c 100644
 --- a/libqpdf/QPDF.cc
 +++ b/libqpdf/QPDF.cc
-@@ -19,6 +19,10 @@
- #include <qpdf/QPDF_Null.hh>
- #include <qpdf/QPDF_Dictionary.hh>
+@@ -11,6 +11,10 @@
+ #include <string.h>
+ #include <memory.h>
  
-+#ifdef HAVE_GNUTLS
++#ifdef USE_CRYPTO_GNUTLS
 +# include <gnutls/crypto.h>
 +#endif
 +
- std::string QPDF::qpdf_version = "7.1.1";
- 
- static char const* EMPTY_PDF =
-@@ -139,7 +143,13 @@ QPDF::processFile(char const* filename, char const* password)
+ #include <qpdf/QTC.hh>
+ #include <qpdf/QUtil.hh>
+ #include <qpdf/Pipeline.hh>
+@@ -262,7 +266,13 @@ QPDF::processFile(char const* filename, char const* password)
  {
      FileInputSource* fi = new FileInputSource();
      fi->setFilename(filename);
-+#ifdef HAVE_GNUTLS
++#ifdef USE_CRYPTO_GNUTLS
 +    GNUTLS_FIPS140_SET_LAX_MODE();
 +#endif
      processInputSource(fi, password);
-+#ifdef HAVE_GNUTLS
++#ifdef USE_CRYPTO_GNUTLS
 +    GNUTLS_FIPS140_SET_STRICT_MODE();
 +#endif
  }
  
  void
-@@ -148,7 +158,13 @@ QPDF::processFile(char const* description, FILE* filep,
+@@ -271,7 +281,13 @@ QPDF::processFile(char const* description, FILE* filep,
  {
      FileInputSource* fi = new FileInputSource();
      fi->setFile(description, filep, close_file);
-+#ifdef HAVE_GNUTLS
++#ifdef USE_CRYPTO_GNUTLS
 +    GNUTLS_FIPS140_SET_LAX_MODE();
 +#endif
      processInputSource(fi, password);
-+#ifdef HAVE_GNUTLS
++#ifdef USE_CRYPTO_GNUTLS
 +    GNUTLS_FIPS140_SET_STRICT_MODE();
 +#endif
  }
  
  void
 diff --git a/libqpdf/QPDFWriter.cc b/libqpdf/QPDFWriter.cc
-index 0544640..48fe50d 100644
+index 689fef7..57df1eb 100644
 --- a/libqpdf/QPDFWriter.cc
 +++ b/libqpdf/QPDFWriter.cc
-@@ -23,6 +23,10 @@
+@@ -24,6 +24,10 @@
  #include <algorithm>
  #include <stdlib.h>
  
-+#ifdef HAVE_GNUTLS
++#ifdef USE_CRYPTO_GNUTLS
 +#include <gnutls/crypto.h>
 +#endif
 +
  QPDFWriter::Members::Members(QPDF& pdf) :
      pdf(pdf),
-     filename(0),
-@@ -323,6 +327,13 @@ void
+     filename("unspecified"),
+@@ -321,6 +325,13 @@ void
  QPDFWriter::setDeterministicID(bool val)
  {
      this->m->deterministic_id = val;
 +
-+#ifdef HAVE_GNUTLS
++#ifdef USE_CRYPTO_GNUTLS
 +    if (val)
 +	GNUTLS_FIPS140_SET_LAX_MODE();
 +    else
@@ -70,12 +70,12 @@ index 0544640..48fe50d 100644
  }
  
  void
-@@ -344,6 +355,13 @@ void
+@@ -342,6 +353,13 @@ void
  QPDFWriter::setPreserveEncryption(bool val)
  {
      this->m->preserve_encryption = val;
 +
-+#ifdef HAVE_GNUTLS
++#ifdef USE_CRYPTO_GNUTLS
 +    if (val)
 +	GNUTLS_FIPS140_SET_STRICT_MODE();
 +    else
@@ -84,8 +84,32 @@ index 0544640..48fe50d 100644
  }
  
  void
+@@ -2301,12 +2319,23 @@ QPDFWriter::generateID()
+ 	    }
+ 	}
+ 
++#ifdef USE_CRYPTO_GNUTLS
++    unsigned oldmode = gnutls_fips140_mode_enabled();
++
++    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
++#endif
++
+ 	MD5 m;
+ 	m.encodeString(seed.c_str());
+ 	MD5::Digest digest;
+ 	m.digest(digest);
+ 	result = std::string(reinterpret_cast<char*>(digest),
+                              sizeof(MD5::Digest));
++
++#ifdef USE_CRYPTO_GNUTLS
++    gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
++#endif
++
+     }
+ 
+     // If /ID already exists, follow the spec: use the original first
 diff --git a/libqpdf/QPDF_encryption.cc b/libqpdf/QPDF_encryption.cc
-index fd717c3..9b38914 100644
+index 2ff48df..ce6fb31 100644
 --- a/libqpdf/QPDF_encryption.cc
 +++ b/libqpdf/QPDF_encryption.cc
 @@ -1,6 +1,8 @@
@@ -101,18 +125,40 @@ index fd717c3..9b38914 100644
  #include <assert.h>
  #include <string.h>
  
-+#ifdef HAVE_GNUTLS
++#ifdef USE_CRYPTO_GNUTLS
 +# include <gnutls/crypto.h>
 +#endif
 +
  static unsigned char const padding_string[] = {
      0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41,
      0x64, 0x00, 0x4e, 0x56, 0xff, 0xfa, 0x01, 0x08,
-@@ -1084,6 +1090,12 @@ QPDF::getKeyForObject(int objid, int generation, bool use_aes)
+@@ -380,10 +386,21 @@ QPDF::compute_data_key(std::string const& encryption_key,
+ 	result += "sAlT";
+     }
+ 
++#ifdef USE_CRYPTO_GNUTLS
++    unsigned oldmode = gnutls_fips140_mode_enabled();
++
++    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
++#endif
++
+     MD5 md5;
+     md5.encodeDataIncrementally(result.c_str(), result.length());
+     MD5::Digest digest;
+     md5.digest(digest);
++
++#ifdef USE_CRYPTO_GNUTLS
++    gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
++#endif
++
+     return std::string(reinterpret_cast<char*>(digest),
+ 		       std::min(result.length(), toS(16)));
+ }
+@@ -1150,6 +1167,12 @@ QPDF::getKeyForObject(
  void
  QPDF::decryptString(std::string& str, int objid, int generation)
  {
-+#ifdef HAVE_GNUTLS
++#ifdef USE_CRYPTO_GNUTLS
 +    unsigned oldmode = gnutls_fips140_mode_enabled();
 +
 +    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
@@ -121,22 +167,22 @@ index fd717c3..9b38914 100644
      if (objid == 0)
      {
  	return;
-@@ -1162,6 +1174,10 @@ QPDF::decryptString(std::string& str, int objid, int generation)
+@@ -1230,6 +1253,10 @@ QPDF::decryptString(std::string& str, int objid, int generation)
  		      QUtil::int_to_string(objid) + " " +
  		      QUtil::int_to_string(generation) + ": " + e.what());
      }
 +
-+#ifdef HAVE_GNUTLS
++#ifdef USE_CRYPTO_GNUTLS
 +    gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
 +#endif
  }
  
  void
-@@ -1169,6 +1185,12 @@ QPDF::decryptStream(Pipeline*& pipeline, int objid, int generation,
+@@ -1240,6 +1267,12 @@ QPDF::decryptStream(PointerHolder<EncryptionParameters> encp,
  		    QPDFObjectHandle& stream_dict,
  		    std::vector<PointerHolder<Pipeline> >& heap)
  {
-+#ifdef HAVE_GNUTLS
++#ifdef USE_CRYPTO_GNUTLS
 +    unsigned oldmode = gnutls_fips140_mode_enabled();
 +
 +    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
@@ -145,12 +191,12 @@ index fd717c3..9b38914 100644
      std::string type;
      if (stream_dict.getKey("/Type").isName())
      {
-@@ -1297,6 +1319,10 @@ QPDF::decryptStream(Pipeline*& pipeline, int objid, int generation,
-                               key.length());
+@@ -1361,6 +1394,10 @@ QPDF::decryptStream(PointerHolder<EncryptionParameters> encp,
+                               toI(key.length()));
      }
      heap.push_back(pipeline);
 +
-+#ifdef HAVE_GNUTLS
++#ifdef USE_CRYPTO_GNUTLS
 +    gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
 +#endif
  }

qpdf-s390x-disable-streamtest.patch

@@ -0,0 +1,36 @@
+diff --git a/libqpdf/QPDFWriter.cc b/libqpdf/QPDFWriter.cc
+index fccefe0..2793191 100644
+--- a/libqpdf/QPDFWriter.cc
++++ b/libqpdf/QPDFWriter.cc
+@@ -2096,7 +2096,6 @@ QPDFWriter::writeObjectStream(QPDFObjectHandle object)
+                 // This condition occurred in a fuzz input. Ideally we
+                 // should block it at at parse time, but it's not
+                 // clear to me how to construct a case for this.
+-                QTC::TC("qpdf", "QPDFWriter stream in ostream");
+                 obj_to_write.warnIfPossible(
+                     "stream found inside object stream; treating as null");
+                 obj_to_write = QPDFObjectHandle::newNull();
+diff --git a/qpdf/qpdf.testcov b/qpdf/qpdf.testcov
+index b4e7c46..3e935d0 100644
+--- a/qpdf/qpdf.testcov
++++ b/qpdf/qpdf.testcov
+@@ -443,7 +443,6 @@ QPDF xref skipped space 0
+ QPDF eof skipping spaces before xref 1
+ QPDF_encryption user matches owner V < 5 0
+ QPDF_encryption same password 1
+-QPDFWriter stream in ostream 0
+ QPDFObjectHandle duplicate dict key 0
+ QPDFWriter no encryption sig contents 0
+ QPDFPageObjectHelper colorspace lookup 0
+diff --git a/qpdf/qtest/qpdf.test b/qpdf/qtest/qpdf.test
+index afb6668..b8f55a2 100644
+--- a/qpdf/qtest/qpdf.test
++++ b/qpdf/qtest/qpdf.test
+@@ -996,7 +996,6 @@ my @bug_tests = (
+     ["263", "empty xref stream", 2],
+     ["335a", "ozz-fuzz-12152", 2],
+     ["335b", "ozz-fuzz-14845", 2],
+-    ["fuzz-16214", "stream in object stream", 3],
+     # When adding to this list, consider adding to SEED_CORPUS_FILES
+     # in fuzz/build.mk and updating the count in fuzz/qtest/fuzz.test.
+     );

qpdf.spec

@@ -1,56 +1,78 @@
 Summary: Command-line tools and library for transforming PDF files
 Name:    qpdf
-Version: 7.1.1
-Release: 10%{?dist}
+Version: 10.3.1
+Release: 7%{?dist}
 # MIT: e.g. libqpdf/sha2.c
-# upstream uses ASL 2.0 now, but he allowed others to distribute qpdf under
+# upstream uses ASL 2.0 now, but he allowed other to distribute qpdf under
 # old license (see README)
 License: (Artistic 2.0 or ASL 2.0) and MIT
 URL:     http://qpdf.sourceforge.net/
 Source0: http://downloads.sourceforge.net/sourceforge/qpdf/qpdf-%{version}.tar.gz
 
 Patch0:  qpdf-doc.patch
-Patch1:  qpdf-CVE-2018-9918.patch
-Patch2:  qpdf-gnutls-crypto.patch
-Patch3:  qpdf-relax.patch
+# zlib has optimalization for aarch64 now, which gives different output after
+# compression - patch erases 3 tests with generated object stream which were failing
+Patch1:  qpdf-erase-tests-with-generated-object-stream.patch
+# make qpdf working under FIPS, downstream patch
+Patch2:  qpdf-relax.patch
+# 1950033 - Possible changes in zlib output causes FTBFS for qpdf
+Patch3:  qpdf-s390x-disable-streamtest.patch
 
 # gcc and gcc-c++ are no longer in buildroot by default
 # gcc is needed for qpdf-ctest.c
 BuildRequires: gcc
 # gcc-c++ is need for everything except for qpdf-ctest
 BuildRequires: gcc-c++
+# uses make
+BuildRequires: make
 
 BuildRequires: zlib-devel
 BuildRequires: libjpeg-turbo-devel
 BuildRequires: pcre-devel
 
+# for gnutls crypto
+BuildRequires: gnutls-devel
+
 # for fix-qdf and test suite
-BuildRequires: perl-interpreter
 BuildRequires: perl-generators
+BuildRequires: perl-interpreter
+BuildRequires: perl(Carp)
+BuildRequires: perl(Config)
+BuildRequires: perl(constant)
+BuildRequires: perl(Cwd)
 BuildRequires: perl(Digest::MD5)
+BuildRequires: perl(Digest::SHA)
+BuildRequires: perl(File::Basename)
+BuildRequires: perl(File::Copy)
+BuildRequires: perl(File::Find)
+BuildRequires: perl(File::Spec)
+BuildRequires: perl(FileHandle)
+BuildRequires: perl(IO::Handle)
+BuildRequires: perl(IO::Select)
+BuildRequires: perl(IO::Socket)
+BuildRequires: perl(POSIX)
+BuildRequires: perl(strict)
+# perl(Term::ANSIColor) - not needed for tests
+# perl(Term::ReadKey) - not needed for tests
 
 # for autoreconf
 BuildRequires: autoconf
 BuildRequires: automake
 BuildRequires: libtool
 
-# for crypto by gnutls
-BuildRequires: gnutls-devel
-BuildRequires: pkgconf-pkg-config
-
-Requires: qpdf-libs%{?_isa} = %{version}-%{release}
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 
 %package libs
 Summary: QPDF library for transforming PDF files
 
 %package devel
 Summary: Development files for QPDF library
-Requires: qpdf-libs%{?_isa} = %{version}-%{release}
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 
 %package doc
 Summary: QPDF Manual
 BuildArch: noarch
-Requires: qpdf-libs = %{version}-%{release}
+Requires: %{name}-libs = %{version}-%{release}
 
 %description
 QPDF is a command-line program that does structural, content-preserving
@@ -76,36 +98,37 @@ QPDF Manual
 
 # fix 'complete manual location' note in man pages
 %patch0 -p1 -b .doc
-#  CVE-2018-9918 qpdf: stack exhaustion in QPDFObjectHandle and QPDF_Dictionary classes in libqpdf.a [fedora-all]
-%patch1 -p1 -b .CVE-2018-9918
-# 1605101 - qpdf: should not re-implement crypto
-%patch2 -p1 -b .gnutls-crypto
-# 1605101 - downstream patch for relaxing crypto for deterministic id and decrypt
-%patch3 -p1 -b .relax
-
-sed -i -e '1s,^#!/usr/bin/env perl,#!/usr/bin/perl,' qpdf/fix-qdf
+%ifarch aarch64
+%patch1 -p1 -b .erase-tests-with-generated-object-stream
+%endif
+%patch2 -p1 -b .relax
+%ifarch s390x
+%patch3 -p1 -b .s390x-disable-streamtest
+%endif
 
 %build
 # work-around check-rpaths errors
 autoreconf --verbose --force --install
+# automake files needed to be regenerated in 8.4.0 - check if this can be removed
+# in the next qpdf release
+./autogen.sh
 
 %configure --disable-static \
-           --enable-show-failed-test-output \
-           --enable-gnutls
+           --enable-crypto-gnutls \
+           --disable-implicit-crypto \
+           --enable-show-failed-test-output
 
-make %{?_smp_mflags}
+%make_build
 
 %install
-make install DESTDIR=%{buildroot}
+%make_install
 
 rm -f %{buildroot}%{_libdir}/libqpdf.la
 
 %check
 make check
 
-%post libs -p /sbin/ldconfig
-
-%postun libs -p /sbin/ldconfig
+%ldconfig_scriptlets libs
 
 %files
 %{_bindir}/fix-qdf
@@ -116,12 +139,13 @@ make check
 %files libs
 %doc README.md TODO ChangeLog
 %license Artistic-2.0
-%{_libdir}/libqpdf*.so.*
+%{_libdir}/libqpdf.so.28
+%{_libdir}/libqpdf.so.28.3.1
 
 %files devel
 %doc examples/*.cc examples/*.c
-%{_includedir}/*
-%{_libdir}/libqpdf*.so
+%{_includedir}/qpdf/
+%{_libdir}/libqpdf.so
 %{_libdir}/pkgconfig/libqpdf.pc
 
 %files doc
@@ -129,24 +153,117 @@ make check
 
 
 %changelog
-* Tue Sep 10 2019 Zdenek Dohnal <zdohnal@redhat.com> - 7.1.1-10
-- used bad define in previous commit
+* Wed Jan 04 2023 Zdenek Dohnal <zdohnal@redhat.com> - 10.3.1-7
+- 2157765 - Ship qpdf-devel in CRB
 
-* Tue Sep 10 2019 Zdenek Dohnal <zdohnal@redhat.com> - 7.1.1-9
-- 1605101 - qpdf: should not re-implement crypto - episode II - relaxing crypto for decrypt
+* Fri Jul 15 2022 Zdenek Dohnal <zdohnal@redhat.com> - 10.3.1-6
+- 2106940 - FIPS breaks pdftopdf and bannertopdf
 
-* Thu Sep 05 2019 Zdenek Dohnal <zdohnal@redhat.com> - 7.1.1-8
-- 1605101 - qpdf: should not re-implement crypto
+* Wed Jun 29 2022 Zdenek Dohnal <zdohnal@redhat.com> - 10.3.1-5
+- 2095993 - Move qpdf to CRB repository
 
-* Tue Jul 24 2018 Zdenek Dohnal <zdohnal@redhat.com> - 7.1.1-7
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 10.3.1-4
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Tue Apr 20 2021 Zdenek Dohnal <zdohnal@redhat.com> - 10.3.1-3
+- 1950033 - Possible changes in zlib output causes FTBFS for qpdf
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 10.3.1-2
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Fri Mar 12 2021 Zdenek Dohnal <zdohnal@redhat.com> - 10.3.1-1
+- 1937988 - qpdf-10.3.1 is available
+
+* Thu Mar 11 2021 Zdenek Dohnal <zdohnal@redhat.com> - 10.3.0-1
+- 1935799 - qpdf-10.3.0 is available
+
+* Wed Feb 24 2021 Zdenek Dohnal <zdohnal@redhat.com> - 10.2.0-1
+- 1932052 - qpdf-10.2.0 is available
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 10.1.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Jan 11 2021 Zdenek Dohnal <zdohnal@redhat.com> - 10.1.0-1
+- 1912951 - qpdf-10.1.0 is available
+
+* Mon Nov 23 2020 Zdenek Dohnal <zdohnal@redhat.com> - 10.0.4-1
+- 1900262 - qpdf-10.0.4 is available
+
+* Thu Nov 05 2020 Zdenek Dohnal <zdohnal@redhat.com> - 10.0.3-2
+- make is no longer in buildroot by default
+
+* Mon Nov 02 2020 Zdenek Dohnal <zdohnal@redhat.com> - 10.0.3-1
+- 10.0.3
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 10.0.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Apr 14 2020 Zdenek Dohnal <zdohnal@redhat.com> - 10.0.1-1
+- 10.0.1
+
+* Wed Mar 25 2020 Jitka Plesnikova <jplesnik@redhat.com> - 9.1.1-3
+- Add all perl dependencies for tests
+
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 9.1.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Jan 27 2020 Zdenek Dohnal <zdohnal@redhat.com> - 9.1.1-1
+- 9.1.1
+
+* Tue Nov 19 2019 Zdenek Dohnal <zdohnal@redhat.com> - 9.1.0-1
+- 9.1.0
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 8.4.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri May 31 2019 Zdenek Dohnal <zdohnal@redhat.com> - 8.4.2-1
+- 8.4.2
+
+* Mon Mar 25 2019 Zdenek Dohnal <zdohnal@redhat.com> - 8.4.0-1
+- 8.4.0
+
+* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 8.3.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Jan 14 2019 Zdenek Dohnal <zdohnal@redhat.com> - 8.3.0-1
+- 8.3.0
+
+* Mon Sep 24 2018 Zdenek Dohnal <zdohnal@redhat.com> - 8.2.1-1
+- 8.2.1
+
+* Tue Jul 24 2018 Zdenek Dohnal <zdohnal@redhat.com> - 8.1.0-4
 - correcting license
 
-* Wed Jul 11 2018 Zdenek Dohnal <zdohnal@redhat.com> - 7.1.1-6
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 8.1.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Jul 11 2018 Zdenek Dohnal <zdohnal@redhat.com> - 8.1.0-2
 - ship license in correct tag, mention optional change of license
 
-* Mon Apr 16 2018 Zdenek Dohnal <zdohnal@redhat.com> - 7.1.1-5
+* Mon Jun 25 2018 Zdenek Dohnal <zdohnal@redhat.com> - 8.1.0-1
+- 8.1.0
+- more tests fail because aarch64 zlib optimization - add patch for it
+
+* Fri May 25 2018 Zdenek Dohnal <zdohnal@redhat.com> - 8.0.2-3
+- erase failing tests for aarch64 because of zlib optimization
+
+* Mon Apr 16 2018 Zdenek Dohnal <zdohnal@redhat.com>
 - CVE-2018-9918 qpdf: stack exhaustion in QPDFObjectHandle and QPDF_Dictionary classes in libqpdf.a [fedora-all] 
 
+* Wed Mar 07 2018 Zdenek Dohnal <zdohnal@redhat.com> - 8.0.2-1
+- 8.0.2
+
+* Mon Mar 05 2018 Zdenek Dohnal <zdohnal@redhat.com> - 8.0.1-1
+- 8.0.1
+
+* Tue Feb 27 2018 Rex Dieter <rdieter@fedoraproject.org> - 8.0.0-2
+- use %%license, %%ldconfig_scriptlets, %%make_build, %%make_install
+- %%files: track files more closely, libqpdf soname in particular
+
+* Mon Feb 26 2018 Zdenek Dohnal <zdohnal@redhat.com> - 8.0.0-1
+- rebase to 8.0.0
+
 * Mon Feb 19 2018 Zdenek Dohnal <zdohnal@redhat.com> - 7.1.1-4
 - gcc and gcc-c++ are no longer in buildroot by default
 

sources

@@ -1 +1 @@
-SHA512 (qpdf-7.1.1.tar.gz) = a75f988c7dd7ac174bdc981cd3696ca8b539ac6c581e3afecf601dc67277014cb4fe3f0e5cb75a67412cafa4eb645b2fc2d8a0ec203834464baf0c7e80baa0b4
+SHA512 (qpdf-10.3.1.tar.gz) = def94fe09770e67fe13bd3fc946667fc2935e7c448eb43602e15218e5b50f452e4f4152411f818115620e67934890c37203663537ac77ed1fcd4317e01a6d623