Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-10-31 | Fix stack overflow on direct root (fuzz issue 26761) | Jay Berkenbilt | |
2020-10-31 | Add comments explaining the foreign object copying code | Jay Berkenbilt | |
These are the comments I would have liked to have been able to read while fixing #449 and #478. | |||
2020-10-31 | Fix foreign stream copying bug (fixes #478) | Jay Berkenbilt | |
This reverts an incorrect fix to #449 and codes it properly. The real problem was that we were looking at the local dictionaries rather than the foreign dictionaries when saving the foreign stream data. In the case of direct objects, these happened to be the same, but in the case of indirect objects, the object references could be pointing anywhere since object numbers don't match up between the old and new files. | |||
2020-10-31 | Better indirect filter test case | Jay Berkenbilt | |
The test suite now contains test cases that fail with both 10.0.1 and 10.0.2 and reproduce the internal error from #449. | |||
2020-10-27 | Run CI Fuzz integration on push as well as pull request | Jay Berkenbilt | |
2020-10-27 | Remove C++-11 notes from TODO | Jay Berkenbilt | |
2020-10-27 | Fix a few maintainer notes | Jay Berkenbilt | |
2020-10-27 | Prepare 10.0.2 releaserelease-qpdf-10.0.2 | Jay Berkenbilt | |
2020-10-27 | Improve efficiency of number to string conversion | Jay Berkenbilt | |
2020-10-27 | Revert removal of unreadCh change for performance | Jay Berkenbilt | |
Turns out unreadCh is much more efficient than seek(-1, SEEK_CUR). Update comments and code to reflect this. | |||
2020-10-27 | Spell check | Jay Berkenbilt | |
2020-10-27 | Release notes for 10.0.2 | Jay Berkenbilt | |
2020-10-26 | Add some missing ChangeLog entries | Jay Berkenbilt | |
2020-10-25 | Use sha256 for signing release files | Jay Berkenbilt | |
2020-10-25 | Build Windows releases with openssl; automate external libraries | Jay Berkenbilt | |
External libraries for Windows are now built automatically in the qpdf/external-libs repository and include openssl in addition to zlib and jpeg. Use these, and update the Windows build to build with the openssl crypto provider by default. We leave the native crypto provider enabled in case there is a problem with openssl and also to continue to exercise that code. | |||
2020-10-25 | Make libtests depend on qpdf | Jay Berkenbilt | |
We need to run qpdf --show-crypto. | |||
2020-10-23 | TODO and comments item for pipeContentStreams | Jay Berkenbilt | |
2020-10-23 | With --no-warn, suppress warnings in split-pages | Jay Berkenbilt | |
Warnings issued on the output QPDF object were not suppressing warnings since that option was only set on the input QPDF object. | |||
2020-10-23 | Update fuzz issue list | Jay Berkenbilt | |
2020-10-23 | Avoid merging adjacent tokens when concatenating contents (fixes #444) | Jay Berkenbilt | |
2020-10-23 | Fix fix-qdf for empty streams | Jay Berkenbilt | |
2020-10-23 | Fix outdated comment in QPDFTokenizer.hh | Jay Berkenbilt | |
2020-10-22 | Avoid leak by resolving object streams more than once (fuzz issue 23642) | Jay Berkenbilt | |
2020-10-22 | Minor code cleanup | Jay Berkenbilt | |
* Return rather than exiting from realmain in qpdf.cc * Remove extraneous blank line * Don't assign temporary to const reference | |||
2020-10-22 | Handle jpeg library fuzz false positives | Jay Berkenbilt | |
The jpeg library has some assembly code that is missed by the compiler instrumentation used by memory sanitization. There is a runtime environment variable that is used to work around this issue. | |||
2020-10-22 | Check for overflow in page labels (fuzz issue 23599) | Jay Berkenbilt | |
2020-10-22 | Add range_check method to QIntC | Jay Berkenbilt | |
2020-10-22 | Fix loop detection error (fuzz issue 23172) | Jay Berkenbilt | |
2020-10-22 | Update fuzz information | Jay Berkenbilt | |
2020-10-22 | Obscure bug fix copying foreign streams in special cases (fixes #449) | Jay Berkenbilt | |
Specifically, if a stream had its stream data replaced and had indirect /Filter or /DecodeParms, it would result in non-silent loss of data and/or internal error. | |||
2020-10-21 | Restore accidentally removed lgtm banner | Jay Berkenbilt | |
2020-10-21 | TODO: reminder to check work-related issues | Jay Berkenbilt | |
2020-10-21 | Turn off azure pipelines, completing migration to GitHub Actions | Jay Berkenbilt | |
2020-10-21 | Protect numeric conversion against user's locale (fixes #459) | Jay Berkenbilt | |
2020-10-21 | Remove some fuzz files with Mal/PDFEx-H (fixes #460) | Jay Berkenbilt | |
There isn't really an issue with these files causing a real problem, but malware and virus checkers trip on them, and the value to leaving them in the test suite is too low to be worth the hassle. | |||
2020-10-21 | Build on a schedule and use latest versions of runners | Jay Berkenbilt | |
2020-10-21 | Add automated test for shell wildcard expansion | Jay Berkenbilt | |
Wildcard expansion is different in Windows from non-Windows and sometimes requires special link options to work. Add tests that fail if we link incorrectly. | |||
2020-10-21 | Create a minimal Linux binary distribution (fixes #352) | Jay Berkenbilt | |
This is suitable for use as a Lambda layer in AWS, inclusion in a docker container, or other places where a minimal binary distribution is desired. | |||
2020-10-21 | Add option --warning-exit-0 to exit 0 instead of 3 with warnings | Jay Berkenbilt | |
2020-10-20 | Fix another case of errors written to stdout (fixes #438) | Jay Berkenbilt | |
2020-10-20 | Ignore some paths for triggering build in CI | Jay Berkenbilt | |
2020-10-20 | TODO: Build issues including Windows external libraries | Jay Berkenbilt | |
2020-10-20 | Add --disable-rpath to configure (fixes #422) | Jay Berkenbilt | |
2020-10-18 | Stop using InputSource::unreadCh | Jay Berkenbilt | |
2020-10-17 | TODO | Jay Berkenbilt | |
2020-10-17 | TODO and ChangeLog updates from merged pull requests | Jay Berkenbilt | |
2020-10-17 | Check integer overflow in resolveObjectsInStream | Dean Scarff | |
Fixes a crash found by fuzzing. | |||
2020-10-17 | Properly detect OPENSSL_IS_BORINGSSL | Dean Scarff | |
OPENSSL_IS_BORINGSSL is not actually set by configure, so it will be undefined until a BoringSSL header is included. Hence the #ifdef logic in QPDFCrypto_openssl.h would usually never apply. This still worked because evp.h transitively included BoringSSL's cipher.h and digest.h, but the latter are the correct (documented) headers. By re-ordering the includes, we can ensure the macro is defined when we use it. Also: fix case in the header guards. | |||
2020-10-17 | Update OpenSSL autoconf checks | Dean Scarff | |
- Checks explicitly for versions >= 1.1.0 with pkg-config - Refactor the fallback checks. Previously they were copied from the gnutls logic, but could be slightly surprising (it's not obvious that they're for the case where pkg-config returns a false negative, and it's weird that the linker check overode the header check) - Fix the AC_SEARCH_LIBS check to try -lcrypto instead of -lopenssl (-lcrypto is the standard library OpenSSL ships the crypto symbols in). - Fix the AC_SEARCH_LIBS check to look for EVP_MD_CTX_new, which is not present in versions prior to 1.1.0. Fixes qpdf/qpdf#429 (although I haven't verified on cygwin) | |||
2020-10-17 | Include detailed OpenSSL error messages | Dean Scarff | |
Fixes qpdf/qpdf#450 |