From 557bd3c26141b5e450de0fada2a27584a386125e Mon Sep 17 00:00:00 2001 From: Jay Berkenbilt Date: Sat, 22 Jun 2019 12:57:05 -0400 Subject: Start 9.0.0 release notes --- manual/qpdf-manual.xml | 158 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 158 insertions(+) (limited to 'manual') diff --git a/manual/qpdf-manual.xml b/manual/qpdf-manual.xml index 721ce845..59c452e8 100644 --- a/manual/qpdf-manual.xml +++ b/manual/qpdf-manual.xml @@ -4276,6 +4276,164 @@ print "\n"; ChangeLog in the source distribution. + + 9.0.0: XXX + + + + + Incompatible API (source-level) Changes (minor) + + + + + The method QUtil::strcasecmp has been + renamed to QUtil::str_compare_nocase. + This incompatible change is necessary to enable qpdf to + build on platforms that define + strcasecmp as a macro. + + + + + The QPDF::copyForeignObject method has + an overloaded version that took a boolean parameter that was + not used. If you were using this version, just omit the + extra parameter. + + + + + There was a version + QPDFTokenizer::expectInlineImage that + took no arguments. This version has been removed since it + caused the tokenizer to return incorrect inline images. A + new version was added some time ago that produces correct + output. This is a very low level method that doesn't make + sense to call outside of qpdf's lexical engine. There are + higher level methods for tokenizing content streams. + + + + + + + Bug Fixes + + + + + A small handful of memory issues, assertion failures, and + unhandled exceptions that could occur on badly mangled input + files have been fixed. Most of these problems were found by + Google's OSS-Fuzz project. + + + + + + + Build Changes + + + + + On platforms that support it, qpdf now builds with + . If you build qpdf with + your own build system, this is now safe to use. This + prevents methods that are not part of the public API from + being exported by the shared library, and makes qpdf's ELF + shared libraries (used on Linux, MacOS, and most other UNIX + flavors) behave more like the Windows DLL. Since the DLL + already behaves in much this way, it is unlikely that there + are any methods that were accidentally not exported. + However, with ELF shared libraries, typeinfo for some + classes has to be explicitly exported. If there are problems + in dynamically linked code catching exceptions or + subclassing, this could be the reason. If you see this, + please report a bug at pikepdf. + + + + + QPDF is now compiled with integer conversion and sign + conversion warnings enabled. Numerous changes were made to + the library to make this safe. + + + + + + + Library Enhancements + + + + + A new namespace QIntC, provided by + qpdf/QIntC.hh, provides safe conversion + methods between different integer types. These conversion + methods do range checking to ensure that the cast can be + performed with no loss of information. Every use of + static_cast in the library was + inspected to see if it could use one of these safe + converters instead. See for + additional details. + + + + + New methods have been added to QUtil + for converting back and forth between strings and unsigned + integers: uint_to_string, + uint_to_string_base, + string_to_uint, and + string_to_ull. + + + + + New methods have been added to + QPDFObjectHandle that return the + value of Integer objects as + int or unsigned int with range + checking and sensible fallback values, and a new method was + added to return an unsigned value. This makes it easier to + write code that is safe from unintentional data loss. + Functions: getUIntValue, + getIntVauleAsInt, + getUIntValueAsUInt. + + + + + A new helper method + QUtil::read_file_into_memory was added. + + + + + + + Other Notes + + + + + QPDF has been fully integrated into Google's OSS-Fuzz + project. This project exercises code with randomly + mutated inputs and is great for discovering hidden security + crashes and security issues. Several bugs found by oss-fuzz + have already been fixed in qpdf. + + + + + + + 8.4.2: May 18, 2019 -- cgit v1.2.3-54-g00ecf