2
1
mirror of https://github.com/qpdf/qpdf.git synced 2024-11-18 10:25:12 +00:00
Commit Graph

2006 Commits

Author SHA1 Message Date
Jay Berkenbilt
7120c4a748 Use sha256 for signing release files 2020-10-25 18:06:40 -04:00
Jay Berkenbilt
4e8d21d849 Build Windows releases with openssl; automate external libraries
External libraries for Windows are now built automatically in the
qpdf/external-libs repository and include openssl in addition to zlib
and jpeg. Use these, and update the Windows build to build with the
openssl crypto provider by default. We leave the native crypto
provider enabled in case there is a problem with openssl and also to
continue to exercise that code.
2020-10-25 18:06:16 -04:00
Jay Berkenbilt
026330ebcd Make libtests depend on qpdf
We need to run qpdf --show-crypto.
2020-10-24 19:16:46 -04:00
Jay Berkenbilt
fd13fe74ef TODO and comments item for pipeContentStreams 2020-10-23 16:53:58 -04:00
Jay Berkenbilt
f8e4b6161c With --no-warn, suppress warnings in split-pages
Warnings issued on the output QPDF object were not suppressing
warnings since that option was only set on the input QPDF object.
2020-10-23 16:27:51 -04:00
Jay Berkenbilt
e3248a8cd1 Update fuzz issue list 2020-10-23 11:08:44 -04:00
Jay Berkenbilt
b30deaeeab Avoid merging adjacent tokens when concatenating contents (fixes #444) 2020-10-23 08:00:04 -04:00
Jay Berkenbilt
0dea276997 Fix fix-qdf for empty streams 2020-10-23 06:39:42 -04:00
Jay Berkenbilt
802de87c30 Fix outdated comment in QPDFTokenizer.hh 2020-10-23 06:39:42 -04:00
Jay Berkenbilt
8a11feacc3 Avoid leak by resolving object streams more than once (fuzz issue 23642) 2020-10-22 15:39:36 -04:00
Jay Berkenbilt
30bb4c64ee Minor code cleanup
* Return rather than exiting from realmain in qpdf.cc
* Remove extraneous blank line
* Don't assign temporary to const reference
2020-10-22 15:39:36 -04:00
Jay Berkenbilt
232f5fc9f3 Handle jpeg library fuzz false positives
The jpeg library has some assembly code that is missed by the compiler
instrumentation used by memory sanitization. There is a runtime
environment variable that is used to work around this issue.
2020-10-22 06:31:52 -04:00
Jay Berkenbilt
c1684eae91 Check for overflow in page labels (fuzz issue 23599) 2020-10-22 05:49:24 -04:00
Jay Berkenbilt
7f4a4df919 Add range_check method to QIntC 2020-10-22 05:48:40 -04:00
Jay Berkenbilt
24196c08cb Fix loop detection error (fuzz issue 23172) 2020-10-22 05:48:35 -04:00
Jay Berkenbilt
6cc9489fd8 Update fuzz information 2020-10-22 05:11:36 -04:00
Jay Berkenbilt
956c8f6432 Obscure bug fix copying foreign streams in special cases (fixes #449)
Specifically, if a stream had its stream data replaced and had
indirect /Filter or /DecodeParms, it would result in non-silent loss
of data and/or internal error.
2020-10-21 19:23:23 -04:00
Jay Berkenbilt
ad96e1ad74 Restore accidentally removed lgtm banner 2020-10-21 17:19:57 -04:00
Jay Berkenbilt
725669f20e TODO: reminder to check work-related issues 2020-10-21 16:42:51 -04:00
Jay Berkenbilt
395efdf8d7 Turn off azure pipelines, completing migration to GitHub Actions 2020-10-21 16:42:51 -04:00
Jay Berkenbilt
98f6c00dad Protect numeric conversion against user's locale (fixes #459) 2020-10-21 16:42:51 -04:00
Jay Berkenbilt
ef127001b3 Remove some fuzz files with Mal/PDFEx-H (fixes #460)
There isn't really an issue with these files causing a real problem,
but malware and virus checkers trip on them, and the value to leaving
them in the test suite is too low to be worth the hassle.
2020-10-21 14:44:20 -04:00
Jay Berkenbilt
35014727f7 Build on a schedule and use latest versions of runners 2020-10-21 14:20:11 -04:00
Jay Berkenbilt
deeface146 Add automated test for shell wildcard expansion
Wildcard expansion is different in Windows from non-Windows and
sometimes requires special link options to work. Add tests that fail
if we link incorrectly.
2020-10-21 14:15:31 -04:00
Jay Berkenbilt
cfafac8d13 Create a minimal Linux binary distribution (fixes #352)
This is suitable for use as a Lambda layer in AWS, inclusion in a
docker container, or other places where a minimal binary distribution
is desired.
2020-10-21 10:07:34 -04:00
Jay Berkenbilt
758e3e38f5 Add option --warning-exit-0 to exit 0 instead of 3 with warnings 2020-10-20 18:02:39 -04:00
Jay Berkenbilt
90217e6686 Fix another case of errors written to stdout (fixes #438) 2020-10-20 17:48:55 -04:00
Jay Berkenbilt
c60af08a31 Ignore some paths for triggering build in CI 2020-10-20 17:28:44 -04:00
Jay Berkenbilt
b868ea141d TODO: Build issues including Windows external libraries 2020-10-20 17:26:09 -04:00
Jay Berkenbilt
56d96e2260 Add --disable-rpath to configure (fixes #422) 2020-10-20 17:18:20 -04:00
Jay Berkenbilt
bed165c9fc Stop using InputSource::unreadCh 2020-10-18 07:43:05 -04:00
Jay Berkenbilt
1a888ee3b1 TODO 2020-10-16 20:25:12 -04:00
Jay Berkenbilt
a3677ffe91 TODO and ChangeLog updates from merged pull requests 2020-10-16 20:15:14 -04:00
Dean Scarff
153060a0c5 Check integer overflow in resolveObjectsInStream
Fixes a crash found by fuzzing.
2020-10-16 20:09:24 -04:00
Dean Scarff
9a3791c53b Properly detect OPENSSL_IS_BORINGSSL
OPENSSL_IS_BORINGSSL is not actually set by configure, so it will be
undefined until a BoringSSL header is included.  Hence the #ifdef logic
in QPDFCrypto_openssl.h would usually never apply.

This still worked because evp.h transitively included BoringSSL's
cipher.h and digest.h, but the latter are the correct (documented)
headers.

By re-ordering the includes, we can ensure the macro is defined when we
use it.

Also: fix case in the header guards.
2020-10-16 20:04:36 -04:00
Dean Scarff
a99ad2b900 Update OpenSSL autoconf checks
- Checks explicitly for versions >= 1.1.0 with pkg-config
- Refactor the fallback checks.  Previously they were copied
from the gnutls logic, but could be slightly surprising (it's not
obvious that they're for the case where pkg-config returns a false
negative, and it's weird that the linker check overode the header check)
- Fix the AC_SEARCH_LIBS check to try -lcrypto instead of -lopenssl
(-lcrypto is the standard library OpenSSL ships the crypto symbols in).
- Fix the AC_SEARCH_LIBS check to look for EVP_MD_CTX_new, which is not
present in versions prior to 1.1.0.

Fixes qpdf/qpdf#429 (although I haven't verified on cygwin)
2020-10-16 20:04:36 -04:00
Dean Scarff
2ff84aa2c9 Include detailed OpenSSL error messages
Fixes qpdf/qpdf#450
2020-10-16 19:58:11 -04:00
James R. Barlow
3fc7c99d02 Replace memchr with manual memory search
On large files with predominantly \n line endings, memchr(..'\r'..)
seems to waste a considerable amount of time searching for a line
ending candidate that we don't need.

On the Adobe PDF Reference Manual 1.7, this commit is 8x faster at
QPDF::processMemoryFile().
2020-10-16 19:57:29 -04:00
oltolm
3221022fc9 fix WindowsCryptProvider fixes #432 2020-10-16 19:56:33 -04:00
Jay Berkenbilt
32245ca339 Trigger QPDF Build on build/* 2020-10-16 18:07:23 -04:00
Jay Berkenbilt
894d1c650c Minor notes on GitHub Actions migration 2020-10-16 17:52:43 -04:00
Jay Berkenbilt
92635d1203 Add GitHub Actions workflow 2020-10-16 17:34:21 -04:00
Jay Berkenbilt
1019ed5758 Fix to TestDriver.pm (qtest) 2020-10-16 17:15:39 -04:00
Jay Berkenbilt
18b34a5649 InputSource::unreadCh -- only unread most recently read character
This is all that ever worked. The test suite was trying to do
something different from ClosedFileInputSource.
2020-10-16 17:15:39 -04:00
Jay Berkenbilt
9a4d3534a1 Split distfiles into a separate job 2020-10-16 14:16:26 -04:00
Jay Berkenbilt
ba17370ff5 Make build-scripts portable for GitHub Actions 2020-10-16 14:16:26 -04:00
Jay Berkenbilt
30df7c886c Make QTEST_COLOR=1 force qtest to print in color 2020-10-16 14:16:23 -04:00
Jay Berkenbilt
1bcd8c1649 Rename azure-pipelines to build-scripts 2020-10-16 11:19:09 -04:00
Jay Berkenbilt
807aaa46b1 More reliable Windows wordsize detection 2020-10-16 07:02:25 -04:00
Jay Berkenbilt
ff65e272a8 Fix printf formatting for newer msvc
Use autoconf rather than ifdefs to determine what format string to use
for long long.
2020-10-16 07:02:23 -04:00