Update to 7.0.0

Changelog:
2017-09-15  Jay Berkenbilt  <[email protected]>

	* 7.0.0: release

2017-09-12  Jay Berkenbilt  <[email protected]>

	* Relicense qpdf under version 2.0 of the Apache License rather
	than version 2.0 of the Artistic License. Both are fine, but the
	Apache License is in more widespread use, and I like it a little
	better than Artistic-2.0. It is my intention that there be no
	change in what you can or can't do with qpdf. Versions of qpdf
	prior to version 7 were released under the terms of version 2.0 of
	the Artistic License. At your option, you may continue to consider
	qpdf to be licensed under those terms. Please see the manual for
	additional information.

	* Improve the error message that is issued when QPDFWriter
	encounters a stream that can't be decoded. In particular, mention
	that the stream will be copied without filtering to avoid data
	loss.

	* Add new methods to the C API to correspond to new additions to
	QPDFWriter:
	- qpdf_set_compress_streams
	- qpdf_set_decode_level
	- qpdf_set_preserve_unreferenced_objects
	- qpdf_set_newline_before_endstream

2017-08-25  Jay Berkenbilt  <[email protected]>

	* Re-implement parser iteratively to avoid stack overflow on very
	deeply nested arrays and dictionaries. Fixes #146.

	* Detect infinite loop while finding additional xref tables. Fixes
	#149.

2017-08-22  Jay Berkenbilt  <[email protected]>

	* 7.0.b1: release

	* Convert all README files to markdown. Names changed as follows:
	  - README --> README.md
	  - README.hardening --> README-hardening.md
	  - README.maintainer --> README-maintainer.md
	  - README-what-to-download.txt --> README-what-to-download.md
	  - README-windows.txt --> README-windows.md
	  The file README-windows-install.txt remains a text file.

2017-08-21  Jay Berkenbilt  <[email protected]>

	* Add support for writing PCLm files. Most of the work was done by
	Sahil Arora <[email protected]> as part of a Google Summer
	of Code project in 2017. PCLm support is useful only for clients
	that specifically know how to create PCLm files. Support in qpdf
	is just for ensuring that objects are written in the correct order
	and for including some additional material in the output that is
	required by the PCLm standard.

2017-08-19  Jay Berkenbilt  <[email protected]>

	* Remove --precheck-streams. This is enabled by default now
	without any efficiency cost. This feature was never released.

	* Update pdf-create example to illustrate use of additional image
	compression filters.

	* Add support for /RunLengthDecode and /DCTDecode:
	  - New pipeline types Pl_RunLength and Pl_DCT
	  - New command-line flags --compress-streams and --decode-level
	    to replace/enhance --stream-data
	  - New QPDFWriter::setCompressStreams and
 	    QPDFWriter::setDecodeLevel methods
	  Please see documentation, header files, and help messages for
	  details on these new features.

2017-08-12  Jay Berkenbilt  <[email protected]>

	* Add QPDFObjectHandle::rotatePage to apply rotation to a page
	object. Add --rotate option to qpdf to specify page rotation from
	the command line.

	* Provide --verbose option that causes qpdf to print an indication
	of what files it is writing.

	* Change --single-pages to --split-pages and make it take an
	optional argument specifying the number of pages per file.

2017-08-11  Jay Berkenbilt  <[email protected]>

	* Fix --newline-before-endstream to always add a newline before
	endstream even if the last character was already a newline. This
	is actually what's required by PDF/A. Fixes #133.

	* Handle encrypted files whose encryption parameters are too
	short. Fixes #96.

2017-08-10  Jay Berkenbilt  <[email protected]>

	* Remove dependency on libpcre.

	* Be more forgiving of certain types of errors in the xref table
	that don't interfere with interpreting the table.

	* Remove unused "tracing" parameter from PointerHolder's
	(T*, bool) constructor. This change breaks source code
	compatibility, but since this argument to PointerHolder has not
	used for a long time and the presence of a boolean parameter in
	the primary constructor makes it too easy to use that by mistake
	when trying to use PointerHolder for arrays, it seems like it's
	finally time to take it out. If you have a compile error because
	of this change, please check to see whether you intended to use
	the (bool, T*) version of the constructor instead. If not, just
	remove the second parameter.

2017-08-09  Jay Berkenbilt  <[email protected]>

	* When recovering stream length, find endobj without endstream as
	well as just looking for endstream. Be a little more lax about
	where we allow it to be found.

2017-08-05  Jay Berkenbilt  <[email protected]>

	* Add --single-pages option to cause output to be written to a
	separate file for each page rather than one big file.

	* Process --pages options earlier so that certain inspection
	options, like --show-pages, can show the state after the merging
	operations.

2017-08-02  Jay Berkenbilt  <[email protected]>

	* Fix off-by-one error in parsing pages options. Fixes #129.

2017-07-29  Jay Berkenbilt  <[email protected]>

	* Support @filename and @- in the qpdf command-line tool to read
	command-line arguments, one per line, from the named file. @-
	reads from standard input. Fixes #16.

	* Detect when input file and output file are the same and exit to
	avoid overwriting and losing input file. Fixes #29.

	* When passing multiple inspection arguments, run --check first,
	and defer exit until after all the checks have been run. This
	makes it possible to force operations such as --show-xref to be
	delayed until after recovery attempts have been made. For example,
	if you have a file with a syntactically valid xref table that has
	some offsets that are incorrect, running qpdf --check --show-xref
	on that file will first recover the xref and the dump the
	recovered xref, while just running qpdf --show-xref will show the
	xref table as present in the file. Fixes #42.

	* When recovering stream length, indicate the recovered length.
	Fixes #44.

	* Add --newline-before-endstream command-line option and
	setNewlineBeforeEndstream method to QPDFWriter. This forces qpdf
	to always add a newline before the endstream keyword. It is a
	necessary but not sufficient condition for PDF/A compliance. Fixes
	#103.

	* Handle zlib data errors when decoding streams. Fixes #106.

	* Improve handling of files where the "stream" keyword is not
	followed by proper line terminators. Fixes #104.

	* Fix content stream parsing to handle cases of structures within
	the stream split across stream boundaries. Fixes #73.

2017-07-28  Jay Berkenbilt  <[email protected]>

	* Add --preserve-unreferenced command-line option and
	setPreserveUnreferencedObjects method to QPDFWriter. This option
	causes QPDFWriter to write all objects from the input file to the
	output file regardless of whether the objects are referenced.
	Objects are written to the output file in numerical order from the
	input file. This option has no effect for linearized files.

2017-07-27  Jay Berkenbilt  <[email protected]>

	* Add --precheck-streams command-line option and setStreamPrecheck
	method to QPDFWriter to tell QPDFWriter to attempt decoding a
	stream fully before deciding whether to filter it or not.

	* Recover gracefully from streams that aren't filterable because
	the filter parameters are invalid in the stream dictionary or the
	dictionary itself is invalid.

	* Significantly improve recoverability from invalid qpdf objects.
	Most conditions in basic object parsing that used to cause qpdf to
	exit are now warnings. There are still many more opportunities for
	improvements of this sort beyond just object parsing.

2017-07-26  Jay Berkenbilt  <[email protected]>

	* Fixes to infinite loops below also fix problems reported in
	other issues and cover CVE-2017-11624, CVE-2017-11625,
	CVE-2017-11626, and CVE-2017-11627.

	* Don't attempt to interpret syntactic keywords (like R and
	endobj) found while parsing content streams.

	* Detect infinite loops while resolving objects. This could happen
	if something inside an object that had to be resolved during
	parsing, such as a stream length, recursively referenced the
	object being resolved.

	* CVE-2017-9208: Handle references to and appearance of object 0
	as a special case. Object 0 is not allowed, and qpdf was using it
	internally to represent direct objects.

	* CVE-2017-9209: Fix infinite loop caused by attempting to
	reconstruct the xref table while already in the process of
	reconstructing the xref table.

	* CVE-2017-9210: Fix infinite loop caused by attempting to unparse
	an object for inclusion in the text of an exception.

print/qpdf/Makefile

@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.12 2016/07/09 06:38:52 wiz Exp $
+# $NetBSD: Makefile,v 1.13 2017/09/28 12:50:36 ryoon Exp $
 
-DISTNAME=	qpdf-6.0.0
-PKGREVISION=	1
+DISTNAME=	qpdf-7.0.0
 CATEGORIES=	print
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=qpdf/}
 

print/qpdf/distinfo

@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.11 2016/03/11 15:37:02 ryoon Exp $
+$NetBSD: distinfo,v 1.12 2017/09/28 12:50:36 ryoon Exp $
 
-SHA1 (qpdf-6.0.0.tar.gz) = 15ebe09d9b9ddd2309a67e4295693fcf82494e33
-RMD160 (qpdf-6.0.0.tar.gz) = 9ac7bcef96831062bf3ec9a68e6676b026f3e326
-SHA512 (qpdf-6.0.0.tar.gz) = 303e3cc77ddb87b9494e26c35e0b45b42f73692054c56a00f2e4f1922633c6ebb45c8684992cd9bf32f03366fcc4cd7e7ec6fb9432d2dbba6e0b24395909b5bf
-Size (qpdf-6.0.0.tar.gz) = 8344860 bytes
+SHA1 (qpdf-7.0.0.tar.gz) = 506002271a7e04f431014baa94dd820c47235356
+RMD160 (qpdf-7.0.0.tar.gz) = ac3026a820d41dc127823fd3cfe0c1f6af90a4b0
+SHA512 (qpdf-7.0.0.tar.gz) = 7b52d67b4d2c428a7b0c1cd03b03a23f05d38d7e3c81041079a137919019ea5158f12bf95fdcfcff6b43ffdefe93a85127ced2a363a6b4b380cbaa02a3840256
+Size (qpdf-7.0.0.tar.gz) = 7053781 bytes
 SHA1 (patch-make_libtool.mk) = 8622d6a446da284269102dde38bf14271363dfdc