.gitignore

@@ -1 +1 @@
-SOURCES/qpdf-10.3.1.tar.gz
+SOURCES/qpdf-7.1.1.tar.gz

.qpdf.metadata

@@ -1 +1 @@
-36a4d60a330e658b2a525f20636080b73a9c6b4e SOURCES/qpdf-10.3.1.tar.gz
+d2bbc564c0b6abe3c3c939d092870574ab7025c2 SOURCES/qpdf-7.1.1.tar.gz

SOURCES/qpdf-CVE-2018-9918.patch

@@ -0,0 +1,55 @@
+diff -up qpdf-7.1.1/libqpdf/QPDFObjectHandle.cc.CVE-2018-9918 qpdf-7.1.1/libqpdf/QPDFObjectHandle.cc
+--- qpdf-7.1.1/libqpdf/QPDFObjectHandle.cc.CVE-2018-9918	2018-02-05 00:31:42.000000000 +0100
++++ qpdf-7.1.1/libqpdf/QPDFObjectHandle.cc	2018-04-16 15:35:36.378343714 +0200
+@@ -1054,12 +1054,26 @@ QPDFObjectHandle::parseInternal(PointerH
+ 
+ 	  case QPDFTokenizer::tt_array_open:
+ 	  case QPDFTokenizer::tt_dict_open:
+-            olist_stack.push_back(std::vector<QPDFObjectHandle>());
+-            state = st_start;
+-            offset_stack.push_back(input->tell());
+-            state_stack.push_back(
+-                (token.getType() == QPDFTokenizer::tt_array_open) ?
+-                st_array : st_dictionary);
++            if (olist_stack.size() > 500)
++            {
++		QTC::TC("qpdf", "QPDFObjectHandle too deep");
++                warn(context,
++                     QPDFExc(qpdf_e_damaged_pdf, input->getName(),
++                             object_description,
++                             input->getLastOffset(),
++                             "ignoring excessively deeply nested data structure"));
++                object = newNull();
++                state = st_top;
++            }
++            else
++            {
++                olist_stack.push_back(std::vector<QPDFObjectHandle>());
++                state = st_start;
++                offset_stack.push_back(input->tell());
++                state_stack.push_back(
++                    (token.getType() == QPDFTokenizer::tt_array_open) ?
++                    st_array : st_dictionary);
++            }
+ 	    break;
+ 
+ 	  case QPDFTokenizer::tt_bool:
+diff -up qpdf-7.1.1/qpdf/qpdf.testcov.CVE-2018-9918 qpdf-7.1.1/qpdf/qpdf.testcov
+--- qpdf-7.1.1/qpdf/qpdf.testcov.CVE-2018-9918	2018-02-05 00:31:42.000000000 +0100
++++ qpdf-7.1.1/qpdf/qpdf.testcov	2018-04-16 15:35:36.379343705 +0200
+@@ -302,3 +302,4 @@ qpdf-c called qpdf_set_compress_streams
+ qpdf-c called qpdf_set_preserve_unreferenced_objects 0
+ qpdf-c called qpdf_set_newline_before_endstream 0
+ QPDF_Stream TIFF predictor 0
++QPDFObjectHandle too deep 0
+diff -up qpdf-7.1.1/qpdf/qtest/qpdf/issue-146.out.CVE-2018-9918 qpdf-7.1.1/qpdf/qtest/qpdf/issue-146.out
+--- qpdf-7.1.1/qpdf/qtest/qpdf/issue-146.out.CVE-2018-9918	2018-02-05 00:31:42.000000000 +0100
++++ qpdf-7.1.1/qpdf/qtest/qpdf/issue-146.out	2018-04-16 15:53:17.499476948 +0200
+@@ -1,5 +1,5 @@
+ WARNING: issue-146.pdf: file is damaged
+ WARNING: issue-146.pdf: can't find startxref
+ WARNING: issue-146.pdf: Attempting to reconstruct cross-reference table
+-WARNING: issue-146.pdf (trailer, file position 20728): unknown token while reading object; treating as string
+-issue-146.pdf (trailer, file position 20732): EOF while reading token
++WARNING: issue-146.pdf (trailer, file position 695): ignoring excessively deeply nested data structure
++issue-146.pdf: unable to find trailer dictionary while recovering damaged file

SOURCES/qpdf-doc.patch

@@ -1,6 +1,6 @@
-diff -up qpdf-8.2.1/manual/fix-qdf.1.in.doc qpdf-8.2.1/manual/fix-qdf.1.in
+diff -up qpdf-4.1.0/manual/fix-qdf.1.in.doc qpdf-4.1.0/manual/fix-qdf.1.in
---- qpdf-8.2.1/manual/fix-qdf.1.in.doc	2018-08-18 16:56:19.000000000 +0200
+--- qpdf-4.1.0/manual/fix-qdf.1.in.doc	2013-04-14 21:03:51.000000000 +0200
-+++ qpdf-8.2.1/manual/fix-qdf.1.in	2018-09-24 14:24:26.340341484 +0200
++++ qpdf-4.1.0/manual/fix-qdf.1.in	2013-05-23 18:12:21.506581935 +0200
 @@ -14,5 +14,4 @@ the same file with stream lengths, cross
  object stream offset tables regenerated.
  .PP
@@ -8,18 +8,18 @@ diff -up qpdf-8.2.1/manual/fix-qdf.1.in.doc qpdf-8.2.1/manual/fix-qdf.1.in
 -the qpdf manual, which can be found in @docdir@/qpdf-manual.html or
 -@docdir@/qpdf-manual.pdf.
 +the qpdf manual, which can be found in qpdf-doc package.
-diff -up qpdf-8.2.1/manual/qpdf.1.in.doc qpdf-8.2.1/manual/qpdf.1.in
+diff -up qpdf-4.1.0/manual/qpdf.1.in.doc qpdf-4.1.0/manual/qpdf.1.in
---- qpdf-8.2.1/manual/qpdf.1.in.doc	2018-09-24 14:24:26.340341484 +0200
+--- qpdf-4.1.0/manual/qpdf.1.in.doc	2013-04-14 21:03:51.000000000 +0200
-+++ qpdf-8.2.1/manual/qpdf.1.in	2018-09-24 14:26:18.171462618 +0200
++++ qpdf-4.1.0/manual/qpdf.1.in	2013-05-23 18:12:13.723690019 +0200
 @@ -16,4 +16,4 @@ useful primarily to PDF developers.
  .PP
  For a summary of qpdf's options, please run
- \fBqpdf \-\-help\fR.  A complete manual can be found in
+ \fBqpdf --help\fR.  A complete manual can be found in
 -@docdir@/qpdf-manual.html or @docdir@/qpdf-manual.pdf.
 +qpdf-doc package.
-diff -up qpdf-8.2.1/manual/zlib-flate.1.in.doc qpdf-8.2.1/manual/zlib-flate.1.in
+diff -up qpdf-4.1.0/manual/zlib-flate.1.in.doc qpdf-4.1.0/manual/zlib-flate.1.in
---- qpdf-8.2.1/manual/zlib-flate.1.in.doc	2018-08-18 16:56:19.000000000 +0200
+--- qpdf-4.1.0/manual/zlib-flate.1.in.doc	2013-04-14 21:03:51.000000000 +0200
-+++ qpdf-8.2.1/manual/zlib-flate.1.in	2018-09-24 14:24:26.340341484 +0200
++++ qpdf-4.1.0/manual/zlib-flate.1.in	2013-05-23 18:12:07.571775453 +0200
 @@ -21,6 +21,6 @@ This program should not be used as a gen
  tool.  Use something like gzip(1) instead.
  .PP

SOURCES/qpdf-erase-tests-with-generated-object-stream.patch

@@ -1,147 +0,0 @@
-diff -up qpdf-10.2.0/examples/qtest/filter-tokens.test.erase-tests-with-generated-object-stream qpdf-10.2.0/examples/qtest/filter-tokens.test
---- qpdf-10.2.0/examples/qtest/filter-tokens.test.erase-tests-with-generated-object-stream	2021-02-24 12:45:32.347357149 +0100
-+++ qpdf-10.2.0/examples/qtest/filter-tokens.test	2021-02-24 12:47:01.379611993 +0100
-@@ -15,13 +15,9 @@ $td->runtest("filter tokens",
- 	     {$td->COMMAND => "pdf-filter-tokens in.pdf a.pdf"},
- 	     {$td->STRING => "", $td->EXIT_STATUS => 0});
- 
--$td->runtest("check output",
--	     {$td->FILE => "a.pdf"},
--	     {$td->FILE => "out.pdf"});
--
- cleanup();
- 
--$td->report(2);
-+$td->report(1);
- 
- sub cleanup
- {
-diff -up qpdf-10.2.0/examples/qtest/invert-images.test.erase-tests-with-generated-object-stream qpdf-10.2.0/examples/qtest/invert-images.test
---- qpdf-10.2.0/examples/qtest/invert-images.test.erase-tests-with-generated-object-stream	2021-02-23 16:41:58.000000000 +0100
-+++ qpdf-10.2.0/examples/qtest/invert-images.test	2021-02-24 12:45:32.347357149 +0100
-@@ -19,13 +19,13 @@ $td->runtest("invert images",
- 	      $td->EXIT_STATUS => 0},
- 	     $td->NORMALIZE_NEWLINES);
- 
--$td->runtest("check output",
--	     {$td->FILE => "a.pdf"},
--	     {$td->FILE => "out.pdf"});
-+#$td->runtest("check output",
-+#	     {$td->FILE => "a.pdf"},
-+#	     {$td->FILE => "out.pdf"});
- 
- cleanup();
- 
--$td->report(2);
-+$td->report(1);
- 
- sub cleanup
- {
-diff -up qpdf-10.2.0/examples/qtest/set-form-values.test.erase-tests-with-generated-object-stream qpdf-10.2.0/examples/qtest/set-form-values.test
---- qpdf-10.2.0/examples/qtest/set-form-values.test.erase-tests-with-generated-object-stream	2021-02-23 16:41:58.000000000 +0100
-+++ qpdf-10.2.0/examples/qtest/set-form-values.test	2021-02-24 12:45:32.347357149 +0100
-@@ -14,13 +14,10 @@ cleanup();
- $td->runtest("set form values",
- 	     {$td->COMMAND => "pdf-set-form-values form-in.pdf a.pdf soup"},
- 	     {$td->STRING => "", $td->EXIT_STATUS => 0});
--$td->runtest("compare files",
--	     {$td->FILE => "a.pdf"},
--	     {$td->FILE => "form-out.pdf"});
- 
- cleanup();
- 
--$td->report(2);
-+$td->report(1);
- 
- sub cleanup
- {
-diff -up qpdf-10.2.0/libqpdf/qpdf-c.cc.erase-tests-with-generated-object-stream qpdf-10.2.0/libqpdf/qpdf-c.cc
---- qpdf-10.2.0/libqpdf/qpdf-c.cc.erase-tests-with-generated-object-stream	2021-02-23 16:41:58.000000000 +0100
-+++ qpdf-10.2.0/libqpdf/qpdf-c.cc	2021-02-24 12:45:32.348357141 +0100
-@@ -331,7 +331,6 @@ QPDF_ERROR_CODE qpdf_read_memory(qpdf_da
-     qpdf->size = size;
-     qpdf->password = password;
-     status = trap_errors(qpdf, &call_read_memory);
--    QTC::TC("qpdf", "qpdf-c called qpdf_read_memory", status);
-     return status;
- }
- 
-@@ -542,7 +541,6 @@ unsigned char const* qpdf_get_buffer(qpd
- 
- void qpdf_set_object_stream_mode(qpdf_data qpdf, qpdf_object_stream_e mode)
- {
--    QTC::TC("qpdf", "qpdf-c called qpdf_set_object_stream_mode");
-     qpdf->qpdf_writer->setObjectStreamMode(mode);
- }
- 
-diff -up qpdf-10.2.0/libqpdf/QPDFWriter.cc.erase-tests-with-generated-object-stream qpdf-10.2.0/libqpdf/QPDFWriter.cc
---- qpdf-10.2.0/libqpdf/QPDFWriter.cc.erase-tests-with-generated-object-stream	2021-02-23 16:41:58.000000000 +0100
-+++ qpdf-10.2.0/libqpdf/QPDFWriter.cc	2021-02-24 12:45:32.348357141 +0100
-@@ -3445,8 +3445,6 @@ QPDFWriter::writeLinearized()
- 	{
-             if (this->m->deterministic_id)
-             {
--                QTC::TC("qpdf", "QPDFWriter linearized deterministic ID",
--                        need_xref_stream ? 0 : 1);
-                 computeDeterministicIDData();
-                 pp_md5 = 0;
-                 assert(this->m->md5_pipeline == 0);
-@@ -3654,8 +3652,6 @@ QPDFWriter::writeStandard()
- 
-     if (this->m->deterministic_id)
-     {
--	QTC::TC("qpdf", "QPDFWriter standard deterministic ID",
--                this->m->object_stream_to_objects.empty() ? 0 : 1);
-         pp_md5 = 0;
-         assert(this->m->md5_pipeline == 0);
-     }
-diff -up qpdf-10.2.0/qpdf/qpdf.testcov.erase-tests-with-generated-object-stream qpdf-10.2.0/qpdf/qpdf.testcov
---- qpdf-10.2.0/qpdf/qpdf.testcov.erase-tests-with-generated-object-stream	2021-02-23 16:41:58.000000000 +0100
-+++ qpdf-10.2.0/qpdf/qpdf.testcov	2021-02-24 12:45:32.348357141 +0100
-@@ -123,7 +123,6 @@ qpdf-c called qpdf_get_user_password 0
- qpdf-c called qpdf_is_linearized 0
- qpdf-c called qpdf_is_encrypted 0
- qpdf-c called qpdf_init_write 3
--qpdf-c called qpdf_set_object_stream_mode 0
- qpdf-c called qpdf_set_stream_data_mode 0
- qpdf-c called qpdf_set_content_normalization 0
- qpdf-c called qpdf_set_qdf_mode 0
-@@ -177,7 +176,6 @@ QPDFObjectHandle append page contents 0
- QPDF_Stream getRawStreamData 0
- QPDF_Stream getStreamData 0
- QPDF_Stream expand filter abbreviation 0
--qpdf-c called qpdf_read_memory 0
- QPDF stream without newline 0
- QPDF stream with CR only 0
- QPDF stream with CRNL 0
-@@ -260,8 +258,6 @@ qpdf pages range omitted at end 0
- qpdf pages range omitted in middle 0
- qpdf npages 0
- QPDF already reserved object 0
--QPDFWriter standard deterministic ID 1
--QPDFWriter linearized deterministic ID 1
- QPDFWriter deterministic with no data 0
- qpdf-c called qpdf_set_deterministic_ID 0
- QPDFObjectHandle indirect with 0 objid 0
-diff -up qpdf-10.2.0/qpdf/qtest/qpdf.test.erase-tests-with-generated-object-stream qpdf-10.2.0/qpdf/qtest/qpdf.test
---- qpdf-10.2.0/qpdf/qtest/qpdf.test.erase-tests-with-generated-object-stream	2021-02-23 16:41:58.000000000 +0100
-+++ qpdf-10.2.0/qpdf/qtest/qpdf.test	2021-02-24 12:45:32.349357133 +0100
-@@ -3254,7 +3254,6 @@ my @capi = (
-     [3, 'normalized content'],
-     [4, 'ignore xref streams'],
-     [5, 'linearized'],
--    [6, 'object streams'],
-     [7, 'qdf'],
-     [8, 'no original object ids'],
-     [9, 'uncompressed streams'],
-@@ -3298,8 +3297,8 @@ $td->runtest("write damaged",
- show_ntests();
- # ----------
- $td->notify("--- Deterministic ID Tests ---");
--$n_tests += 11;
--foreach my $d ('nn', 'ny', 'yn', 'yy')
-+$n_tests += 7;
-+foreach my $d ('nn', 'yn')
- {
-     my $linearize = ($d =~ m/^y/);
-     my $ostream = ($d =~ m/y$/);

SOURCES/qpdf-relax.patch

@@ -1,67 +1,67 @@
 diff --git a/libqpdf/QPDF.cc b/libqpdf/QPDF.cc
-index 3eeea86..2a6923c 100644
+index 3475afe..f93ba0d 100644
 --- a/libqpdf/QPDF.cc
 +++ b/libqpdf/QPDF.cc
-@@ -11,6 +11,10 @@
+@@ -19,6 +19,10 @@
- #include <string.h>
+ #include <qpdf/QPDF_Null.hh>
- #include <memory.h>
+ #include <qpdf/QPDF_Dictionary.hh>
  
-+#ifdef USE_CRYPTO_GNUTLS
++#ifdef HAVE_GNUTLS
 +# include <gnutls/crypto.h>
 +#endif
 +
- #include <qpdf/QTC.hh>
+ std::string QPDF::qpdf_version = "7.1.1";
- #include <qpdf/QUtil.hh>
+ 
- #include <qpdf/Pipeline.hh>
+ static char const* EMPTY_PDF =
-@@ -262,7 +266,13 @@ QPDF::processFile(char const* filename, char const* password)
+@@ -139,7 +143,13 @@ QPDF::processFile(char const* filename, char const* password)
  {
      FileInputSource* fi = new FileInputSource();
      fi->setFilename(filename);
-+#ifdef USE_CRYPTO_GNUTLS
++#ifdef HAVE_GNUTLS
 +    GNUTLS_FIPS140_SET_LAX_MODE();
 +#endif
      processInputSource(fi, password);
-+#ifdef USE_CRYPTO_GNUTLS
++#ifdef HAVE_GNUTLS
 +    GNUTLS_FIPS140_SET_STRICT_MODE();
 +#endif
  }
  
  void
-@@ -271,7 +281,13 @@ QPDF::processFile(char const* description, FILE* filep,
+@@ -148,7 +158,13 @@ QPDF::processFile(char const* description, FILE* filep,
  {
      FileInputSource* fi = new FileInputSource();
      fi->setFile(description, filep, close_file);
-+#ifdef USE_CRYPTO_GNUTLS
++#ifdef HAVE_GNUTLS
 +    GNUTLS_FIPS140_SET_LAX_MODE();
 +#endif
      processInputSource(fi, password);
-+#ifdef USE_CRYPTO_GNUTLS
++#ifdef HAVE_GNUTLS
 +    GNUTLS_FIPS140_SET_STRICT_MODE();
 +#endif
  }
  
  void
 diff --git a/libqpdf/QPDFWriter.cc b/libqpdf/QPDFWriter.cc
-index 689fef7..57df1eb 100644
+index 0544640..48fe50d 100644
 --- a/libqpdf/QPDFWriter.cc
 +++ b/libqpdf/QPDFWriter.cc
-@@ -24,6 +24,10 @@
+@@ -23,6 +23,10 @@
  #include <algorithm>
  #include <stdlib.h>
  
-+#ifdef USE_CRYPTO_GNUTLS
++#ifdef HAVE_GNUTLS
 +#include <gnutls/crypto.h>
 +#endif
 +
  QPDFWriter::Members::Members(QPDF& pdf) :
      pdf(pdf),
-     filename("unspecified"),
+     filename(0),
-@@ -321,6 +325,13 @@ void
+@@ -323,6 +327,13 @@ void
  QPDFWriter::setDeterministicID(bool val)
  {
      this->m->deterministic_id = val;
 +
-+#ifdef USE_CRYPTO_GNUTLS
++#ifdef HAVE_GNUTLS
 +    if (val)
 +	GNUTLS_FIPS140_SET_LAX_MODE();
 +    else
@@ -70,12 +70,12 @@ index 689fef7..57df1eb 100644
  }
  
  void
-@@ -342,6 +353,13 @@ void
+@@ -344,6 +355,13 @@ void
  QPDFWriter::setPreserveEncryption(bool val)
  {
      this->m->preserve_encryption = val;
 +
-+#ifdef USE_CRYPTO_GNUTLS
++#ifdef HAVE_GNUTLS
 +    if (val)
 +	GNUTLS_FIPS140_SET_STRICT_MODE();
 +    else
@@ -84,32 +84,8 @@ index 689fef7..57df1eb 100644
  }
  
  void
-@@ -2301,12 +2319,23 @@ QPDFWriter::generateID()
- 	    }
- 	}
- 
-+#ifdef USE_CRYPTO_GNUTLS
-+    unsigned oldmode = gnutls_fips140_mode_enabled();
-+
-+    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
-+#endif
-+
- 	MD5 m;
- 	m.encodeString(seed.c_str());
- 	MD5::Digest digest;
- 	m.digest(digest);
- 	result = std::string(reinterpret_cast<char*>(digest),
-                              sizeof(MD5::Digest));
-+
-+#ifdef USE_CRYPTO_GNUTLS
-+    gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
-+#endif
-+
-     }
- 
-     // If /ID already exists, follow the spec: use the original first
 diff --git a/libqpdf/QPDF_encryption.cc b/libqpdf/QPDF_encryption.cc
-index 2ff48df..ce6fb31 100644
+index fd717c3..9b38914 100644
 --- a/libqpdf/QPDF_encryption.cc
 +++ b/libqpdf/QPDF_encryption.cc
 @@ -1,6 +1,8 @@
@@ -125,40 +101,18 @@ index 2ff48df..ce6fb31 100644
  #include <assert.h>
  #include <string.h>
  
-+#ifdef USE_CRYPTO_GNUTLS
++#ifdef HAVE_GNUTLS
 +# include <gnutls/crypto.h>
 +#endif
 +
  static unsigned char const padding_string[] = {
      0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41,
      0x64, 0x00, 0x4e, 0x56, 0xff, 0xfa, 0x01, 0x08,
-@@ -380,10 +386,21 @@ QPDF::compute_data_key(std::string const& encryption_key,
+@@ -1084,6 +1090,12 @@ QPDF::getKeyForObject(int objid, int generation, bool use_aes)
- 	result += "sAlT";
-     }
- 
-+#ifdef USE_CRYPTO_GNUTLS
-+    unsigned oldmode = gnutls_fips140_mode_enabled();
-+
-+    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
-+#endif
-+
-     MD5 md5;
-     md5.encodeDataIncrementally(result.c_str(), result.length());
-     MD5::Digest digest;
-     md5.digest(digest);
-+
-+#ifdef USE_CRYPTO_GNUTLS
-+    gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
-+#endif
-+
-     return std::string(reinterpret_cast<char*>(digest),
- 		       std::min(result.length(), toS(16)));
- }
-@@ -1150,6 +1167,12 @@ QPDF::getKeyForObject(
  void
  QPDF::decryptString(std::string& str, int objid, int generation)
  {
-+#ifdef USE_CRYPTO_GNUTLS
++#ifdef HAVE_GNUTLS
 +    unsigned oldmode = gnutls_fips140_mode_enabled();
 +
 +    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
@@ -167,22 +121,22 @@ index 2ff48df..ce6fb31 100644
      if (objid == 0)
      {
  	return;
-@@ -1230,6 +1253,10 @@ QPDF::decryptString(std::string& str, int objid, int generation)
+@@ -1162,6 +1174,10 @@ QPDF::decryptString(std::string& str, int objid, int generation)
  		      QUtil::int_to_string(objid) + " " +
  		      QUtil::int_to_string(generation) + ": " + e.what());
      }
 +
-+#ifdef USE_CRYPTO_GNUTLS
++#ifdef HAVE_GNUTLS
 +    gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
 +#endif
  }
  
  void
-@@ -1240,6 +1267,12 @@ QPDF::decryptStream(PointerHolder<EncryptionParameters> encp,
+@@ -1169,6 +1185,12 @@ QPDF::decryptStream(Pipeline*& pipeline, int objid, int generation,
  		    QPDFObjectHandle& stream_dict,
  		    std::vector<PointerHolder<Pipeline> >& heap)
  {
-+#ifdef USE_CRYPTO_GNUTLS
++#ifdef HAVE_GNUTLS
 +    unsigned oldmode = gnutls_fips140_mode_enabled();
 +
 +    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
@@ -191,12 +145,12 @@ index 2ff48df..ce6fb31 100644
      std::string type;
      if (stream_dict.getKey("/Type").isName())
      {
-@@ -1361,6 +1394,10 @@ QPDF::decryptStream(PointerHolder<EncryptionParameters> encp,
+@@ -1297,6 +1319,10 @@ QPDF::decryptStream(Pipeline*& pipeline, int objid, int generation,
-                               toI(key.length()));
+                               key.length());
      }
      heap.push_back(pipeline);
 +
-+#ifdef USE_CRYPTO_GNUTLS
++#ifdef HAVE_GNUTLS
 +    gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
 +#endif
  }

SOURCES/qpdf-s390x-disable-streamtest.patch

@@ -1,36 +0,0 @@
-diff --git a/libqpdf/QPDFWriter.cc b/libqpdf/QPDFWriter.cc
-index fccefe0..2793191 100644
---- a/libqpdf/QPDFWriter.cc
-+++ b/libqpdf/QPDFWriter.cc
-@@ -2096,7 +2096,6 @@ QPDFWriter::writeObjectStream(QPDFObjectHandle object)
-                 // This condition occurred in a fuzz input. Ideally we
-                 // should block it at at parse time, but it's not
-                 // clear to me how to construct a case for this.
--                QTC::TC("qpdf", "QPDFWriter stream in ostream");
-                 obj_to_write.warnIfPossible(
-                     "stream found inside object stream; treating as null");
-                 obj_to_write = QPDFObjectHandle::newNull();
-diff --git a/qpdf/qpdf.testcov b/qpdf/qpdf.testcov
-index b4e7c46..3e935d0 100644
---- a/qpdf/qpdf.testcov
-+++ b/qpdf/qpdf.testcov
-@@ -443,7 +443,6 @@ QPDF xref skipped space 0
- QPDF eof skipping spaces before xref 1
- QPDF_encryption user matches owner V < 5 0
- QPDF_encryption same password 1
--QPDFWriter stream in ostream 0
- QPDFObjectHandle duplicate dict key 0
- QPDFWriter no encryption sig contents 0
- QPDFPageObjectHelper colorspace lookup 0
-diff --git a/qpdf/qtest/qpdf.test b/qpdf/qtest/qpdf.test
-index afb6668..b8f55a2 100644
---- a/qpdf/qtest/qpdf.test
-+++ b/qpdf/qtest/qpdf.test
-@@ -996,7 +996,6 @@ my @bug_tests = (
-     ["263", "empty xref stream", 2],
-     ["335a", "ozz-fuzz-12152", 2],
-     ["335b", "ozz-fuzz-14845", 2],
--    ["fuzz-16214", "stream in object stream", 3],
-     # When adding to this list, consider adding to SEED_CORPUS_FILES
-     # in fuzz/build.mk and updating the count in fuzz/qtest/fuzz.test.
-     );

SPECS/qpdf.spec

@@ -1,78 +1,56 @@
 Summary: Command-line tools and library for transforming PDF files
 Name:    qpdf
-Version: 10.3.1
+Version: 7.1.1
-Release: 7%{?dist}
+Release: 10%{?dist}
 # MIT: e.g. libqpdf/sha2.c
-# upstream uses ASL 2.0 now, but he allowed other to distribute qpdf under
+# upstream uses ASL 2.0 now, but he allowed others to distribute qpdf under
 # old license (see README)
 License: (Artistic 2.0 or ASL 2.0) and MIT
 URL:     http://qpdf.sourceforge.net/
 Source0: http://downloads.sourceforge.net/sourceforge/qpdf/qpdf-%{version}.tar.gz
 
 Patch0:  qpdf-doc.patch
-# zlib has optimalization for aarch64 now, which gives different output after
+Patch1:  qpdf-CVE-2018-9918.patch
-# compression - patch erases 3 tests with generated object stream which were failing
+Patch2:  qpdf-gnutls-crypto.patch
-Patch1:  qpdf-erase-tests-with-generated-object-stream.patch
+Patch3:  qpdf-relax.patch
-# make qpdf working under FIPS, downstream patch
-Patch2:  qpdf-relax.patch
-# 1950033 - Possible changes in zlib output causes FTBFS for qpdf
-Patch3:  qpdf-s390x-disable-streamtest.patch
 
 # gcc and gcc-c++ are no longer in buildroot by default
 # gcc is needed for qpdf-ctest.c
 BuildRequires: gcc
 # gcc-c++ is need for everything except for qpdf-ctest
 BuildRequires: gcc-c++
-# uses make
-BuildRequires: make
 
 BuildRequires: zlib-devel
 BuildRequires: libjpeg-turbo-devel
 BuildRequires: pcre-devel
 
-# for gnutls crypto
-BuildRequires: gnutls-devel
-
 # for fix-qdf and test suite
-BuildRequires: perl-generators
 BuildRequires: perl-interpreter
-BuildRequires: perl(Carp)
+BuildRequires: perl-generators
-BuildRequires: perl(Config)
-BuildRequires: perl(constant)
-BuildRequires: perl(Cwd)
 BuildRequires: perl(Digest::MD5)
-BuildRequires: perl(Digest::SHA)
-BuildRequires: perl(File::Basename)
-BuildRequires: perl(File::Copy)
-BuildRequires: perl(File::Find)
-BuildRequires: perl(File::Spec)
-BuildRequires: perl(FileHandle)
-BuildRequires: perl(IO::Handle)
-BuildRequires: perl(IO::Select)
-BuildRequires: perl(IO::Socket)
-BuildRequires: perl(POSIX)
-BuildRequires: perl(strict)
-# perl(Term::ANSIColor) - not needed for tests
-# perl(Term::ReadKey) - not needed for tests
 
 # for autoreconf
 BuildRequires: autoconf
 BuildRequires: automake
 BuildRequires: libtool
 
-Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+# for crypto by gnutls
+BuildRequires: gnutls-devel
+BuildRequires: pkgconf-pkg-config
+
+Requires: qpdf-libs%{?_isa} = %{version}-%{release}
 
 %package libs
 Summary: QPDF library for transforming PDF files
 
 %package devel
 Summary: Development files for QPDF library
-Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+Requires: qpdf-libs%{?_isa} = %{version}-%{release}
 
 %package doc
 Summary: QPDF Manual
 BuildArch: noarch
-Requires: %{name}-libs = %{version}-%{release}
+Requires: qpdf-libs = %{version}-%{release}
 
 %description
 QPDF is a command-line program that does structural, content-preserving
@@ -98,37 +76,36 @@ QPDF Manual
 
 # fix 'complete manual location' note in man pages
 %patch0 -p1 -b .doc
-%ifarch aarch64
+#  CVE-2018-9918 qpdf: stack exhaustion in QPDFObjectHandle and QPDF_Dictionary classes in libqpdf.a [fedora-all]
-%patch1 -p1 -b .erase-tests-with-generated-object-stream
+%patch1 -p1 -b .CVE-2018-9918
-%endif
+# 1605101 - qpdf: should not re-implement crypto
-%patch2 -p1 -b .relax
+%patch2 -p1 -b .gnutls-crypto
-%ifarch s390x
+# 1605101 - downstream patch for relaxing crypto for deterministic id and decrypt
-%patch3 -p1 -b .s390x-disable-streamtest
+%patch3 -p1 -b .relax
-%endif
+
+sed -i -e '1s,^#!/usr/bin/env perl,#!/usr/bin/perl,' qpdf/fix-qdf
 
 %build
 # work-around check-rpaths errors
 autoreconf --verbose --force --install
-# automake files needed to be regenerated in 8.4.0 - check if this can be removed
-# in the next qpdf release
-./autogen.sh
 
 %configure --disable-static \
-           --enable-crypto-gnutls \
+           --enable-show-failed-test-output \
-           --disable-implicit-crypto \
+           --enable-gnutls
-           --enable-show-failed-test-output
 
-%make_build
+make %{?_smp_mflags}
 
 %install
-%make_install
+make install DESTDIR=%{buildroot}
 
 rm -f %{buildroot}%{_libdir}/libqpdf.la
 
 %check
 make check
 
-%ldconfig_scriptlets libs
+%post libs -p /sbin/ldconfig
+
+%postun libs -p /sbin/ldconfig
 
 %files
 %{_bindir}/fix-qdf
@@ -139,13 +116,12 @@ make check
 %files libs
 %doc README.md TODO ChangeLog
 %license Artistic-2.0
-%{_libdir}/libqpdf.so.28
+%{_libdir}/libqpdf*.so.*
-%{_libdir}/libqpdf.so.28.3.1
 
 %files devel
 %doc examples/*.cc examples/*.c
-%{_includedir}/qpdf/
+%{_includedir}/*
-%{_libdir}/libqpdf.so
+%{_libdir}/libqpdf*.so
 %{_libdir}/pkgconfig/libqpdf.pc
 
 %files doc
@@ -153,117 +129,27 @@ make check
 
 
 %changelog
-* Wed Jan 04 2023 Zdenek Dohnal <zdohnal@redhat.com> - 10.3.1-7
+* Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 7.1.1-10
-- 2157765 - Ship qpdf-devel in CRB
+- Rebuilt for MSVSphere 8.8
-
-* Fri Jul 15 2022 Zdenek Dohnal <zdohnal@redhat.com> - 10.3.1-6
-- 2106940 - FIPS breaks pdftopdf and bannertopdf
-
-* Wed Jun 29 2022 Zdenek Dohnal <zdohnal@redhat.com> - 10.3.1-5
-- 2095993 - Move qpdf to CRB repository
-
-* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 10.3.1-4
-- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
-
-* Tue Apr 20 2021 Zdenek Dohnal <zdohnal@redhat.com> - 10.3.1-3
-- 1950033 - Possible changes in zlib output causes FTBFS for qpdf
-
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 10.3.1-2
-- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
-
-* Fri Mar 12 2021 Zdenek Dohnal <zdohnal@redhat.com> - 10.3.1-1
-- 1937988 - qpdf-10.3.1 is available
-
-* Thu Mar 11 2021 Zdenek Dohnal <zdohnal@redhat.com> - 10.3.0-1
-- 1935799 - qpdf-10.3.0 is available
-
-* Wed Feb 24 2021 Zdenek Dohnal <zdohnal@redhat.com> - 10.2.0-1
-- 1932052 - qpdf-10.2.0 is available
-
-* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 10.1.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Mon Jan 11 2021 Zdenek Dohnal <zdohnal@redhat.com> - 10.1.0-1
-- 1912951 - qpdf-10.1.0 is available
-
-* Mon Nov 23 2020 Zdenek Dohnal <zdohnal@redhat.com> - 10.0.4-1
-- 1900262 - qpdf-10.0.4 is available
 
-* Thu Nov 05 2020 Zdenek Dohnal <zdohnal@redhat.com> - 10.0.3-2
+* Tue Sep 10 2019 Zdenek Dohnal <zdohnal@redhat.com> - 7.1.1-10
-- make is no longer in buildroot by default
+- used bad define in previous commit
 
-* Mon Nov 02 2020 Zdenek Dohnal <zdohnal@redhat.com> - 10.0.3-1
+* Tue Sep 10 2019 Zdenek Dohnal <zdohnal@redhat.com> - 7.1.1-9
-- 10.0.3
+- 1605101 - qpdf: should not re-implement crypto - episode II - relaxing crypto for decrypt
 
-* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 10.0.1-2
+* Thu Sep 05 2019 Zdenek Dohnal <zdohnal@redhat.com> - 7.1.1-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+- 1605101 - qpdf: should not re-implement crypto
 
-* Tue Apr 14 2020 Zdenek Dohnal <zdohnal@redhat.com> - 10.0.1-1
+* Tue Jul 24 2018 Zdenek Dohnal <zdohnal@redhat.com> - 7.1.1-7
-- 10.0.1
-
-* Wed Mar 25 2020 Jitka Plesnikova <jplesnik@redhat.com> - 9.1.1-3
-- Add all perl dependencies for tests
-
-* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 9.1.1-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Mon Jan 27 2020 Zdenek Dohnal <zdohnal@redhat.com> - 9.1.1-1
-- 9.1.1
-
-* Tue Nov 19 2019 Zdenek Dohnal <zdohnal@redhat.com> - 9.1.0-1
-- 9.1.0
-
-* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 8.4.2-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Fri May 31 2019 Zdenek Dohnal <zdohnal@redhat.com> - 8.4.2-1
-- 8.4.2
-
-* Mon Mar 25 2019 Zdenek Dohnal <zdohnal@redhat.com> - 8.4.0-1
-- 8.4.0
-
-* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 8.3.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Mon Jan 14 2019 Zdenek Dohnal <zdohnal@redhat.com> - 8.3.0-1
-- 8.3.0
-
-* Mon Sep 24 2018 Zdenek Dohnal <zdohnal@redhat.com> - 8.2.1-1
-- 8.2.1
-
-* Tue Jul 24 2018 Zdenek Dohnal <zdohnal@redhat.com> - 8.1.0-4
 - correcting license
 
-* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 8.1.0-3
+* Wed Jul 11 2018 Zdenek Dohnal <zdohnal@redhat.com> - 7.1.1-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Wed Jul 11 2018 Zdenek Dohnal <zdohnal@redhat.com> - 8.1.0-2
 - ship license in correct tag, mention optional change of license
 
-* Mon Jun 25 2018 Zdenek Dohnal <zdohnal@redhat.com> - 8.1.0-1
+* Mon Apr 16 2018 Zdenek Dohnal <zdohnal@redhat.com> - 7.1.1-5
-- 8.1.0
-- more tests fail because aarch64 zlib optimization - add patch for it
-
-* Fri May 25 2018 Zdenek Dohnal <zdohnal@redhat.com> - 8.0.2-3
-- erase failing tests for aarch64 because of zlib optimization
-
-* Mon Apr 16 2018 Zdenek Dohnal <zdohnal@redhat.com>
 - CVE-2018-9918 qpdf: stack exhaustion in QPDFObjectHandle and QPDF_Dictionary classes in libqpdf.a [fedora-all] 
 
-* Wed Mar 07 2018 Zdenek Dohnal <zdohnal@redhat.com> - 8.0.2-1
-- 8.0.2
-
-* Mon Mar 05 2018 Zdenek Dohnal <zdohnal@redhat.com> - 8.0.1-1
-- 8.0.1
-
-* Tue Feb 27 2018 Rex Dieter <rdieter@fedoraproject.org> - 8.0.0-2
-- use %%license, %%ldconfig_scriptlets, %%make_build, %%make_install
-- %%files: track files more closely, libqpdf soname in particular
-
-* Mon Feb 26 2018 Zdenek Dohnal <zdohnal@redhat.com> - 8.0.0-1
-- rebase to 8.0.0
-
 * Mon Feb 19 2018 Zdenek Dohnal <zdohnal@redhat.com> - 7.1.1-4
 - gcc and gcc-c++ are no longer in buildroot by default