OpenSystemsDevelopment / qpdf

QPDFObjectHandle::parseInternal now issues warnings instead of
throwing exceptions for all error conditions that it finds (except
internal logic errors) and has stronger recovery for things like
invalid tokens and malformed dictionaries. This should improve qpdf's
ability to recover from a wide range of broken files that currently
cause it to fail.

During parsing of an object, sometimes parts of the object have to be
resolved. An example is stream lengths. If such an object directly or
indirectly points to the object being parsed, it can cause an infinite
loop. Guard against all cases of re-entrant resolution of objects.

This is CVE-2017-9209.

QPDFObjectHandle was used as forward declaration, but C++-Builder 10
Seattle can't use it in std::list in such cases because the type is
undefined.

Since we have to bump soname, remove some private methods that were
just there for binary compatibility

For non-encrypted files, determinstic ID generation uses file contents
instead of timestamp and file name. At a small runtime cost, this
enables generation of the same /ID if the same inputs are converted in
the same way multiple times.

QUtil.hh needs time.h to get time_t on some platforms. Thanks Peter
Korsgaard <peter@korsgaard.com>

Pushing inherited objects to pages and getting all pages were both
prone to stack overflow infinite loops if there were loops in the
Pages dictionary. There is a general weakness in the code in that any
part of the code that traverses the Pages structure would be prone to
this and would have to implement its own loop detection. A more robust
fix may provide some general method for handling the Pages structure,
but it's probably not worth doing.

Note: addition of *Internal2 private functions was done rather than
changing signatures of existing methods to avoid breaking
compatibility.

Add a method to get the current random data provider, and document and
test the method for resetting it.

Add new RandomDataProvider object and implement existing random number
generation in terms of that.  This enables end users to supply their
own random data providers.

If not available, give an error.  The user may also configure qpdf to
use an insecure random number generator.

4.2.0 was binary incompatible in spite of there being no deletions or
changes to any public methods.  As such, we have to bump the ABI and
are fixing some API breakage while we're at it.

Previous 4.3.0 target is now 5.1.0.

Rework QPDFWriter to always track old object IDs and QPDFObjGen
instead of int, thus not discarding the generation number.  Switch to
QPDF::getCompressibleObjGen() to properly handle the case of an old
object eligible for compression that has a generation of other than
zero.

In internal code and examples, replace calls to getObjectID() and
getGeneration() with calls to getObjGen() where possible.

This is safer than getObjectID() and getGeneration() for many uses.

Windows fix: QPDFObject::ParserCallbacks::terminateParsing() was not
declared with QPDF_DLL.

Explicitly state how QPDF handles empty passwords when writing files.
Apparently some libraries treat the empty string as the owner password
as an instruction to generate a random password.

Remove const qualifier from getTypeCode and get getTypeName methods of
QPDFObjectHandle, make them work properly for indirect objects, and
exercise them much better in the test suite.

fopen was previuosly called wrapped by QUtil::fopen_wrapper, but
QUtil::safe_fopen does this itself, which is less cumbersome.

Add QUtil::hex_encode to encode binary data has a hexadecimal string,
and use it in place of sprintf where possible.

Change object type Keyword to Operator, and place the order of the
object types in object_type_e in the same order as they are mentioned
in the PDF specification.

Note that this change only breaks backward compatibility with code
that has not yet been released.

Add virtual methods to QPDFObject, wrappers to QPDFObjectHandle, and
implementations to all the QPDF_Object types.

This method allows parsing of the PDF objects in a content stream or
array of content streams.

These object types are to facilitate content stream parsing.

With newer encryption formats, it is no longer possible to recover the
user password using the owner password.

When preparing the trailer for writing to the new file, trim a copy of
the trailer instead of the original file's trailer.

Also add copyright notice to a few public headers that were missing
one.