OpenSystemsDevelopment / qpdf

Also accept -accessibility=n with 256 bit keys even though it will be
ignored.

For std::string and std::vector, replace operator[] with at.  This was
done using an automated process.  See README.hardening for details.

If not available, give an error.  The user may also configure qpdf to
use an insecure random number generator.

Ideally, the library should never call assert outside of test code,
but it does in several places.  For some cases where the assertion
might conceivably fail because of a problem with the input data,
replace assertions with exceptions so that they can be trapped by the
calling application.  This commit surely misses some cases and
replaced some cases unnecessarily, but it should still be an
improvement.

In places where std::vector<T>(size_t) was used, either validate that
the size parameter is sane or refactor code to avoid the need to
pre-allocate the vector.

The /W array was not sanitized, possibly causing an integer overflow
in a multiplication. An analysis of the code suggests that there were
no possible exploits based on this since the problems were in checking
expected values but bounds checks were performed on actual values.

The faulty code was only used during explicit checks of linearization
data.  Those checks are not part of normal reading or writing of PDF
files.

Better sanity check inputs to bit stream reader

4.2.0 was binary incompatible in spite of there being no deletions or
changes to any public methods.  As such, we have to bump the ABI and
are fixing some API breakage while we're at it.

Previous 4.3.0 target is now 5.1.0.

Detect a missing page range and assume 1-z.

Space rather than newline after xref, missing /ID in trailer for
encrypted file.  This enables qpdf to handle some files that xpdf can
handle.  Adobe reader can't necessarily handle them.

Even though this case is not valid according to the spec, it has been
seen, and caused an internal error.

Rework QPDFWriter to always track old object IDs and QPDFObjGen
instead of int, thus not discarding the generation number.  Switch to
QPDF::getCompressibleObjGen() to properly handle the case of an old
object eligible for compression that has a generation of other than
zero.

This is safer than getObjectID() and getGeneration() for many uses.

When copying dlls, make sure to only consider DLLs whose type matches
the type of what is loading them.

Make remaining calls to fopen and strerror use strerror_s and fopen_s
on MSVC.

fopen was previuosly called wrapped by QUtil::fopen_wrapper, but
QUtil::safe_fopen does this itself, which is less cumbersome.

Make them safer by avoiding any internal limits and replacing sprintf
with std::ostringstream.

Make --enable-werror work properly on msvc, handle extra warnings
flags for msvc in configure.ac instead of hardcoding into
make/msvc.mk, separate warnings flags into WFLAGS in autoconf.mk to
avoid duplication and to make it easier to override.

Add QUtil::hex_encode to encode binary data has a hexadecimal string,
and use it in place of sprintf where possible.

When caching objects in an object stream, only cache objects that
still resolve to that stream.  See Changelog mod from this commit for
details.

Some distributions (like debian) don't want .la files to be installed,
but the responsibility for doing this should like in the packaging,
not in qpdf itself.

Fix exit status for case of errors without warnings, continue after
errors when possible, add test case for parsing a file with content
stream errors on some but not all pages.

Also move writing to null and parsing of content streams out of the
wrong if block.

Change object type Keyword to Operator, and place the order of the
object types in object_type_e in the same order as they are mentioned
in the PDF specification.

Note that this change only breaks backward compatibility with code
that has not yet been released.

Add virtual methods to QPDFObject, wrappers to QPDFObjectHandle, and
implementations to all the QPDF_Object types.

This method allows parsing of the PDF objects in a content stream or
array of content streams.