From 90f448a70b086a53244642a6a73cbd04c72f42f3 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Sep 27 2022 09:07:51 +0000 Subject: import qpdf-10.3.1-6.el9 --- diff --git a/SOURCES/qpdf-relax.patch b/SOURCES/qpdf-relax.patch index ae50652..2693e43 100644 --- a/SOURCES/qpdf-relax.patch +++ b/SOURCES/qpdf-relax.patch @@ -1,48 +1,117 @@ -diff -up qpdf-10.2.0/libqpdf/QPDF.cc.relax qpdf-10.2.0/libqpdf/QPDF.cc ---- qpdf-10.2.0/libqpdf/QPDF.cc.relax 2021-02-23 16:41:58.000000000 +0100 -+++ qpdf-10.2.0/libqpdf/QPDF.cc 2021-02-24 12:35:50.715329461 +0100 +diff --git a/libqpdf/QPDF.cc b/libqpdf/QPDF.cc +index 3eeea86..2a6923c 100644 +--- a/libqpdf/QPDF.cc ++++ b/libqpdf/QPDF.cc @@ -11,6 +11,10 @@ #include #include -+#ifdef HAVE_GNUTLS ++#ifdef USE_CRYPTO_GNUTLS +# include +#endif + #include #include #include -@@ -261,7 +265,13 @@ QPDF::processFile(char const* filename, +@@ -262,7 +266,13 @@ QPDF::processFile(char const* filename, char const* password) { FileInputSource* fi = new FileInputSource(); fi->setFilename(filename); -+#ifdef HAVE_GNUTLS ++#ifdef USE_CRYPTO_GNUTLS + GNUTLS_FIPS140_SET_LAX_MODE(); +#endif processInputSource(fi, password); -+#ifdef HAVE_GNUTLS ++#ifdef USE_CRYPTO_GNUTLS + GNUTLS_FIPS140_SET_STRICT_MODE(); +#endif } void -@@ -270,7 +280,13 @@ QPDF::processFile(char const* descriptio +@@ -271,7 +281,13 @@ QPDF::processFile(char const* description, FILE* filep, { FileInputSource* fi = new FileInputSource(); fi->setFile(description, filep, close_file); -+#ifdef HAVE_GNUTLS ++#ifdef USE_CRYPTO_GNUTLS + GNUTLS_FIPS140_SET_LAX_MODE(); +#endif processInputSource(fi, password); -+#ifdef HAVE_GNUTLS ++#ifdef USE_CRYPTO_GNUTLS + GNUTLS_FIPS140_SET_STRICT_MODE(); +#endif } void -diff -up qpdf-10.2.0/libqpdf/QPDF_encryption.cc.relax qpdf-10.2.0/libqpdf/QPDF_encryption.cc ---- qpdf-10.2.0/libqpdf/QPDF_encryption.cc.relax 2021-02-23 16:41:58.000000000 +0100 -+++ qpdf-10.2.0/libqpdf/QPDF_encryption.cc 2021-02-24 12:37:17.267561185 +0100 +diff --git a/libqpdf/QPDFWriter.cc b/libqpdf/QPDFWriter.cc +index 689fef7..57df1eb 100644 +--- a/libqpdf/QPDFWriter.cc ++++ b/libqpdf/QPDFWriter.cc +@@ -24,6 +24,10 @@ + #include + #include + ++#ifdef USE_CRYPTO_GNUTLS ++#include ++#endif ++ + QPDFWriter::Members::Members(QPDF& pdf) : + pdf(pdf), + filename("unspecified"), +@@ -321,6 +325,13 @@ void + QPDFWriter::setDeterministicID(bool val) + { + this->m->deterministic_id = val; ++ ++#ifdef USE_CRYPTO_GNUTLS ++ if (val) ++ GNUTLS_FIPS140_SET_LAX_MODE(); ++ else ++ GNUTLS_FIPS140_SET_STRICT_MODE(); ++#endif + } + + void +@@ -342,6 +353,13 @@ void + QPDFWriter::setPreserveEncryption(bool val) + { + this->m->preserve_encryption = val; ++ ++#ifdef USE_CRYPTO_GNUTLS ++ if (val) ++ GNUTLS_FIPS140_SET_STRICT_MODE(); ++ else ++ GNUTLS_FIPS140_SET_LAX_MODE(); ++#endif + } + + void +@@ -2301,12 +2319,23 @@ QPDFWriter::generateID() + } + } + ++#ifdef USE_CRYPTO_GNUTLS ++ unsigned oldmode = gnutls_fips140_mode_enabled(); ++ ++ gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD); ++#endif ++ + MD5 m; + m.encodeString(seed.c_str()); + MD5::Digest digest; + m.digest(digest); + result = std::string(reinterpret_cast(digest), + sizeof(MD5::Digest)); ++ ++#ifdef USE_CRYPTO_GNUTLS ++ gnutls_fips140_set_mode(static_cast(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD); ++#endif ++ + } + + // If /ID already exists, follow the spec: use the original first +diff --git a/libqpdf/QPDF_encryption.cc b/libqpdf/QPDF_encryption.cc +index 2ff48df..ce6fb31 100644 +--- a/libqpdf/QPDF_encryption.cc ++++ b/libqpdf/QPDF_encryption.cc @@ -1,6 +1,8 @@ // This file implements methods from the QPDF class that involve // encryption. @@ -56,18 +125,40 @@ diff -up qpdf-10.2.0/libqpdf/QPDF_encryption.cc.relax qpdf-10.2.0/libqpdf/QPDF_e #include #include -+#ifdef HAVE_GNUTLS ++#ifdef USE_CRYPTO_GNUTLS +# include +#endif + static unsigned char const padding_string[] = { 0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41, 0x64, 0x00, 0x4e, 0x56, 0xff, 0xfa, 0x01, 0x08, -@@ -1150,6 +1156,12 @@ QPDF::getKeyForObject( +@@ -380,10 +386,21 @@ QPDF::compute_data_key(std::string const& encryption_key, + result += "sAlT"; + } + ++#ifdef USE_CRYPTO_GNUTLS ++ unsigned oldmode = gnutls_fips140_mode_enabled(); ++ ++ gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD); ++#endif ++ + MD5 md5; + md5.encodeDataIncrementally(result.c_str(), result.length()); + MD5::Digest digest; + md5.digest(digest); ++ ++#ifdef USE_CRYPTO_GNUTLS ++ gnutls_fips140_set_mode(static_cast(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD); ++#endif ++ + return std::string(reinterpret_cast(digest), + std::min(result.length(), toS(16))); + } +@@ -1150,6 +1167,12 @@ QPDF::getKeyForObject( void QPDF::decryptString(std::string& str, int objid, int generation) { -+#ifdef HAVE_GNUTLS ++#ifdef USE_CRYPTO_GNUTLS + unsigned oldmode = gnutls_fips140_mode_enabled(); + + gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD); @@ -76,22 +167,22 @@ diff -up qpdf-10.2.0/libqpdf/QPDF_encryption.cc.relax qpdf-10.2.0/libqpdf/QPDF_e if (objid == 0) { return; -@@ -1230,6 +1242,10 @@ QPDF::decryptString(std::string& str, in +@@ -1230,6 +1253,10 @@ QPDF::decryptString(std::string& str, int objid, int generation) QUtil::int_to_string(objid) + " " + QUtil::int_to_string(generation) + ": " + e.what()); } + -+#ifdef HAVE_GNUTLS ++#ifdef USE_CRYPTO_GNUTLS + gnutls_fips140_set_mode(static_cast(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD); +#endif } void -@@ -1240,6 +1256,12 @@ QPDF::decryptStream(PointerHolder encp, QPDFObjectHandle& stream_dict, std::vector >& heap) { -+#ifdef HAVE_GNUTLS ++#ifdef USE_CRYPTO_GNUTLS + unsigned oldmode = gnutls_fips140_mode_enabled(); + + gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD); @@ -100,56 +191,14 @@ diff -up qpdf-10.2.0/libqpdf/QPDF_encryption.cc.relax qpdf-10.2.0/libqpdf/QPDF_e std::string type; if (stream_dict.getKey("/Type").isName()) { -@@ -1361,6 +1383,10 @@ QPDF::decryptStream(PointerHolder encp, toI(key.length())); } heap.push_back(pipeline); + -+#ifdef HAVE_GNUTLS ++#ifdef USE_CRYPTO_GNUTLS + gnutls_fips140_set_mode(static_cast(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD); +#endif } void -diff -up qpdf-10.2.0/libqpdf/QPDFWriter.cc.relax qpdf-10.2.0/libqpdf/QPDFWriter.cc ---- qpdf-10.2.0/libqpdf/QPDFWriter.cc.relax 2021-02-23 16:41:58.000000000 +0100 -+++ qpdf-10.2.0/libqpdf/QPDFWriter.cc 2021-02-24 12:35:50.716329452 +0100 -@@ -24,6 +24,10 @@ - #include - #include - -+#ifdef HAVE_GNUTLS -+#include -+#endif -+ - QPDFWriter::Members::Members(QPDF& pdf) : - pdf(pdf), - filename("unspecified"), -@@ -321,6 +325,13 @@ void - QPDFWriter::setDeterministicID(bool val) - { - this->m->deterministic_id = val; -+ -+#ifdef HAVE_GNUTLS -+ if (val) -+ GNUTLS_FIPS140_SET_LAX_MODE(); -+ else -+ GNUTLS_FIPS140_SET_STRICT_MODE(); -+#endif - } - - void -@@ -342,6 +353,13 @@ void - QPDFWriter::setPreserveEncryption(bool val) - { - this->m->preserve_encryption = val; -+ -+#ifdef HAVE_GNUTLS -+ if (val) -+ GNUTLS_FIPS140_SET_STRICT_MODE(); -+ else -+ GNUTLS_FIPS140_SET_LAX_MODE(); -+#endif - } - - void diff --git a/SPECS/qpdf.spec b/SPECS/qpdf.spec index 740c1f5..fefc2ed 100644 --- a/SPECS/qpdf.spec +++ b/SPECS/qpdf.spec @@ -1,7 +1,7 @@ Summary: Command-line tools and library for transforming PDF files Name: qpdf Version: 10.3.1 -Release: 4%{?dist} +Release: 6%{?dist} # MIT: e.g. libqpdf/sha2.c # upstream uses ASL 2.0 now, but he allowed other to distribute qpdf under # old license (see README) @@ -153,6 +153,12 @@ make check %changelog +* Fri Jul 15 2022 Zdenek Dohnal - 10.3.1-6 +- 2106940 - FIPS breaks pdftopdf and bannertopdf + +* Wed Jun 29 2022 Zdenek Dohnal - 10.3.1-5 +- 2095993 - Move qpdf to CRB repository + * Tue Aug 10 2021 Mohan Boddu - 10.3.1-4 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688