Version in base suite: 11.3.0-1

Base version: qpdf_11.3.0-1
Target version: qpdf_11.3.0-1+deb12u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/q/qpdf/qpdf_11.3.0-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/q/qpdf/qpdf_11.3.0-1+deb12u1.dsc

 changelog                  |   13 +++++++++++++
 patches/series             |    1 +
 patches/tokenizer-1ecc6bb2 |   34 ++++++++++++++++++++++++++++++++++
 3 files changed, 48 insertions(+)

diff -Nru qpdf-11.3.0/debian/changelog qpdf-11.3.0/debian/changelog
--- qpdf-11.3.0/debian/changelog	2023-02-25 22:24:01.000000000 +0000
+++ qpdf-11.3.0/debian/changelog	2023-10-18 10:58:22.000000000 +0000
@@ -1,3 +1,16 @@
+qpdf (11.3.0-1+deb12u1) bookworm; urgency=medium
+
+  * Fix data loss bug introduced in 11.0.0 and fixed in 11.6.3. The bug
+    causes the qpdf tokenizer to discard the character after a one-digit
+    or two-digit quoted octal string. Most writers don't create these, and
+    they are rare outside of content streams. By default, qpdf doesn't
+    parse content streams. The most common place for this to occur would
+    be in a document's /ID string, but in the worst case, this bug could
+    cause silent damage to some strings in a PDF file's metadata, such as
+    bookmark names or form field values. (Closes: #1054158)
+
+ -- Jay Berkenbilt <qjb@debian.org>  Wed, 18 Oct 2023 06:58:22 -0400
+
 qpdf (11.3.0-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru qpdf-11.3.0/debian/patches/series qpdf-11.3.0/debian/patches/series
--- qpdf-11.3.0/debian/patches/series	2023-02-25 22:24:01.000000000 +0000
+++ qpdf-11.3.0/debian/patches/series	2023-10-18 10:58:22.000000000 +0000
@@ -0,0 +1 @@
+tokenizer-1ecc6bb2 -p1
diff -Nru qpdf-11.3.0/debian/patches/tokenizer-1ecc6bb2 qpdf-11.3.0/debian/patches/tokenizer-1ecc6bb2
--- qpdf-11.3.0/debian/patches/tokenizer-1ecc6bb2	1970-01-01 00:00:00.000000000 +0000
+++ qpdf-11.3.0/debian/patches/tokenizer-1ecc6bb2	2023-10-18 10:58:22.000000000 +0000
@@ -0,0 +1,34 @@
+Description: data loss in qpdf lexical layer
+ This was fixed upstream in 11.6.3.
+Author: Jay Berkenbilt <ejb@ql.org>
+Bug: https://github.com/qpdf/qpdf/issues/1050
+Bug-Debian: http://bugs.debian.org/1054158
+
+--- a/libqpdf/QPDFTokenizer.cc.orig	2023-10-17 07:19:31.829119946 -0400
++++ a/libqpdf/QPDFTokenizer.cc	2023-10-17 07:20:55.689510562 -0400
+@@ -739,17 +739,22 @@
+ void
+ QPDFTokenizer::inCharCode(char ch)
+ {
++    bool handled = false;
+     if (('0' <= ch) && (ch <= '7')) {
+         this->char_code = 8 * this->char_code + (int(ch) - int('0'));
+         if (++(this->digit_count) < 3) {
+             return;
+         }
+-        // We've accumulated \ddd.  PDF Spec says to ignore
+-        // high-order overflow.
++        handled = true;
+     }
++    // We've accumulated \ddd or we have \d or \dd followed by other
++    // than an octal digit. The PDF Spec says to ignore high-order
++    // overflow.
+     this->val += char(this->char_code % 256);
+     this->state = st_in_string;
+-    return;
++    if (!handled) {
++        inString(ch);
++    }
+ }
+ 
+ void