Changes - metacpan.org

Revision history for PDF-Sign

0.07  2026-4-08
    - Fixed TARFLAGS --format=ustar to avoid PAX headers (CPANTS kwalitee)
    - POD moved back inline into Sign.pm (MetaCPAN indexing)
    - Separate license file
    - OpenSSL 4.x forward compatibility (prevent silent smime regression)
    - Cosmetic fixes

0.06  2026-04-07
    - Fixed: Documentation typo corrections
    - If signature exceeds reserved space, PDF is returned unchanged with a
      warning instead of producing a corrupted document.
    - Fixed regression in PDF date string timezone offset: minutes were not
      wrapped in single quotes as required by PDF Reference 1.7 (Adobe,
      section 3.8.3) - date format D:YYYYMMDDHHmmSS+HH'mm'
    - Added test for PDF date format compliance regex verifies /M field format
      D:YYYYMMDDHHmmSS+HH'mm' including PDF string delimiters

0.05  2026-04-06
    - Fixed: regression to allow Mswin32 paths in ts_query

0.04  2026-04-06
    - Fixed: Calculation of Time Zone Offset for systems without %z
      (timegm-based: correct DST handling for all timezones,
      replaces the previous CET/CEST-only approach)
    - Pod separated from code
    - Checked Compatibility with deps to Perl 5.10+ 
    - Fixed: strips non path chars from args of ts_query

0.03  2026-04-04
    - Fixed: VERSION in POD corrected to 0.03
    - Fixed: replaced UTF-8 em-dash with ASCII hyphen-minus in POD
    - Fixed: README removed stale dependency on Crypt::OpenSSL::X509
      (removed in 0.01, never published)
    - Fixed: README removed TEST_CERT_PEM/TEST_KEY_PEM instructions,
      test suite now generates self-signed certificates automatically
    - Fixed: verify_signatures ByteRange matching rewritten to use
      Contents fingerprint instead of field order (fixes CMS/TSA swap)
    - Fixed: verify_signatures CMS verification compatible with
      OpenSSL 1.1.1 (CAfile extraction from embedded certificate)
    - Known: TSA verification via openssl ts -verify requires a full
      CA bundle; pass ca_bundle argument or ensure system CA store
      is available. Acrobat Reader performs full PAdES validation.
    - Known: TSA verification not available with LibreSSL (no ts -verify)
    - Known: CMS verification not available with LibreSSL (no cms command)

0.02  2026-04-02
    - Fixed: PDFArray() and similar calls now use explicit parentheses
      to avoid parser ambiguity when imported at compile time
    - Fixed: PDF backend detection moved to BEGIN block with warn instead
      of die, allowing modules that do not require PDF::API2 or
      PDF::Builder to load PDF::Sign without fatal error
    - Fixed: functions requiring PDF backend (prepare_file, sign_file,
      prepare_ts, ts_file) replaced by informative stubs when no PDF
      backend is available, deferred error to call time
    - Fixed: Makefile.PL now exits with status 0 (NA report) when
      neither PDF::API2 nor PDF::Builder is installed, avoiding
      spurious FAIL reports on CPAN Testers (RT#174516)
    - Fixed: test suite skips gracefully when PDF backend or openssl
      is unavailable, producing SKIP instead of FAIL (RT#174516)
    - Fixed: openssl.cnf referenced via __FILE__-relative path in
      test files for consistent behavior regardless of invocation dir
    - Fixed: PDF backend detection in tests uses BEGIN block to
      anticipate compile-time loading of PDF::Sign
    - Fixed: duplicate comment block in verify_signatures removed
    - Fixed: verify_signatures temp file path separator normalized
      to forward slash for cross-platform consistency
    - Known limitation: ts_query uses shell form (not list form) to
      suppress openssl "Using configuration from..." stderr noise
      when used in CGI/Apache context; shell injection risk is
      accepted and documented (input is caller-controlled tmpdir path)
    - Fixed: ts_query sanitizes path arguments (strip double quotes)
      to mitigate shell injection risk in shell form invocation
    - Thanks to SREZIC for reporting and suggestions (RT#174516)
 
0.01  2026-03-29
    - Initial CPAN release
    - prepare_file, sign_file: CMS/CAdES signature support
    - prepare_ts, ts_file: RFC3161 DocTimeStamp support
    - cms_sign: openssl cms via open() list form (no shell injection)
    - ts_query: openssl ts via open() list form
    - tsa_fetch: curl with LWP::UserAgent fallback
    - OpenSSL 1.x / 3.x compatibility (-cades, ETSI.CAdES.detached)
    - PDF::API2 or PDF::Builder backend autodetection
    - Cross-platform timezone handling (Linux / Windows)
    - Process-safe temp files (PID in filename)
    - PDF32000-2008 12.8.1 compliant ByteRange implementation
	Global
`s`	Focus search bar
`?`	Bring up this help dialog
	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)
	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse
Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)
Keyboard Shortcuts
