Changes for version 0.02 - 2026-04-02
- Fixed: PDFArray() and similar calls now use explicit parentheses to avoid parser ambiguity when imported at compile time
- Fixed: PDF backend detection moved to BEGIN block with warn instead of die, allowing modules that do not require PDF::API2 or PDF::Builder to load PDF::Sign without fatal error
- Fixed: functions requiring PDF backend (prepare_file, sign_file, prepare_ts, ts_file) replaced by informative stubs when no PDF backend is available, deferred error to call time
- Fixed: Makefile.PL now exits with status 0 (NA report) when neither PDF::API2 nor PDF::Builder is installed, avoiding spurious FAIL reports on CPAN Testers (RT#174516)
- Fixed: test suite skips gracefully when PDF backend or openssl is unavailable, producing SKIP instead of FAIL (RT#174516)
- Fixed: openssl.cnf referenced via __FILE__-relative path in test files for consistent behavior regardless of invocation dir
- Fixed: PDF backend detection in tests uses BEGIN block to anticipate compile-time loading of PDF::Sign
- Fixed: duplicate comment block in verify_signatures removed
- Fixed: verify_signatures temp file path separator normalized to forward slash for cross-platform consistency
- Known limitation: ts_query uses shell form (not list form) to suppress openssl "Using configuration from..." stderr noise when used in CGI/Apache context; shell injection risk is accepted and documented (input is caller-controlled tmpdir path)
- Fixed: ts_query sanitizes path arguments (strip double quotes) to mitigate shell injection risk in shell form invocation
- Thanks to SREZIC for reporting and suggestions (RT#174516)
Modules
Sign PDF files with CMS/CAdES signatures and RFC3161 timestamps