security/pdfrip: Update to 3.0.0HEADmain

Changes since 2.0.1:

PDFRip v3.0.0 is a trust/performance/compatibility release focused on
making
pdfrip more correct, measurable, and useful on real password-cracking
workloads.

Highlights

Prepared verifier hot path

  * Password attempts no longer rebuild general PDF parsing/storage
    state on
    every try
  * The release extracts the security envelope once, prepares a direct
    verifier
    once, and reuses it across attempts
  * Verified against deterministic qpdf fixtures for Standard Security
    Handler
    revisions R2 through R6

Better compatibility coverage

The fixture and verifier matrix now covers:
  * R2 / R3 / R4 RC4
  * R4 AES-128
  * R5 / R6 AES-256
  * Unicode R5 / R6 passwords
  * Blank user passwords
  * Object streams and xref streams
  * Linearized PDFs
  * EncryptMetadata=false

Exact progress and resume

  * Progress is now based on verified attempts, not merely queued work
  * Historical "100%, ETA 0s, but still running" behavior is fixed
  * Checkpoint/resume is now a first-class workflow with exact
    verified-prefix
    recovery

New and improved search workflows

  * New mask mode for bounded structured passwords
  * New contains-word mode for "known substring + brute-force the rest"
    workflows
  * Date --format now supports custom shapes
  * Custom-query now supports literal-only queries and fixes bugs
  * Numeric ranges are inclusive and sized exactly
  * Default-query now enumerates printable ASCII correctly and can test
    blank
    passwords

Better UX and reporting

  * Success output distinguishes user vs owner passwords when revision
    allows
    it
  * Blank passwords render explicitly as ""
  * Structured JSON output available with --json
  * Malformed inputs return normal user-facing errors instead of panics
  * Documentation matches measured reality and current workflows

New opt-in fast mode

  * --user-password-only skips owner-password checks for
    document-opening
    password workflows
  * Can reduce end-to-end time on R5/R6 workloads

Measured improvements

  Representative local measurements on Apple M3 Pro showed:
  * Synthetic R5 prepared verifier: 15.5x lower latency than legacy path
  * Large bundled R3 example: 4.5x lower latency
  * 10,000-candidate mask exhaustion: 3.4x faster at 4 workers vs 1
    worker
  * User-password-only speedups: 1.31x-2.77x faster depending on
    revision

Build and release hardening

  * Exact dependency pinning for sensitive direct crates
  * Tracked Cargo.lock with --locked CI/release flows
  * CI coverage on Linux/macOS/Windows for stable + nightly
  * Cargo install smoke testing
  * Benchmark-harness build coverage
  * PDF fixtures marked binary-safe across platforms

0 files changed, 0 insertions, 0 deletions