Page MenuHomePhabricator
Create Task
Maniphest T260285

Use ImageMagick for XCF rendering instead of xcftools
Closed, ResolvedPublic
Actions

Description

Thumbor depends on the xcf2png utility from https://github.com/j-jorge/xcftools to convert XCF files to PNG files during thumbnailing. That library is largely unmaintained. It is based on a version of the spec from 2006, and received limited updates when it was forked in 2013 to make it compatible with GIMP 2.8. Updates since then have been maintenance only. The project also has two active unfixed vulnerabilities, CVE-2019-5086 (CVSS 7.5) and CVE-2019-5087 (CVSS 8.8).

ImageMagick is already used by thumbor, so dropping xcftools won't add a new dependency. ImageMagick's XCF support is also lacking, but it does at least partially support GIMP 2.10 files in ImageMagick 7.

Details

SubjectRepoBranchLines +/-
thumbor: move xcf support to imagemagickoperations/deployment-chartsmaster+3 -5
engine: Remove custom XCF handler in favor of ImageMagickoperations/software/thumbor-pluginsmaster+7 -49
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT35245 Incorrect text positioning/kerning in SVG rendering (text/tspan x/y, dx/dy attribute; upstream)
 OpenNoneT97233 Incorrect text positioning in SVG with tspan element and text-anchor attribute
 StalledNoneT200443 SVG text-anchor=end confused by tspan with following #text
 StalledNoneT43425 rsvg does not support the font shorthand style property
 StalledNoneT43423 CSS child selector not supported by rsvg
 StalledNoneT43422 rsvg cannot handle classes/ids with cyrillic alphabet when styling
 StalledNoneT7792 rsvg does not render baseline-shift correctly (<percentage> and <length>)
 OpenFeatureNoneT106240 Colorable SVG
 StalledBUG REPORTNoneT271663 Offer to invert text-anchor for RTL languages
 StalledBUG REPORTNoneT316962 librsvg filter using FillPaint referencing a gradient fill does not work.
 StalledNoneT65236 Han characters in SVG files misplaced and clustered
 DuplicateBUG REPORTNoneT336894 librsvg 2.44.10 causes a regression: <text> with text-anchor="middle" and multiple <tspan>s is misaligned
 OpenNoneT64986 librsvg does not support fallback font set (more than one font family)
 StalledBUG REPORTNoneT294843 BackgroundImage filter antialiasing pixel artifacts
 OpenNoneT265549 Update librsvg to > 2.44.10
 OpenNoneT43371 Thumbnail/imagescaler (tracking)
 OpenNoneT196054 Preview/thumbnails for XCF files (XCF file version 11, written by GIMP 2.10) cannot be generated by ImageMagick
 OpenNoneT355020 Upgrade Thumbor to Debian Bookworm
 OpenNoneT336881 [XL] Upgrade Thumbor to bullseye
 ResolvedAntiCompositeNumberT260285 Use ImageMagick for XCF rendering instead of xcftools

Event Timeline

AntiCompositeNumber created this task.Aug 12 2020, 8:41 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 12 2020, 8:41 PM
AntiCompositeNumber added a parent task: T196054: Preview/thumbnails for XCF files (XCF file version 11, written by GIMP 2.10) cannot be generated by ImageMagick.Aug 12 2020, 8:41 PM
AntiCompositeNumber mentioned this in T260286: Deprecate xcf files.Aug 12 2020, 8:50 PM
AntiCompositeNumber updated the task description. (Show Details)Aug 12 2020, 9:53 PM
AntiCompositeNumber added a comment.Aug 12 2020, 9:59 PM

Debian is only packagaing ImageMagick 6 right now, which has only GIMP 2.8 support. The two should still be roughly equivalent.

gerritbot added a comment.Aug 12 2020, 10:20 PM

Change 619864 had a related patch set uploaded (by AntiCompositeNumber; owner: AntiCompositeNumber):
[operations/software/thumbor-plugins@master] engine: Remove custom XCF handler in favor of ImageMagick

https://gerrit.wikimedia.org/r/619864

gerritbot added a project: Patch-For-Review.Aug 12 2020, 10:20 PM
AntiCompositeNumber moved this task from Backlog to Format support on the Thumbor board.Aug 13 2020, 4:36 AM
Pppery edited projects, added Patch-Needs-Improvement; removed Patch-For-Review.Mar 30 2023, 12:15 AM
AntiCompositeNumber added a parent task: T336881: [XL] Upgrade Thumbor to bullseye.May 17 2023, 5:41 PM
AntiCompositeNumber mentioned this in T336881: [XL] Upgrade Thumbor to bullseye.
hnowlan subscribed.May 17 2023, 5:42 PM
Ladsgroup subscribed.May 17 2023, 6:23 PM
gerritbot added a comment.May 18 2023, 2:20 PM

Change 921053 had a related patch set uploaded (by Hnowlan; author: Hnowlan):

[operations/deployment-charts@master] thumbor: move xcf support to imagemagick

https://gerrit.wikimedia.org/r/921053

gerritbot added a project: Patch-For-Review.May 18 2023, 2:20 PM
Restricted Application removed a project: Patch-Needs-Improvement. · View Herald TranscriptMay 18 2023, 2:20 PM
hnowlan added a comment.May 18 2023, 4:23 PM

The above patch seems ready to go imo, tests pass.

hnowlan added a comment.May 19 2023, 5:11 PM

I am happy to merge and deploy this next week if you're okay with it @AntiCompositeNumber

AntiCompositeNumber added a comment.May 19 2023, 11:33 PM

I have no objections, though I have not tested this patch since I submitted it. I will note that there is only one XCF test case in the Thumbor integration tests. However, because of the limitations of both the xcftools and imagemagick implementations, I'd say our support for the format is already minimal, so any changes are low-risk.

My preferred solution remains T260286: Deprecate xcf files but it seems unlikely to gain consensus. This should do fine for now.

gerritbot added a comment.May 26 2023, 4:16 PM

Change 619864 merged by jenkins-bot:

[operations/software/thumbor-plugins@master] engine: Remove custom XCF handler in favor of ImageMagick

https://gerrit.wikimedia.org/r/619864

gerritbot added a comment.May 29 2023, 3:10 PM

Change 921053 merged by jenkins-bot:

[operations/deployment-charts@master] thumbor: move xcf support to imagemagick

https://gerrit.wikimedia.org/r/921053

AntiCompositeNumber closed this task as Resolved.Jun 13 2023, 2:50 AM
AntiCompositeNumber claimed this task.
Volker_E removed a project: Patch-For-Review.Jun 13 2023, 9:47 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL