Page MenuHomePhabricator

Upgrade Ghostscript to 9.15 or later
Closed, ResolvedPublic

Description

Please upgrade Ghostscript to 9.15 or later, if possible. Ghostscript 9.10 (the version in trusty) that we currently use fails on some PDF files (T110821: PDF file entirely rendered as a set of blank pages). I did not check in which version this problem was fixed, but 9.15 is definitely good and could possibly be backported from vivid?

Event Timeline

matmarex raised the priority of this task from to Needs Triage.
matmarex updated the task description. (Show Details)
matmarex added a subscriber: matmarex.
555 set Security to None.
555 added a subscriber: 555.

Doable, but not without a cost. Backported packages do not receive automatic security updates. Ghostscript has had severe security vulnerabilities before, including arbitrary code execution via specially-crafted files.

Is there any way of knowing how wide-spread T110821 is? Are there ways of working around it?

No idea, but it seems to affect specific files only (never seen it before this bug report). I submitted a patch to T110821 that will at least correctly produce an error message for the thumbnail instead of a broken image, that should allow us to at least see the error in some logs or such.

I went through the bugs filed under MediaWiki-extensions-PdfHandler and found two more (seems like distinct issues) that I can't reproduce locally when using Ghostscript 9.15. I'll defer to you on judging the cost, but the newer version is clearly better.

appservers are being upgraded to Debian jessie currently (tracking task T143536), but that will mean:

9.06~dfsg-2+deb8u1

so actually before 9.10 on trusty but plus debian changes

We can't easily upgrade ghostscript (for the reasons already provided and also because is also provides a library). The next Debian release will provide 9.20.

MoritzMuehlenhoff claimed this task.

Closing this old bug, we're now using ghostscript 9.26 everywhere. If there's any specific other Ghostscript-related issue, please open a new task.