Page MenuHomePhabricator

Upgrade Ghostscript to 9.15 or later
Closed, ResolvedPublic

Description

Please upgrade Ghostscript to 9.15 or later, if possible. Ghostscript 9.10 (the version in trusty) that we currently use fails on some PDF files (T110821: PDF file entirely rendered as a set of blank pages). I did not check in which version this problem was fixed, but 9.15 is definitely good and could possibly be backported from vivid?

Event Timeline

matmarex created this task.Aug 30 2015, 9:14 PM
matmarex raised the priority of this task from to Needs Triage.
matmarex updated the task description. (Show Details)
matmarex added a subscriber: matmarex.
Restricted Application added subscribers: Matanya, Aklapper. · View Herald TranscriptAug 30 2015, 9:14 PM
555 set Security to None.
555 added a subscriber: 555.
ori added a subscriber: ori.EditedAug 30 2015, 9:30 PM

Doable, but not without a cost. Backported packages do not receive automatic security updates. Ghostscript has had severe security vulnerabilities before, including arbitrary code execution via specially-crafted files.

Is there any way of knowing how wide-spread T110821 is? Are there ways of working around it?

No idea, but it seems to affect specific files only (never seen it before this bug report). I submitted a patch to T110821 that will at least correctly produce an error message for the thumbnail instead of a broken image, that should allow us to at least see the error in some logs or such.

I went through the bugs filed under MediaWiki-extensions-PdfHandler and found two more (seems like distinct issues) that I can't reproduce locally when using Ghostscript 9.15. I'll defer to you on judging the cost, but the newer version is clearly better.

Jdforrester-WMF triaged this task as Low priority.Sep 4 2015, 6:55 PM
Jdforrester-WMF moved this task from Untriaged to Backlog on the Multimedia board.Sep 4 2015, 6:58 PM
Dzahn added a subscriber: Dzahn.Sep 20 2016, 12:57 AM

appservers are being upgraded to Debian jessie currently (tracking task T143536), but that will mean:

9.06~dfsg-2+deb8u1

so actually before 9.10 on trusty but plus debian changes

We can't easily upgrade ghostscript (for the reasons already provided and also because is also provides a library). The next Debian release will provide 9.20.

MoritzMuehlenhoff closed this task as Resolved.Feb 12 2019, 11:34 AM
MoritzMuehlenhoff claimed this task.

Closing this old bug, we're now using ghostscript 9.26 everywhere. If there's any specific other Ghostscript-related issue, please open a new task.