Page MenuHomePhabricator
Create Task
Maniphest T218828

Commons SVG Checker has differences between Wikimedia rendering and Toolforge rendering
Closed, ResolvedPublicBUG REPORT
Actions

Description

TilmannR produced a sample, which looks completely different on Wikimedia Commons and on Commons SVG Checker.

Wikimedia servers have been updated to librsvg 2.40.20 ( T68672#5110845 )
https://commons.wikimedia.org/wiki/File:Identify_renderer.svg

300px-Identify_renderer.svg.png (30×300 px, 1 KB)

Rillke's tool (Toolforge Debian Stretch also runs 2.40.16)
https://commons.wikimedia.org/wiki/Commons:Commons_SVG_Checker?withJS=MediaWiki:CommonsSvgChecker.js&checkSVG=File%3AIdentify_renderer.svg

index.png (30×300 px, 2 KB)

The Same issue ocours with Jarry1250's tool (rsvg-convert version 2.40.16)
https://tools.wmflabs.org/svgcheck/index.php

identify_renderer.png (30×300 px, 2 KB)

Steps to Reproduce:
Open https://commons.wikimedia.org/wiki/File:Identify_renderer.svg and compare it to https://commons.wikimedia.org/wiki/Commons:Commons_SVG_Checker?withJS=MediaWiki:CommonsSvgChecker.js&checkSVG=File%3AIdentify_renderer.svg

Maybe it would be better if servers and toolforge have the same librsvg-version: T151656#5068826

Related Objects

Event Timeline

JoKalliauer created this task.Mar 20 2019, 10:15 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 20 2019, 10:15 PM
Krenair added a project: Tools.Mar 21 2019, 1:34 AM
TilmannR added a comment.Mar 21 2019, 10:14 AM

A more straightforward example is https://commons.wikimedia.org/wiki/File:SVG_edge_case_-_zero_scale_gradient.svg
It's a divide-by-zero type of situation, in which the SVG Checker stops rendering and WikiMedia's renderer falls back to a default.

TilmannR updated the task description. (Show Details)Mar 21 2019, 10:16 AM
Aklapper renamed this task from Differences between Wikimedia rendering and Toolforge rendering to Commons SVG Checker has differences between Wikimedia rendering and Toolforge rendering.Mar 21 2019, 10:31 AM
Jarry1250 mentioned this in T151656: Install librsvg 2.40.20 on Jessie for K8s webservice.Mar 29 2019, 9:26 AM
Jarry1250 added a comment.EditedMar 29 2019, 9:29 AM

Thanks for reporting.

Wikimedia servers have been updated to librsvg 2.40.16

Per T170810 I think production is actually on 2.40.18.

According to the change log, 2.40.18 fixed CVE-2017-11464 ("A SIGFPE is raised in the function box_blur_line... because of incorrect protection against division by zero."). I don't have different versions of rsvg available to test, but I imagine that it's the difference between 2.40.16 (Toolforge) and 2.40.18 (production) that is therefore causing the issue.

I am not sure whether the easiest fix is for 2.40.18 to be installed on Kubernetes (T151656) or on Stretch (no task filed).

JoKalliauer updated the task description. (Show Details)Apr 15 2019, 4:00 PM
Perhelion subscribed.Oct 15 2019, 11:20 PM
JoKalliauer mentioned this in T280722: Commons SVG Checker has different fonts than Wikimedia rendering.Apr 20 2021, 6:42 PM
Dzahn mentioned this in T280721: Font availability changes between files.Apr 20 2021, 7:46 PM
Dzahn mentioned this in T210960: installed fonts fallback to DejaVu Sans.
Dzahn subscribed.Apr 20 2021, 8:02 PM
In T218828#5068833, @Jarry1250 wrote:

Thanks for reporting.

Wikimedia servers have been updated to librsvg 2.40.16

Per T170810 I think production is actually on 2.40.18.

The "librsvg2-2" binary package versions are nowadays:

2.40.16-1+b1 5 , 2.40.21-0+deb9u1 2155 , 2.44.10-2.1 580

that is 5 servers on the first version, 2155 on the second and 580 on the third

JoKalliauer added a comment.EditedMay 14 2021, 10:21 AM

The image looks identical since a while.

In T218828#7022133, @Dzahn wrote:

The "librsvg2-2" binary package versions are nowadays:

2.40.16-1+b1 5 , 2.40.21-0+deb9u1 2155 , 2.44.10-2.1 580

that is 5 servers on the first version, 2155 on the second and 580 on the third

It reminds me on a discussion where different users saw different rendering-results. A not reproducible result is imho much worse than a reproducible bug.

@Dzahn

JoKalliauer mentioned this in T276684: direct clone of a element not displayed.May 14 2021, 10:33 AM
Dzahn added a comment.May 14 2021, 7:33 PM

@JoKalliauer To check the production APT repo check out https://apt.wikimedia.org/wikimedia/

So far I know nothing about apt-browser.toolforge.org and its relation to that.

When I reported the versions above it related only to production.

Yes, I think that's what it means. Toolforge and production are separated almost entirely.

Dzahn added a comment.May 14 2021, 7:39 PM

@JoKalliauer Here is info from one of the _production_ thumbor servers, thumbor2003.codfw.wmnet:

[thumbor2003:~] $ lsb_release -c
Codename:	stretch


[thumbor2003:~] $ dpkg -l | grep svg
ii  librsvg2-2:amd64                      2.40.21-0+deb9u1                       amd64        SAX-based renderer library for SVG files (runtime)
ii  librsvg2-bin                          2.40.21-0+deb9u1                       amd64        command-line and graphical viewers for SVG files
ii  librsvg2-common:amd64                 2.40.21-0+deb9u1                       amd64        SAX-based renderer library for SVG files (extra runtime)
[thumbor2003:~] $ apt-cache policy librsvg2-bin
librsvg2-bin:
  Installed: 2.40.21-0+deb9u1
  Candidate: 2.40.21-0+deb9u1
  Version table:
 *** 2.40.21-0+deb9u1 500
        500 http://security.debian.org/debian-security stretch/updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2.40.16-1+b1 500
        500 http://mirrors.wikimedia.org/debian stretch/main amd64 Packages
Dzahn added a comment.EditedMay 14 2021, 7:41 PM

https://mirrors.wikimedia.org/debian/dists/stretch/main/binary-amd64/

https://mirrors.wikimedia.org/debian/pool/main/libr/librsvg/

@JoKalliauer

thumbor* and mwmaint* servers in production have: 2.40.21-0+deb9u1

regular mediawiki appservers and all other servers production have: 2.44.10-2.1

What toolforge has please check with wmcs or with your own user.

taavi subscribed.May 14 2021, 7:54 PM

Toolforge likely has several different versions running on different hosts, but the specific container that svgcheck.toolforge.org is currently running in looks like this:

[taavi@tools-sgebastion-08 ~] $ kubectl exec -it -n tool-svgcheck svgcheck-69fc5956dd-p7h7t --as admin --as-group system:masters -- /bin/bash
tools.svgcheck@svgcheck-69fc5956dd-p7h7t:~$ apt-cache policy librsvg2-bin
librsvg2-bin:
  Installed: 2.40.21-0+deb9u1
  Candidate: 2.40.21-0+deb9u1
  Version table:
 *** 2.40.21-0+deb9u1 100
        100 /var/lib/dpkg/status
tools.svgcheck@svgcheck-69fc5956dd-p7h7t:~$ dpkg -l | grep svg
ii  librsvg2-2:amd64              2.40.21-0+deb9u1                                            amd64        SAX-based renderer library for SVG files (runtime)
ii  librsvg2-bin                  2.40.21-0+deb9u1                                            amd64        command-line and graphical viewers for SVG files
ii  librsvg2-common:amd64         2.40.21-0+deb9u1                                            amd64        SAX-based renderer library for SVG files (extra runtime)
JoKalliauer added a comment.May 14 2021, 9:01 PM

So I think this issue can be closed as resolved?

Dzahn added a comment.May 15 2021, 12:44 AM

You are the author, so I think if you are satisfied with the explanation, then yes it can be closed.

JoKalliauer closed this task as Resolved.May 15 2021, 6:11 PM
JoKalliauer claimed this task.
In T218828#7089636, @Dzahn wrote:

You are the author, so I think if you are satisfied with the explanation, then yes it can be closed.

Currently the reported issue is resolved (imho by accident), but there is no decision/intention of keeping them "in sync" or not. I would reopen the issue if they differ again.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL