Page MenuHomePhabricator

Upgrade poppler-utils to at least 0.20
Closed, DuplicatePublic

Description

Author: bawolff@gmail.com

Description:

We use pdfinfo command (part of poppler-utils) to find dimensions of pdf files.
Versions before 0.20 don't report rotated pages properly. Result is stretched
out images, like [[File:GA20891.pdf]]


Bugzilla Ticket: 55624 => T57624: Upgrade poppler-utils to at least 1.20

Details

Reference
rt6016

Event Timeline

rtimport raised the priority of this task from to Normal.
rtimport set Reference to rt6016.

Cc aklapper added by aklapper

On Sun Oct 20 17:47:15 2013, <bawolff at gmail> Unfortunately no docs on
the PP setup so upgrading whole distro in place would be a game of luck.

Status changed from 'new' to 'open' by RT_System

<bawolff at gmail> wrote:

On Mon Oct 21 23:33:00 2013, dzahn wrote:

On Sun Oct 20 17:47:15 2013, <bawolff at gmail>

On Tue Oct 22 00:15:04 2013, <bawolff at gmail>

Subject changed from 'Upgrade poppler-utils to at least 1.20' to 'Upgrade poppler-utils to at least 0.20' by dzahn

<bawolff at gmail> wrote:

On 2013-10-21 11:51 PM, "Daniel Zahn via RT" <ops-requests at wikimedia>
wrote:

On Tue Oct 22 00:15:04 2013, <bawolff at gmail>

Yes that should work.
-bawolff

On Sun, Oct 20, 2013 at 05:47:15PM +0000, Brian Wolff via RT wrote:

We use pdfinfo command (part of poppler-utils) to find dimensions of
pdf files. Versions before 0.20 don't report rotated pages properly.
Result is stretched out images, like [[File:GA20891.pdf]]

So, I gave this a try.
Backporting poppler 0.24 from saucy/trusty is almost impossible, due to
a variety of complex build dependencies that would also need to be
backported (at least Qt4 & Qt5 -- not fun at all).
Backport poppler 0.20 from Quantal seems a lot easier, however Quantal
is only going to get security support until April 2014, i.e. trusty's
release date, and it's unlikely we'll be able to move application
servers from precise to trusty that soon at exactly the release date.
poppler is a software package that gets CVEs often for vulnerabilities
that are relatively easy to exploit (someone uploading a malicious PDF)
and would be high impact (appservers). I feel very reluctant to maintain
it on our own in general, even more so an older version that noone
supports or some frankenstein backport of 0.20/0.24. It's not
impossible, but it's certainly unpleasant.
Have you identified the patch that fixes the issue at hand? Maybe we
could backport this specifically to precise's 0.18 as a stopgap until we
move to trusty, sometime next year?
Regards,
Faidon

<bawolff at gmail> wrote:

As far as I can tell, the commit in question is: a0db250bbde (
http://cgit.freedesktop.org/poppler/poppler/commit/utils/pdfinfo.cc?id=a0db250bbdefff6361551cf9db344bd5268fea11
).
The bug itself in poppler bug tracker says 0.20, however while looking
for the commit number, I noticed the NEWS file said 0.19
--bawolff
--
- Brian
Caution: The mass of this product contains the energy equivalent of 85
million tons of TNT per net ounce of weight.
On Wed, Oct 30, 2013 at 11:51 AM, Faidon Liambotis via RT
<ops-requests at wikimedia> as a stopgap until we

move to trusty, sometime next year?

Regards,
Faidon

On Thu Nov 07 16:53:15 2013, <bawolff at gmail> so that should fix it too
thanks,
filippo

<bawolff at gmail> wrote:

The bug itself in poppler bug tracker says 0.20, however while looking
for the commit number, I noticed the NEWS file said 0.19

hey Brian,
is this bug still current? we are migrating to trusty which ships with
poppler-utils 0.24.1-0ubuntu1 so that should fix it too

thanks,
filippo

Hi.
The issue still appears to be present on Wikimedia sites. Let me know
when you guys finish the migration and I'll retest.
For reference, issue should be testable by:
*Going to https://commons.wikimedia.org/wiki/File:GA20891.pdf?action=purge
(Purge to get rid of cached dimensions)
*Checking what the reported dimensions are. Correct dimensions should
be 2,481 × 1,754 . Currently it reports dimensions of 1,754 × 2,481.
Thanks,
Brian

Stalled pending migration.

Status changed from 'open' to 'stalled' by springle

fgiunchedi closed this task as Resolved.Dec 24 2014, 2:25 PM
fgiunchedi claimed this task.

hhvm/trusty migration has happened, thus

mw1040:~$ dpkg -l poppler-utils
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                                   Version                  Architecture             Description
+++-======================================-========================-========================-=================================================================================
ii  poppler-utils                          0.24.5-2ubuntu4.1        amd64                    PDF utilities (based on Poppler)

now e.g. https://commons.wikimedia.org/wiki/File:GA20891.pdf?action=purge reports the right dimentions, resolving

fgiunchedi changed the visibility from "WMF-NDA (Project)" to "Public (No Login Required)".Dec 24 2014, 2:26 PM
fgiunchedi set Security to None.