jenkins-bot has submitted this change and it was merged. Change subject: SECURITY: Add -dSAFER to ghostscript as a hardening measure ......................................................................
SECURITY: Add -dSAFER to ghostscript as a hardening measure -dSAFER disables certain scary features of ghostscript (like arbitrary file access). Its primarily about postscript security, but enable it for pdfs to be safe. Bug: T136402 Change-Id: I0ab37ddb5d134334e975bc07d3b9ba7bfc7a5659 --- M PdfHandler_body.php 1 file changed, 1 insertion(+), 0 deletions(-) Approvals: Chad: Looks good to me, approved jenkins-bot: Verified diff --git a/PdfHandler_body.php b/PdfHandler_body.php index 36a52dd..dae9820 100644 --- a/PdfHandler_body.php +++ b/PdfHandler_body.php @@ -201,6 +201,7 @@ "-sOutputFile=-", "-dFirstPage={$page}", "-dLastPage={$page}", + "-dSAFER", "-r{$wgPdfHandlerDpi}", "-dBATCH", "-dNOPAUSE", -- To view, visit https://gerrit.wikimedia.org/r/306144 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I0ab37ddb5d134334e975bc07d3b9ba7bfc7a5659 Gerrit-PatchSet: 2 Gerrit-Project: mediawiki/extensions/PdfHandler Gerrit-Branch: REL1_27 Gerrit-Owner: Chad <ch...@wikimedia.org> Gerrit-Reviewer: Brian Wolff <bawolff...@gmail.com> Gerrit-Reviewer: Chad <ch...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits