[Desktop-packages] [Bug 1806517] Re: Ghostscript segmentation fault onb PDF using -dFirstPage and -dLastPage
I can confirm this problem on Ubuntu 16.04 and ghostscript 9.26~dfsg+0-0ubuntu0.16.04.1: $ gs --version 9.26 $ convert "confidential.pdf[0]" confidential.png convert: FailedToExecuteCommand `"gs" -q -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=5 -dAlignToPixels=0 -dGridFitTT=2 "-sDEVICE=pngalpha" -dTextAlphaBits=4 -dGraphicsAlphaBits=4 "-r72x72" -dFirstPage=1 -dLastPage=1 "-sOutputFile=/tmp/magick-12412a591aAW0c1rp%d" "-f/tmp/magick-12412pbD9WU9tgyvz" "-f/tmp/magick-12412_OoIhBmXubzJ"' (-1) @ error/delegate.c/ExternalDelegateCommand/461. convert: no images defined `confidential.png' @ error/convert.c/ConvertImageCommand/3210. The problem doesn't happen with ghostscript 9.25~dfsg+1-0ubuntu0.16.04.3: $ dpkg --install libgs9_9.25~dfsg+1-0ubuntu0.16.04.3_amd64.deb libgs9-common_9.25~dfsg+1-0ubuntu0.16.04.3_all.deb ghostscript_9.25~dfsg+1-0ubuntu0.16.04.3_amd64.deb ghostscript-x_9.25~dfsg+1-0ubuntu0.16.04.3_amd64.deb $ gs --version 9.25 $ convert "confidential.pdf[0]" confidential.png $ identify confidential.png confidential.png PNG 595x842 595x842+0+0 8-bit sRGB 22.5KB 0.000u 0:00.000 Not every PDF is affected by this problem. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to ghostscript in Ubuntu. https://bugs.launchpad.net/bugs/1806517 Title: Ghostscript segmentation fault onb PDF using -dFirstPage and -dLastPage Status in GS-GPL: New Status in ghostscript package in Ubuntu: Confirmed Bug description: In order to convert a PDF file in PNG I use the command: » convert "myfile.pdf[0]" test.png Which gives this error: convert-im6.q16: FailedToExecuteCommand `'gs' -sstdout=%stderr -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=5 -dAlignToPixels=0 -dGridFitTT=2 '-sDEVICE=pngalpha' -dTextAlphaBits=4 -dGraphicsAlphaBits=4 '-r72x72' -dFirstPage=1 -dLastPage=1 '-sOutputFile=/tmp/magick-11774WIkYdVETEs9I%d' '-f/tmp/magick-11774JZhknqCDhkN0' '-f/tmp/magick-11774twGtf-JFihri'' (-1) @ error/delegate.c/ExternalDelegateCommand/462. convert-im6.q16: no images defined `test.png' @ error/convert.c/ConvertImageCommand/3258. So I tried using ghostscript directly: » ghostscript -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=5 -dAlignToPixels=0 -dGridFitTT=2 -sDEVICE=pngalpha -dTextAlphaBits=4 -dGraphicsAlphaBits=4 -r72x72 -dFirstPage=1 -dLastPage=1 '-sOutputFile=test.png' '-fmyfile.pdf' Which gives an error: GPL Ghostscript 9.26 (2018-11-20) Copyright (C) 2018 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. Processing pages 1 through 1. Page 1 [1]10954 segmentation fault (core dumped) ghostscript -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=5 If I omit -dFirstPage=1 -dLastPage=1 it works properly: » ghostscript -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=5 -dAlignToPixels=0 -dGridFitTT=2 -sDEVICE=pngalpha -dTextAlphaBits=4 -dGraphicsAlphaBits=4 -r72x72 '-sOutputFile=test.png' '-fmyfile.pdf' GPL Ghostscript 9.26 (2018-11-20) Copyright (C) 2018 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. Processing pages 1 through 2. Page 1 Page 2 Please note that it also affects imagemagick convert command and PHP readimage command. I have confirmed the bug on Ubuntu 16.04 too. The recent ghostscript 9.26 version is definitely guilty. ProblemType: Bug DistroRelease: Ubuntu 18.10 Package: ghostscript 9.26~dfsg+0-0ubuntu0.18.10.1 ProcVersionSignature: Ubuntu 4.18.0-11.12-generic 4.18.12 Uname: Linux 4.18.0-11-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.10-0ubuntu13.1 Architecture: amd64 CurrentDesktop: GNOME Date: Tue Dec 4 12:59:59 2018 InstallationDate: Installed on 2018-06-28 (158 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) SourcePackage: ghostscript UpgradeStatus: Upgraded to cosmic on 2018-10-20 (44 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/gs-gpl/+bug/1806517/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1748999] Re: [SRU] libreoffice 5.4.5 for artful
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6871 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice-l10n in Ubuntu. https://bugs.launchpad.net/bugs/1748999 Title: [SRU] libreoffice 5.4.5 for artful Status in libreoffice package in Ubuntu: Fix Committed Status in libreoffice-l10n package in Ubuntu: Fix Committed Bug description: [Impact] * LibreOffice 5.4.5 is the fifth bugfix release of the still 5.4 line. Version 5.4.4 is currently in artful-proposed. For a list of fixed bugs compared to 5.4.4 see the list of bugs fixed in the RC1: https://wiki.documentfoundation.org/Releases/5.4.5/RC1#List_of_fixed_bugs * Given the nature of the project, the complexity of the codebase and the high level of quality assurance upstream, it is preferable to SRU a minor release rather than cherry-pick selected bug fixes. * Libreoffice 5.4.5 fixes CVE-2018-6871 [Test Case] * CVE-2018-6871 should be verified to be fixed * No other specific test case, bugs fixed upstream hopefully come with unit/regression tests, and the release itself is extensively exercised upstream (both in an automated manner and manually) by a community of testers. Each minor release usually goes through two release candidates, but 5.4.5 was initially unscheduled and it had a shortened cycle (only a single RC). * The libreoffice packages include autopkgtests, those should be run and verified to pass. * General smoke testing of all the applications in the office suite should be carried out. [Regression Potential] * A minor release with a total of 69 bug fixes always carries the potential for introducing regressions, even though it is a bugfix-only release, meaning that no new features were added, and no existing features were removed. * A combination of autopkgtests and careful smoke testing as described above should provide reasonable confidence that no regressions sneaked in. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1748999/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
