Bug#909076: closed by Jonas Smedegaard (Re: Bug#909076: ghostscript: ps2ascii crashes: Error: /typecheck in --.bind--)
Control: reopen -1 Control: tag -1 stretch On Fri, Oct 19, 2018 at 08:03:04AM +, Debian Bug Tracking System wrote: > Version: 9.25~dfsg-3 > > Thanks for reporting and tracking this issue. > > This bug does not affect Ghostscript currently in unstable. I am > uncertain if that is properly recorded (seems to appear at > tracker.d.o/ghostscript) so formally closing. That's not correct. The reason the BTS thinks this affects unstable is only that the "found" version is unknown to the BTS (because it's a version that is available only in the security archive, which is not used by the BTS) so it thinks it affects all versions, it would have corrected the versioning once the version moves to stretch proper in a point release. However, also tagging as stretch should do that. Closing is not correct in any way in this case as, due to the aferomentioned property of the BTS of not recognizing the version, it would also archive the bug, causing impossibility of proper tracking of the issue. It would have been enough (in case the above tag doesn't do it), to just set a a 'fixed' version without closing. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
Bug#909076: ghostscript: ps2ascii crashes: Error: /typecheck in --.bind--
Hi Markus, On Sat, Sep 29, 2018 at 03:06:04PM +0200, Markus Koschany wrote: > I have tried some of those commits: > > http://git.ghostscript.com/?p=ghostpdl.git=search=HEAD=commit=txtwrite > > This one adds even more whitespace and moves the 1 character further to > the right. > > http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d0d4e282f98487ca2979edbaf6834d9341bcee53 > > This commit > > http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d57bd7ce641d8134d559f5e8190e2578137e1d39 > > reverts the behavior and the character is back in the center. > > We could also try to replace gdevtxtw.c in Stretch with the Buster > version but then I'm out of ideas. Thanks for your further investigation! One option we are currently pondering for stretch at the moment is to just accept the output behaviour change for ps2ascii. But we are not going to rush an upload, codesearch gives some hint what else can be checked first. Reverting fb713b3818b52d8a6cf62c951eba2e1795ff9624 will not be an option as the CVE fix is important. Thanks again for looking as well, Regards, Salvatore
Bug#909076: ghostscript: ps2ascii crashes: Error: /typecheck in --.bind--
I have tried some of those commits: http://git.ghostscript.com/?p=ghostpdl.git=search=HEAD=commit=txtwrite This one adds even more whitespace and moves the 1 character further to the right. http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d0d4e282f98487ca2979edbaf6834d9341bcee53 This commit http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d57bd7ce641d8134d559f5e8190e2578137e1d39 reverts the behavior and the character is back in the center. We could also try to replace gdevtxtw.c in Stretch with the Buster version but then I'm out of ideas. Markus signature.asc Description: OpenPGP digital signature
Bug#909076: ghostscript: ps2ascii crashes: Error: /typecheck in --.bind--
Hi, Am 28.09.18 um 20:54 schrieb Salvatore Bonaccorso: [...] > So this would imply changed behaviour in a stable release, and thus > need extra care to not break more (ps2ascii might not be widely used > still). Thanks for sharing this information. I agree that changed behavior in a stable release is suboptimal but leaving the package vulnerable is not desirable as well. At the moment I am in favor to apply those two commits that were mentioned before because they seem to make a real difference. Perhaps there will be other bug reports that will point us to a complete fix in the future, and as you said ps2ascii is probably not widely used, so the regression is apparently rather minor. If it turns out differently, let's take a look again. Regards, Markus signature.asc Description: OpenPGP digital signature
Bug#909076: ghostscript: ps2ascii crashes: Error: /typecheck in --.bind--
On Fri, Sep 28, 2018 at 08:54:24PM +0200, Salvatore Bonaccorso wrote: > There is still the output changes produces, which might impact > (build)-rdepends, so we might need to be extra careful here (although > ps2ascii is possibly not widely used). rather, I think very few software may be as annoying about their dependencies output as diffoscope is. And anyway it's only the testsuite of diffoscope that it is. > So this would imply changed behaviour in a stable release, and thus > need extra care to not break more (ps2ascii might not be widely used > still). Diffoscope was later been updated to only check the output of ps2ascii if the version reported was >= 9.21. I think if that output change was to happen in a stable release and I were asked to fix diffoscope, I'd just disable that one, rather the going around asking dpkg what debian revision ghostscript has… -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
Bug#909076: ghostscript: ps2ascii crashes: Error: /typecheck in --.bind--
Hi, Futher tests and comparisons make me confident that with cc746214644deacd5233a1453ce660573af09443 needed the output of stretch aligns to the one produced in unstable's ghostscript (9.25~dfsg-2). There is still the output changes produces, which might impact (build)-rdepends, so we might need to be extra careful here (although ps2ascii is possibly not widely used). I try to make my point with the following example runs, all done with the test1.ps (sha256sum: 7377c695e4b31e18bc37f84f9f63d511f0417240728924bc08f270fcc9ab67e2) from diffoscope. test1.txt is generated running with the appropriate version of ps2ascii and as well recording the sa256sum of it. jessie: ghostscript/9.06~dfsg-2+deb8u8 test1.txt: sha256sum: e28d37c7a2e9014c7533667d2be03df483c9e401d3b691c19e8b2fae82a72a4f >cut-cut-cut-cut-cut-cut- > > >Today's date: February 28, 2016 > >1 >cut-cut-cut-cut-cut-cut- stretch: ghostscript/9.20~dfsg-1 test1.txt: sha256sum: e28d37c7a2e9014c7533667d2be03df483c9e401d3b691c19e8b2fae82a72a4f >cut-cut-cut-cut-cut-cut- > > >Today's date: February 28, 2016 > >1 >cut-cut-cut-cut-cut-cut- stretch: ghostscript/9.20~dfsg-3.2+deb9u2 test1.txt: sha256sum: e28d37c7a2e9014c7533667d2be03df483c9e401d3b691c19e8b2fae82a72a4f >cut-cut-cut-cut-cut-cut- > > >Today's date: February 28, 2016 > >1 >cut-cut-cut-cut-cut-cut- stretch: ghostscript/9.20~dfsg-3.2+deb9u5 test1.txt: sha256sum: none This one is which caused this report, as it fails stretch: ghostscript/9.20~dfsg-3.2+deb9u6 test1.txt: sha256sum: d12feab3e64550bc146d180931c9310a4f95dae9809a82ccce068ed0a2e64a8f >cut-cut-cut-cut-cut-cut- >Today’s date: February 28, 2016 > 1 >cut-cut-cut-cut-cut-cut- sid: ghostscript/9.25~dfsg-2 test1.txt: sha256sum: d12feab3e64550bc146d180931c9310a4f95dae9809a82ccce068ed0a2e64a8f >cut-cut-cut-cut-cut-cut- >Today’s date: February 28, 2016 > 1 >cut-cut-cut-cut-cut-cut- So this would imply changed behaviour in a stable release, and thus need extra care to not break more (ps2ascii might not be widely used still). Regards, Salvatore
Bug#909076: ghostscript: ps2ascii crashes: Error: /typecheck in --.bind--
Hi, Am 28.09.18 um 00:16 schrieb Salvatore Bonaccorso: > Hi Markus, > > On Thu, Sep 27, 2018 at 10:33:06PM +0200, Markus Koschany wrote: [...] >> The text is correctly displayed now in Jessie but the Stretch version >> shows Chinese characters instead. Hence I would appreciate it if you >> could double-check and verify the output on your terminals. > > The commit might be part indeed of the solution, that is to switch to > the txtwrite device. In the bisect I did, I already used as well a > variant with using the txtwrite device. This is what lead to > previously posted git bisect log (with commits between a broken one in > the 9.20 series, up to the a less broken one[*], and in each iteration > always applying as strategy the mentioned commit for fixing the CVE > and which caused the regression, and calling gs directly with the > needed parameter using the txtwrite device). > > I know already that e.g. using the commit > http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cc746214644deacd5233a1453ce660573af09443 > (*and* using the txtwrite device) seems to improve the situation. But > there are still dispalying discrepancies and regressions with test > files. So this is not enough for the stretch built at least :-/. > In the jessie patched version, you did exact the same documents with > old version and with patched one for e.g. alpahet.ps and waterfall.ps? Could you post your test files somewhere and describe what you expect to see? I would like to test them too. In Jessie it is sufficient to just switch to the txtwrite device. If I apply the other Git commit cc746214644deacd5233a1453ce660573af09443 then I even get the same results in Stretch. It is not surprising that both versions behave differently. The version in Jessie is ancient and from 2012. A lot of bugs could have been introduced and fixed between 2012 and today. signature.asc Description: OpenPGP digital signature
Bug#909076: ghostscript: ps2ascii crashes: Error: /typecheck in --.bind--
Hi Markus, On Thu, Sep 27, 2018 at 10:33:06PM +0200, Markus Koschany wrote: > Hi, > > I believe I have found the solution to this problem. Apparently they > changed the underlying device for ps2ascii to txtwrite last year. > > http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2fa6beaa40144c592661a611bf35ff6f06d3354f > > If I apply this commit in Jessie, ps2ascii appears to work again. I > tested it with two example ps files from > > https://www.ghostscript.com/doc/current/Psfiles.htm#Art > > alphabet.ps and waterfal.ps > > The text is correctly displayed now in Jessie but the Stretch version > shows Chinese characters instead. Hence I would appreciate it if you > could double-check and verify the output on your terminals. The commit might be part indeed of the solution, that is to switch to the txtwrite device. In the bisect I did, I already used as well a variant with using the txtwrite device. This is what lead to previously posted git bisect log (with commits between a broken one in the 9.20 series, up to the a less broken one[*], and in each iteration always applying as strategy the mentioned commit for fixing the CVE and which caused the regression, and calling gs directly with the needed parameter using the txtwrite device). I know already that e.g. using the commit http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cc746214644deacd5233a1453ce660573af09443 (*and* using the txtwrite device) seems to improve the situation. But there are still dispalying discrepancies and regressions with test files. So this is not enough for the stretch built at least :-/. In the jessie patched version, you did exact the same documents with old version and with patched one for e.g. alpahet.ps and waterfall.ps? Regards, Salvatore [*] I'm saying it explicitly this way, because the rendered output, will have in those situations as well already regressions, but not anymore just "completely broken output".
Bug#909076: ghostscript: ps2ascii crashes: Error: /typecheck in --.bind--
Hi, I believe I have found the solution to this problem. Apparently they changed the underlying device for ps2ascii to txtwrite last year. http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2fa6beaa40144c592661a611bf35ff6f06d3354f If I apply this commit in Jessie, ps2ascii appears to work again. I tested it with two example ps files from https://www.ghostscript.com/doc/current/Psfiles.htm#Art alphabet.ps and waterfal.ps The text is correctly displayed now in Jessie but the Stretch version shows Chinese characters instead. Hence I would appreciate it if you could double-check and verify the output on your terminals. Regards, Markus signature.asc Description: OpenPGP digital signature
Bug#909076: ghostscript: ps2ascii crashes: Error: /typecheck in --.bind--
Hi FTR, I tried to bisect the issue, by using commits between 9.20 and 9.21 upstream and applying on top each fb713b3818b52d8a6cf62c951eba2e1795ff9624 . Due to a possibly unrelated bug, some of the commits cause "empty" outputs, so I had to skip those all. The resulting git bisect is git bisect start '--term-old' 'broken' '--term-new' 'fixed' # broken: [937efa62c23c2c79c7487895421041896e8c14b7] Fix previous JPEG commit. git bisect broken 937efa62c23c2c79c7487895421041896e8c14b7 # fixed: [f80288c8a4b9c9abfc0fa3ccce3b6d169baa59ff] Dates for 9.21 release git bisect fixed f80288c8a4b9c9abfc0fa3ccce3b6d169baa59ff # fixed: [4d07b45685976bd38e5cec8062b3a61d2ada5575] Hide more JPEG entries. git bisect fixed 4d07b45685976bd38e5cec8062b3a61d2ada5575 # fixed: [8894abf2985a58900e778957f93151b6cec1c17a] Address a segfault and error introduced in 4b3be09 git bisect fixed 8894abf2985a58900e778957f93151b6cec1c17a # skip: [513d6fd7ddfc5a59fbf8bf6ce72eda6c97fea9f8] remove a bunch of now unused variables from the earlier shading code commit. git bisect skip 513d6fd7ddfc5a59fbf8bf6ce72eda6c97fea9f8 # skip: [336c69b8be32c7193909a7f25b1a073b0ac2d92f] PDF Interpreter - have warning messages respect QUIET git bisect skip 336c69b8be32c7193909a7f25b1a073b0ac2d92f # skip: [c9f7be4f4de8e98df9d34ff8e4a7f781c0a33899] Bring master up to date with 9.20 release branch git bisect skip c9f7be4f4de8e98df9d34ff8e4a7f781c0a33899 # skip: [f42898997f249062f5da8fcf9c3a46cd6443fb39] PDF interpreter - skip 'R' operator in invalid context git bisect skip f42898997f249062f5da8fcf9c3a46cd6443fb39 # skip: [2f6ddae95676585717159445001fda2ebb00db8d] Squash compiler warning. git bisect skip 2f6ddae95676585717159445001fda2ebb00db8d # skip: [b7ea690782c306241ed94fa3bdaf296f6bcc455f] Bug 697366 git bisect skip b7ea690782c306241ed94fa3bdaf296f6bcc455f # skip: [0e2523b9dae517f91bd7da78323e5207d099a10e] Fix expat build on Windows git bisect skip 0e2523b9dae517f91bd7da78323e5207d099a10e # skip: [2f3679b53632c5b7b9e9a416311ae82f36645fc9] Bug 697220(2): Fix returning execstackoverflow git bisect skip 2f3679b53632c5b7b9e9a416311ae82f36645fc9 # skip: [d4d8b7d51f79b47d21d3c82fe652a79e1f890df5] Fix bug 697323, Segfault after pattern with transparency. git bisect skip d4d8b7d51f79b47d21d3c82fe652a79e1f890df5 # skip: [cb8022f3e15b761adf4bbc78621cf0699f69e21c] Fix SEGV caused by previous commit. git bisect skip cb8022f3e15b761adf4bbc78621cf0699f69e21c # skip: [0f6067d2531298060392d0e25fa759d320e03021] ps2write - don't try to alter /pagesave when modifying media size git bisect skip 0f6067d2531298060392d0e25fa759d320e03021 # skip: [6655712ee1d0bf2a7818044613bbed226b7abddd] Update freetype to 2.7.0 git bisect skip 6655712ee1d0bf2a7818044613bbed226b7abddd # skip: [8cefc79359e14fdb8b967697bba33b754e83bcad] pdfwrite - fix calculation of a bounding box git bisect skip 8cefc79359e14fdb8b967697bba33b754e83bcad # skip: [45268652fcddf2031f5edb592bc61e53d9ac4f5b] Set GX_DOWNSCALER_PARAMS_DEFAULTS in jpeg git bisect skip 45268652fcddf2031f5edb592bc61e53d9ac4f5b # skip: [8a26fa67398970f357e1292310ef20556a8e5d96] Fix 'corner' radial gradient case. git bisect skip 8a26fa67398970f357e1292310ef20556a8e5d96 # skip: [99c6a18eb430a9091c79369b2bdd2952d481c7d5] Document use of string for subsituted CIDFont name git bisect skip 99c6a18eb430a9091c79369b2bdd2952d481c7d5 # skip: [90b7603c1afb3ad79a6a0dfee97560b1c3565379] PCL - fix pdfmark parsing for PUTFILE git bisect skip 90b7603c1afb3ad79a6a0dfee97560b1c3565379 # skip: [23dc144b3c3d3dbafd83dca7b9c09e6977b774d6] Update lcms2 to 2.8 git bisect skip 23dc144b3c3d3dbafd83dca7b9c09e6977b774d6 # skip: [a46245139253b2ec607fcd06c549a6293d05a3a8] Fix a bug in device subclassing git bisect skip a46245139253b2ec607fcd06c549a6293d05a3a8 # skip: [0726780b28920045ee6f344a34bc5e8565bc4ed5] "cups" output device: When creating PWG Raster output, always output the bitmap of the full page, ignoring any unprintable margins suggested by the PPD file. git bisect skip 0726780b28920045ee6f344a34bc5e8565bc4ed5 # skip: [21b582ca561214aa9c5b9c8987a1c0cdce43ace6] Add expat endian settings. git bisect skip 21b582ca561214aa9c5b9c8987a1c0cdce43ace6 # skip: [71629c04758788b238d6ff3537d9708f430a4db7] Tweak to clip device nesting. git bisect skip 71629c04758788b238d6ff3537d9708f430a4db7 # skip: [99e9ca317adbd28b5faf3e9eda4c63d636478f43] Bug 697045: Skip over broken tile data rather than aborting. git bisect skip 99e9ca317adbd28b5faf3e9eda4c63d636478f43 # skip: [1eebbfa373d295bdd2bad88aaef1edc368450568] Bug 697231: Introduce caching to use of clipping paths. git bisect skip 1eebbfa373d295bdd2bad88aaef1edc368450568 # broken: [ed425fcd620837bf63a18a3ee2a2202fa91b1207] Add -sPostRenderICCProfile support to tiffsep git bisect broken ed425fcd620837bf63a18a3ee2a2202fa91b1207 # skip: [8dcec8cc076a0cf8350ca7a6ec1d3136812e2a24] Bug 697186: Workaround JPEG lib bug. git bisect skip 8dcec8cc076a0cf8350ca7a6ec1d3136812e2a24 # fixed:
Bug#909076: ghostscript: ps2ascii crashes: Error: /typecheck in --.bind--
hi, On Tue, Sep 18, 2018 at 09:58:10AM +0200, Mattia Rizzolo wrote: > Package: ghostscript > Version: 9.20~dfsg-3.2+deb9u5 > Severity: serious > X-Debbugs-CC: t...@security.debian.org, Moritz Mühlenhoff , > reproducible-bui...@lists.alioth.debian.org > Control: affects -1 diffoscope > > Dear maintainer, > > after the latest ghostscript security update, ps2ascii started to crash: > > |% ps2ascii > /build/diffoscope-101~bpo9+1/.pybuild/pythonX.Y_3.5/build/tests/data/test1.ps > |Error: /typecheck in --.bind-- > |Operand stack: > | --nostringval-- false setshared true --dict:30/32(L)-- > typecheck --nostringval-- currentglobal .currentglobal > |Execution stack: > | %interp_exit .runexec2 --nostringval-- --nostringval-- > --nostringval-- 2 %stopped_push --nostringval-- --nostringval-- > --nostringval-- false 1 %stopped_push 1998 2 3 %oparray_pop > 1997 2 3 %oparray_pop 1981 2 3 %oparray_pop 1868 2 3 > %oparray_pop --nostringval-- %errorexec_pop .runexec2 --nostringval-- > --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- > 2009 3 3 %oparray_pop --nostringval-- --nostringval-- > --dict:1267/1684(G)-- --nostringval-- 1936 %dict_continue > --nostringval-- 1974 9 4 %oparray_pop --nostringval-- > |Dictionary stack: > | --dict:1267/1684(G)-- --dict:0/20(G)-- --dict:81/200(L)-- > --dict:1267/1684(G)-- > |Current allocation mode is global > |Current file position is 44643 > |GPL Ghostscript 9.20: Unrecoverable error, exit code 1 > > > Downgrading to 9.20~dfsg-3.2+deb9u4 shows the problem is limited to the > latest update: > > |% ps2ascii > /build/diffoscope-101~bpo9+1/.pybuild/pythonX.Y_3.5/build/tests/data/test1.ps > | > | > |Today's date: February 28, 2016 > | > |1 > > > This also causes diffoscope (both 78 in stretch and whatever is in > stretch-backports at the moment) to FTBFS. Some updates: The issue is triggered by the 025_fb713b3818b52d8a6cf62c951eba2e1795ff9624.patch patch, which is http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624 . Ghostscript built from git on fb713b3818b52d8a6cf62c951eba2e1795ff9624 does not seem to tigger the same problem, so if this is correct, we might miss a prerequisite to fb713b3818b52d8a6cf62c951eba2e1795ff9624 . Regards, Salvatore
Bug#909076: ghostscript: ps2ascii crashes: Error: /typecheck in --.bind--
Package: ghostscript Version: 9.20~dfsg-3.2+deb9u5 Severity: serious X-Debbugs-CC: t...@security.debian.org, Moritz Mühlenhoff , reproducible-bui...@lists.alioth.debian.org Control: affects -1 diffoscope Dear maintainer, after the latest ghostscript security update, ps2ascii started to crash: |% ps2ascii /build/diffoscope-101~bpo9+1/.pybuild/pythonX.Y_3.5/build/tests/data/test1.ps |Error: /typecheck in --.bind-- |Operand stack: | --nostringval-- false setshared true --dict:30/32(L)-- typecheck --nostringval-- currentglobal .currentglobal |Execution stack: | %interp_exit .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- --nostringval-- --nostringval-- false 1 %stopped_push 1998 2 3 %oparray_pop 1997 2 3 %oparray_pop 1981 2 3 %oparray_pop 1868 2 3 %oparray_pop --nostringval-- %errorexec_pop .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- 2009 3 3 %oparray_pop --nostringval-- --nostringval-- --dict:1267/1684(G)-- --nostringval-- 1936 %dict_continue --nostringval-- 1974 9 4 %oparray_pop --nostringval-- |Dictionary stack: | --dict:1267/1684(G)-- --dict:0/20(G)-- --dict:81/200(L)-- --dict:1267/1684(G)-- |Current allocation mode is global |Current file position is 44643 |GPL Ghostscript 9.20: Unrecoverable error, exit code 1 Downgrading to 9.20~dfsg-3.2+deb9u4 shows the problem is limited to the latest update: |% ps2ascii /build/diffoscope-101~bpo9+1/.pybuild/pythonX.Y_3.5/build/tests/data/test1.ps | | |Today's date: February 28, 2016 | |1 This also causes diffoscope (both 78 in stretch and whatever is in stretch-backports at the moment) to FTBFS. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature