[Touch-packages] [Bug 1905741] Re: poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output
I confirm that the version 0.62.0-2ubuntu2.12 fixes the 0.62.0-2ubuntu2.11 bug -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1905741 Title: poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output Status in poppler package in Ubuntu: Invalid Status in poppler source package in Xenial: Fix Released Status in poppler source package in Bionic: Fix Released Bug description: The security updates 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 break the Splash output rendering, for example if using the xpdf utility that relies on Poppler splash output, or as used by the GDAL library (the issue was detected due to breakage in GDAL continuous integration tests) I've traced the root cause to those security updates enabling in 'rules' CMYK (--enable-cmyk for 0.41.0-0ubuntu1.15 and -DSPLASH_CMYK=ON for 0.62.0-2ubuntu2.11) Building without CMYK restore poppler in a working state. It should be noted that even on the upstream 0.41.0 version, enabling CMYK result in a non-functional build, so it is not related to the patches applied on top of it, but really on enabling CMYK The issue can be verified with "xpdf test_ogc_bp.pdf" with the attached test_ogc_bp.pdf file. With the new packages, xpdf crashes, whereas with older ones it displays a 20x20 greyscale image. Or with "gdal_translate test_ogc_bp.pdf out.png -of PNG" when installing the "gdal-bin" package, that currently errors out with a message like "ERROR 1: Bitmap decoded size (18623872x0) doesn't match raster size (20x20)" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1905741/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1905741] Re: poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output
# lsb_release -rd Description: Ubuntu 18.04.5 LTS Release: 18.04 I have an Epson TM BA Thermal network printer, configured in CUPS After today's unattended upgrade it stopped working Logs found on server [540009.389033] pdftoraster[63919]: segfault at d0400 ip 557a50f569a8 sp 7ffd5ca826d8 error 6 in pdftoraster[557a50f52000+8000] Thu Nov 26 14:14:19 2020: apport: report /var/crash/_usr_lib_cups_filter_pdftoraster.7.crash already exists and unseen, doing nothing to avoid disk usage DoS # dpkg -S /usr/lib/cups/filter/pdftoraster cups-filters-core-drivers: /usr/lib/cups/filter/pdftoraster Start-Date: 2019-11-25 17:01:06 Install cups-filters-core-drivers:amd64 # dpkg -l|grep cups-filters-core-drivers ii cups-filters-core-drivers 1.20.2-0ubuntu3.1 I checked what was updated with unattended upgrade Start-Date: 2020-11-24 06:20:02 Commandline: /usr/bin/unattended-upgrade Upgrade: libpulse0:amd64 (1:11.1-1ubuntu7.10, 1:11.1-1ubuntu7.11) End-Date: 2020-11-24 06:20:10 and I rolled back # wget https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+build/17383699/+files/poppler-utils_0.62.0-2ubuntu2.10_amd64.deb # wget https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+build/17383699/+files/libpoppler73_0.62.0-2ubuntu2.10_amd64.deb # ls apt/ libpoppler73_0.62.0-2ubuntu2.10_amd64.deb poppler-utils_0.62.0-2ubuntu2.10_amd64.deb #dpkg -R --install apt/ and started to work again and of course apt-mark hold libpoppler73 poppler-utils # apt-cache policy poppler-utils libpoppler73 poppler-utils: Installed: 0.62.0-2ubuntu2.10 Candidate: 0.62.0-2ubuntu2.11 Version table: 0.62.0-2ubuntu2.11 500 500 http://gr.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages 500 http://gr.archive.ubuntu.com/ubuntu bionic-security/main amd64 Packages *** 0.62.0-2ubuntu2.10 100 100 /var/lib/dpkg/status 0.62.0-2ubuntu2 500 500 http://gr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages libpoppler73: Installed: 0.62.0-2ubuntu2.10 Candidate: 0.62.0-2ubuntu2.11 Version table: 0.62.0-2ubuntu2.11 500 500 http://gr.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages 500 http://gr.archive.ubuntu.com/ubuntu bionic-security/main amd64 Packages *** 0.62.0-2ubuntu2.10 100 100 /var/lib/dpkg/status 0.62.0-2ubuntu2 500 500 http://gr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1905741 Title: poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output Status in poppler package in Ubuntu: Invalid Status in poppler source package in Xenial: Fix Released Status in poppler source package in Bionic: Fix Released Bug description: The security updates 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 break the Splash output rendering, for example if using the xpdf utility that relies on Poppler splash output, or as used by the GDAL library (the issue was detected due to breakage in GDAL continuous integration tests) I've traced the root cause to those security updates enabling in 'rules' CMYK (--enable-cmyk for 0.41.0-0ubuntu1.15 and -DSPLASH_CMYK=ON for 0.62.0-2ubuntu2.11) Building without CMYK restore poppler in a working state. It should be noted that even on the upstream 0.41.0 version, enabling CMYK result in a non-functional build, so it is not related to the patches applied on top of it, but really on enabling CMYK The issue can be verified with "xpdf test_ogc_bp.pdf" with the attached test_ogc_bp.pdf file. With the new packages, xpdf crashes, whereas with older ones it displays a 20x20 greyscale image. Or with "gdal_translate test_ogc_bp.pdf out.png -of PNG" when installing the "gdal-bin" package, that currently errors out with a message like "ERROR 1: Bitmap decoded size (18623872x0) doesn't match raster size (20x20)" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1905741/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1905741] Re: poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output
@mdelsaur Thanks for the prompt fixes. I confirm they fix the issues I had observed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1905741 Title: poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output Status in poppler package in Ubuntu: Invalid Status in poppler source package in Xenial: Fix Released Status in poppler source package in Bionic: Fix Released Bug description: The security updates 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 break the Splash output rendering, for example if using the xpdf utility that relies on Poppler splash output, or as used by the GDAL library (the issue was detected due to breakage in GDAL continuous integration tests) I've traced the root cause to those security updates enabling in 'rules' CMYK (--enable-cmyk for 0.41.0-0ubuntu1.15 and -DSPLASH_CMYK=ON for 0.62.0-2ubuntu2.11) Building without CMYK restore poppler in a working state. It should be noted that even on the upstream 0.41.0 version, enabling CMYK result in a non-functional build, so it is not related to the patches applied on top of it, but really on enabling CMYK The issue can be verified with "xpdf test_ogc_bp.pdf" with the attached test_ogc_bp.pdf file. With the new packages, xpdf crashes, whereas with older ones it displays a 20x20 greyscale image. Or with "gdal_translate test_ogc_bp.pdf out.png -of PNG" when installing the "gdal-bin" package, that currently errors out with a message like "ERROR 1: Bitmap decoded size (18623872x0) doesn't match raster size (20x20)" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1905741/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1905741] Re: poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output
This bug was fixed in the package poppler - 0.41.0-0ubuntu1.16 --- poppler (0.41.0-0ubuntu1.16) xenial-security; urgency=medium * SECURITY REGRESSION: broken Splash output (LP: #1905741) - debian/rules: don't build with --enable-cmyk as this causes a regression with xpdf and gdal. This reverts the fix for CVE-2019-10871. -- Marc Deslauriers Thu, 26 Nov 2020 10:59:16 -0500 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1905741 Title: poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output Status in poppler package in Ubuntu: Invalid Status in poppler source package in Xenial: Fix Released Status in poppler source package in Bionic: Fix Released Bug description: The security updates 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 break the Splash output rendering, for example if using the xpdf utility that relies on Poppler splash output, or as used by the GDAL library (the issue was detected due to breakage in GDAL continuous integration tests) I've traced the root cause to those security updates enabling in 'rules' CMYK (--enable-cmyk for 0.41.0-0ubuntu1.15 and -DSPLASH_CMYK=ON for 0.62.0-2ubuntu2.11) Building without CMYK restore poppler in a working state. It should be noted that even on the upstream 0.41.0 version, enabling CMYK result in a non-functional build, so it is not related to the patches applied on top of it, but really on enabling CMYK The issue can be verified with "xpdf test_ogc_bp.pdf" with the attached test_ogc_bp.pdf file. With the new packages, xpdf crashes, whereas with older ones it displays a 20x20 greyscale image. Or with "gdal_translate test_ogc_bp.pdf out.png -of PNG" when installing the "gdal-bin" package, that currently errors out with a message like "ERROR 1: Bitmap decoded size (18623872x0) doesn't match raster size (20x20)" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1905741/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1905741] Re: poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output
This bug was fixed in the package poppler - 0.62.0-2ubuntu2.12 --- poppler (0.62.0-2ubuntu2.12) bionic-security; urgency=medium * SECURITY REGRESSION: broken Splash output (LP: #1905741) - debian/rules: don't build with SPLASH_CMYK=ON as this causes a regression with xpdf and gdal. This reverts the fix for CVE-2019-10871. -- Marc Deslauriers Thu, 26 Nov 2020 10:55:59 -0500 ** Changed in: poppler (Ubuntu Bionic) Status: In Progress => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-10871 ** Changed in: poppler (Ubuntu Xenial) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1905741 Title: poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output Status in poppler package in Ubuntu: Invalid Status in poppler source package in Xenial: Fix Released Status in poppler source package in Bionic: Fix Released Bug description: The security updates 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 break the Splash output rendering, for example if using the xpdf utility that relies on Poppler splash output, or as used by the GDAL library (the issue was detected due to breakage in GDAL continuous integration tests) I've traced the root cause to those security updates enabling in 'rules' CMYK (--enable-cmyk for 0.41.0-0ubuntu1.15 and -DSPLASH_CMYK=ON for 0.62.0-2ubuntu2.11) Building without CMYK restore poppler in a working state. It should be noted that even on the upstream 0.41.0 version, enabling CMYK result in a non-functional build, so it is not related to the patches applied on top of it, but really on enabling CMYK The issue can be verified with "xpdf test_ogc_bp.pdf" with the attached test_ogc_bp.pdf file. With the new packages, xpdf crashes, whereas with older ones it displays a 20x20 greyscale image. Or with "gdal_translate test_ogc_bp.pdf out.png -of PNG" when installing the "gdal-bin" package, that currently errors out with a message like "ERROR 1: Bitmap decoded size (18623872x0) doesn't match raster size (20x20)" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1905741/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1905741] Re: poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output
Thanks for reporting this, I'll back out the fix and will release updates shortly. ** Also affects: poppler (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: poppler (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: poppler (Ubuntu) Status: New => Invalid ** Changed in: poppler (Ubuntu Xenial) Status: New => In Progress ** Changed in: poppler (Ubuntu Bionic) Status: New => In Progress ** Changed in: poppler (Ubuntu Xenial) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: poppler (Ubuntu Bionic) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1905741 Title: poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output Status in poppler package in Ubuntu: Invalid Status in poppler source package in Xenial: In Progress Status in poppler source package in Bionic: In Progress Bug description: The security updates 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 break the Splash output rendering, for example if using the xpdf utility that relies on Poppler splash output, or as used by the GDAL library (the issue was detected due to breakage in GDAL continuous integration tests) I've traced the root cause to those security updates enabling in 'rules' CMYK (--enable-cmyk for 0.41.0-0ubuntu1.15 and -DSPLASH_CMYK=ON for 0.62.0-2ubuntu2.11) Building without CMYK restore poppler in a working state. It should be noted that even on the upstream 0.41.0 version, enabling CMYK result in a non-functional build, so it is not related to the patches applied on top of it, but really on enabling CMYK The issue can be verified with "xpdf test_ogc_bp.pdf" with the attached test_ogc_bp.pdf file. With the new packages, xpdf crashes, whereas with older ones it displays a 20x20 greyscale image. Or with "gdal_translate test_ogc_bp.pdf out.png -of PNG" when installing the "gdal-bin" package, that currently errors out with a message like "ERROR 1: Bitmap decoded size (18623872x0) doesn't match raster size (20x20)" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1905741/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1905741] Re: poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output
** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1905741 Title: poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output Status in poppler package in Ubuntu: New Bug description: The security updates 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 break the Splash output rendering, for example if using the xpdf utility that relies on Poppler splash output, or as used by the GDAL library (the issue was detected due to breakage in GDAL continuous integration tests) I've traced the root cause to those security updates enabling in 'rules' CMYK (--enable-cmyk for 0.41.0-0ubuntu1.15 and -DSPLASH_CMYK=ON for 0.62.0-2ubuntu2.11) Building without CMYK restore poppler in a working state. It should be noted that even on the upstream 0.41.0 version, enabling CMYK result in a non-functional build, so it is not related to the patches applied on top of it, but really on enabling CMYK The issue can be verified with "xpdf test_ogc_bp.pdf" with the attached test_ogc_bp.pdf file. With the new packages, xpdf crashes, whereas with older ones it displays a 20x20 greyscale image. Or with "gdal_translate test_ogc_bp.pdf out.png -of PNG" when installing the "gdal-bin" package, that currently errors out with a message like "ERROR 1: Bitmap decoded size (18623872x0) doesn't match raster size (20x20)" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1905741/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1905741] Re: poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1905741 Title: poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output Status in poppler package in Ubuntu: New Bug description: The security updates 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 break the Splash output rendering, for example if using the xpdf utility that relies on Poppler splash output, or as used by the GDAL library (the issue was detected due to breakage in GDAL continuous integration tests) I've traced the root cause to those security updates enabling in 'rules' CMYK (--enable-cmyk for 0.41.0-0ubuntu1.15 and -DSPLASH_CMYK=ON for 0.62.0-2ubuntu2.11) Building without CMYK restore poppler in a working state. It should be noted that even on the upstream 0.41.0 version, enabling CMYK result in a non-functional build, so it is not related to the patches applied on top of it, but really on enabling CMYK The issue can be verified with "xpdf test_ogc_bp.pdf" with the attached test_ogc_bp.pdf file. With the new packages, xpdf crashes, whereas with older ones it displays a 20x20 greyscale image. Or with "gdal_translate test_ogc_bp.pdf out.png -of PNG" when installing the "gdal-bin" package, that currently errors out with a message like "ERROR 1: Bitmap decoded size (18623872x0) doesn't match raster size (20x20)" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1905741/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
