Bug#840691: libgs9: security update DSA-3691-1 breaks zathura, evince, ... in jessie
Hi Francesco,
On Fri, Oct 14, 2016 at 10:56:57PM +0200, Francesco Poli wrote:
> On Fri, 14 Oct 2016 06:47:47 +0200 Salvatore Bonaccorso wrote:
>
> [...]
> > Hi Francesco,
>
> Hello Salvatore, thanks for your fast reply!
>
> >
> > On Thu, Oct 13, 2016 at 11:56:22PM +0200, Francesco Poli (wintermute) wrote:
> [...]
> > > After the security update:
> [...]
> > > I was unable to use zathura or evince
> [...]
> >
> > This was indeed not spotted in my testing of the update for the DSA.
> > The blame for this should solely go to myself (not the team). We
> > should find the cause asap and find a fix. I can reproduce it with
> > evince.
>
> It's a relief that you are able to reproduce the bug (at least, I was
> not seeing "ghosts"...).
>
> I hope that a fix may be found and applied soon.
Only a small status update. I worked on the very same patches for
ghostscript as well for the unstable version, to confirm I did not any
significant mistake in the backports. The problem starts there as well
once the patches are applied, and I suspect it actually might have
uncovered a bug in a library which is used by evince and zathura(-ps),
libspectre came to my mind.
We go no reports for other clients so far, not using that.
If you want to give the packages as well for unstable a try, I have
uploaded to https://people.debian.org/~carnil/tmp/ghostscript/ .
Looking at the bugs for src:libspectre indeed there is a long list of
failure reports with some PostScript files not failing with other
viewers/readers :-/
The above though is not yet confirmed.
Stay tuned, and any debugging help welcome.
Regards,
Salvatore
Reply to: