lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b3d97e98-121d-4d12-9624-3efd119b12a4@gmail.com>
Date: Sun, 17 Aug 2025 21:24:49 +0900
From: Akira Yokosawa <akiyks@...il.com>
To: Mauro Carvalho Chehab <mchehab+huawei@...nel.org>
Cc: corbet@....net, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
 Akira Yokosawa <akiyks@...il.com>
Subject: Re: [PATCH 00/11] Fix PDF doc builds on major distros

On Sun, 17 Aug 2025 13:36:06 +0200, Mauro Carvalho Chehab wrote:
> Em Sun, 17 Aug 2025 18:46:35 +0900
> Akira Yokosawa <akiyks@...il.com> escreveu:
> 
>> [-CC: bpf@...r]
>>

[...]

>> I couldn't see what you are talking about at first, because there
>> have not been any such issues reported.
> 
> Heh, as you reported, you had troubles building pdf on Debian/Ubuntu. 
> That's mainly why I took some time finding issues and writing this
> series. Basically, just fixing ImageMagick permissions didn't fix
> everything, as, at least with the Sphinx versions used at the tests
> got troubles with Sphinx hyphernation, which required a Polish font.
> 
> Debian LaTeX packages seem to have issues with that. Fedora and
> other rpm-based distros built it fine.
> 
> Now, reproducing such bugs could be tricky, specially with LaTeX,
> which is a complex tool with lots of system-specific stuff.
> 
> Eventually, this could be related to LANG/LANGUAGE/LC_ALL/...
> env vars. Here, I'm using lxc-attach to bind to the container.
> It doesn't run .bashrc nor set locale vars, and it seems to keep
> some env vars from the host. In the specific case of LANG,
> it doesn't set anything. So, my test script sets LANG and LC_ALL
> to "C". The host has it set to LANG=pt_BR.UTF-8.
> 
>> Also, after applying 1/11 ... 4/11 on top of current docs-next
>> (commit 0bbc2548ea85 ("Merge branch 'pre-install' into docs-mw"),
>> despite the changelog of 5/11 which claims to fix an issue under
>> debian, I couldn't reproduce the "! Corrupted NFSS tables" error
>> under Ubuntu 24.04 (noble).
> 
> Maybe you could try set LANG/LC_ALL to "C".
> 
> I tested it on the following lxc containers (picked from lxc
> download repositories):
> 
>   # APT-based (Debian/Ubuntu-like)
>   debian:
>     release: "bookworm"
>     pre_setup_cmds: *apt_pkg_cmd
>     post_setup_cmds:
>       - "systemctl enable ssh"
>     pkg_cmd: *apt_pkg_cmd
> 
>   devuan:
>     release: "daedalus"
>     pkg_cmd: *apt_pkg_cmd
> 
>   kali:
>     release: "current"
>     pkg_cmd: *apt_pkg_cmd
> 
>   mint:
>     release: "wilma"
>     pkg_cmd: *apt_pkg_cmd
> 
>   ubuntu:
>     release: "plucky"
>     pkg_cmd: *apt_pkg_cmd
> 
>   ubuntu-lts:
>     dist: "ubuntu"
>     release: "noble"
>     pkg_cmd: *apt_pkg_cmd
> 
> apt_pkg_cmd: &apt_pkg_cmd
>   - "sudo locale-gen"
>   - "sudo dpkg-reconfigure --frontend=noninteractive locales"
>   - "apt-get update && apt-get install -y openssh-server git python3 make"
>   - |
>     if [ -f /etc/ImageMagick-6/policy.xml ]; then
>       # Remove any existing restrictive policies for PDF/PS/EPS/XPS
>       sed -i '/<policy.*domain="coder".*pattern=".*\(PDF\|PS\|EPS\|XPS\).*"/d' /etc/ImageMagick-6/policy.xml
>       # Allow PDF patterns at the end </policymap>
>       sed -i '/<\/policymap>/i \ \ <policy domain="coder" rights="read|write" pattern="{PS,PS2,PS3,EPS,PDF,XPS}" />' /etc/ImageMagick-6/policy.xml
>     fi
>   - |
>     if [ -f /etc/ImageMagick-7/policy.xml ]; then
>       # Remove any existing restrictive policies for PDF/PS/EPS/XPS
>       sed -i '/<policy.*domain="coder".*pattern=".*\(PDF\|PS\|EPS\|XPS\).*"/d' /etc/ImageMagick-7/policy.xml
>       # Allow PDF patterns at the end </policymap>
>       sed -i '/<\/policymap>/i \ \ <policy domain="coder" rights="read|write" pattern="{PS,PS2,PS3,EPS,PDF,XPS}" />' /etc/ImageMagick-7/policy.xml
>     fi
> 
> Packages are installed according using sphinx-pre-install
> instructions.
> 
> I don't remember what of those got the corrupted tables LaTeX warning,
> but I got it on more than one Debian-based distro. When I wrote the
> fix, I guess I logged at the Debian container.
> 

That explains!  I've stopped using ImageMagick all together.

So it sounds to me like there is some issue in debian/ubuntu/...'s
ImageMagick packaging, probably its build config disables some
aspect of SVG --> PDF support for security concerns (???).
I'm not sure at all.

I think it has nothing to do with XeLaTeX font discovery and I don't
see any reason to apply 5/11, at least for the time being.

My suggestion would be to give up ImageMagick and install Inkscape
instead.  It is provided as a deb package for debian and its derivatives.

Thanks, Akira

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ