Last edited 4 months ago
by Monique Gähl

BlueSpice 4.3 and Ghostscript-CVE-2023-36664 - How to fix: Difference between pages

(Difference between pages)
VisualWikitext
No edit summary
 
(Created page with " == Security Advisory == This page is related to the BSSA-2023-01 Security Advisory. ==Overview== Older versions of Ghostscript open a way for script infusion. Because of bugs in the Ghostscript binary out of the BlueSpice package manager, Hallo Welt! mostly installed manually on Linux systems. These bugs no longer seem to be a problem. ==How to update - Linux== # Check the system for manual installation and delete it:<s...")
Tag: 2017 source edit
 
Line 1: Line 1:
{{Featurepage|featured=false|featuredesc=BlueSpice 4.2 has been released. Read about the notable changes now.|featurestart=}}<!--
==Patch Releases==


{{#ask: [[Release::4.3]]
== Security Advisory ==
|?Releasepatch = Release
This page is related to the [[Security:Security Advisories/BSSA-2023-01|BSSA-2023-01 Security Advisory]].
|?Releasedate#LOCL = Release date
|mainlabel= -
|headers = plain
|sort=Releasedate
|order=desc
|default=There have been no patch releases so far.
}}-->
__TOC__
==Introduction==
Release date: 06/29/2023   


BlueSpice 4.3 is a minor release   
==Overview==
Older versions of Ghostscript open a way for script infusion.


The code base was updgraded to '''MW 1.39.'''  
Because of bugs in the Ghostscript binary out of the BlueSpice package manager, Hallo Welt! mostly installed manually on Linux systems. These bugs no longer seem to be a problem.  
==How to update - Linux==


=== Compatibility ===
# Check the system for manual installation and delete it:<syntaxhighlight lang="bash">ls -al /usr/local/bin</syntaxhighlight>If there is a binary called<syntaxhighlight lang="bash">gs</syntaxhighlight>
delete it:<syntaxhighlight lang="bash">
rm -fr /usr/local/bin/gs
</syntaxhighlight>
#Check System for Installation out of Packagemanager(Ghostscript comes as an dependency of ImageMagik)<syntaxhighlight lang="bash">
dpkg -l ghostscript
</syntaxhighlight>for  Debian 11 this should look like:<syntaxhighlight lang="bash">
root@XXXXXXXXXXXX:~# dpkg -l ghostscript
Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Vollständig Löschen/Halten
| Status=Nicht/Installiert/Config/U=Entpackt/halb konFiguriert/
        Halb installiert/Trigger erWartet/Trigger anhängig
|/ Fehler?=(kein)/R=Neuinstallation notwendig (Status, Fehler: GROSS=schlecht)
||/ Name          Version              Architektur  Beschreibung
+++-==============-=====================-============-===================================================
ii  ghostscript    9.53.3~dfsg-7+deb11u5 amd64        interpreter for the PostScript language and for PDF


* supports '''PHP 8.2'''
</syntaxhighlight>For Debian 12 the Version is "10.0.0~dfsg-11+deb12u1"
* LDAP, Simple SAMLphp, OpenIDConnect : Upgraded to be compatible with '''PluggableAuth 6/7'''


==New Features==
For Ubuntu 22 the Version is "9.50~dfsg-5ubuntu4.8"
{| class="wikitable" style="width:100%;"
!Feature
!Description
!Screenshot
|-
! Content Droplets
|We are introducing  ''Content droplets'' as a convenient way to insert special content in a wiki page. This includes tags, parser functions, and templates. The feature replaces the "Magic words"  menu item of the Visual Editor.


If it does not match the needed Version please do an<syntaxhighlight lang="bash">
apt update
apt upgrade -y
</syntaxhighlight>and recheck.
#Change Settings in the codebase<br>
Got to whereever the codebase is saved (check your ApacheConfiguration for ''DocumentRoot'' if you are not sure). Normally it should look like this:<syntaxhighlight lang="bash">
root@XXXXX:/var/www/bluespice/w/settings.d# grep -rin PdfProcessor
005-PdfHandler.php:5:$wgPdfProcessor = '/usr/local/bin/gs';


{{Icon|bi bi-question-circle||#0d6efd|0.2em}} [[Manual:Extension/ContentDroplets|Content Droplets documentation]]
</syntaxhighlight>Could be 005-PdfHandler.php or some other configuration-file. Find  and change Variable to correct path: For example with this Command:<syntaxhighlight lang="bash">
|[[File:droplet menu.png|link=https://en.wiki.bluespice.com/wiki/File:droplet%20menu.png|alt=screenshot of the Content droplets menu|center|thumb|450x450px|Content droplets]]
sed -i 's/local\///g' 005-PdfHandler.php
|-
!Enhanced Menu Editor
|
The main navigation can now contain hierarchical links. In addition, 4 configurations of the sidebar are possible.


{{Icon|bi bi-question-circle||#0d6efd|0.2em}}  [[Manual:Extension/MenuEditor|Menu Editor documentation]]
</syntaxhighlight>Doublecheck:<syntaxhighlight lang="bash">
|[[File:Enhanced sidebar.png|center|thumb|320x320px|Enhanced Sidebar]]
root@XXXXXXXXXXX:/var/www/bluespice/w/settings.d# grep -rin PdfProcessor
|-
005-PdfHandler.php:5:$wgPdfProcessor = '/usr/bin/gs';
!PDF Embed
|It is now possible to embed a PDF viewer in wiki pages. It is contained in the Content Droplets menu for easy access.  


</syntaxhighlight>


Your system is now patched.


{{Icon|bi bi-question-circle||#0d6efd|0.2em}}  [[Manual:Extension/ContentDroplets|Content Droplets documentation]]
== How to update  - Windows ==
|[[File:Extension PDFEmbed.png|alt=Screenshot of an embedded PDF file|center|thumb|450x450px|Extension PDFEmbed]]
|-
!Startpage Templates
|To support the creation of portal pages for the main page and for all other content namespaces, we now provide two startpage templates.


# '''Deinstall''' the package ''GPL Ghostscript''.
# '''Download''' the package ''Ghostscript AGPL Release'' from https://www.ghostscript.com/releases/gsdnld.html .
# '''Install''' the new package.


 
Your system is now patched.
 
 
To further support users with the design of portal pages, the renowned icon library Font Awesome is now bundled with BlueSpice.
 
{{Icon|bi bi-question-circle||#0d6efd|0.2em}}  [[Manual:Extension/MenuEditor|Startpage Templates documentation]]
|<gallery widths="170" heights="200">
File:Startpage Intranet.png|alt=Screenshot of "Startpage Intranet"|Startpage template 1
File:Startpage Team.png|alt=Screenshot of "Startpage Team"|Startpage template 2
</gallery>
|-
!Container Filter
| You can now mark sections of a page for filtering and display a filter just for the content located within these sections of the page.
{{Icon|bi bi-question-circle||#0d6efd|0.2em}} [[Reference:ContainerFilter|Container Filter documentation]]
|[[File:ContainerFilter example.png|alt=Screenshot of a filtered table|center|thumb|450x450px|Container filter]]
|}
 
==Additional improvements==
 
*VisualEditor: the copy and paste functionality out of other applications (e.g., MS Word) has been significantly improved.
*Tagging of page templates: Page templates can be categorized with tags in the Page template manager. The tags work as a filter when selecting page templates.
 
==Added extensions (8)==
{| class="contenttable" style="width:100%;"
|+
!Extension
!Description
!Developer
|-
!ContainerFilter
|Allows to filter content elements within a page.
|Hallo Welt!
|-
!ContentDroplets
|VisualEditor integration for inserting predefined content snippets
|Hallo
Welt!
|-
!ContentStabilization
|<span style="color: rgb(32, 33, 34)">Replaces the approval mechanism previously provided by the extensions FlaggedRevs / BlueSpiceFlaggedRevsConnector. The experience for the user should be seamless.</span>
|Hallo Welt!
|-
!FontAwesome
|Provides a library of icons which can be used in conjunction with the Droplet "Icon"
|MediaWiki
|-
!InstanceStatus
|Allows to insert a header or footer (on a page basis or on a namespace basis) in the content area of ​​a page.
|Hallo Welt!
|-
!PDFEmbed
|Media handler extension for PDF files.
|MediaWiki
|-
!PreToClip
|Copies contents of <code><nowiki><pre></nowiki></code> and <code><syntaxhightlight></code> tags into the clipboard.
|MediaWiki
|-
!SectionAnchors
|Adds a link to headings for copying the path to the clipbard.
|Hallo Welt!
|}
 
== Removed extensions (4)==
*'''FlaggedRevs:''' Replaced with extension ''ContentStabilization''
*'''BlueSpiceDrawioConnector:''' Inntegrated into exension  ''BlueSpiceDrawio''
*'''BlueSpiceFlaggedRevsConnector''': Replaced with extension ''ContentStabilization''
*'''BlueSpiceInsertMagic:''' Replaced with extension ''ContentDroplet''
 
== Content changes ==
The following content changes can affect the display of content in the wiki and may require manual adjustments:
 
* Missing privacy pages can cause a yellow banner. This is only visible to the admin users.
* The start page templates may not be able to display all styles if templates contained therein already exist in the wiki before the update.
* Styles defined in templates or in MediaWiki:Common.css may no longer be applied.
* The ContentDroplet icon can only be inserted in block mode.
* Missing language switcher on pages whose title area is hidden.<br />
 
{{Icon|bi bi-arrow-right-circle|||}} [[Known issues|More infos about the content changes]]
 
[[de:BlueSpice 4.3]]
[[en:{{FULLPAGENAME}}]]

Revision as of 09:35, 28 July 2023

Security Advisory

This page is related to the BSSA-2023-01 Security Advisory.

Overview

Older versions of Ghostscript open a way for script infusion.

Because of bugs in the Ghostscript binary out of the BlueSpice package manager, Hallo Welt! mostly installed manually on Linux systems. These bugs no longer seem to be a problem.

How to update - Linux

  1. Check the system for manual installation and delete it:
    ls -al /usr/local/bin
    If there is a binary called
    gs

delete it:

rm -fr /usr/local/bin/gs
  1. Check System for Installation out of Packagemanager(Ghostscript comes as an dependency of ImageMagik)
    dpkg -l ghostscript
    for Debian 11 this should look like:
    root@XXXXXXXXXXXX:~# dpkg -l ghostscript
Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Vollständig Löschen/Halten
| Status=Nicht/Installiert/Config/U=Entpackt/halb konFiguriert/
         Halb installiert/Trigger erWartet/Trigger anhängig
|/ Fehler?=(kein)/R=Neuinstallation notwendig (Status, Fehler: GROSS=schlecht)
||/ Name           Version               Architektur  Beschreibung
+++-==============-=====================-============-===================================================
ii  ghostscript    9.53.3~dfsg-7+deb11u5 amd64        interpreter for the PostScript language and for PDF
    For Debian 12 the Version is "10.0.0~dfsg-11+deb12u1"

For Ubuntu 22 the Version is "9.50~dfsg-5ubuntu4.8"

If it does not match the needed Version please do an

apt update
apt upgrade -y

and recheck.

  1. Change Settings in the codebase

Got to whereever the codebase is saved (check your ApacheConfiguration for DocumentRoot if you are not sure). Normally it should look like this:

root@XXXXX:/var/www/bluespice/w/settings.d# grep -rin PdfProcessor
005-PdfHandler.php:5:$wgPdfProcessor = '/usr/local/bin/gs';

Could be 005-PdfHandler.php or some other configuration-file. Find and change Variable to correct path: For example with this Command:

sed -i 's/local\///g' 005-PdfHandler.php

Doublecheck:

root@XXXXXXXXXXX:/var/www/bluespice/w/settings.d# grep -rin PdfProcessor
005-PdfHandler.php:5:$wgPdfProcessor = '/usr/bin/gs';

Your system is now patched.

How to update - Windows

  1. Deinstall the package GPL Ghostscript.
  2. Download the package Ghostscript AGPL Release from https://www.ghostscript.com/releases/gsdnld.html .
  3. Install the new package.

Your system is now patched.


To submit feedback about this documentation, visit our community forum.

Retrieved from "https://en.wiki.bluespice.com/w/index.php?title=BlueSpice_4.3&oldid=7076"
No categories assignedEdit

Discussions