Problem/Motivation

https://www.drupal.org/sa-contrib-2022-050

Steps to reproduce

Proposed resolution

Update the pdf_api from 2.0 to 2.2.2

CommentFileSizeAuthor
#9 3304438-pdf-api-version-9.patch328 bytesbluegeek9
#2 3304438.patch326 bytesj.lucky

Issue fork printable-3304438

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

j.lucky created an issue. See original summary.

j.lucky’s picture

j.lucky commented
StatusFileSize
new 3304438.patch326 bytes
nerdstein’s picture

nerdstein
he/him
Primary language English
Location United States
commented

This issue is important. The module is relying on PDF API which had a security release.

I tried to see if this patch would have clean tests on Drupal 9.4.x. It does not (as seen here: https://www.drupal.org/pift-ci-job/2469551)

Some messages suggest the Unit tests are using deprecated functions in Drupal 9:

1) Drupal\Tests\printable\Unit\PrintableEntityManagerTest::testGetPrintableEntities
PHPUnit\Framework\MockObject\UnknownTypeException: Class or interface "Drupal\Core\Entity\EntityManagerInterface" does not exist

Other messages suggest an incorrect format:

Warning:       Your XML configuration validates against a deprecated schema.
Suggestion:    Migrate your XML configuration using "--migrate-configuration"!

It would be great to get these tests passing and a new release of the module with PDF API 2.2.0 support.

nerdstein’s picture

nerdstein
he/him
Primary language English
Location United States
commented
Priority: Major » Critical

nigelcunningham’s picture

nigelcunningham commented
Status: Active » Fixed

I still need to work on tests but I have lots of work to do on this module so I'll mark this fixed because the most important aspect is dealt with.

nerdstein’s picture

nerdstein
he/him
Primary language English
Location United States
commented
Status: Fixed » Needs work

I'm reopening. The patch only brings in pdf_api 2.2.1 after upgrading printable with dependencies.

composer update drupal/printable --with-dependencies

followed by

composer show -i

results in

drupal/pdf_api                                 2.2.1              Provides an API for generating PDFs.
drupal/printable                               2.1.4              Generates printer friendly version of nodes

when pdf api needs to be at 2.2.2 to resolve the security concern.

nerdstein’s picture

nerdstein
he/him
Primary language English
Location United States
commented

Note: after the upgrade of printable, i was able to manually update pdf_api:

composer update "drupal/pdf_api:2.2.2" --with-dependencies
bluegeek9’s picture

bluegeek9 commented
Issue summary: View changes
StatusFileSize
new 3304438-pdf-api-version-9.patch328 bytes

The attached patch makes the minimum version of pdf_api to 2.2.2

composer tilde and caret

bluegeek9’s picture

bluegeek9 commented
Priority: Critical » Normal
Status: Needs work » Needs review

bluegeek9 opened merge request !11

  • Nigel Cunningham committed 661b06e on 2.x 
    Issue #3304438 by bluegeek9, j.lucky, Nigel Cunningham: Update pdf_api 2...
nigelcunningham’s picture

nigelcunningham commented
Status: Needs review » Fixed

Thanks! Applied and tagging a 2.1.5 release.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.