Difference between revisions of "Score testing"
(One intermediate revision by the same user not shown) | |||
Line 50: | Line 50: | ||
== CVE-2020-17354 == | == CVE-2020-17354 == | ||
− | See [https://phabricator.wikimedia.org/T259210 T259210]. Looks like this has been fixed (assuming we're supposed to see the system id in the rendered music); can't reproduce as currently stands, with LilyPond 2.19 (Buster), MediaWiki on | + | See [https://phabricator.wikimedia.org/T259210 T259210]. Looks like this has been fixed (assuming we're supposed to see the system id in the rendered music); can't reproduce as currently stands, with LilyPond 2.19 (Buster), MediaWiki on REL1_35 and Score on REL1_35. |
1. PoC from task: <score raw=1> \header { tagline = ##f } | 1. PoC from task: <score raw=1> \header { tagline = ##f } |
Latest revision as of 02:36, 20 January 2023
Hopefully I can get the Score extension working to produce SVG output on upstream task T49578. The transparent PNG image normally produced needs white background styling otherwise it's unreadable in dark mode.
- Update December 2022
- my patch was merged! :) now we wait for it to be tested and deployed into Wikipedia. There are a few other issues, including some security and sandboxing concerns, e.g. CVE-2020-17354 (see below). Also, this wiki is running on a 32-bit Debian 10 (Buster), which has LilyPond 2.19 (32 bit builds not supported after 2.22). I'm not game enough to try and compile LilyPond myself, and I'm not even sure Scheme 2 runs in 32-bit(?) so I'm testing the SVG Score output over on my test instance (which is not guaranteed to be up at all times).
Examples
Range of the contrabass trombone, as used on Wikipedia:
The Spear motif from Das Rheingold:
The Summit from Eine Alpensinfonie, which may or may not be a contrabass trombone excerpt, but probably ought to be:
CVE-2020-17354
See T259210. Looks like this has been fixed (assuming we're supposed to see the system id in the rendered music); can't reproduce as currently stands, with LilyPond 2.19 (Buster), MediaWiki on REL1_35 and Score on REL1_35.
1. PoC from task:
2. Notehead stencil hack PoC, contributed in comment from LilyPond developer Han-wen Nienhuys: