Bug#618530: ghostscript: cannot open OutputFile if -dSAFER specified with piped or interactive input
fixed 618530 ghostscript/8.71~dfsg2-6 found 618530 ghostscript/8.71~dfsg2-6.1 found 618530 ghostscript/9.01~dfsg-2 tags 618530 + confirmed # regression severity 618530 important retitle 618530 gs -dSAFER: /invalidfileaccess with run operator forcemerge 414002 618530 quit Hi again, Ralph Smith wrote: Surprisingly, the invalid file access does not occur in any of the versions you suggested, but returns when I upgrade to the current version (8.71~dfsg2-9). For each case, I installed ghostscript, libgs8 and gs-common debs for the test. Confirmed: with version 8.71~dfsg2-6.1 running man -t ls ls.1 echo '(ls.ps) run' | ghostscript -dSAFER fails with /invalidfileaccess, while with 8.71~dfsg2-6 it succeeds (and if ghostscript-x is installed, renders the manpage). This has nothing to do with OutputFile, piped input, or relative paths --- something[1] has changed to make innocuous _reads_ break with -dSAFER. Michael, any hints? Jonathan [1] via debian/patches/1010_CVE-2010-2055.patch -- To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110320103051.GA15794@elie
Bug#618530: ghostscript: cannot open OutputFile if -dSAFER specified with piped or interactive input
Surprisingly, the invalid file access does not occur in any of the versions you suggested, but returns when I upgrade to the current version (8.71~dfsg2-9). For each case, I installed ghostscript, libgs8 and gs-common debs for the test. On Tue, Mar 15, 2011 at 9:36 PM, Jonathan Nieder jrnie...@gmail.com wrote: Hi Ralph, Ralph A. Smith wrote: user@host:path$ gs -q -dSAFER -dSAFINTERPOLATE -dTextAlphaBits=4 -dGraphicsAlphaBits=4 -sDEVICE=ppmraw -r144 -sOutputFile=foo.ppm GS(foo.ps) run Error: /invalidfileaccess in --run-- Operand stack: (foo.ps) (r) ... Thanks for reporting. Could you try some versions among 8.71~dfsg2-6, 8.71~dfsg2-4, 8.71~dfsg2-3, 8.70~dfsg-2.1, and 8.64~dfsg-13 from snapshot.debian.org and let us know which ones work? Jonathan
Bug#618530: ghostscript: cannot open OutputFile if -dSAFER specified with piped or interactive input
Package: ghostscript Version: 8.71~dfsg2-9 Severity: normal The behavior of the -dSAFER flag has changed between versions of Ghostscript in Lenny and Squeeze. It now prevents -sOutputFile from working if the input is taken interactively or from a pipe. For example: user@host:path$ gs -q -dSAFER -dSAFINTERPOLATE -dTextAlphaBits=4 -dGraphicsAlphaBits=4 -sDEVICE=ppmraw -r144 -sOutputFile=foo.ppm GS(foo.ps) run Error: /invalidfileaccess in --run-- Operand stack: (foo.ps) (r) ... This is annoying for those of us who use pipes in scripts to generate graphics, say for web applications. Google did not show any obvious accounts of this. At the very least, it should be documented in a changelog. -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ghostscript depends on: ii debconf [de 1.5.36.1 Debian configuration management sy ii debianutils 3.4 Miscellaneous utilities specific t ii gsfonts 1:8.11+urwcyr1.0.7~pre44-4.2 Fonts for the Ghostscript interpre ii libc6 2.11.2-10Embedded GNU C Library: Shared lib ii libgs8 8.71~dfsg2-9 The Ghostscript PostScript/PDF int ghostscript recommends no packages. ghostscript suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110316011249.30633.99171.reportbug@pindar.greenhouse
Bug#618530: ghostscript: cannot open OutputFile if -dSAFER specified with piped or interactive input
Hi Ralph, Ralph A. Smith wrote: user@host:path$ gs -q -dSAFER -dSAFINTERPOLATE -dTextAlphaBits=4 -dGraphicsAlphaBits=4 -sDEVICE=ppmraw -r144 -sOutputFile=foo.ppm GS(foo.ps) run Error: /invalidfileaccess in --run-- Operand stack: (foo.ps) (r) ... Thanks for reporting. Could you try some versions among 8.71~dfsg2-6, 8.71~dfsg2-4, 8.71~dfsg2-3, 8.70~dfsg-2.1, and 8.64~dfsg-13 from snapshot.debian.org and let us know which ones work? Jonathan -- To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110316013633.GA9882@elie