Bug#618530: ghostscript: cannot open OutputFile if -dSAFER specified with piped or interactive input
unmerge 618530 # just a regression severity 618530 important found 618530 ghostscript/9.04~dfsg-2 tags 618530 + upstream forwarded 618530 http://bugs.ghostscript.com/show_bug.cgi?id=692602 quit Jonathan Nieder wrote: > Confirmed: with version 8.71~dfsg2-6.1 running > > man -t ls >ls.1 > echo '(ls.ps) run' | ghostscript -dSAFER > > fails with /invalidfileaccess, while with 8.71~dfsg2-6 it succeeds Thanks again. Let's see what upstream says. -- To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111016012844.ga21...@elie.hsd1.il.comcast.net
Bug#618530: ghostscript: cannot open OutputFile if -dSAFER specified with piped or interactive input
fixed 618530 ghostscript/8.71~dfsg2-6 found 618530 ghostscript/8.71~dfsg2-6.1 found 618530 ghostscript/9.01~dfsg-2 tags 618530 + confirmed # regression severity 618530 important retitle 618530 gs -dSAFER: /invalidfileaccess with "run" operator forcemerge 414002 618530 quit Hi again, Ralph Smith wrote: > Surprisingly, the invalid file access does not occur in any of the versions > you suggested, but returns when I upgrade to the current version > (8.71~dfsg2-9). For each case, I installed ghostscript, libgs8 and > gs-common debs for the test. Confirmed: with version 8.71~dfsg2-6.1 running man -t ls >ls.1 echo '(ls.ps) run' | ghostscript -dSAFER fails with /invalidfileaccess, while with 8.71~dfsg2-6 it succeeds (and if ghostscript-x is installed, renders the manpage). This has nothing to do with OutputFile, piped input, or relative paths --- something[1] has changed to make innocuous _reads_ break with -dSAFER. Michael, any hints? Jonathan [1] via debian/patches/1010_CVE-2010-2055.patch -- To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110320103051.GA15794@elie
Bug#618530: ghostscript: cannot open OutputFile if -dSAFER specified with piped or interactive input
Surprisingly, the invalid file access does not occur in any of the versions you suggested, but returns when I upgrade to the current version (8.71~dfsg2-9). For each case, I installed ghostscript, libgs8 and gs-common debs for the test. On Tue, Mar 15, 2011 at 9:36 PM, Jonathan Nieder wrote: > Hi Ralph, > > Ralph A. Smith wrote: > > > user@host:path$ gs -q -dSAFER -dSAFINTERPOLATE -dTextAlphaBits=4 > -dGraphicsAlphaBits=4 -sDEVICE=ppmraw -r144 -sOutputFile=foo.ppm > > GS>(foo.ps) run > > Error: /invalidfileaccess in --run-- > > Operand stack: > >(foo.ps) (r) > > ... > > Thanks for reporting. Could you try some versions among 8.71~dfsg2-6, > 8.71~dfsg2-4, 8.71~dfsg2-3, 8.70~dfsg-2.1, and 8.64~dfsg-13 from > snapshot.debian.org and let us know which ones work? > > Jonathan >
Bug#618530: ghostscript: cannot open OutputFile if -dSAFER specified with piped or interactive input
Hi Ralph, Ralph A. Smith wrote: > user@host:path$ gs -q -dSAFER -dSAFINTERPOLATE -dTextAlphaBits=4 > -dGraphicsAlphaBits=4 -sDEVICE=ppmraw -r144 -sOutputFile=foo.ppm > GS>(foo.ps) run > Error: /invalidfileaccess in --run-- > Operand stack: >(foo.ps) (r) > ... Thanks for reporting. Could you try some versions among 8.71~dfsg2-6, 8.71~dfsg2-4, 8.71~dfsg2-3, 8.70~dfsg-2.1, and 8.64~dfsg-13 from snapshot.debian.org and let us know which ones work? Jonathan -- To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110316013633.GA9882@elie
Bug#618530: ghostscript: cannot open OutputFile if -dSAFER specified with piped or interactive input
Package: ghostscript Version: 8.71~dfsg2-9 Severity: normal The behavior of the -dSAFER flag has changed between versions of Ghostscript in Lenny and Squeeze. It now prevents -sOutputFile from working if the input is taken interactively or from a pipe. For example: user@host:path$ gs -q -dSAFER -dSAFINTERPOLATE -dTextAlphaBits=4 -dGraphicsAlphaBits=4 -sDEVICE=ppmraw -r144 -sOutputFile=foo.ppm GS>(foo.ps) run Error: /invalidfileaccess in --run-- Operand stack: (foo.ps) (r) ... This is annoying for those of us who use pipes in scripts to generate graphics, say for web applications. Google did not show any obvious accounts of this. At the very least, it should be documented in a changelog. -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ghostscript depends on: ii debconf [de 1.5.36.1 Debian configuration management sy ii debianutils 3.4 Miscellaneous utilities specific t ii gsfonts 1:8.11+urwcyr1.0.7~pre44-4.2 Fonts for the Ghostscript interpre ii libc6 2.11.2-10Embedded GNU C Library: Shared lib ii libgs8 8.71~dfsg2-9 The Ghostscript PostScript/PDF int ghostscript recommends no packages. ghostscript suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110316011249.30633.99171.reportbug@pindar.greenhouse