Leonard's summary of the fix (and I note this is just for CentOS 6) is
diff -up /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps.new.bad
/usr/share/ghostscript/8.70/Resource/Init/gs_init.ps
--- /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps.new.bad
2017-01-04 11:20:37.000000000 +0100
+++ /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps 2015-07-24
00:00:19.000000000 +0200
@@ -2025,7 +2025,6 @@ readonly def
/LockFilePermissions true
>> setuserparams
}
- systemdict /getenv {pop //false} put
if
% setpagedevice has the side effect of clearing the page, but
% we will just document that. Using setpagedevice keeps the device
Which, if I understand what I'm reading, just has added the systemdict
line. I added that, and tried to run evince, which did not crash, but did
give me
invalidaccess -7
invalidaccess -7
invalidaccess -7
Have I misunderstood the fix?
mark
On Wed, 2017-01-11 at 13:58 -0500, m.roth at 5-cent.us wrote:> - systemdict /getenv {pop //false} put> Which, if I understand what I'm reading, just has added the systemdict > line.The leading "-" means removed not added.> I added that, and tried to run evince, which did not crash, but did > give me > invalidaccess -7 > > Have I misunderstood the fix?Yes. The fix is to remove the systemdict line. For CentOS 6 and ghostscript 8.70 it's line 2028 (as shown in the patch). For CentOS 7 and ghostscript 9.07 it's line 2022. Working for me on CentOS 6 and 7. -- Ian
Hello Ian, Mark, On Thu, 2017-01-12 at 02:33 +0000, Ian Mortimer wrote:> Yes. The fix is to remove the systemdict line.I should add that I did *not* investigate if that line has anything to do with the security fix that it came with, or that it is just an unrelated addition. So if you are using ghostscript in an automated setup using files from untrusted sources you should probably look in to that before applying this fix. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research