Leonard's summary of the fix (and I note this is just for CentOS 6) is diff -up /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps.new.bad /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps --- /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps.new.bad 2017-01-04 11:20:37.000000000 +0100 +++ /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps 2015-07-24 00:00:19.000000000 +0200 @@ -2025,7 +2025,6 @@ readonly def /LockFilePermissions true >> setuserparams } - systemdict /getenv {pop //false} put if % setpagedevice has the side effect of clearing the page, but % we will just document that. Using setpagedevice keeps the device Which, if I understand what I'm reading, just has added the systemdict line. I added that, and tried to run evince, which did not crash, but did give me invalidaccess -7 invalidaccess -7 invalidaccess -7 Have I misunderstood the fix? mark
On Wed, 2017-01-11 at 13:58 -0500, m.roth at 5-cent.us wrote:> - systemdict /getenv {pop //false} put> Which, if I understand what I'm reading, just has added the systemdict > line.The leading "-" means removed not added.> I added that, and tried to run evince, which did not crash, but did > give me > invalidaccess -7 > > Have I misunderstood the fix?Yes. The fix is to remove the systemdict line. For CentOS 6 and ghostscript 8.70 it's line 2028 (as shown in the patch). For CentOS 7 and ghostscript 9.07 it's line 2022. Working for me on CentOS 6 and 7. -- Ian
Hello Ian, Mark, On Thu, 2017-01-12 at 02:33 +0000, Ian Mortimer wrote:> Yes. The fix is to remove the systemdict line.I should add that I did *not* investigate if that line has anything to do with the security fix that it came with, or that it is just an unrelated addition. So if you are using ghostscript in an automated setup using files from untrusted sources you should probably look in to that before applying this fix. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research