Created attachment 14814 [details] circle.eps Hello guys, the current version of Ghostscript 9.22 is not able to process file circle.eps (in attachement). However, the 9.20 version was doing okay. $ ghostscript --version 9.20 $ gs -dWRITESYSTEMDICT -dNOPAUSE -sDEVICE=bbox -sFN=circle.eps a2ping-gs-bbox.tgs 2>&1 GPL Ghostscript 9.20 (2016-09-26) Copyright (C) 2016 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. %%BoundingBox: 157 3147 238 3229 %%HiResBoundingBox: 157.002183 3147.614974 237.867743 3228.480394 bbox-begin pop-count==0 end-count==1 cut-offset==12261 bbox-success ------------------------- $ ghostscript --version 9.22 $ gs -dWRITESYSTEMDICT -dNOPAUSE -sDEVICE=bbox -sFN=circle.eps a2ping-gs-bbox.tgs 2>&1 GPL Ghostscript 9.22 (2017-10-04) Copyright (C) 2017 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. Error: /undefined in --.beginpage-- Operand stack: false --dict:1/1(L)-- --nostringval-- --dict:79/156(ro)(L)-- --dict:1/1(L)-- --dict:0/0(L)-- --dict:79/88(ro)(L)-- 0 Execution stack: %interp_exit .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- --nostringval-- --nostringval-- false 1 %stopped_push 2015 1 3 %oparray_pop 2014 1 3 %oparray_pop 1998 1 3 %oparray_pop 1884 1 3 %oparray_pop --nostringval-- %errorexec_pop .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- 1977 1 3 %oparray_pop --nostringval-- 1979 7 3 %oparray_pop --nostringval-- 1971 7 3 %oparray_pop --nostringval-- 9 Dictionary stack: --dict:982/1684(G)-- --dict:0/20(G)-- --dict:82/200(L)-- Current allocation mode is local Last OS error: No such file or directory Current file position is 488 GPL Ghostscript 9.22: Unrecoverable error, exit code 1 ---------------- This causes a failure for 'a2ping' application on Linux, which is utilizing a Ghostscript for part of its functionality. I'm wondering - could any of recent CVE fixes caused this? Previously, Ghostscript was more "permissive" in what could be done, and I think many other applications were counting on this behaviour... Best regards, -- Dee'Kej --
Created attachment 14815 [details] a2ping-gs-bbox.tgs You will also need this file for reproducing the issue.
Yeah basically that's not going to work in 9.22, at all. As it stands the prolog file will only ever work using Ghostscript, because it is using a Ghostscript-specific non-standard operator (.callbeginpage) and relies on systemdict being writeable (which it is not supposed to be). We removed almost all the non-standard operators as part of the 9.22 security hardening process, and I'm not in any hurry to put any of them back again. As we've said on a number of occasions, if the maintainers of the package want to talk to us we can discuss what they can do about it. We need to discuss it because I don't understand the point of the program and don't want to spend lots of time working through it to figure out what its doing. If we can't figure out some other solution then we can restore the operator, but I'd bet the use of the non-standard operator isn't required. In the forthcoming 9.23 release it can be worked around by specifying -dDELAYBIND, provided the user accepts the security hole (but since they are using -dWRITESYSTEMDICT their security model is potentially wide open if someone maliciously alters the prolog of this file anyway). I'll leave this open for a bit in case you can find the maintainer.
Thanks a lot for the reply, Ken. I will forward it to original BZ. :)
Like Ken, I have no idea what the intent of this "a2ping" PS is, but I note that the use of .currentglobal and .setglobal is totally not needed -- the currentglobal and setglobal operators work just as well. Also, BeginPage will call the beginpage procedure, I don't see the need for .callbeginpage. Use of systemdict is not needed to replace operators. Just leave them in userdict. Also, I added /NOPAUSE true def so that it emulates the performance of the original (maybe that's what .callbeginpage affects??? DK/DC) With the following changes, I get the same results as seen with older gs: 14d13 < .callbeginpage 17a17 > /NOPAUSE true def %%X prevent .confirm from waiting 19,20c19 < .currentglobal true .setglobal < systemdict begin --- > currentglobal true setglobal 127,129c126 < end % systemdict < .setglobal < systemdict readonly pop --- > setglobal
Now that 9.23 has been released the problem with this file can be worked around by setting -dDELAYSAFER. Since there's been no contact with anyone willing to maintain the package, there is nothing further we can do with this and I'm therefore going to close the report.
(In reply to Ken Sharp from comment #5) > Now that 9.23 has been released the problem with this file can be worked > around by setting -dDELAYSAFER. > > Since there's been no contact with anyone willing to maintain the package, > there is nothing further we can do with this and I'm therefore going to > close the report. Hello, I'm the one who reported this issue to RedHat BZ at: https://bugzilla.redhat.com/show_bug.cgi?id=1530268. I was lucky enough to have a contact with a2ping's maintainer, Péter Szabó, and he has uploaded an updated version of a2ping (2.83p), which is compatible with Ghostscript 9.22, to CTAN. See: https://www.ctan.org/pkg/a2ping The compatibility fix is a bit different from what Ray suggested in comment 4, and you might have concerns at the remaining switch to systemdict. But it is Péter's choice. Thanks to all for the feedback. And feel free to close this one.