Has the issue with the last ghostscript update been resolved? I temporarily added ghostcript to the excludes line in my yum.conf to prevent problems and haven’t seen any more mention of it here.
If you exclude only the specific version, you will get subsequent package updates as they become available. exclude=ghostscript-8.70-21.el6_8.1
Hello Frank,
Yamaban recently pointed out it’s a simple fix. Let me summarize:
$ diff -up /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps.new.bad /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps
— /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps.new.bad 2017-01-04 11:20:37.000000000 +0100
+++ /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps 2015-07-24 00:00:19.000000000 +0200
@@ -2025,7 +2025,6 @@ readonly def
/LockFilePermissions true
>> setuserparams
}
– systemdict /getenv {pop //false} put
if
% setpagedevice has the side effect of clearing the page, but
% we will just document that. Using setpagedevice keeps the device
Regards, Leonard.
Leonard’s summary of the fix (and I note this is just for CentOS 6) is diff -up /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps.new.bad
/usr/share/ghostscript/8.70/Resource/Init/gs_init.ps
— /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps.new.bad
2017-01-04 11:20:37.000000000 +0100
+++ /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps 2015-07-24
00:00:19.000000000 +0200
@@ -2025,7 +2025,6 @@ readonly def
/LockFilePermissions true
>> setuserparams
}
– systemdict /getenv {pop //false} put
if
% setpagedevice has the side effect of clearing the page, but
% we will just document that. Using setpagedevice keeps the device
Which, if I understand what I’m reading, just has added the systemdict line. I added that, and tried to run evince, which did not crash, but did give me invalidaccess -7
invalidaccess -7
invalidaccess -7
Have I misunderstood the fix?
mark
The leading “-” means removed not added.
Yes. The fix is to remove the systemdict line. For CentOS 6 and ghostscript 8.70 it’s line 2028 (as shown in the patch). For CentOS 7
and ghostscript 9.07 it’s line 2022.
Working for me on CentOS 6 and 7.
Hello Ian, Mark,
I should add that I did *not* investigate if that line has anything to do with the security fix that it came with, or that it is just an unrelated addition.
So if you are using ghostscript in an automated setup using files from untrusted sources you should probably look in to that before applying this fix.
5 thoughts on - Ghostscript Update?
Nothing yet. You can add yourself to the CC list at <https://bugzilla.redhat.com/show_bug.cgi?id10260> to monitor progress.
If you exclude only the specific version, you will get subsequent package updates as they become available. exclude=ghostscript-8.70-21.el6_8.1
Hello Frank,
Yamaban recently pointed out it’s a simple fix. Let me summarize:
$ diff -up /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps.new.bad /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps
— /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps.new.bad 2017-01-04 11:20:37.000000000 +0100
+++ /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps 2015-07-24 00:00:19.000000000 +0200
@@ -2025,7 +2025,6 @@ readonly def
/LockFilePermissions true
>> setuserparams
}
– systemdict /getenv {pop //false} put
if
% setpagedevice has the side effect of clearing the page, but
% we will just document that. Using setpagedevice keeps the device
Regards, Leonard.
Leonard’s summary of the fix (and I note this is just for CentOS 6) is diff -up /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps.new.bad
/usr/share/ghostscript/8.70/Resource/Init/gs_init.ps
— /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps.new.bad
2017-01-04 11:20:37.000000000 +0100
+++ /usr/share/ghostscript/8.70/Resource/Init/gs_init.ps 2015-07-24
00:00:19.000000000 +0200
@@ -2025,7 +2025,6 @@ readonly def
/LockFilePermissions true
>> setuserparams
}
– systemdict /getenv {pop //false} put
if
% setpagedevice has the side effect of clearing the page, but
% we will just document that. Using setpagedevice keeps the device
Which, if I understand what I’m reading, just has added the systemdict line. I added that, and tried to run evince, which did not crash, but did give me invalidaccess -7
invalidaccess -7
invalidaccess -7
Have I misunderstood the fix?
mark
The leading “-” means removed not added.
Yes. The fix is to remove the systemdict line. For CentOS 6 and ghostscript 8.70 it’s line 2028 (as shown in the patch). For CentOS 7
and ghostscript 9.07 it’s line 2022.
Working for me on CentOS 6 and 7.
Hello Ian, Mark,
I should add that I did *not* investigate if that line has anything to do with the security fix that it came with, or that it is just an unrelated addition.
So if you are using ghostscript in an automated setup using files from untrusted sources you should probably look in to that before applying this fix.
Regards, Leonard.