From 5a5e48476c9a887b8f20d0e51f13ec114850f237 Mon Sep 17 00:00:00 2001 From: Tim Waugh Date: Wed, 25 Aug 2010 14:02:19 +0100 Subject: [PATCH] Change SEARCH_HERE_FIRST default to make -P- default (bug #599564). --- ghostscript-SEARCH_HERE_FIRST.patch | 318 ++++++++++++++++++++++++++++ ghostscript.spec | 7 + 2 files changed, 325 insertions(+) create mode 100644 ghostscript-SEARCH_HERE_FIRST.patch diff --git a/ghostscript-SEARCH_HERE_FIRST.patch b/ghostscript-SEARCH_HERE_FIRST.patch new file mode 100644 index 0000000..17ef622 --- /dev/null +++ b/ghostscript-SEARCH_HERE_FIRST.patch @@ -0,0 +1,318 @@ +diff -up ghostscript-8.71/base/bcwin32.mak.SEARCH_HERE_FIRST ghostscript-8.71/base/bcwin32.mak +--- ghostscript-8.71/base/bcwin32.mak.SEARCH_HERE_FIRST 2009-11-05 22:24:30.000000000 +0000 ++++ ghostscript-8.71/base/bcwin32.mak 2010-08-25 14:00:12.290019965 +0100 +@@ -78,13 +78,10 @@ GS_LIB_DEFAULT=$(GSROOTDIR)/Resource/Ini + + # Define whether or not searching for initialization files should always + # look in the current directory first. This leads to well-known security +-# and confusion problems, but users insist on it. +-# NOTE: this also affects searching for files named on the command line: +-# see the "File searching" section of Use.htm for full details. +-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended. ++# and confusion problems, but may be convenient sometimes. + + !ifndef SEARCH_HERE_FIRST +-SEARCH_HERE_FIRST=1 ++SEARCH_HERE_FIRST=0 + !endif + + # Define the name of the interpreter initialization file. +diff -up ghostscript-8.71/base/macos-mcp.mak.SEARCH_HERE_FIRST ghostscript-8.71/base/macos-mcp.mak +--- ghostscript-8.71/base/macos-mcp.mak.SEARCH_HERE_FIRST 2009-11-05 22:24:30.000000000 +0000 ++++ ghostscript-8.71/base/macos-mcp.mak 2010-08-25 14:00:12.297143504 +0100 +@@ -53,12 +53,9 @@ GS_DOCDIR=:doc + + # Define whether or not searching for initialization files should always + # look in the current directory first. This leads to well-known security +-# and confusion problems, but users insist on it. +-# NOTE: this also affects searching for files named on the command line: +-# see the "File searching" section of Use.htm for full details. +-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended. ++# and confusion problems, but may be convenient sometimes. + +-SEARCH_HERE_FIRST=1 ++SEARCH_HERE_FIRST=0 + + # Define the name of the interpreter initialization file. + # (There is no reason to change this.) +diff -up ghostscript-8.71/base/macosx.mak.SEARCH_HERE_FIRST ghostscript-8.71/base/macosx.mak +--- ghostscript-8.71/base/macosx.mak.SEARCH_HERE_FIRST 2008-10-02 20:33:22.000000000 +0100 ++++ ghostscript-8.71/base/macosx.mak 2010-08-25 14:00:12.327017571 +0100 +@@ -78,12 +78,9 @@ GS_LIB_DEFAULT=$(gsdatadir)/Resource/Ini + + # Define whether or not searching for initialization files should always + # look in the current directory first. This leads to well-known security +-# and confusion problems, but users insist on it. +-# NOTE: this also affects searching for files named on the command line: +-# see the "File searching" section of Use.htm for full details. +-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended. ++# and confusion problems, but may be convenient sometimes. + +-SEARCH_HERE_FIRST=1 ++SEARCH_HERE_FIRST=0 + + # Define the name of the interpreter initialization file. + # (There is no reason to change this.) +diff -up ghostscript-8.71/base/Makefile.in.SEARCH_HERE_FIRST ghostscript-8.71/base/Makefile.in +--- ghostscript-8.71/base/Makefile.in.SEARCH_HERE_FIRST 2009-12-18 07:04:10.000000000 +0000 ++++ ghostscript-8.71/base/Makefile.in 2010-08-25 14:00:12.335142758 +0100 +@@ -96,12 +96,9 @@ GS_CACHE_DIR="~/.ghostscript/cache/" + + # Define whether or not searching for initialization files should always + # look in the current directory first. This leads to well-known security +-# and confusion problems, but users insist on it. +-# NOTE: this also affects searching for files named on the command line: +-# see the "File searching" section of Use.htm for full details. +-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended. ++# and confusion problems, but may be convenient sometimes. + +-SEARCH_HERE_FIRST=1 ++SEARCH_HERE_FIRST=0 + + # Define the name of the interpreter initialization file. + # (There is no reason to change this.) +diff -up ghostscript-8.71/base/msvclib.mak.SEARCH_HERE_FIRST ghostscript-8.71/base/msvclib.mak +--- ghostscript-8.71/base/msvclib.mak.SEARCH_HERE_FIRST 2010-01-07 10:53:36.000000000 +0000 ++++ ghostscript-8.71/base/msvclib.mak 2010-08-25 14:00:12.359017810 +0100 +@@ -49,13 +49,10 @@ GS_LIB_DEFAULT=$(GSROOTDIR)/Resource/Ini + + # Define whether or not searching for initialization files should always + # look in the current directory first. This leads to well-known security +-# and confusion problems, but users insist on it. +-# NOTE: this also affects searching for files named on the command line: +-# see the "File searching" section of Use.htm for full details. +-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended. ++# and confusion problems, but may be convenient sometimes. + + !ifndef SEARCH_HERE_FIRST +-SEARCH_HERE_FIRST=1 ++SEARCH_HERE_FIRST=0 + !endif + + # Define the name of the interpreter initialization file. +diff -up ghostscript-8.71/base/openvms.mak.SEARCH_HERE_FIRST ghostscript-8.71/base/openvms.mak +--- ghostscript-8.71/base/openvms.mak.SEARCH_HERE_FIRST 2009-11-05 22:24:30.000000000 +0000 ++++ ghostscript-8.71/base/openvms.mak 2010-08-25 14:00:12.382018536 +0100 +@@ -68,12 +68,9 @@ GS_LIB_DEFAULT=GS_ROOT:[RESOURCE.INIT],G + + # Define whether or not searching for initialization files should always + # look in the current directory first. This leads to well-known security +-# and confusion problems, but users insist on it. +-# NOTE: this also affects searching for files named on the command line: +-# see the "File searching" section of Use.htm for full details. +-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended. ++# and confusion problems, but may be convenient sometimes. + +-SEARCH_HERE_FIRST=1 ++SEARCH_HERE_FIRST=0 + + # Define the name of the interpreter initialization file. + # (There is no reason to change this.) +diff -up ghostscript-8.71/base/openvms.mmk.SEARCH_HERE_FIRST ghostscript-8.71/base/openvms.mmk +--- ghostscript-8.71/base/openvms.mmk.SEARCH_HERE_FIRST 2009-01-08 09:17:18.000000000 +0000 ++++ ghostscript-8.71/base/openvms.mmk 2010-08-25 14:00:12.408142641 +0100 +@@ -73,12 +73,9 @@ GS_LIB_DEFAULT=GS_LIB + + # Define whether or not searching for initialization files should always + # look in the current directory first. This leads to well-known security +-# and confusion problems, but users insist on it. +-# NOTE: this also affects searching for files named on the command line: +-# see the "File searching" section of Use.htm for full details. +-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended. ++# and confusion problems, but may be convenient sometimes. + +-SEARCH_HERE_FIRST=1 ++SEARCH_HERE_FIRST=0 + + # Define the name of the interpreter initialization file. + # (There is no reason to change this.) +diff -up ghostscript-8.71/base/ugcclib.mak.SEARCH_HERE_FIRST ghostscript-8.71/base/ugcclib.mak +--- ghostscript-8.71/base/ugcclib.mak.SEARCH_HERE_FIRST 2008-11-05 20:41:22.000000000 +0000 ++++ ghostscript-8.71/base/ugcclib.mak 2010-08-25 14:00:12.446144216 +0100 +@@ -30,7 +30,7 @@ gsdir = /usr/local/share/ghostscript + gsdatadir = $(gsdir)/$(GS_DOT_VERSION) + GS_DOCDIR=$(gsdatadir)/doc + GS_LIB_DEFAULT=$(gsdatadir)/Resource/Init:$(gsdatadir)/lib:$(gsdatadir)/Resource/Font +-SEARCH_HERE_FIRST=1 ++SEARCH_HERE_FIRST=0 + GS_INIT=gs_init.ps + + #GENOPT=-DDEBUG +diff -up ghostscript-8.71/base/unixansi.mak.SEARCH_HERE_FIRST ghostscript-8.71/base/unixansi.mak +--- ghostscript-8.71/base/unixansi.mak.SEARCH_HERE_FIRST 2009-11-05 22:24:30.000000000 +0000 ++++ ghostscript-8.71/base/unixansi.mak 2010-08-25 14:00:12.485143635 +0100 +@@ -73,12 +73,9 @@ GS_LIB_DEFAULT=$(gsdatadir)/Resource/Ini + + # Define whether or not searching for initialization files should always + # look in the current directory first. This leads to well-known security +-# and confusion problems, but users insist on it. +-# NOTE: this also affects searching for files named on the command line: +-# see the "File searching" section of Use.htm for full details. +-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended. ++# and confusion problems, but may be convenient sometimes. + +-SEARCH_HERE_FIRST=1 ++SEARCH_HERE_FIRST=0 + + # Define the name of the interpreter initialization file. + # (There is no reason to change this.) +diff -up ghostscript-8.71/base/unix-gcc.mak.SEARCH_HERE_FIRST ghostscript-8.71/base/unix-gcc.mak +--- ghostscript-8.71/base/unix-gcc.mak.SEARCH_HERE_FIRST 2009-11-11 15:50:28.000000000 +0000 ++++ ghostscript-8.71/base/unix-gcc.mak 2010-08-25 14:00:12.501143978 +0100 +@@ -77,12 +77,9 @@ GS_LIB_DEFAULT=$(gsdatadir)/Resource/Ini + + # Define whether or not searching for initialization files should always + # look in the current directory first. This leads to well-known security +-# and confusion problems, but users insist on it. +-# NOTE: this also affects searching for files named on the command line: +-# see the "File searching" section of Use.htm for full details. +-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended. ++# and confusion problems, but may be convenient sometimes. + +-SEARCH_HERE_FIRST=1 ++SEARCH_HERE_FIRST=0 + + # Define the name of the interpreter initialization file. + # (There is no reason to change this.) +diff -up ghostscript-8.71/base/watclib.mak.SEARCH_HERE_FIRST ghostscript-8.71/base/watclib.mak +--- ghostscript-8.71/base/watclib.mak.SEARCH_HERE_FIRST 2009-01-08 09:17:18.000000000 +0000 ++++ ghostscript-8.71/base/watclib.mak 2010-08-25 14:00:12.509143140 +0100 +@@ -20,7 +20,7 @@ AROOTDIR=c:/gs + GSROOTDIR=$(AROOTDIR)/gs$(GS_DOT_VERSION) + GS_DOCDIR=$(GSROOTDIR)/doc + GS_LIB_DEFAULT=$(GSROOTDIR)/Resource/Init\;$(GSROOTDIR)/lib\;$(GSROOTDIR)/Resource/Font\;$(AROOTDIR)/fonts +-SEARCH_HERE_FIRST=1 ++SEARCH_HERE_FIRST=0 + GS_INIT=gs_init.ps + + !ifndef DEBUG +diff -up ghostscript-8.71/base/watcw32.mak.SEARCH_HERE_FIRST ghostscript-8.71/base/watcw32.mak +--- ghostscript-8.71/base/watcw32.mak.SEARCH_HERE_FIRST 2009-11-05 22:24:30.000000000 +0000 ++++ ghostscript-8.71/base/watcw32.mak 2010-08-25 14:00:12.525143422 +0100 +@@ -54,11 +54,8 @@ GS_LIB_DEFAULT=$(GSROOTDIR)/Resource/Ini + # Define whether or not searching for initialization files should always + # look in the current directory first. This leads to well-known security + # and confusion problems, but users insist on it. +-# NOTE: this also affects searching for files named on the command line: +-# see the "File searching" section of Use.htm for full details. +-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended. + +-SEARCH_HERE_FIRST=1 ++SEARCH_HERE_FIRST=0 + + # Define the name of the interpreter initialization file. + # (There is no reason to change this.) +diff -up ghostscript-8.71/doc/Use.htm.SEARCH_HERE_FIRST ghostscript-8.71/doc/Use.htm +--- ghostscript-8.71/doc/Use.htm.SEARCH_HERE_FIRST 2010-02-10 18:17:48.000000000 +0000 ++++ ghostscript-8.71/doc/Use.htm 2010-08-25 14:00:12.552143446 +0100 +@@ -823,8 +823,8 @@ file name specifies an absolute path. + using the name given. Otherwise it tries directories in this order: + +
    +-
  1. The current directory (unless disabled by the +--P- switch); ++
  2. The current directory if enabled by the ++-P switch; + +
  3. The directories specified by -I + switches in the command line, if any; +@@ -847,13 +847,10 @@ into the executable ; + directory or a list of directories separated by a character appropriate for + the operating system (":" on Unix systems, + "," on VMS systems, and +-";" on MS Windows systems). We think that trying +-the current directory first is a very bad idea -- it opens serious security +-loopholes and can lead to very confusing errors if one has more than one +-version of Ghostscript in one's environment -- but when we attempted to +-change it, users insisted that we change it back. You can disable looking +-in the current directory first by using the +--P- switch. ++";" on MS Windows systems). ++By default, Ghostscript no longer searches the current directory first ++but provides -P switch for a degree ++of backward compatibility. + +

    + Note that Ghostscript does not use this file searching algorithm for the +@@ -2061,14 +2058,14 @@ for library files. +

    +
    -P +
    Makes Ghostscript look first in the current directory for library +-files. This is currently the default. ++files. +
    + +
    +
    -P- +
    Makes Ghostscript not look first in the current + directory for library files (unless, of course, the first explicitly +-supplied directory is "."). ++supplied directory is "."). This is now the default. +
    + +

    Setting parameters

    +diff -up ghostscript-8.71/man/gs.1.SEARCH_HERE_FIRST ghostscript-8.71/man/gs.1 +--- ghostscript-8.71/man/gs.1.SEARCH_HERE_FIRST 2010-02-10 18:17:48.000000000 +0000 ++++ ghostscript-8.71/man/gs.1 2010-08-25 14:00:12.562143368 +0100 +@@ -208,6 +208,12 @@ whereas \fB\-sname=35\fR is equivalent t + .br + /name (35) def + .TP ++.B \-P ++Makes Ghostscript to look first in the current directory for library files. ++By default, Ghostscript no longer looks in the current directory, ++unless, of course, the first explicitly supplied directory is "." in \fB-I\fR. ++See also the \fBINITIALIZATION FILES\fR section below, and bundled ++\fBUse.htm\fR for detailed discussion on search paths and how Ghostcript finds files. + .B \-q + Quiet startup: suppress normal startup messages, and also do the + equivalent of \fB\-dQUIET\fR. +diff -up ghostscript-8.71/psi/msvc32.mak.SEARCH_HERE_FIRST ghostscript-8.71/psi/msvc32.mak +--- ghostscript-8.71/psi/msvc32.mak.SEARCH_HERE_FIRST 2010-02-02 18:14:37.000000000 +0000 ++++ ghostscript-8.71/psi/msvc32.mak 2010-08-25 14:00:12.594142799 +0100 +@@ -100,13 +100,10 @@ GS_LIB_DEFAULT=$(GSROOTDIR)/Resource/Ini + + # Define whether or not searching for initialization files should always + # look in the current directory first. This leads to well-known security +-# and confusion problems, but users insist on it. +-# NOTE: this also affects searching for files named on the command line: +-# see the "File searching" section of Use.htm for full details. +-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended. ++# and confusion problems, but may be convenient sometimes. + + !ifndef SEARCH_HERE_FIRST +-SEARCH_HERE_FIRST=1 ++SEARCH_HERE_FIRST=0 + !endif + + # Define the name of the interpreter initialization file. +diff -up ghostscript-8.71/psi/os2.mak.SEARCH_HERE_FIRST ghostscript-8.71/psi/os2.mak +--- ghostscript-8.71/psi/os2.mak.SEARCH_HERE_FIRST 2009-11-05 22:24:30.000000000 +0000 ++++ ghostscript-8.71/psi/os2.mak 2010-08-25 14:00:12.621143319 +0100 +@@ -54,12 +54,9 @@ GS_LIB_DEFAULT=$(GSROOTDIR)/Resource/Ini + + # Define whether or not searching for initialization files should always + # look in the current directory first. This leads to well-known security +-# and confusion problems, but users insist on it. +-# NOTE: this also affects searching for files named on the command line: +-# see the "File searching" section of Use.htm for full details. +-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended. ++# and confusion problems, but may be convenient sometimes. + +-SEARCH_HERE_FIRST=1 ++SEARCH_HERE_FIRST=0 + + # Define the name of the interpreter initialization file. + # (There is no reason to change this.) +diff -up ghostscript-8.71/toolbin/msvcxml.bat.SEARCH_HERE_FIRST ghostscript-8.71/toolbin/msvcxml.bat +--- ghostscript-8.71/toolbin/msvcxml.bat.SEARCH_HERE_FIRST 2009-01-26 17:16:47.000000000 +0000 ++++ ghostscript-8.71/toolbin/msvcxml.bat 2010-08-25 14:00:12.631143783 +0100 +@@ -1428,7 +1428,7 @@ echo ^ + echo ^ + echo ^ +-echo ^ ++echo ^ + echo ^ + goto end + diff --git a/ghostscript.spec b/ghostscript.spec index c48b18a..a8406f8 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -36,6 +36,7 @@ Patch18: ghostscript-tiff-default-strip-size.patch Patch19: ghostscript-tiff-fixes.patch Patch20: ghostscript-CVE-2010-1628.patch Patch21: ghostscript-jbig2-image-refcount.patch +Patch22: ghostscript-SEARCH_HERE_FIRST.patch Requires: urw-fonts >= 1.1, ghostscript-fonts BuildRequires: xz @@ -169,6 +170,10 @@ rm -rf libpng zlib jpeg jasper # Avoid another NULL pointer dereference in jbig2 code (bug #621569). %patch21 -p1 -b .jbig2-image-refcount +# Change SEARCH_HERE_FIRST default to make -P- default instead of -P +# (bug #599564). +%patch22 -p1 -b .SEARCH_HERE_FIRST + # Convert manual pages to UTF-8 from8859_1() { iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_" @@ -358,6 +363,8 @@ rm -rf $RPM_BUILD_ROOT %changelog * Wed Aug 25 2010 Tim Waugh 8.71-9 +- Change SEARCH_HERE_FIRST default to make -P- default instead of -P + (bug #599564). - Removed redundant gs-executable patch (bug #502550). * Thu Aug 5 2010 Tim Waugh 8.71-8