[ghostscript/f12/master] Change SEARCH_HERE_FIRST default to make -P- default (bug #599564).
Tim Waugh
twaugh at fedoraproject.org
Wed Aug 25 13:25:35 UTC 2010
commit 5a5e48476c9a887b8f20d0e51f13ec114850f237
Author: Tim Waugh <twaugh at redhat.com>
Date: Wed Aug 25 14:02:19 2010 +0100
Change SEARCH_HERE_FIRST default to make -P- default (bug #599564).
ghostscript-SEARCH_HERE_FIRST.patch | 318 +++++++++++++++++++++++++++++++++++
ghostscript.spec | 7 +
2 files changed, 325 insertions(+), 0 deletions(-)
---
diff --git a/ghostscript-SEARCH_HERE_FIRST.patch b/ghostscript-SEARCH_HERE_FIRST.patch
new file mode 100644
index 0000000..17ef622
--- /dev/null
+++ b/ghostscript-SEARCH_HERE_FIRST.patch
@@ -0,0 +1,318 @@
+diff -up ghostscript-8.71/base/bcwin32.mak.SEARCH_HERE_FIRST ghostscript-8.71/base/bcwin32.mak
+--- ghostscript-8.71/base/bcwin32.mak.SEARCH_HERE_FIRST 2009-11-05 22:24:30.000000000 +0000
++++ ghostscript-8.71/base/bcwin32.mak 2010-08-25 14:00:12.290019965 +0100
+@@ -78,13 +78,10 @@ GS_LIB_DEFAULT=$(GSROOTDIR)/Resource/Ini
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+ !ifndef SEARCH_HERE_FIRST
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+ !endif
+
+ # Define the name of the interpreter initialization file.
+diff -up ghostscript-8.71/base/macos-mcp.mak.SEARCH_HERE_FIRST ghostscript-8.71/base/macos-mcp.mak
+--- ghostscript-8.71/base/macos-mcp.mak.SEARCH_HERE_FIRST 2009-11-05 22:24:30.000000000 +0000
++++ ghostscript-8.71/base/macos-mcp.mak 2010-08-25 14:00:12.297143504 +0100
+@@ -53,12 +53,9 @@ GS_DOCDIR=:doc
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+
+ # Define the name of the interpreter initialization file.
+ # (There is no reason to change this.)
+diff -up ghostscript-8.71/base/macosx.mak.SEARCH_HERE_FIRST ghostscript-8.71/base/macosx.mak
+--- ghostscript-8.71/base/macosx.mak.SEARCH_HERE_FIRST 2008-10-02 20:33:22.000000000 +0100
++++ ghostscript-8.71/base/macosx.mak 2010-08-25 14:00:12.327017571 +0100
+@@ -78,12 +78,9 @@ GS_LIB_DEFAULT=$(gsdatadir)/Resource/Ini
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+
+ # Define the name of the interpreter initialization file.
+ # (There is no reason to change this.)
+diff -up ghostscript-8.71/base/Makefile.in.SEARCH_HERE_FIRST ghostscript-8.71/base/Makefile.in
+--- ghostscript-8.71/base/Makefile.in.SEARCH_HERE_FIRST 2009-12-18 07:04:10.000000000 +0000
++++ ghostscript-8.71/base/Makefile.in 2010-08-25 14:00:12.335142758 +0100
+@@ -96,12 +96,9 @@ GS_CACHE_DIR="~/.ghostscript/cache/"
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+
+ # Define the name of the interpreter initialization file.
+ # (There is no reason to change this.)
+diff -up ghostscript-8.71/base/msvclib.mak.SEARCH_HERE_FIRST ghostscript-8.71/base/msvclib.mak
+--- ghostscript-8.71/base/msvclib.mak.SEARCH_HERE_FIRST 2010-01-07 10:53:36.000000000 +0000
++++ ghostscript-8.71/base/msvclib.mak 2010-08-25 14:00:12.359017810 +0100
+@@ -49,13 +49,10 @@ GS_LIB_DEFAULT=$(GSROOTDIR)/Resource/Ini
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+ !ifndef SEARCH_HERE_FIRST
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+ !endif
+
+ # Define the name of the interpreter initialization file.
+diff -up ghostscript-8.71/base/openvms.mak.SEARCH_HERE_FIRST ghostscript-8.71/base/openvms.mak
+--- ghostscript-8.71/base/openvms.mak.SEARCH_HERE_FIRST 2009-11-05 22:24:30.000000000 +0000
++++ ghostscript-8.71/base/openvms.mak 2010-08-25 14:00:12.382018536 +0100
+@@ -68,12 +68,9 @@ GS_LIB_DEFAULT=GS_ROOT:[RESOURCE.INIT],G
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+
+ # Define the name of the interpreter initialization file.
+ # (There is no reason to change this.)
+diff -up ghostscript-8.71/base/openvms.mmk.SEARCH_HERE_FIRST ghostscript-8.71/base/openvms.mmk
+--- ghostscript-8.71/base/openvms.mmk.SEARCH_HERE_FIRST 2009-01-08 09:17:18.000000000 +0000
++++ ghostscript-8.71/base/openvms.mmk 2010-08-25 14:00:12.408142641 +0100
+@@ -73,12 +73,9 @@ GS_LIB_DEFAULT=GS_LIB
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+
+ # Define the name of the interpreter initialization file.
+ # (There is no reason to change this.)
+diff -up ghostscript-8.71/base/ugcclib.mak.SEARCH_HERE_FIRST ghostscript-8.71/base/ugcclib.mak
+--- ghostscript-8.71/base/ugcclib.mak.SEARCH_HERE_FIRST 2008-11-05 20:41:22.000000000 +0000
++++ ghostscript-8.71/base/ugcclib.mak 2010-08-25 14:00:12.446144216 +0100
+@@ -30,7 +30,7 @@ gsdir = /usr/local/share/ghostscript
+ gsdatadir = $(gsdir)/$(GS_DOT_VERSION)
+ GS_DOCDIR=$(gsdatadir)/doc
+ GS_LIB_DEFAULT=$(gsdatadir)/Resource/Init:$(gsdatadir)/lib:$(gsdatadir)/Resource/Font
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+ GS_INIT=gs_init.ps
+
+ #GENOPT=-DDEBUG
+diff -up ghostscript-8.71/base/unixansi.mak.SEARCH_HERE_FIRST ghostscript-8.71/base/unixansi.mak
+--- ghostscript-8.71/base/unixansi.mak.SEARCH_HERE_FIRST 2009-11-05 22:24:30.000000000 +0000
++++ ghostscript-8.71/base/unixansi.mak 2010-08-25 14:00:12.485143635 +0100
+@@ -73,12 +73,9 @@ GS_LIB_DEFAULT=$(gsdatadir)/Resource/Ini
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+
+ # Define the name of the interpreter initialization file.
+ # (There is no reason to change this.)
+diff -up ghostscript-8.71/base/unix-gcc.mak.SEARCH_HERE_FIRST ghostscript-8.71/base/unix-gcc.mak
+--- ghostscript-8.71/base/unix-gcc.mak.SEARCH_HERE_FIRST 2009-11-11 15:50:28.000000000 +0000
++++ ghostscript-8.71/base/unix-gcc.mak 2010-08-25 14:00:12.501143978 +0100
+@@ -77,12 +77,9 @@ GS_LIB_DEFAULT=$(gsdatadir)/Resource/Ini
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+
+ # Define the name of the interpreter initialization file.
+ # (There is no reason to change this.)
+diff -up ghostscript-8.71/base/watclib.mak.SEARCH_HERE_FIRST ghostscript-8.71/base/watclib.mak
+--- ghostscript-8.71/base/watclib.mak.SEARCH_HERE_FIRST 2009-01-08 09:17:18.000000000 +0000
++++ ghostscript-8.71/base/watclib.mak 2010-08-25 14:00:12.509143140 +0100
+@@ -20,7 +20,7 @@ AROOTDIR=c:/gs
+ GSROOTDIR=$(AROOTDIR)/gs$(GS_DOT_VERSION)
+ GS_DOCDIR=$(GSROOTDIR)/doc
+ GS_LIB_DEFAULT=$(GSROOTDIR)/Resource/Init\;$(GSROOTDIR)/lib\;$(GSROOTDIR)/Resource/Font\;$(AROOTDIR)/fonts
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+ GS_INIT=gs_init.ps
+
+ !ifndef DEBUG
+diff -up ghostscript-8.71/base/watcw32.mak.SEARCH_HERE_FIRST ghostscript-8.71/base/watcw32.mak
+--- ghostscript-8.71/base/watcw32.mak.SEARCH_HERE_FIRST 2009-11-05 22:24:30.000000000 +0000
++++ ghostscript-8.71/base/watcw32.mak 2010-08-25 14:00:12.525143422 +0100
+@@ -54,11 +54,8 @@ GS_LIB_DEFAULT=$(GSROOTDIR)/Resource/Ini
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+ # and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
+
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+
+ # Define the name of the interpreter initialization file.
+ # (There is no reason to change this.)
+diff -up ghostscript-8.71/doc/Use.htm.SEARCH_HERE_FIRST ghostscript-8.71/doc/Use.htm
+--- ghostscript-8.71/doc/Use.htm.SEARCH_HERE_FIRST 2010-02-10 18:17:48.000000000 +0000
++++ ghostscript-8.71/doc/Use.htm 2010-08-25 14:00:12.552143446 +0100
+@@ -823,8 +823,8 @@ file name specifies an absolute path.
+ using the name given. Otherwise it tries directories in this order:
+
+ <ol>
+-<li>The current directory (unless disabled by the
+-<a href="#P-_switch"><code>-P-</code> switch</a>);
++<li>The current directory if enabled by the
++<a href="#P-_switch"><code>-P</code> switch</a>;
+
+ <li>The directories specified by <a href="#I_switch"><code>-I</code>
+ switches</a> in the command line, if any;
+@@ -847,13 +847,10 @@ into the executable ;
+ directory or a list of directories separated by a character appropriate for
+ the operating system ("<code>:</code>" on Unix systems,
+ "<code>,</code>" on VMS systems, and
+-"<code>;</code>" on MS Windows systems). We think that trying
+-the current directory first is a very bad idea -- it opens serious security
+-loopholes and can lead to very confusing errors if one has more than one
+-version of Ghostscript in one's environment -- but when we attempted to
+-change it, users insisted that we change it back. You can disable looking
+-in the current directory first by using the
+-<a href="#P_switch"><code>-P-</code> switch</a>.
++"<code>;</code>" on MS Windows systems).
++By default, Ghostscript no longer searches the current directory first
++but provides <a href="#P_switch"><code>-P</code> switch</a> for a degree
++of backward compatibility.
+
+ <p>
+ Note that Ghostscript does not use this file searching algorithm for the
+@@ -2061,14 +2058,14 @@ for library files.
+ <dl>
+ <dt><a name="P_switch"></a><code>-P</code>
+ <dd>Makes Ghostscript look first in the current directory for library
+-files. This is currently the default.
++files.
+ </dl>
+
+ <dl>
+ <dt><a name="P-_switch"></a><code>-P-</code>
+ <dd>Makes Ghostscript <b><em>not</em></b> look first in the current
+ directory for library files (unless, of course, the first explicitly
+-supplied directory is "<code>.</code>").
++supplied directory is "<code>.</code>"). This is now the default.
+ </dl>
+
+ <h4><a name="Parameters"></a>Setting parameters</h4>
+diff -up ghostscript-8.71/man/gs.1.SEARCH_HERE_FIRST ghostscript-8.71/man/gs.1
+--- ghostscript-8.71/man/gs.1.SEARCH_HERE_FIRST 2010-02-10 18:17:48.000000000 +0000
++++ ghostscript-8.71/man/gs.1 2010-08-25 14:00:12.562143368 +0100
+@@ -208,6 +208,12 @@ whereas \fB\-sname=35\fR is equivalent t
+ .br
+ /name (35) def
+ .TP
++.B \-P
++Makes Ghostscript to look first in the current directory for library files.
++By default, Ghostscript no longer looks in the current directory,
++unless, of course, the first explicitly supplied directory is "." in \fB-I\fR.
++See also the \fBINITIALIZATION FILES\fR section below, and bundled
++\fBUse.htm\fR for detailed discussion on search paths and how Ghostcript finds files.
+ .B \-q
+ Quiet startup: suppress normal startup messages, and also do the
+ equivalent of \fB\-dQUIET\fR.
+diff -up ghostscript-8.71/psi/msvc32.mak.SEARCH_HERE_FIRST ghostscript-8.71/psi/msvc32.mak
+--- ghostscript-8.71/psi/msvc32.mak.SEARCH_HERE_FIRST 2010-02-02 18:14:37.000000000 +0000
++++ ghostscript-8.71/psi/msvc32.mak 2010-08-25 14:00:12.594142799 +0100
+@@ -100,13 +100,10 @@ GS_LIB_DEFAULT=$(GSROOTDIR)/Resource/Ini
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+ !ifndef SEARCH_HERE_FIRST
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+ !endif
+
+ # Define the name of the interpreter initialization file.
+diff -up ghostscript-8.71/psi/os2.mak.SEARCH_HERE_FIRST ghostscript-8.71/psi/os2.mak
+--- ghostscript-8.71/psi/os2.mak.SEARCH_HERE_FIRST 2009-11-05 22:24:30.000000000 +0000
++++ ghostscript-8.71/psi/os2.mak 2010-08-25 14:00:12.621143319 +0100
+@@ -54,12 +54,9 @@ GS_LIB_DEFAULT=$(GSROOTDIR)/Resource/Ini
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+
+ # Define the name of the interpreter initialization file.
+ # (There is no reason to change this.)
+diff -up ghostscript-8.71/toolbin/msvcxml.bat.SEARCH_HERE_FIRST ghostscript-8.71/toolbin/msvcxml.bat
+--- ghostscript-8.71/toolbin/msvcxml.bat.SEARCH_HERE_FIRST 2009-01-26 17:16:47.000000000 +0000
++++ ghostscript-8.71/toolbin/msvcxml.bat 2010-08-25 14:00:12.631143783 +0100
+@@ -1428,7 +1428,7 @@ echo ^<UserMacro Name="GS_DOCDIR" Valu
+ echo ^<UserMacro Name="GS_INIT" Value="gs_init.ps" /^>
+ echo ^<UserMacro Name="GS_LIB_DEFAULT" Value="$(GSROOTDIR)/lib;$(GSROOTDIR)/Resource/Font;$(AROOTDIR)/fonts" /^>
+ echo ^<UserMacro Name="GS_REVISION" Value="$(GS_VERSION)" /^>
+-echo ^<UserMacro Name="SEARCH_HERE_FIRST" Value="1" /^>
++echo ^<UserMacro Name="SEARCH_HERE_FIRST" Value="0" /^>
+ echo ^</VisualStudioPropertySheet^>
+ goto end
+
diff --git a/ghostscript.spec b/ghostscript.spec
index c48b18a..a8406f8 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -36,6 +36,7 @@ Patch18: ghostscript-tiff-default-strip-size.patch
Patch19: ghostscript-tiff-fixes.patch
Patch20: ghostscript-CVE-2010-1628.patch
Patch21: ghostscript-jbig2-image-refcount.patch
+Patch22: ghostscript-SEARCH_HERE_FIRST.patch
Requires: urw-fonts >= 1.1, ghostscript-fonts
BuildRequires: xz
@@ -169,6 +170,10 @@ rm -rf libpng zlib jpeg jasper
# Avoid another NULL pointer dereference in jbig2 code (bug #621569).
%patch21 -p1 -b .jbig2-image-refcount
+# Change SEARCH_HERE_FIRST default to make -P- default instead of -P
+# (bug #599564).
+%patch22 -p1 -b .SEARCH_HERE_FIRST
+
# Convert manual pages to UTF-8
from8859_1() {
iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
@@ -358,6 +363,8 @@ rm -rf $RPM_BUILD_ROOT
%changelog
* Wed Aug 25 2010 Tim Waugh <twaugh at redhat.com> 8.71-9
+- Change SEARCH_HERE_FIRST default to make -P- default instead of -P
+ (bug #599564).
- Removed redundant gs-executable patch (bug #502550).
* Thu Aug 5 2010 Tim Waugh <twaugh at redhat.com> 8.71-8
More information about the scm-commits
mailing list