Blame SOURCES/ghostscript-pdf2ps-reports-error-when-reading-stdin.patch

7c5933
From: Chris Liddell <chris.liddell@artifex.com>
7c5933
Date: Sat, 1 Sep 2018 16:50:05 +0000 (+0100)
7c5933
Subject: Bug 699658(related): Move recording of temp file names into C
7c5933
7c5933
Bug 699658(related): Move recording of temp file names into C
7c5933
7c5933
When we successfully create a temporary file from Postscript, either doing so
7c5933
when SAFER is not in force, or when SAFER is in force, and creating it in
7c5933
a write permitted directory, we record the file name so we can later delete
7c5933
the file, even is SAFER has been engaged, or if the PermitWriting list has
7c5933
changed to no longer the directory in question.
7c5933
7c5933
Previously the recording of the name was done in Postscript, even though the
7c5933
checking was done in C.
7c5933
7c5933
This moves the recording of the names to C, meaning we can remove the Postscript
7c5933
redefinitions of .tempfile and deletfile, and make the dictionary in question
7c5933
noaccess.
7c5933
7c5933
Also, tidy up the adding of the temporary file directory to the list of
7c5933
permitted directories, and include the list in all of the categories
7c5933
(PermitFileWriting, PermitFileReading and PermitFileControl) - it was only
7c5933
previously adding to writing.
7c5933
7c5933
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0704d18b10314d701a522ad6c16718e0b8e199b7
7c5933
---
7c5933
7c5933
diff -up ghostscript-9.07/psi/int.mak.bz1661210 ghostscript-9.07/psi/int.mak
7c5933
--- ghostscript-9.07/psi/int.mak.bz1661210	2018-12-20 17:38:21.683312408 +0100
7c5933
+++ ghostscript-9.07/psi/int.mak	2018-12-20 17:38:40.583083097 +0100
7c5933
@@ -330,7 +330,7 @@ $(PSOBJ)zfile.$(OBJ) : $(PSSRC)zfile.c $
7c5933
  $(memory__h) $(string__h) $(unistd__h) $(stat__h) $(gp_h) $(gpmisc_h)\
7c5933
  $(gscdefs_h) $(gsfname_h) $(gsstruct_h) $(gsutil_h) $(gxalloc_h) $(gxiodev_h)\
7c5933
  $(dstack_h) $(estack_h) $(files_h)\
7c5933
- $(ialloc_h) $(idict_h) $(ilevel_h) $(iname_h) $(iutil_h)\
7c5933
+ $(ialloc_h) $(idict_h) $(iddict_h) $(ilevel_h) $(iname_h) $(iutil_h)\
7c5933
  $(isave_h) $(main_h) $(sfilter_h) $(stream_h) $(strimpl_h) $(store_h)\
7c5933
  $(zfile_h)
7c5933
 	$(PSCC) $(PSO_)zfile.$(OBJ) $(C_) $(PSSRC)zfile.c
7c5933
diff -up ghostscript-9.07/psi/zfile.c.bz1661210 ghostscript-9.07/psi/zfile.c
7c5933
--- ghostscript-9.07/psi/zfile.c.bz1661210	2018-12-20 17:39:09.975726450 +0100
7c5933
+++ ghostscript-9.07/psi/zfile.c	2018-12-20 17:44:50.698592208 +0100
7c5933
@@ -35,6 +35,7 @@
7c5933
 #include "iname.h"
7c5933
 #include "isave.h"              /* for restore */
7c5933
 #include "idict.h"
7c5933
+#include "iddict.h"
7c5933
 #include "iutil.h"
7c5933
 #include "stream.h"
7c5933
 #include "strimpl.h"
7c5933
@@ -290,6 +291,28 @@ file_is_tempfile(i_ctx_t *i_ctx_p, const
7c5933
     return true;
7c5933
 }
7c5933
 
7c5933
+static int
7c5933
+record_file_is_tempfile(i_ctx_t *i_ctx_p, const uchar *fname, int len, bool add)
7c5933
+{
7c5933
+    ref *SAFETY;
7c5933
+    ref *tempfiles;
7c5933
+    ref kname, bref;
7c5933
+    int code = 0;
7c5933
+
7c5933
+    if (dict_find_string(systemdict, "SAFETY", &SAFETY) <= 0 ||
7c5933
+            dict_find_string(SAFETY, "tempfiles", &tempfiles) <= 0) {
7c5933
+        return 0;
7c5933
+    }
7c5933
+    if ((code = name_ref(imemory, fname, len, &kname, 1)) < 0) {
7c5933
+        return code;
7c5933
+    }
7c5933
+    make_bool(&bref, true);
7c5933
+    if (add)
7c5933
+        return idict_put(tempfiles, &kname, &bref;;
7c5933
+    else
7c5933
+        return idict_undef(tempfiles, &kname);
7c5933
+}
7c5933
+
7c5933
 /* ------ Level 2 extensions ------ */
7c5933
 
7c5933
 /* <string> deletefile - */
7c5933
@@ -299,17 +322,22 @@ zdeletefile(i_ctx_t *i_ctx_p)
7c5933
     os_ptr op = osp;
7c5933
     gs_parsed_file_name_t pname;
7c5933
     int code = parse_real_file_name(op, &pname, imemory, "deletefile");
7c5933
+    bool is_temp = false;
7c5933
 
7c5933
     if (code < 0)
7c5933
         return code;
7c5933
     if (pname.iodev == iodev_default(imemory)) {
7c5933
         if ((code = check_file_permissions(i_ctx_p, pname.fname, pname.len,
7c5933
                 pname.iodev, "PermitFileControl")) < 0 &&
7c5933
-                 !file_is_tempfile(i_ctx_p, op->value.bytes, r_size(op))) {
7c5933
+                 !(is_temp = file_is_tempfile(i_ctx_p, op->value.bytes, r_size(op)))) {
7c5933
             return code;
7c5933
         }
7c5933
     }
7c5933
     code = (*pname.iodev->procs.delete_file)(pname.iodev, pname.fname);
7c5933
+
7c5933
+    if (code >= 0 && is_temp)
7c5933
+        code = record_file_is_tempfile(i_ctx_p, (unsigned char *)pname.fname, strlen(pname.fname), false);
7c5933
+
7c5933
     gs_free_file_name(&pname, "deletefile");
7c5933
     if (code < 0)
7c5933
         return code;
7c5933
@@ -757,6 +785,7 @@ ztempfile(i_ctx_t *i_ctx_p)
7c5933
     }
7c5933
     make_string(op - 1, a_readonly | icurrent_space, fnlen, sbody);
7c5933
     make_stream_file(op, s, fmode);
7c5933
+    code = record_file_is_tempfile(i_ctx_p, (unsigned char *)fname, fnlen, true);
7c5933
     return code;
7c5933
 }
7c5933
 
7c5933
diff -up ghostscript-9.07/Resource/Init/gs_init.ps.bz1661210 ghostscript-9.07/Resource/Init/gs_init.ps
7c5933
--- ghostscript-9.07/Resource/Init/gs_init.ps.bz1661210	2018-12-20 17:33:51.469591104 +0100
7c5933
+++ ghostscript-9.07/Resource/Init/gs_init.ps	2018-12-20 17:35:36.694314341 +0100
7c5933
@@ -2030,15 +2030,30 @@ systemdict /EPSBoundingBoxInit known { E
7c5933
 .currentglobal //true .setglobal
7c5933
 /SAFETY 2 dict
7c5933
   dup /safe //false put
7c5933
-  dup /tempfiles 10 dict readonly put
7c5933
+  dup /tempfiles 10 dict noaccess put
7c5933
 readonly def
7c5933
 .setglobal
7c5933
 
7c5933
+/tempfilepaths
7c5933
+[
7c5933
+  (TMPDIR) getenv not
7c5933
+  {
7c5933
+    (TEMP) getenv not
7c5933
+    {
7c5933
+      (TMP) getenv not
7c5933
+      {
7c5933
+        (/temp) (/tmp)
7c5933
+      } if
7c5933
+    } if
7c5933
+  } if
7c5933
+] def
7c5933
+
7c5933
 /.locksafe {
7c5933
   SAFETY /safe get not {
7c5933
     <<
7c5933
       /PermitFileReading [
7c5933
         currentuserparams /PermitFileReading get aload pop
7c5933
+        //tempfilepaths aload pop
7c5933
         /FONTPATH .systemvar (*) .generate_dir_list_templates
7c5933
           % Library files :
7c5933
         /LIBPATH  .systemvar (*) .generate_dir_list_templates
7c5933
@@ -2056,16 +2071,11 @@ readonly def
7c5933
       ]
7c5933
       /PermitFileWriting [
7c5933
           currentuserparams /PermitFileWriting get aload pop
7c5933
-          (TMPDIR) getenv not
7c5933
-          {
7c5933
-            (TEMP) getenv not
7c5933
-            {
7c5933
-              (TMP) getenv not
7c5933
-              {
7c5933
-                (/temp) (/tmp)
7c5933
-              } if
7c5933
-            } if
7c5933
-          } if
7c5933
+          //tempfilepaths aload pop
7c5933
+      ]
7c5933
+      /PermitFileControl [
7c5933
+          currentuserparams /PermitFileControl get aload pop
7c5933
+          //tempfilepaths aload pop
7c5933
       ]
7c5933
       /LockFilePermissions //true
7c5933
     >> setuserparams
7c5933
@@ -2082,6 +2092,8 @@ readonly def
7c5933
   //SAFETY /safe //true .forceput % overrides readonly
7c5933
 } .bind executeonly odef
7c5933
 
7c5933
+currentdict /tempfilepaths undef
7c5933
+
7c5933
 /.setsafe
7c5933
 {
7c5933
   SAFETY /safe get not {
7c5933
@@ -2095,30 +2107,6 @@ readonly def
7c5933
   .locksafe
7c5933
 } .bind executeonly odef
7c5933
 
7c5933
-/deletefile {
7c5933
-  dup { deletefile } stopped {
7c5933
-    pop //deletefile $error /errorname get signalerror
7c5933
-  } {
7c5933
-    % deletefile succeeded. Remove from tempfile list if present
7c5933
-    //SAFETY /tempfiles get exch cvn 2 copy known {
7c5933
-      .forceundef
7c5933
-    } {
7c5933
-      pop pop
7c5933
-    }
7c5933
-    ifelse
7c5933
-  }
7c5933
-  ifelse
7c5933
-} .bind executeonly odef
7c5933
-
7c5933
-% If a file is opened with .tempfile with SAFER not (yet) set,
7c5933
-% the file can be deleted later, even if SAFER is set.
7c5933
-/.tempfile {
7c5933
-  .tempfile	% filename file
7c5933
-    //SAFETY /safe get not { % only add the filename if we're not yet safe
7c5933
-    //SAFETY /tempfiles get 2 .argindex //true .forceput
7c5933
-  } if
7c5933
-} .bind executeonly odef
7c5933
-
7c5933
 % If we are running in SAFER mode, lock things down
7c5933
 SAFER { .setsafe } if
7c5933