[tex-live] Still issues with Ghostscript 9.25

Nelson H. F. Beebe beebe at math.utah.edu
Sat Sep 15 17:26:11 CEST 2018 

After confirming the behavior reported on Sat, 15 Sep 2018 15:28:30
+0200 by Uwe Siart <usenet at siart.de>, I posted a short note to the
gs-devel list, and got an explanation, and a fix.  Here is what
ghostscript developer Ken Sharp <ken.sharp at artifex.com> wrote today:

>> ...
>> Assuming that 'test-transparency.ps' uses Ghostscript extension operators,
>> then its not misbehaviour, its a deliberate policy when -dSAFER is set.
>> Note;  I believe that, in common with most of the shell scripts, ps2pdf
>> sets -dSAFER.
>> 
>> As a result of the security hardening in the aftermath of the recent
>> publicly disclosed vulnerabilities, we've made a number of non-standard
>> PostScript operators unavailable when -dSAFER is set. In particular this
>> includes the 'transparency' operators.
>> 
>> This policy is likely  to be extended in future and more non-standard
>> operators will be made unavailable (and in some cases, removed entirely)
>> when -dSAFER is set.
>> 
>> This is because every Postscript operator is potentially vulnerable to
>> attack, so to reduce the exposure (when the user selects -dSAFER) we intend
>> to make non-standard operators unavailable, as far as possible. In future
>> if you want to use non-standard operators you will have to run without SAFER.
>> 
>> So our own example file 'transparency-example.ps' in ghostpdl/examples
>> throws an error when processed with -dSAFER, because none of the
>> transparency operators can be found. A program which runs the operators in
>> a stopped context, or has a custom error handler might simply render
>> opaque, as described.
>> 
>> In a closed workflow such as described above, the simple answer is to not
>> set -dSAFER, for the existing shell scripts additionally setting -dNOSAFER
>> on the command line for the script should, I believe, disable it.
>> 
>> I'd suggest trying that, you could also simply invoke Ghostscript directly
>> with something like:
>> 
>> gs -sDEVICE=pdfwrite -o out.pdf test-transparency.ps
>> ...

I then reported back to him and the gs-devel list:

>> ...
>> I can confirm that your proposed
>> 
>>         gs -sDEVICE=pdfwrite -o out.pdf test-transparency.ps
>> 
>> does indeed produce correct transparency in the out.pdf file.
>> 
>> Our ps2pdf command is the one installed from ghostpdl-9.25; it invokes
>> ps2pdf14 which in turn invokes ps2pdfwr, and that calls gs with
>> several options, including -dSAFER.
>> 
>> Thus, the command
>> 
>>         ps2pdf -dNOSAFER test-transparency.ps
>> 
>> produces correct transparency.
>> ...

-------------------------------------------------------------------------------
- Nelson H. F. Beebe                    Tel: +1 801 581 5254                  -
- University of Utah                    FAX: +1 801 581 4148                  -
- Department of Mathematics, 110 LCB    Internet e-mail: beebe at math.utah.edu  -
- 155 S 1400 E RM 233                       beebe at acm.org  beebe at computer.org -
- Salt Lake City, UT 84112-0090, USA    URL: http://www.math.utah.edu/~beebe/ -
-------------------------------------------------------------------------------

More information about the tex-live mailing list