From unknown Wed Jun 18 23:13:55 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#28811 <28811@debbugs.gnu.org> To: bug#28811 <28811@debbugs.gnu.org> Subject: Status: 11.90.2.2017-07-25; preview-at-point fails with Ghostscript-error Reply-To: bug#28811 <28811@debbugs.gnu.org> Date: Thu, 19 Jun 2025 06:13:55 +0000 retitle 28811 11.90.2.2017-07-25; preview-at-point fails with Ghostscript-e= rror reassign 28811 auctex submitter 28811 Thomas Stenhaug severity 28811 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Fri Oct 13 11:02:49 2017 Received: (at submit) by debbugs.gnu.org; 13 Oct 2017 15:02:49 +0000 Received: from localhost ([127.0.0.1]:38244 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e31U9-0003ij-98 for submit@debbugs.gnu.org; Fri, 13 Oct 2017 11:02:49 -0400 Received: from eggs.gnu.org ([208.118.235.92]:43694) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e30c0-00028R-Fh for submit@debbugs.gnu.org; Fri, 13 Oct 2017 10:06:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e30bq-00082V-9E for submit@debbugs.gnu.org; Fri, 13 Oct 2017 10:06:47 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:47216) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e30bq-00081h-5m for submit@debbugs.gnu.org; Fri, 13 Oct 2017 10:06:42 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34634) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e30bj-0000j1-Q8 for bug-auctex@gnu.org; Fri, 13 Oct 2017 10:06:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e30be-0007TS-PV for bug-auctex@gnu.org; Fri, 13 Oct 2017 10:06:35 -0400 Received: from mail-wm0-x22f.google.com ([2a00:1450:400c:c09::22f]:54248) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1e30be-0007Iz-Dv for bug-auctex@gnu.org; Fri, 13 Oct 2017 10:06:30 -0400 Received: by mail-wm0-x22f.google.com with SMTP id q132so22039366wmd.2 for ; Fri, 13 Oct 2017 07:06:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:subject:date:message-id:mime-version; bh=bMWVgMQf8MLtz0q6MWtnmma6y6eG0FC/nEqUfPpvdaY=; b=khDJw1P1V4LbS6WWwZWH6Zi6yaEx6oGa9n7V9pKTmlChbBOrx7veB+Vlu6GktZXhv8 nU3PrhOXeVOdIIgFLMeFD86OIq7qpZCpo5o7HUaukJ6vd5y3XF5VdaqbCZxa5eE24q0N H7An3kBzSauNLEiQMoVfMkNFRuC9j1/EODNO5szCjkDRJ09UAer/zZfWMGkBRzPjOL5c vHozqO9Rs7qOzrzraHVQIqMPjS9HOJs26OC3+5jDmZ8SNkRORQXIUQMj4mwwx+Ry1j8K MfgiUJg61hU3Rd8UrsU1fV8QBxGGDvBW+nhbsc1wwSbYe9F6yOXe1/146oEyZrUlKBDc 15yQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:subject:date:message-id :mime-version; bh=bMWVgMQf8MLtz0q6MWtnmma6y6eG0FC/nEqUfPpvdaY=; b=ab/Kp3ntvX2NtowrHayYFLUz64RIa3jlUKiGMTPp15rPI/juKUx2GnAmvX6tBl1kJN /V6eolw8fAS1LlqDK58/QkEcGHyJH8LS4TDbiqHG/TQtC4cxrPFaoTZF6IE+EPKA2Xzr nyAO4+3UbfFkmtxsx2q2HIULIf7MrsCx3YQtC+k52RBPwjqxkpnV3tFlrsqm2qQanHie uDkTa5m9aT1EQMb+/l9349XXRFvjPrPDcMe75Vch9anfn/VVNPXoxlg03GVwDtgGBibv 9bAyTzzbZwPGQ3h8R+eIKHHIdZJDIZJgR1Uczd2MR0U0ZcjvbR/7JaCP7miU0awK8PDN A8Nw== X-Gm-Message-State: AMCzsaVXj7sSqF1OvD0iVHmWOP6pRAkdul+md/EIi3KKyAdC7/V3B4FU p5bCCa9K9sr0aWNwpaR8Yb96cLUR X-Google-Smtp-Source: AOwi7QC4uXM3QOBNmXlxIBEqiomw1Zo9GKs5pJUfa5LwiE/UGtFmYi3HiAA5os2pDRUYJEvNRW76uA== X-Received: by 10.80.173.114 with SMTP id z47mr2304756edc.133.1507903587238; Fri, 13 Oct 2017 07:06:27 -0700 (PDT) Received: from dora.eklatla ([93.184.196.99]) by smtp.gmail.com with ESMTPSA id h56sm1188419ede.15.2017.10.13.07.06.25 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 13 Oct 2017 07:06:26 -0700 (PDT) From: Thomas Stenhaug To: bug-auctex@gnu.org Subject: 11.90.2.2017-07-25; preview-at-point Date: Fri, 13 Oct 2017 16:05:44 +0200 Message-ID: <87mv4vkurr.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Fri, 13 Oct 2017 11:02:47 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.0 (----) I'm trying to run preview-at-point in the math-environment in the following file: -------------------------------------------------------------- \documentclass{article} \usepackage[utf8]{inputenc} \usepackage[T1]{fontenc} \begin{document} \begin{math} 1 + 1 = 2 \end{math} \end{document} ------------------------------------------------------------------------ When positioning the point in the math environment and typing `C-c C-p C-p', a red sign is displayed, associated with the following Ghostscript error: -------------------------------------------------------------- /usr/bin/rungs -dOutputFile\=\(_region_.prv/tmp2625buv/pr1-1.png\) -q -dNOPAUSE -DNOPLATFONTS -dPrinted -dTextAlphaBits\=4 -dGraphicsAlphaBits\=4 -sDEVICE\=png16m -r103.68x103.771 GS>{<> setuserparams .locksafe} stopped pop {DELAYSAFER{.setsafe}if}stopped pop/.preview-BP currentpagedevice/BeginPage get dup null eq{pop{pop}bind}if def<>setpagedevice/preview-do{[count 3 roll save]3 1 roll dup length 0 eq{pop}{setpagedevice}{ifelse .runandhide}stopped{handleerror quit}if aload pop restore}bind def /GS_PDF_ProcSet GS_PDF_ProcSet dup maxlength dict copy dup begin/graphicsbeginpage{//graphicsbeginpage exec 0.394537 0.324224 0.437507 3 copy rg RG}bind store end readonly store [(_region_.prv/tmp2625buv/preview.dsc)(r)file]aload exch dup 0 setfileposition 457()/SubFileDecode filter cvx .runandhide aload pop dup dup 457 setfileposition 51()/SubFileDecode filter cvx<<>>preview-do Error: /undefined in .runandhide Operand stack: --nostringval-- --nostringval-- Execution stack: %interp_exit .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- --nostringval-- %loop_continue --nostringval-- --nostringval-- false 1 %stopped_push .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- Dictionary stack: --dict:989/1684(ro)(G)-- --dict:0/20(G)-- --dict:80/200(L)-- Current allocation mode is local Current file position is 902 GS<2> ------------------------------------------------------------------------ Ghostscript is version 9.22. ------------------------------------------------------------------------ Emacs : GNU Emacs 25.3.1 (x86_64-pc-linux-gnu, GTK+ Version 3.22.19) of 2017-09-16 Package: 11.90.2.2017-07-25 current state: ============== (setq AUCTeX-date "2017-07-25" window-system 'x LaTeX-version "2e" TeX-style-path '("~/.emacs.d/auctex" "/home/thomas/.emacs.d/elpa/auctex-11.91.0/style" "/home/thomas/.emacs.d/auctex/auto" "/home/thomas/.emacs.d/auctex/style" "auto" "style") TeX-auto-save nil TeX-parse-self nil TeX-master t TeX-command-list '(("TeX" "%(PDF)%(tex) %(file-line-error) %(extraopts) %`%S%(PDFout)%(mode)%' %t" TeX-run-TeX nil (plain-tex-mode ams-tex-mode texinfo-mode) :help "Run plain TeX") (#("LaTeX" 0 1 (idx 0)) "%`%l%(mode)%' %t" TeX-run-TeX nil (latex-mode doctex-mode) :help "Run LaTeX") ("Makeinfo" "makeinfo %(extraopts) %t" TeX-run-compile nil (texinfo-mode) :help "Run Makeinfo with Info output") ("Makeinfo HTML" "makeinfo %(extraopts) --html %t" TeX-run-compile nil (texinfo-mode) :help "Run Makeinfo with HTML output") ("AmSTeX" "amstex %(PDFout) %(extraopts) %`%S%(mode)%' %t" TeX-run-TeX nil (ams-tex-mode) :help "Run AMSTeX") ("ConTeXt" "%(cntxcom) --once --texutil %(extraopts) %(execopts)%t" TeX-run-TeX nil (context-mode) :help "Run ConTeXt once") ("ConTeXt Full" "%(cntxcom) %(extraopts) %(execopts)%t" TeX-run-TeX nil (context-mode) :help "Run ConTeXt until completion") (#("BibTeX" 0 1 (idx 1)) "bibtex %s" TeX-run-BibTeX nil t :help "Run BibTeX") (#("Biber" 0 1 (idx 2)) "biber %s" TeX-run-Biber nil t :help "Run Biber") (#("View" 0 1 (idx 3)) "%V" TeX-run-discard-or-function t t :help "Run Viewer") (#("Print" 0 1 (idx 4)) "%p" TeX-run-command t t :help "Print the file") (#("Queue" 0 1 (idx 5)) "%q" TeX-run-background nil t :help "View the printer queue" :visible TeX-queue-command) (#("File" 0 1 (idx 6)) "%(o?)dvips %d -o %f " TeX-run-dvips t t :help "Generate PostScript file") (#("Dvips" 0 1 (idx 7)) "%(o?)dvips %d -o %f " TeX-run-dvips nil t :help "Convert DVI file to PostScript") (#("Dvipdfmx" 0 1 (idx 8)) "dvipdfmx %d" TeX-run-dvipdfmx nil t :help "Convert DVI file to PDF with dvipdfmx") (#("Ps2pdf" 0 1 (idx 9)) "ps2pdf %f" TeX-run-ps2pdf nil t :help "Convert PostScript file to PDF") (#("Glossaries" 0 1 (idx 10)) "makeglossaries %s" TeX-run-command nil t :help "Run makeglossaries to create glossary file") (#("Index" 0 1 (idx 11)) "makeindex %s" TeX-run-index nil t :help "Run makeindex to create index file") (#("upMendex" 0 1 (idx 12)) "upmendex %s" TeX-run-index t t :help "Run upmendex to create index file") (#("Xindy" 0 1 (idx 13)) "texindy %s" TeX-run-command nil t :help "Run xindy to create index file") (#("Check" 0 1 (idx 14)) "lacheck %s" TeX-run-compile nil (latex-mode) :help "Check LaTeX file for correctness") (#("ChkTeX" 0 1 (idx 15)) "chktex -v6 %s" TeX-run-compile nil (latex-mode) :help "Check LaTeX file for common mistakes") (#("Spell" 0 1 (idx 16)) "(TeX-ispell-document \"\")" TeX-run-function nil t :help "Spell-check the document") (#("Clean" 0 1 (idx 17)) "TeX-clean" TeX-run-function nil t :help "Delete generated intermediate files") (#("Clean All" 0 1 (idx 18)) "(TeX-clean t)" TeX-run-function nil t :help "Delete generated intermediate and output files") (#("Other" 0 1 (idx 19)) "" TeX-run-command t t :help "Run an arbitrary command")) ) -- Thomas From debbugs-submit-bounces@debbugs.gnu.org Sat Oct 14 12:22:28 2017 Received: (at 28811) by debbugs.gnu.org; 14 Oct 2017 16:22:28 +0000 Received: from localhost ([127.0.0.1]:40435 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e3PCm-0001cW-94 for submit@debbugs.gnu.org; Sat, 14 Oct 2017 12:22:28 -0400 Received: from mail-wm0-f41.google.com ([74.125.82.41]:56194) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e3PCj-0001cG-U2 for 28811@debbugs.gnu.org; Sat, 14 Oct 2017 12:22:26 -0400 Received: by mail-wm0-f41.google.com with SMTP id u138so26822985wmu.4 for <28811@debbugs.gnu.org>; Sat, 14 Oct 2017 09:22:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=2u+YAox/vDisXcEQAbuNMAkzL6t+Oj7tJb+LeFpFExs=; b=QqEU8myvxv8yUej5U+a3pgFBoDMke7ACWECkKNDmEbXcwT114v6bGGpvo59iRm8TlX VD6QDdcpHGdoXHWnkFEaPK6t0/G0JYHdGYtL7x30KdV3CgndUGBKraKqRHPC60QrXJkm PGkElBQoxnN7oFozBvOIfnGD9905gc3r1YZRrpUotHSn0b25EyVOM1W4mMdxfYOYElmq 41mtBwq9O4FdiDYGckrPJHWukWgUXTyFD0orJrA6Ptlxy8IytaUlpXJ0AXYz7W5ttIsj 0qgswlzC8gl1WJ2ZT2ClfBggGCqOch7ue9AtjLOOQF0wbi0QPuqbHF0MsU8NS0T0DUaH E1nQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:subject:references:date :in-reply-to:message-id:user-agent:mime-version; bh=2u+YAox/vDisXcEQAbuNMAkzL6t+Oj7tJb+LeFpFExs=; b=YNPQf+pPisMPlLDsxs24NurC5l4wPRjN8xp+T4q1NeslnVpwfYNQuVHE8yCjbxDZYQ avGfaeCUUQU9ndsMwvFgGgQRCnsFLN/BzhIYvvqsVFkniUYSzGYu2dVGflnd35b0X15o HFYagoPOlGuWSDCSoczqG+FZ14qJlULcqX+kX+IUhVc1nbbZMYWF18OBh2UW8BzOX7q7 vPghKxW5isz8G5qlQhatgN2FAkhTXJxPtkEgFCJDRSg3NALzbSdXSv4LE8QlxOsbfazA gRwzXS6/aJg6Q5w9HK2Tuy9FKZ5+4D18y5VGwpPjwOx9V7tb7Yxs/3yYwFvfrgon5lmj J0Ug== X-Gm-Message-State: AMCzsaXUEUHDkqJQuv2AHe/ISBAe4Qj7yws+fqs4qBvgzsrP3c2frCir l5h/H5ydrrwEWtCvlb50ugDk0C7y X-Google-Smtp-Source: AOwi7QBl0mtBcI4mXLYH7ooae9ls+G4V5a2mB3kWsqT6nGT6vx0Qw6rnovx3KpcZ15UeFNYoftgzig== X-Received: by 10.80.169.21 with SMTP id l21mr6434313edc.126.1507998138888; Sat, 14 Oct 2017 09:22:18 -0700 (PDT) Received: from dora.eklatla ([93.184.196.99]) by smtp.gmail.com with ESMTPSA id l24sm2667880eda.1.2017.10.14.09.22.17 for <28811@debbugs.gnu.org> (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 14 Oct 2017 09:22:17 -0700 (PDT) From: Thomas Stenhaug To: 28811@debbugs.gnu.org Subject: Re: bug#28811: 11.90.2.2017-07-25; preview-at-point References: <87mv4vkurr.fsf@gmail.com> Date: Sat, 14 Oct 2017 18:21:34 +0200 In-Reply-To: <87mv4vkurr.fsf@gmail.com> (Thomas Stenhaug's message of "Fri, 13 Oct 2017 16:05:44 +0200") Message-ID: <87y3od1z01.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.5 (/) X-Debbugs-Envelope-To: 28811 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.5 (/) Thomas Stenhaug writes: I meant to write "preview-at-point fails with Ghostscript-error" as subject. -- Thomas From debbugs-submit-bounces@debbugs.gnu.org Sat Oct 14 12:32:37 2017 Received: (at control) by debbugs.gnu.org; 14 Oct 2017 16:32:37 +0000 Received: from localhost ([127.0.0.1]:40449 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e3PMa-0003lH-TW for submit@debbugs.gnu.org; Sat, 14 Oct 2017 12:32:37 -0400 Received: from eggs.gnu.org ([208.118.235.92]:39994) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e3PMZ-0003l0-3f for control@debbugs.gnu.org; Sat, 14 Oct 2017 12:32:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e3PMP-0000cs-M1 for control@debbugs.gnu.org; Sat, 14 Oct 2017 12:32:29 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:47409) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e3PMP-0000ch-Il for control@debbugs.gnu.org; Sat, 14 Oct 2017 12:32:25 -0400 Received: from [51.179.101.140] (port=49739 helo=debenv) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1e3PMO-0001c4-Jx for control@debbugs.gnu.org; Sat, 14 Oct 2017 12:32:25 -0400 Date: Sat, 14 Oct 2017 18:32:09 +0200 Message-Id: <87r2u53d2u.fsf@gnu.org> To: control@debbugs.gnu.org From: mose@gnu.org (=?utf-8?Q?Mos=C3=A8?= Giordano) Subject: control message for bug #28811 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) retitle 28811 11.90.2.2017-07-25; preview-at-point fails with Ghostscript-error From debbugs-submit-bounces@debbugs.gnu.org Sat Oct 21 10:51:10 2017 Received: (at submit) by debbugs.gnu.org; 21 Oct 2017 14:51:10 +0000 Received: from localhost ([127.0.0.1]:54443 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e5v7F-0000m7-QM for submit@debbugs.gnu.org; Sat, 21 Oct 2017 10:51:10 -0400 Received: from eggs.gnu.org ([208.118.235.92]:36521) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e5pkT-0006l8-Sq for submit@debbugs.gnu.org; Sat, 21 Oct 2017 05:07:18 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e5pkN-0005ur-Pz for submit@debbugs.gnu.org; Sat, 21 Oct 2017 05:07:12 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:38237) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e5pkN-0005un-Mr for submit@debbugs.gnu.org; Sat, 21 Oct 2017 05:07:11 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:55717) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e5pkM-0003s9-HQ for bug-auctex@gnu.org; Sat, 21 Oct 2017 05:07:11 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e5pkJ-0005sO-Db for bug-auctex@gnu.org; Sat, 21 Oct 2017 05:07:10 -0400 Received: from gfuc.org ([88.99.83.187]:54416) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e5pkJ-0005qV-7h for bug-auctex@gnu.org; Sat, 21 Oct 2017 05:07:07 -0400 Received: from [192.168.178.25] (dslb-092-075-212-204.092.075.pools.vodafone-ip.de [92.75.212.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by gfuc.org (Postfix) with ESMTPSA id 924B71E00EF for ; Sat, 21 Oct 2017 09:07:03 +0000 (UTC) From: Florian Stecker Subject: bug#28811: 11.90.2.2017-07-25; preview-at-point To: bug-auctex@gnu.org Message-ID: <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> Date: Sat, 21 Oct 2017 11:07:03 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Sat, 21 Oct 2017 10:51:08 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.0 (----) I am having the same problem. Since Ghostscript upgraded to 9.22, preview-latex stopped working altogether, independent of the document. Sometimes I get "Error: /undefined in .runandhide" and sometimes "Error: /typecheck in --setfileposition--". I submitted a bug report to Ghostscript: https://bugs.ghostscript.com/show_bug.cgi?id=698680 Apparently they removed the .runandhide operator in version 9.22, so it is likely that this causes the problem. It would be great if someone who actually understands what preview-latex does could supply them with a sample input file and try to work out what to use instead of ".runandhide". Thank you! From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 03 18:35:35 2017 Received: (at 28811) by debbugs.gnu.org; 3 Nov 2017 22:35:35 +0000 Received: from localhost ([127.0.0.1]:49934 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eAkYp-000641-1v for submit@debbugs.gnu.org; Fri, 03 Nov 2017 18:35:35 -0400 Received: from eggs.gnu.org ([208.118.235.92]:51113) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eAkYn-00063m-Jb for 28811@debbugs.gnu.org; Fri, 03 Nov 2017 18:35:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eAkYh-0003zv-6t for 28811@debbugs.gnu.org; Fri, 03 Nov 2017 18:35:28 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:36776) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eAkYc-0003yd-DZ; Fri, 03 Nov 2017 18:35:22 -0400 Received: from p4fe3e8d5.dip0.t-ipconnect.de ([79.227.232.213]:54339 helo=MUTANT) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.82) (envelope-from ) id 1eAkYb-0007wa-Sp; Fri, 03 Nov 2017 18:35:22 -0400 From: Arash Esbati To: Florian Stecker Subject: Re: bug#28811: 11.90.2.2017-07-25; preview-at-point References: <87mv4vkurr.fsf@gmail.com> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> Date: Fri, 03 Nov 2017 23:34:19 +0100 In-Reply-To: <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> (Florian Stecker's message of "Sat, 21 Oct 2017 11:07:03 +0200") Message-ID: <86o9oj9el0.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 28811 Cc: 28811@debbugs.gnu.org, ken.sharp@artifex.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Florian Stecker writes: > I am having the same problem. Since Ghostscript upgraded to 9.22, > preview-latex stopped working altogether, independent of the > document. Sometimes I get "Error: /undefined in .runandhide" and > sometimes "Error: /typecheck in --setfileposition--". > > I submitted a bug report to Ghostscript: > > https://bugs.ghostscript.com/show_bug.cgi?id=698680 > > Apparently they removed the .runandhide operator in version 9.22, so > it is likely that this causes the problem. Hi Florian, thanks for the report. I can confirm that preview-latex does not work with GS 9.22. I have the following observation when doing `C-c C-p C-d' on circ.tex packaged with AUCTeX (on Win10): a) When preview-latex invokes the latest `rungs' from texlive2017, I get no errors, just no snippets to be inserted in Emacs. b) When preview-latex invokes the latest `gswin64c (set via `preview-gs-command'), it fails to write a file preview.dsc and gives me this error: --8<---------------cut here---------------start------------->8--- Running `Preview-PDF2DSC' with ``pdf2dsc circ.pdf circ.prv/tmp8548-eJ/preview.dsc'' Error: /undefinedfilename in --file-- Operand stack: PDFfile (circ.pdf) (r) Execution stack: %interp_exit .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- --nostringval-- --nostringval-- false 1 %stopped_push 2047 1 3 %oparray_pop 2046 1 3 %oparray_pop 2030 1 3 %oparray_pop 1916 1 3 %oparray_pop --nostringval-- %errorexec_pop .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- Dictionary stack: --dict:993/1684(ro)(G)-- --dict:0/20(G)-- --dict:80/200(L)-- Current allocation mode is local Last OS error: No such file or directory Current file position is 1822 GPL Ghostscript 9.22: Unrecoverable error, exit code 1 --8<---------------cut here---------------end--------------->8--- > It would be great if someone who actually understands what > preview-latex does could supply them with a sample input file and try > to work out what to use instead of ".runandhide". Thank you! Well, the requirement above does not apply to me, but preview-latex uses `.runandhide' in two places: --8<---------------cut here---------------start------------->8--- (defun preview-gs-open (&optional setup) "Start a Ghostscript conversion pass. SETUP may contain a parser setup function." (let ((image-info (assq preview-image-type preview-gs-image-type-alist))) (setq preview-gs-image-type (nth 1 image-info)) (setq preview-gs-sequence nil) (setq preview-gs-command-line (append preview-gs-options (nthcdr 2 image-info)) preview-gs-init-string (format "{DELAYSAFER{.setsafe}if}stopped pop\ /.preview-BP currentpagedevice/BeginPage get dup \ null eq{pop{pop}bind}if def\ <>setpagedevice\ /preview-do{[count 3 roll save]3 1 roll dup length 0 eq\ {pop}{setpagedevice}{ifelse .runandhide}\ stopped{handleerror quit}if \ aload pop restore}bind def " (preview-gs-color-string preview-colors))) (preview-gs-queue-empty) (preview-parse-messages (or setup #'preview-gs-dvips-process-setup)))) --8<---------------cut here---------------end--------------->8--- and --8<---------------cut here---------------start------------->8--- (defun preview-prepare-fast-conversion () "This fixes up all parameters for fast conversion." (let* ((file (if (consp (car preview-ps-file)) (if (consp (caar preview-ps-file)) (car (last (caar preview-ps-file))) (caar preview-ps-file)) (car preview-ps-file))) (all-files (if (and (consp (car preview-ps-file)) (consp (caar preview-ps-file))) (caar preview-ps-file) (list file)))) (setq preview-gs-dsc (preview-dsc-parse file)) (setq preview-gs-init-string (concat (format "{<> setuserparams \ .locksafe} stopped pop " (mapconcat 'preview-ps-quote-filename all-files "")) preview-gs-init-string (format "[%s(r)file]aload exch %s .runandhide aload pop " (preview-ps-quote-filename file) (preview-gs-dsc-cvx 0 preview-gs-dsc)))))) --8<---------------cut here---------------end--------------->8--- @Ken: Sorry for the late response from AUCTeX side, and many thanks for your offer to resolve this issue. I'm not familiar enough with PS to come up with an alternative code. Do you have a suggestion? TIA. Best, Arash From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 04 12:35:30 2017 Received: (at 28811) by debbugs.gnu.org; 4 Nov 2017 16:35:30 +0000 Received: from localhost ([127.0.0.1]:50847 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eB1Pt-0001gw-Vi for submit@debbugs.gnu.org; Sat, 04 Nov 2017 12:35:30 -0400 Received: from avasout05.plus.net ([84.93.230.250]:45419) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eAuQT-0004F8-G1 for 28811@debbugs.gnu.org; Sat, 04 Nov 2017 05:07:37 -0400 Received: from Zen.artifex.com ([209.93.200.191]) by smtp with ESMTPA id AuQKekeH32du7AuQLeUrTQ; Sat, 04 Nov 2017 09:07:31 +0000 X-CM-Score: 0.00 X-CNFS-Analysis: v=2.2 cv=a6FAzQaF c=1 sm=1 tr=0 a=q+sJukLfw9GXRSowqvyhrQ==:117 a=q+sJukLfw9GXRSowqvyhrQ==:17 a=eIhxMilvRf8A:10 a=kj9zAlcOel0A:10 a=gDkh9niWAAAA:8 a=Nm-ZkVHzvv-eF5whryUA:9 a=CjuIK1q_8ugA:10 a=lGOMK5oLEwUwZHJ1FuQB:22 X-AUTH: chmee@:2500 Message-Id: <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> X-Sender: chmee@mail.plus.net X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sat, 04 Nov 2017 08:59:41 +0000 To: Arash Esbati From: Ken Sharp Subject: Re: bug#28811: 11.90.2.2017-07-25; preview-at-point In-Reply-To: <86o9oj9el0.fsf@gnu.org> References: <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <87mv4vkurr.fsf@gmail.com> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Antivirus: Avast (VPS 171104-0, 04/11/2017), Outbound message X-Antivirus-Status: Clean X-CMAE-Envelope: MS4wfAxq/qJgyqrPk3W/+w7O1LVu2/1+4zSJ3liP5bpshCD1iRWixKpazMgKgsxVM3tTkYJUqPVWeDuwKaDOogtH91KG9JpRQIw4FloptgnWvkjF1FKoF0/8 d+CU0Eq5GBGX853vWDrUSRFKS9qkBUQrYJpZZBghg6NKkwGUP2F8Daep X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 28811 X-Mailman-Approved-At: Sat, 04 Nov 2017 12:35:29 -0400 Cc: 28811@debbugs.gnu.org, Florian Stecker X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) Hi Arash, At 23:34 03/11/2017 +0100, Arash Esbati wrote: >--8<---------------cut here---------------start------------->8--- >(defun preview-gs-open (&optional setup) > "Start a Ghostscript conversion pass. >SETUP may contain a parser setup function." > (let ((image-info (assq preview-image-type preview-gs-image-type-alist))) > (setq preview-gs-image-type (nth 1 image-info)) > (setq preview-gs-sequence nil) > (setq preview-gs-command-line (append > preview-gs-options > (nthcdr 2 image-info)) > preview-gs-init-string > (format "{DELAYSAFER{.setsafe}if}stopped pop\ >/.preview-BP currentpagedevice/BeginPage get dup \ >null eq{pop{pop}bind}if def\ ><{.preview-BP %s}{pop}ifelse}bind/PageSize[1 1]>>setpagedevice\ >/preview-do{[count 3 roll save]3 1 roll dup length 0 eq\ >{pop}{setpagedevice}{ifelse .runandhide}\ >stopped{handleerror quit}if \ >aload pop restore}bind def " > (preview-gs-color-string preview-colors))) > (preview-gs-queue-empty) > (preview-parse-messages (or setup #'preview-gs-dvips-process-setup)))) >--8<---------------cut here---------------end--------------->8--- > >and > >--8<---------------cut here---------------start------------->8--- >(defun preview-prepare-fast-conversion () > "This fixes up all parameters for fast conversion." > (let* ((file (if (consp (car preview-ps-file)) > (if (consp (caar preview-ps-file)) > (car (last (caar preview-ps-file))) > (caar preview-ps-file)) > (car preview-ps-file))) > (all-files (if (and (consp (car preview-ps-file)) > (consp (caar preview-ps-file))) > (caar preview-ps-file) > (list file)))) > (setq preview-gs-dsc (preview-dsc-parse file)) > (setq preview-gs-init-string > (concat (format "{<> setuserparams \ >.locksafe} stopped pop " > (mapconcat 'preview-ps-quote-filename all-files "")) > preview-gs-init-string > (format "[%s(r)file]aload exch %s .runandhide aload pop " > (preview-ps-quote-filename file) > (preview-gs-dsc-cvx 0 preview-gs-dsc)))))) >--8<---------------cut here---------------end--------------->8--- > >@Ken: Sorry for the late response from AUCTeX side, and many thanks for >your offer to resolve this issue. I'm not familiar enough with PS to >come up with an alternative code. Do you have a suggestion? TIA. Well the obvious suggestion is simply 'don't use SAFER and DELAYSAFER' because then you don't need .runandhide :-) The problem is that PostScript is a programming language, and the snippets above, intermingled with some other language, are a) difficult to read and b) shorn of context. Its hard for me to pick out just the PostScript from whatever the other language is and without knowing what the aim is its pretty much impossible to figure out what the PostScript is doing. At a guess, it looks like the intention is to access files outside of Ghostscript's tree, while using the -dSAFER option, which bars access to such files. The obvious answer to my mind is 'don't do that', apart from anything else it seems pointless. I don't suppose there's anyone still around who knows what the PostScript is supposed to do ? I really need to discuss this with someone who understands the intended purpose of that PostScript code. In the absence of anyone who knows what the intended purpose of the code is, then I'd need someone to capture the entire PostScript sequence being sent to Ghostscript for the simplest possible job. I could then at least run the file and see what it does. I would do this myself, but I'm completely unfamiliar with AucTeX so I'd be fumbling in the dark.... If you want to go down that route, then can I suggest reopening our bug 698680: https://bugs.ghostscript.com/show_bug.cgi?id=698680 and attaching the PostScript file there (and any other files needed to make the program run). Ken From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 04 13:16:45 2017 Received: (at 28811) by debbugs.gnu.org; 4 Nov 2017 17:16:45 +0000 Received: from localhost ([127.0.0.1]:50870 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eB23o-0002cD-44 for submit@debbugs.gnu.org; Sat, 04 Nov 2017 13:16:45 -0400 Received: from eggs.gnu.org ([208.118.235.92]:46223) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eB23m-0002c0-Lf for 28811@debbugs.gnu.org; Sat, 04 Nov 2017 13:16:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eB23e-0005O4-Br for 28811@debbugs.gnu.org; Sat, 04 Nov 2017 13:16:37 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:47807) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eB23e-0005Nq-8L; Sat, 04 Nov 2017 13:16:34 -0400 Received: from x2f3bd19.dyn.telefonica.de ([2.243.189.25]:44504 helo=lola) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1eB23b-0001qj-U4; Sat, 04 Nov 2017 13:16:32 -0400 From: David Kastrup To: Ken Sharp Subject: Re: bug#28811: 11.90.2.2017-07-25; preview-at-point References: <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <87mv4vkurr.fsf@gmail.com> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> Date: Sat, 04 Nov 2017 18:16:28 +0100 In-Reply-To: <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> (Ken Sharp's message of "Sat, 04 Nov 2017 08:59:41 +0000") Message-ID: <87mv4255hv.fsf@fencepost.gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 28811 Cc: Arash Esbati , 28811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Ken Sharp writes: > Well the obvious suggestion is simply 'don't use SAFER and DELAYSAFER' > because then you don't need .runandhide :-) They are there for a reason, aren't they? > The problem is that PostScript is a programming language, and the > snippets above, intermingled with some other language, are a) > difficult to read and b) shorn of context. Its hard for me to pick out > just the PostScript from whatever the other language is and without > knowing what the aim is its pretty much impossible to figure out what > the PostScript is doing. It's rendering individual PostScript files in an order determined by the current position in a viewer (in this case an Emacs file), and the individual files are externally provided, so they may contain malicious code. Pretty much the principal reason for the existence of DELAYSAFER. Since the rendering order is determined interactively, different files need to be opened. Also it is hard to divert the input to an external file and it would look pointless since the main "feature" is that the end of the file is yet unknown while the start is already being interpreted. This uses Ghostscript interactively via pipes (or a tty, I forget which): if there was a mode "be unsafe on the Ghostscript interpreter command line and safe within files read from there", that would work. > At a guess, it looks like the intention is to access files outside of > Ghostscript's tree, while using the -dSAFER option, which bars access > to such files. The obvious answer to my mind is 'don't do that', apart > from anything else it seems pointless. How are safe PostScript viewers to be implemented now? -- David Kastrup From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 04 15:29:16 2017 Received: (at 28811) by debbugs.gnu.org; 4 Nov 2017 19:29:16 +0000 Received: from localhost ([127.0.0.1]:50921 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eB484-0005ZN-Ly for submit@debbugs.gnu.org; Sat, 04 Nov 2017 15:29:16 -0400 Received: from avasout06.plus.net ([212.159.14.18]:54579 helo=avasout06.plus.net.plus.net) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eB482-0005Yz-9f for 28811@debbugs.gnu.org; Sat, 04 Nov 2017 15:29:14 -0400 Received: from Zen.artifex.com ([209.93.200.191]) by smtp with ESMTPA id B47re3KpSFv8cB47seKJqi; Sat, 04 Nov 2017 19:29:06 +0000 X-CM-Score: 0.00 X-CNFS-Analysis: v=2.2 cv=Ful1xyjq c=1 sm=1 tr=0 a=q+sJukLfw9GXRSowqvyhrQ==:117 a=q+sJukLfw9GXRSowqvyhrQ==:17 a=eIhxMilvRf8A:10 a=kj9zAlcOel0A:10 a=S9a-KRKaj5HYZ_biZTAA:9 a=iBgEoYzeD8g5Q0gG:21 a=mKxjPTnSccawxxQ9:21 a=CjuIK1q_8ugA:10 X-AUTH: chmee@:2500 Message-Id: <5.1.0.14.2.20171104191639.0510cc88@mail.plus.net> X-Sender: chmee@mail.plus.net X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sat, 04 Nov 2017 19:27:39 +0000 To: David Kastrup From: Ken Sharp Subject: Re: bug#28811: 11.90.2.2017-07-25; preview-at-point In-Reply-To: <87mv4255hv.fsf@fencepost.gnu.org> References: <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <87mv4vkurr.fsf@gmail.com> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Antivirus: Avast (VPS 171104-0, 04/11/2017), Outbound message X-Antivirus-Status: Clean X-CMAE-Envelope: MS4wfEQSkl8VcKGwKagm14Yc3i/FMOmae8Krq+fzzI3igxvPidMyJW9smUyDKce6qTZZTcmX65ERLD3ucOedmkSI4vSLl72gtvJ7L4rTo6XfpOGhNl7rVCbg uM5lQ/UopnJTPGZdd6j5ChfmFLllJwGJ4xxV5azok4ccUDCgj2DhFunE X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 28811 Cc: Arash Esbati , 28811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) At 18:16 04/11/2017 +0100, David Kastrup wrote: > > Well the obvious suggestion is simply 'don't use SAFER and DELAYSAFER' > > because then you don't need .runandhide :-) > >They are there for a reason, aren't they? Yes, though I would (and have) argued against them. The interpreter is intended to be able to access the file system (as permitted by the language specification). Nevertheless, the capability exists to prevent that, because people asked for it. >It's rendering individual PostScript files in an order determined by the >current position in a viewer (in this case an Emacs file), and the >individual files are externally provided, so they may contain malicious >code. Provided they are in the current directory, as far as I'm aware you don't need to break SAFER for them, because the Current worming directory is permitted. I can't recall if that requires -P- or not, it may do. >Pretty much the principal reason for the existence of DELAYSAFER. DELAYSAFER is there to permit operations to be concluded that won't work if you have SAFER. This is, however, a massive security hole, there are nay number of implementations and 'recipes' out there which use SAFER and DELAYSAFER and never call .setsafe. Also WRITESYSTEMDICT and other things. In any event, DELAYSAFER hasn't changed. >This uses Ghostscript interactively via pipes (or a tty, I forget >which): if there was a mode "be unsafe on the Ghostscript interpreter >command line and safe within files read from there", that would work. No way that Ghostscript can tell the difference, at the interpreter level, it all just comes in as streamed data. >How are safe PostScript viewers to be implemented now? Well, you can use SAFER, you can even use DELAYSAFER, that has not changed. What I'm questioning is the use of .runandhide. Ken From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 04 15:45:54 2017 Received: (at 28811) by debbugs.gnu.org; 4 Nov 2017 19:45:54 +0000 Received: from localhost ([127.0.0.1]:50950 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eB4OA-0005z5-HN for submit@debbugs.gnu.org; Sat, 04 Nov 2017 15:45:54 -0400 Received: from eggs.gnu.org ([208.118.235.92]:46552) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eB4O9-0005yt-8y for 28811@debbugs.gnu.org; Sat, 04 Nov 2017 15:45:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eB4O0-0006ve-Tq for 28811@debbugs.gnu.org; Sat, 04 Nov 2017 15:45:47 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:49022) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eB4O0-0006vU-Q1; Sat, 04 Nov 2017 15:45:44 -0400 Received: from x2f3bd19.dyn.telefonica.de ([2.243.189.25]:45228 helo=lola) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1eB4Nz-0004qM-TS; Sat, 04 Nov 2017 15:45:44 -0400 From: David Kastrup To: Ken Sharp Subject: Re: bug#28811: 11.90.2.2017-07-25; preview-at-point References: <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <87mv4vkurr.fsf@gmail.com> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> <5.1.0.14.2.20171104191639.0510cc88@mail.plus.net> Date: Sat, 04 Nov 2017 20:45:40 +0100 In-Reply-To: <5.1.0.14.2.20171104191639.0510cc88@mail.plus.net> (Ken Sharp's message of "Sat, 04 Nov 2017 19:27:39 +0000") Message-ID: <87inep6d5n.fsf@fencepost.gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 28811 Cc: Arash Esbati , 28811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Ken Sharp writes: > At 18:16 04/11/2017 +0100, David Kastrup wrote: > >>It's rendering individual PostScript files in an order determined by >>the current position in a viewer (in this case an Emacs file), and the >>individual files are externally provided, so they may contain >>malicious code. > > Provided they are in the current directory, I am not sure that can be arranged. > as far as I'm aware you don't need to break SAFER for them, because > the Current worming directory is permitted. I can't recall if that > requires -P- or not, it may do. I am pretty sure that it didn't work by default. >>Pretty much the principal reason for the existence of DELAYSAFER. > > DELAYSAFER is there to permit operations to be concluded that won't > work if you have SAFER. This is, however, a massive security hole, > there are nay number of implementations and 'recipes' out there which > use SAFER and DELAYSAFER and never call .setsafe. Not preview-latex. It isn't a "security hole" unless you make it one. > Also WRITESYSTEMDICT and other things. > > In any event, DELAYSAFER hasn't changed. It's pretty pointless unless one can use .runandhide to temporarily be safe. >>This uses Ghostscript interactively via pipes (or a tty, I forget >>which): if there was a mode "be unsafe on the Ghostscript interpreter >>command line and safe within files read from there", that would work. > > No way that Ghostscript can tell the difference, at the interpreter > level, it all just comes in as streamed data. Well, then it is .runandhide . >>How are safe PostScript viewers to be implemented now? > > Well, you can use SAFER, you can even use DELAYSAFER, that has not > changed. What I'm questioning is the use of .runandhide. I repeat: the order of the files to be rendered is not known when Ghostscript is started: that depends on where the viewer is paging when Ghostscript has free capacities. This "render stuff currently on screen first" thing is pretty important for maintaining good interactivity. .runandhide is used for rendering one file safely, then get Ghostscript back into a state where it is possible to tell it via pipe to its command line what to do next. -- David Kastrup From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 04 19:35:17 2017 Received: (at 28811) by debbugs.gnu.org; 4 Nov 2017 23:35:17 +0000 Received: from localhost ([127.0.0.1]:51046 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eB7y9-0004fN-7v for submit@debbugs.gnu.org; Sat, 04 Nov 2017 19:35:17 -0400 Received: from eggs.gnu.org ([208.118.235.92]:51853) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eB7y7-0004fB-8h for 28811@debbugs.gnu.org; Sat, 04 Nov 2017 19:35:15 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eB7xy-0005kv-UR for 28811@debbugs.gnu.org; Sat, 04 Nov 2017 19:35:10 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:50848) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eB7xy-0005kp-RU; Sat, 04 Nov 2017 19:35:06 -0400 Received: from p5b326a96.dip0.t-ipconnect.de ([91.50.106.150]:55764 helo=MUTANT) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.82) (envelope-from ) id 1eB7xy-0005c0-5n; Sat, 04 Nov 2017 19:35:06 -0400 From: Arash Esbati To: Ken Sharp Subject: Re: bug#28811: 11.90.2.2017-07-25; preview-at-point References: <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <87mv4vkurr.fsf@gmail.com> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> Date: Sun, 05 Nov 2017 00:34:06 +0100 In-Reply-To: <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> (Ken Sharp's message of "Sat, 04 Nov 2017 08:59:41 +0000") Message-ID: <86a801mxe9.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 28811 Cc: 28811@debbugs.gnu.org, dak@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Ken Sharp writes: > The problem is that PostScript is a programming language, and the > snippets above, intermingled with some other language, are a) > difficult to read and b) shorn of context. Its hard for me to pick out > just the PostScript from whatever the other language is and without > knowing what the aim is its pretty much impossible to figure out what > the PostScript is doing. Hi Ken, thanks for your response. I was afraid that the solution would not be that easy by just replacing some PostScript-code in an Elisp-function :-) > I don't suppose there's anyone still around who knows what the > PostScript is supposed to do ? I really need to discuss this with > someone who understands the intended purpose of that PostScript code. David K. is the principle author of preview-latex and he is still around. I hope he can manage to find a solution with you, somehow. > If you want to go down that route, then can I suggest reopening our > bug 698680: > > https://bugs.ghostscript.com/show_bug.cgi?id=698680 > > and attaching the PostScript file there (and any other files needed to > make the program run). Thanks for the offer. I'm looking forward to seeing if David and you can find a solution. If it comes to file exchange, we can go this route. Best, Arash From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 05 11:18:26 2017 Received: (at 28811) by debbugs.gnu.org; 5 Nov 2017 16:18:26 +0000 Received: from localhost ([127.0.0.1]:52421 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eBNcv-0002sZ-UE for submit@debbugs.gnu.org; Sun, 05 Nov 2017 11:18:26 -0500 Received: from avasout06.plus.net ([212.159.14.18]:58774 helo=avasout06.plus.net.plus.net) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eBNcu-0002sC-Df for 28811@debbugs.gnu.org; Sun, 05 Nov 2017 11:18:24 -0500 Received: from Zen.artifex.com ([209.93.200.191]) by smtp with ESMTPA id BNcle5i4YFv8cBNcmeKpW6; Sun, 05 Nov 2017 16:18:16 +0000 X-CM-Score: 0.00 X-CNFS-Analysis: v=2.2 cv=Ful1xyjq c=1 sm=1 tr=0 a=q+sJukLfw9GXRSowqvyhrQ==:117 a=q+sJukLfw9GXRSowqvyhrQ==:17 a=eIhxMilvRf8A:10 a=kj9zAlcOel0A:10 a=BLLP5eRzBv8HCKGqjiMA:9 a=CjuIK1q_8ugA:10 X-AUTH: chmee@:2500 Message-Id: <5.1.0.14.2.20171105160300.0b0e6938@mail.plus.net> X-Sender: chmee@mail.plus.net X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sun, 05 Nov 2017 16:14:28 +0000 To: David Kastrup From: Ken Sharp Subject: Re: bug#28811: 11.90.2.2017-07-25; preview-at-point In-Reply-To: <87inep6d5n.fsf@fencepost.gnu.org> References: <5.1.0.14.2.20171104191639.0510cc88@mail.plus.net> <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <87mv4vkurr.fsf@gmail.com> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> <5.1.0.14.2.20171104191639.0510cc88@mail.plus.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Antivirus: Avast (VPS 171105-0, 05/11/2017), Outbound message X-Antivirus-Status: Clean X-CMAE-Envelope: MS4wfCr+0m5TFZheSOJi6D+WoBYqsmt2NxG2GeIkNav6BbSyay9qV4Nopn1C8FDtPNRv/Xgq3q32dEP0MXY8/nFqJTlSa+A8PKr1KReGpZEfjt0mdfLxfbSo +LNhJ+P5ir/UgpejvT02ayiosafF4WqF2J1IdKNwZTxkumqBJT2y4UKUN8cZw9TmOSw5zNgHsas+jA== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 28811 Cc: Arash Esbati , 28811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) At 20:45 04/11/2017 +0100, David Kastrup wrote: > > Also WRITESYSTEMDICT and other things. > > > > In any event, DELAYSAFER hasn't changed. > >It's pretty pointless unless one can use .runandhide to temporarily be >safe. Make *what* safe ? .runandhide wasn't (directly) an aspect of SAFER or DELAYSAFER, its perfectly possible to have, and write PostScript which is not compatible with SAFER (and which therefore needs to be run before SAFER) but which doesn't require ,runandhide. >I repeat: the order of the files to be rendered is not known when >Ghostscript is started: that depends on where the viewer is paging when >Ghostscript has free capacities. > This "render stuff currently on screen >first" thing is pretty important for maintaining good interactivity. >.runandhide is used for rendering one file safely, then get Ghostscript >back into a state where it is possible to tell it via pipe to its >command line what to do next. OK bear in mind I have yet to see a complete PostScript transcript. All I've seen is fragments, buried inside other code. I have not said 'we're not putting it back', I've said 'let's discuss this'. If you can please explain why you can't refactor your PostScript to do away with .runandhide then we'll certainly consider this. However, all I'm getting (and this may well be my faulty understanding from the limited code I've seen) is 'put it back, because we need it and we can't change' Now I'm prepared to believe that, but I'd like to see why that's required, at the moment I don't see why it is. Maybe we can suggest alternatives that will be satisfactory. So please; send me a simple example of the PostScript that gets sent to Ghostscript. If you can arrange for that to be annotated with comments explaining what the code does that would be great, if not then just the raw code. I do need to understand why you need .runandhide; what its doing for you that you need to have, and can't achieve another way. I appreciate that its 'because you don't know what files are going to be run' which is fine, but rather high level as an explanation. What specifically is .runandhide doing for you that you can't achieve without it ? Noote that we went through our own code examples removing the requirement from our code, so we are not entirely unfamiliar with techniques to deal with this. Ken From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 05 13:24:45 2017 Received: (at 28811) by debbugs.gnu.org; 5 Nov 2017 18:24:45 +0000 Received: from localhost ([127.0.0.1]:52591 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eBPbA-0003Fz-S8 for submit@debbugs.gnu.org; Sun, 05 Nov 2017 13:24:45 -0500 Received: from eggs.gnu.org ([208.118.235.92]:46979) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eBPb9-0003Fk-8m for 28811@debbugs.gnu.org; Sun, 05 Nov 2017 13:24:43 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eBPb0-0003av-WB for 28811@debbugs.gnu.org; Sun, 05 Nov 2017 13:24:38 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:39649) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eBPb0-0003af-S7; Sun, 05 Nov 2017 13:24:34 -0500 Received: from x2f3bd19.dyn.telefonica.de ([2.243.189.25]:44358 helo=lola) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1eBPaz-0000Lz-Tp; Sun, 05 Nov 2017 13:24:34 -0500 From: David Kastrup To: Ken Sharp Subject: Re: bug#28811: 11.90.2.2017-07-25; preview-at-point References: <5.1.0.14.2.20171104191639.0510cc88@mail.plus.net> <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <87mv4vkurr.fsf@gmail.com> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> <5.1.0.14.2.20171104191639.0510cc88@mail.plus.net> <5.1.0.14.2.20171105160300.0b0e6938@mail.plus.net> Date: Sun, 05 Nov 2017 19:24:30 +0100 In-Reply-To: <5.1.0.14.2.20171105160300.0b0e6938@mail.plus.net> (Ken Sharp's message of "Sun, 05 Nov 2017 16:14:28 +0000") Message-ID: <87tvy8vb1d.fsf@fencepost.gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 28811 Cc: Arash Esbati , 28811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Ken Sharp writes: > At 20:45 04/11/2017 +0100, David Kastrup wrote: > > >> > Also WRITESYSTEMDICT and other things. >> > >> > In any event, DELAYSAFER hasn't changed. >> >>It's pretty pointless unless one can use .runandhide to temporarily be >>safe. > > Make *what* safe ? .runandhide wasn't (directly) an aspect of SAFER or > DELAYSAFER, its perfectly possible to have, and write PostScript which > is not compatible with SAFER (and which therefore needs to be run > before SAFER) but which doesn't require ,runandhide. The problem is that we need _unsafe_ code to run _after_ SAFER. From the Ghostscript command line that gets back into control after .runandhide has interpreted an external file in SAFER mode . .runandhide was implemented for that use case: getting back into unsafe mode without this being possible for the code that is run under control of the unsafe environment. >>I repeat: the order of the files to be rendered is not known when >>Ghostscript is started: that depends on where the viewer is paging when >>Ghostscript has free capacities. >> This "render stuff currently on screen >>first" thing is pretty important for maintaining good interactivity. >>.runandhide is used for rendering one file safely, then get Ghostscript >>back into a state where it is possible to tell it via pipe to its >>command line what to do next. > > OK bear in mind I have yet to see a complete PostScript > transcript. All I've seen is fragments, buried inside other code. I can run a script teeing off the in- and output instead of running Ghostscript directly. You have to be aware that _any_ such log will _not_ demonstrate the need for getting back into unsafe mode since once you know all operations you want to do, you can do all unsafe operations first and no longer need to revert to unsafe. The point is that the user actions determine the next files to be rendered and thus determine the next unsafe operation (namely which file to open next). > I have not said 'we're not putting it back', I've said 'let's discuss > this'. If you can please explain why you can't refactor your > PostScript to do away with .runandhide then we'll certainly consider > this. Well, I keep explaining it without seeing any point being taken up. That makes it hard to guess where to invest work next with the hope for success. > However, all I'm getting (and this may well be my faulty understanding > from the limited code I've seen) is 'put it back, because we need it > and we can't change' You don't propose any way in which we could change in order to render different files outside of the Ghostscript directories in a non-prearranged order in safe mode. We do this from the command line since that is the basic interaction point for Ghostscript. Do you see any other manners to tell Ghostscript "please render _this_ file next, in SAFER mode, and then return for further (unsafe) instructions". We've been running around changes in Ghostscript's implementation and rules at least 5 times. If there was any way guaranteed to actually stay around, that would be quite the relief. > Now I'm prepared to believe that, but I'd like to see why that's > required, at the moment I don't see why it is. Maybe we can suggest > alternatives that will be satisfactory. So what do you actully need? > So please; send me a simple example of the PostScript that gets sent > to Ghostscript. If you can arrange for that to be annotated with > comments explaining what the code does that would be great, if not > then just the raw code. > > I do need to understand why you need .runandhide; what its doing for > you that you need to have, Being able to run in safer mode, and _yet_ _afterwards_ specify the next file to render outside of the Ghostscript accessible tree. That is all. > and can't achieve another way. Is there another way? > I appreciate that its 'because you don't know what files are going to > be run' which is fine, but rather high level as an explanation. What > specifically is .runandhide doing for you that you can't achieve > without it ? It puts "unsafe mode" outside of the access of the file running in SAFER mode while returning back into it. That's all. If you have to store the unsafe context anywhere where the file running in SAFER mode could access it, there is no actual safety. > Noote that we went through our own code examples removing the > requirement from our code, so we are not entirely unfamiliar with > techniques to deal with this. So how did you do that? -- David Kastrup From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 05 15:09:49 2017 Received: (at 28811) by debbugs.gnu.org; 5 Nov 2017 20:09:49 +0000 Received: from localhost ([127.0.0.1]:52645 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eBREr-0007qn-Gv for submit@debbugs.gnu.org; Sun, 05 Nov 2017 15:09:49 -0500 Received: from avasout06.plus.net ([212.159.14.18]:42394 helo=avasout06.plus.net.plus.net) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eBREp-0007qb-4j for 28811@debbugs.gnu.org; Sun, 05 Nov 2017 15:09:47 -0500 Received: from Zen.artifex.com ([209.93.200.191]) by smtp with ESMTPA id BREje6DcqFv8cBREkeKv06; Sun, 05 Nov 2017 20:09:45 +0000 X-CM-Score: 0.00 X-CNFS-Analysis: v=2.2 cv=Ful1xyjq c=1 sm=1 tr=0 a=q+sJukLfw9GXRSowqvyhrQ==:117 a=q+sJukLfw9GXRSowqvyhrQ==:17 a=eIhxMilvRf8A:10 a=kj9zAlcOel0A:10 a=O8yQNwOvE1E9ODzapk4A:9 a=6GnpvwYtrMbSMBbb:21 a=DLCHRU1FuAumkDJi:21 a=CjuIK1q_8ugA:10 X-AUTH: chmee@:2500 Message-Id: <5.1.0.14.2.20171105193104.0a409908@mail.plus.net> X-Sender: chmee@mail.plus.net X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sun, 05 Nov 2017 20:09:34 +0000 To: David Kastrup From: Ken Sharp Subject: Re: bug#28811: 11.90.2.2017-07-25; preview-at-point In-Reply-To: <87tvy8vb1d.fsf@fencepost.gnu.org> References: <5.1.0.14.2.20171105160300.0b0e6938@mail.plus.net> <5.1.0.14.2.20171104191639.0510cc88@mail.plus.net> <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <87mv4vkurr.fsf@gmail.com> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> <5.1.0.14.2.20171104191639.0510cc88@mail.plus.net> <5.1.0.14.2.20171105160300.0b0e6938@mail.plus.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Antivirus: Avast (VPS 171105-0, 05/11/2017), Outbound message X-Antivirus-Status: Clean X-CMAE-Envelope: MS4wfGaqo0M7iXVweKbdXC/fMx5ykFC4IWYgN5Fcg0Pb7qCS2aM75os+zWgnp1PAnHgoXA7MPvox8HexWza/wZrndql0MhnSL71/QED0gJhg3aZloMsXf3R/ kwNHY7JtNsgtSkQyiW29nvprouZJ9X3CSbkW9Wp0kT8YNzZjQOKjwmUw X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 28811 Cc: Arash Esbati , 28811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) At 19:24 05/11/2017 +0100, you wrote: > > Make *what* safe ? .runandhide wasn't (directly) an aspect of SAFER or > > DELAYSAFER, its perfectly possible to have, and write PostScript which > > is not compatible with SAFER (and which therefore needs to be run > > before SAFER) but which doesn't require ,runandhide. > >The problem is that we need _unsafe_ code to run _after_ SAFER. From >the Ghostscript command line that gets back into control after >.runandhide has interpreted an external file in SAFER mode . You don't need .runandhide to execute 'unsafe' code, it has other side effects. I'm trying to get to the bottom of which of those side-effects you need, and why. Part of the problem is that I'm only seeing a tiny fraction of the program and have no clue how the bit I have seen is actually used. >I can run a script teeing off the in- and output instead of running >Ghostscript directly. You have to be aware that _any_ such log will >_not_ demonstrate the need for getting back into unsafe mode since once >you know all operations you want to do, you can do all unsafe operations >first and no longer need to revert to unsafe. The point is that the >user actions determine the next files to be rendered and thus determine >the next unsafe operation (namely which file to open next). But I would very much like to see the sequence of operations, and more importantly the whole PostScript program, or at least all the initial program. Its terribly hard to make judgements based on a couple of program fragments with no context to draw on. > > I have not said 'we're not putting it back', I've said 'let's discuss > > this'. If you can please explain why you can't refactor your > > PostScript to do away with .runandhide then we'll certainly consider > > this. > >Well, I keep explaining it without seeing any point being taken up. Well I'm sorry, clearly I'm being obtuse. From my perspective you are explaining that 'you need to run unsafe code' or 'you need it because you need to execute in an arbitrary order'. OK I'm not arguing any of that, but I don't see why you specifically need .runandhide in order to do so. I need a more detailed explanation, why specifically do you need .runandhide instead of say exec ? >That makes it hard to guess where to invest work next with the hope for >success. Well, I've asked for a transcript of what gets sent to Ghostscript, that would help. Even just the actual initial PostScript program would tell me more than what I've seen so far. >You don't propose any way in which we could change in order to render >different files outside of the Ghostscript directories in a >non-prearranged order in safe mode. That's because I don't see what you are doing now. This is too high level an explanation for me to see what it is you are actually doing. >We've been running around changes in Ghostscript's implementation and >rules at least 5 times. Interesting, in what way has Ghostscript changed in the past that's caused you problems ? Have you discussed this with anyone ? While I do see your name in the archives, it appears to be mostly in discussion with me. Once due to strokeadjust and PDF, and once with some other Lilypond stuff. I haven't seen anything from AucTeX before. Of course, it could easily predate my involvement. Obviously if there are bugs in the PostScript implementation we have to fix them, but that's comparatively rare I would have thought these days. > If there was any way guaranteed to actually >stay around, that would be quite the relief. Well, first and most obvious would be not to use non-standard PostScript. Obviously that's not an option, because the PostScript interpreter allows arbitrary execution and traversal of the file system. So you need to use -dSAFER if you aren't prepared to trust the PostScript files you are going to run. But you can't simply do that because (it seems to me) you want to run Ghostscript 'interactively', except that you don't really mean interactively, you really mean in something like a job server loop. Interactively to me would mean would mean from the GS command prompt. Now to me that would suggest that rather than launching Ghostscript and leaving it lying around until you want to send it something, you launch it once per PostScript program, and close it in between. You don't want to do that, and I can accept that, but I still do not at present understand the way you are using Ghostscript now. Nor do I understand the absolute requirement for .runandhide. I'm trying to understand, but at present I just don't get it. > > Now I'm prepared to believe that, but I'd like to see why that's > > required, at the moment I don't see why it is. Maybe we can suggest > > alternatives that will be satisfactory. > >So what do you actully need? Well, the actual PostScript program would give me context. If you can explain why you specifically need .runandhide rather than simply running in -dSAFER and using exec that would be good. Also why you need to launch Ghostscript and leave it running, rather than launching it once for each PostScript program, though that's rather less important (though possibly easier to explain). > > I do need to understand why you need .runandhide; what its doing for > > you that you need to have, > >Being able to run in safer mode, and _yet_ _afterwards_ specify the next >file to render outside of the Ghostscript accessible tree. > >That is all. Yes but I still don't see why you need .runandhide to achieve this. > > and can't achieve another way. > >Is there another way? I don't know, because I don't know what it is you are doing now. Yes, I know I'm a stuck record here, but I can't suggest an alternative (if such a thing is even possible) without understanding how you are currently using Ghopstscript. Just knowing what you want to achieve is not sufficient I need to know how you are currently achieving it, and ideally, why. >It puts "unsafe mode" outside of the access of the file running in SAFER >mode while returning back into it. That's all. If you have to store >the unsafe context anywhere where the file running in SAFER mode could >access it, there is no actual safety. And the unsafe context you are storing is what exactly ? > > Noote that we went through our own code examples removing the > > requirement from our code, so we are not entirely unfamiliar with > > techniques to deal with this. > >So how did you do that? Mostly by simply deleting it. In passing, the reason we removed a lot of these operators was precisely because of security concerns. We've recently had a number of reports which revolved around non-standard operators being used in unforseen ways. Usually these result in crashes but we've also seen denial of service, directory and file traversal/retrieval and some cases where it was possible to execute arbitrary code. Note that these have been true in some instances even when -dSAFER is set. Obviously those reported problems have been fixed, but it seemed reasonable to reduce the attack surface by removing operators which are no longer required, or not required after startup. Now we fully expected to have to work with Ghostscript users afterwards, we've had some customers and some free users discuss the changes with us. So far we've been able to help them remove the requirements from their own code but that doesn't mean we *won't* restore the operators if they are genuinely needed. It does mean that we would like to talk about it and understand the requirements properly first. Given the rather acrimonious past history of our discussions, I think it may be better if I hand this to a colleague. I'll speak to someone tomorrow and see if they are willing to take it on. Ken From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 05 15:52:43 2017 Received: (at 28811) by debbugs.gnu.org; 5 Nov 2017 20:52:43 +0000 Received: from localhost ([127.0.0.1]:52679 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eBRuN-0000Ot-Cb for submit@debbugs.gnu.org; Sun, 05 Nov 2017 15:52:43 -0500 Received: from eggs.gnu.org ([208.118.235.92]:57019) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eBRuM-0000Oh-42 for 28811@debbugs.gnu.org; Sun, 05 Nov 2017 15:52:42 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eBRuD-000161-UI for 28811@debbugs.gnu.org; Sun, 05 Nov 2017 15:52:37 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:42645) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eBRuD-00015m-RF; Sun, 05 Nov 2017 15:52:33 -0500 Received: from x2f3bd19.dyn.telefonica.de ([2.243.189.25]:46874 helo=lola) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1eBRuC-0008F5-PK; Sun, 05 Nov 2017 15:52:33 -0500 From: David Kastrup To: Ken Sharp Subject: Re: bug#28811: 11.90.2.2017-07-25; preview-at-point References: <5.1.0.14.2.20171105160300.0b0e6938@mail.plus.net> <5.1.0.14.2.20171104191639.0510cc88@mail.plus.net> <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <87mv4vkurr.fsf@gmail.com> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> <5.1.0.14.2.20171104191639.0510cc88@mail.plus.net> <5.1.0.14.2.20171105160300.0b0e6938@mail.plus.net> <5.1.0.14.2.20171105193104.0a409908@mail.plus.net> Date: Sun, 05 Nov 2017 21:52:29 +0100 In-Reply-To: <5.1.0.14.2.20171105193104.0a409908@mail.plus.net> (Ken Sharp's message of "Sun, 05 Nov 2017 20:09:34 +0000") Message-ID: <87ineov46q.fsf@fencepost.gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 28811 Cc: Arash Esbati , 28811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Ken Sharp writes: > At 19:24 05/11/2017 +0100, you wrote: > > >> > Make *what* safe ? .runandhide wasn't (directly) an aspect of SAFER or >> > DELAYSAFER, its perfectly possible to have, and write PostScript which >> > is not compatible with SAFER (and which therefore needs to be run >> > before SAFER) but which doesn't require ,runandhide. >> >>The problem is that we need _unsafe_ code to run _after_ SAFER. From >>the Ghostscript command line that gets back into control after >>.runandhide has interpreted an external file in SAFER mode . > > You don't need .runandhide to execute 'unsafe' code, We use it to execute potentially unsafe code in a SAFER environment. But we need to get back to non-SAFER mode afterwards without the potentially unsafe code having a possibility to get into non-SAFER mode. >>I can run a script teeing off the in- and output instead of running >>Ghostscript directly. You have to be aware that _any_ such log will >>_not_ demonstrate the need for getting back into unsafe mode since >>once you know all operations you want to do, you can do all unsafe >>operations first and no longer need to revert to unsafe. The point is >>that the user actions determine the next files to be rendered and thus >>determine the next unsafe operation (namely which file to open next). > > But I would very much like to see the sequence of operations, and more > importantly the whole PostScript program, or at least all the initial > program. Its terribly hard to make judgements based on a couple of > program fragments with no context to draw on. Ok, will do tomorrow. >> > I have not said 'we're not putting it back', I've said 'let's discuss >> > this'. If you can please explain why you can't refactor your >> > PostScript to do away with .runandhide then we'll certainly consider >> > this. >> >>Well, I keep explaining it without seeing any point being taken up. > > Well I'm sorry, clearly I'm being obtuse. From my perspective you are > explaining that 'you need to run unsafe code' or 'you need it because > you need to execute in an arbitrary order'. OK I'm not arguing any of > that, but I don't see why you specifically need .runandhide in order > to do so. Because we want to execute potentially unsafe code not under our control in SAFER mode and afterwards get back into non-SAFER mode in order to things not allowed in SAFER mode. Repeatedly. > I need a more detailed explanation, why specifically do you need > .runandhide instead of say exec ? Because exec will either not run in SAFER mode or not get back into non-SAFER mode. >>That makes it hard to guess where to invest work next with the hope >>for success. > > Well, I've asked for a transcript of what gets sent to Ghostscript, > that would help. Even just the actual initial PostScript program would > tell me more than what I've seen so far. As I said, I will do. Though our conversation so far is not exactly leaving much hope for this to explain anything in a clearer manner than I already did. > Interesting, in what way has Ghostscript changed in the past that's > caused you problems ? Have you discussed this with anyone ? While I do > see your name in the archives, it appears to be mostly in discussion > with me. Once due to strokeadjust and PDF, and once with some other > Lilypond stuff. I haven't seen anything from AucTeX before. Of course, > it could easily predate my involvement. About half of the changes were done by me, the other half by Ralf Angeli. So far either of us had been able to find yet another workaround. But without anything like .runandhide left, I don't see what we could be doing next. > Obviously if there are bugs in the PostScript implementation we have > to fix them, but that's comparatively rare I would have thought these > days. Those were not exactly bugs but changes in semantics, usually about what was considered SAFER and what not. SAFER mode is not in PostScript, so one cannot really talk about "bugs" for that. More like inconveniences in the context of refining SAFER. A nuisance, but not of the break-of-promises kind. .runandhide is certainly not part of the PostScript standard, but it was a documented part of Ghostscript. >> If there was any way guaranteed to actually >>stay around, that would be quite the relief. > > Well, first and most obvious would be not to use non-standard > PostScript. > But you can't simply do that because (it seems to me) you want to run > Ghostscript 'interactively', except that you don't really mean > interactively, you really mean in something like a job server > loop. Interactively to me would mean would mean from the GS command > prompt. Sigh. As I stated several times already, we do run Ghostscript from the GS command prompt. We even wait for the prompt before feeding it its next command. > Now to me that would suggest that rather than launching Ghostscript > and leaving it lying around until you want to send it something, you > launch it once per PostScript program, and close it in between. No, we don't. We run it from the command prompt and don't close it in between. > You don't want to do that, and I can accept that, but I still do not > at present understand the way you are using Ghostscript now. >From the command prompt. On a pseudo-tty or a pipe (not much of a difference to Emacs). That's why your transcript will be teed off from a script called instead of Ghostscript: if we didn't feed it via its input and interpreted its output, there would be nothing to tee off. > Nor do I understand the absolute requirement for .runandhide. How do you get temporarily into SAFER mode for executing a file without it? I keep asking this question. > Well, the actual PostScript program would give me context. If you can > explain why you specifically need .runandhide rather than simply > running in -dSAFER and using exec that would be good. If I can't get back out of -dSAFER mode I cannot at the end of processing of one file select a file in a preview-latex chosen place to execute next. That's what -dSAFER prohibits. > Also why you need to launch Ghostscript and leave it running, rather > than launching it once for each PostScript program, though that's > rather less important (though possibly easier to explain). A performance hit by a factor of 10 if not more. preview-latex creates an image for every mathematical entity in a document, easily several thousands of them, often just a few characters each. Having to start a fresh Ghostscript process for them that then has to read the fonts (which are rarely more than a few dozen per document) would be prohibitively expensive. Doing all this in a single Ghostscript process made preview-latex an actually useful tool rather than a toy. >>Being able to run in safer mode, and _yet_ _afterwards_ specify the next >>file to render outside of the Ghostscript accessible tree. >> >>That is all. > > Yes but I still don't see why you need .runandhide to achieve this. You haven't mentioned any alternative way of doing it. >>It puts "unsafe mode" outside of the access of the file running in SAFER >>mode while returning back into it. That's all. If you have to store >>the unsafe context anywhere where the file running in SAFER mode could >>access it, there is no actual safety. > > And the unsafe context you are storing is what exactly ? The object you get when executing "safe" before executing .setsafe. Calling restore on it reverts to non-safe mode, so we don't want it accessible to the potentially unsafe code executed in -dSAFER mode. I mean, that's the textbook and documented way of using .runandhide . It's not like we invented it. > Usually these result in crashes but we've also seen denial of service, > directory and file traversal/retrieval and some cases where it was > possible to execute arbitrary code. Note that these have been true in > some instances even when -dSAFER is set. Calling "safe" in unsafe mode will deliver an object useful for returning from -dSAFER _if_ code has access to that object. .runandhide was the documented way of hiding the object away from potentially unsafe code. -- David Kastrup From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 05 15:59:54 2017 Received: (at 28811) by debbugs.gnu.org; 5 Nov 2017 20:59:54 +0000 Received: from localhost ([127.0.0.1]:52691 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eBS1J-0000ZJ-QU for submit@debbugs.gnu.org; Sun, 05 Nov 2017 15:59:54 -0500 Received: from eggs.gnu.org ([208.118.235.92]:58239) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eBS1I-0000Z6-G0 for 28811@debbugs.gnu.org; Sun, 05 Nov 2017 15:59:52 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eBS1A-0004l2-9f for 28811@debbugs.gnu.org; Sun, 05 Nov 2017 15:59:47 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:42755) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eBS1A-0004kr-6P; Sun, 05 Nov 2017 15:59:44 -0500 Received: from x2f3bd19.dyn.telefonica.de ([2.243.189.25]:46880 helo=lola) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1eBS19-0004Uq-6W; Sun, 05 Nov 2017 15:59:43 -0500 From: David Kastrup To: Ken Sharp Subject: Re: bug#28811: 11.90.2.2017-07-25; preview-at-point References: <5.1.0.14.2.20171105160300.0b0e6938@mail.plus.net> <5.1.0.14.2.20171104191639.0510cc88@mail.plus.net> <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <87mv4vkurr.fsf@gmail.com> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> <5.1.0.14.2.20171104191639.0510cc88@mail.plus.net> <5.1.0.14.2.20171105160300.0b0e6938@mail.plus.net> <5.1.0.14.2.20171105193104.0a409908@mail.plus.net> <87ineov46q.fsf@fencepost.gnu.org> Date: Sun, 05 Nov 2017 21:59:39 +0100 In-Reply-To: <87ineov46q.fsf@fencepost.gnu.org> (David Kastrup's message of "Sun, 05 Nov 2017 21:52:29 +0100") Message-ID: <87efpcv3us.fsf@fencepost.gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 28811 Cc: Arash Esbati , 28811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) David Kastrup writes: > Ken Sharp writes: >> >> And the unsafe context you are storing is what exactly ? > > The object you get when executing "safe" before executing .setsafe. s/"safe"/"save"/ of course. > Calling restore on it reverts to non-safe mode, so we don't want it > accessible to the potentially unsafe code executed in -dSAFER mode. > > I mean, that's the textbook and documented way of using .runandhide . > It's not like we invented it. > >> Usually these result in crashes but we've also seen denial of service, >> directory and file traversal/retrieval and some cases where it was >> possible to execute arbitrary code. Note that these have been true in >> some instances even when -dSAFER is set. > > Calling "safe" "save" again. Sorry. > in unsafe mode will deliver an object useful for returning from > -dSAFER _if_ code has access to that object. .runandhide was the > documented way of hiding the object away from potentially unsafe code. >> Given the rather acrimonious past history of our discussions, I think >> it may be better if I hand this to a colleague. I'll speak to someone >> tomorrow and see if they are willing to take it on. I am not sure that having to start over explaining will lead to an improvement of my ability to communicate. Being better able to tell computers what I am talking about than humans is not exactly rewarding for me either, but when I am the main person responsible for affected code, there is not much of a way for me to pass the bucket. -- David Kastrup From debbugs-submit-bounces@debbugs.gnu.org Mon Nov 06 04:40:41 2017 Received: (at 28811) by debbugs.gnu.org; 6 Nov 2017 09:40:41 +0000 Received: from localhost ([127.0.0.1]:52984 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eBdtY-0005Sa-Qi for submit@debbugs.gnu.org; Mon, 06 Nov 2017 04:40:41 -0500 Received: from avasout06.plus.net ([212.159.14.18]:53654 helo=avasout06.plus.net.plus.net) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eBdtW-0005SE-Ei for 28811@debbugs.gnu.org; Mon, 06 Nov 2017 04:40:39 -0500 Received: from Zen.artifex.com ([209.93.200.191]) by smtp with ESMTPA id BdtRe82hnFv8cBdtSeLLv9; Mon, 06 Nov 2017 09:40:36 +0000 X-CM-Score: 0.00 X-CNFS-Analysis: v=2.2 cv=Ful1xyjq c=1 sm=1 tr=0 a=q+sJukLfw9GXRSowqvyhrQ==:117 a=q+sJukLfw9GXRSowqvyhrQ==:17 a=eIhxMilvRf8A:10 a=kj9zAlcOel0A:10 a=gDkh9niWAAAA:8 a=4GuHYQ8DPcC5xOKrRUcA:9 a=CjuIK1q_8ugA:10 a=lGOMK5oLEwUwZHJ1FuQB:22 X-AUTH: chmee@:2500 Message-Id: <5.1.0.14.2.20171106075941.0c491b18@mail.plus.net> X-Sender: chmee@mail.plus.net X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 06 Nov 2017 09:40:25 +0000 To: David Kastrup From: Ken Sharp Subject: Re: bug#28811: 11.90.2.2017-07-25; preview-at-point In-Reply-To: <87efpcv3us.fsf@fencepost.gnu.org> References: <87ineov46q.fsf@fencepost.gnu.org> <5.1.0.14.2.20171105160300.0b0e6938@mail.plus.net> <5.1.0.14.2.20171104191639.0510cc88@mail.plus.net> <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <87mv4vkurr.fsf@gmail.com> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> <5.1.0.14.2.20171104191639.0510cc88@mail.plus.net> <5.1.0.14.2.20171105160300.0b0e6938@mail.plus.net> <5.1.0.14.2.20171105193104.0a409908@mail.plus.net> <87ineov46q.fsf@fencepost.gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Antivirus: Avast (VPS 171105-0, 05/11/2017), Outbound message X-Antivirus-Status: Clean X-CMAE-Envelope: MS4wfOY06DmMon9UKDBfxv9MPez7jyq7OZVDRsZz2qHNAbEqUFe/DyUErOHvwjMI7dln/j4sKbEaf3oWxtyypiJ53FZ+sgtWJQFaIluxj5IS0bJfqzD8gxq2 mN695n5LmPf4H5p410+JWNY4Xp8amHAyDKchkXEF9LJKULV4nhyYJ/iraWXUX6xymi0sk9Z5DAkImg== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 28811 Cc: Arash Esbati , 28811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) At 21:59 05/11/2017 +0100, David Kastrup wrote: > >> Given the rather acrimonious past history of our discussions, I think > >> it may be better if I hand this to a colleague. I'll speak to someone > >> tomorrow and see if they are willing to take it on. > >I am not sure that having to start over explaining will lead to an >improvement of my ability to communicate. I think it will, because frankly I'm not prepared to keep listening to what I consider abuse. I feel I've tried to be reasonable here and up to now, polite, and you still haven't supplied what I've asked for. I will admit that on every email I learn a little more about what *exactly* you are doing, but I'm tired of the drip feed of information, laced with snide comments. I don't need this level of stress, and I don't actually have to put up with it. At this point my own inclination is simply to refuse to restore the operator. However I can recognise that I may be being unreasonable, potentially due to a simple clash of personalities. So, to try and act professionally, rather than simply washing my hands and walking away, I'm going to ask someone else to deal with it. Perhaps there will be less of a conflict of personalities and you will be able to work more easily with others. This also gives you an opportunity to persuade someone else of the merits of your case, without prejudice from me. I will, of course, forward on the previous emails and my understanding of the situation so far. [later] After discussion, we've decided the best way forward is to repoen the bug report and continue this in public, rather than by email. This would have been my preferred option originally, and was what I suggested, because it obviates the need to reprise the situation for the other developers. Well, water under the bridge. I have added David Kastrup to the CC list on the bug thread. When you have a PostScript file, please attach it to the bug: https://bugs.ghostscript.com/show_bug.cgi?id=698680 I have forwarded on the emails to date, verbatim, and described what I understand of the method of operation and requirements, along with my own suggestions. I won't take any further part in the discussion of the bug, to avoid influence. Please do not reply further to me on this subject, as I will simply delete such email unread. Ken From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 07 04:33:15 2017 Received: (at 28811) by debbugs.gnu.org; 7 Nov 2017 09:33:16 +0000 Received: from localhost ([127.0.0.1]:55177 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eC0Fv-0001e5-Lv for submit@debbugs.gnu.org; Tue, 07 Nov 2017 04:33:15 -0500 Received: from eggs.gnu.org ([208.118.235.92]:46902) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eC0Ft-0001dr-HH for 28811@debbugs.gnu.org; Tue, 07 Nov 2017 04:33:13 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eC0Fm-0001cD-2y for 28811@debbugs.gnu.org; Tue, 07 Nov 2017 04:33:08 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:43011) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eC0Fl-0001c6-W1; Tue, 07 Nov 2017 04:33:06 -0500 Received: from x2f3da22.dyn.telefonica.de ([2.243.218.34]:56304 helo=lola) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1eC0Fa-0005p8-HN; Tue, 07 Nov 2017 04:32:55 -0500 From: David Kastrup To: Arash Esbati Subject: Re: bug#28811: 11.90.2.2017-07-25; preview-at-point References: <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <87mv4vkurr.fsf@gmail.com> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> <86a801mxe9.fsf@gnu.org> Date: Tue, 07 Nov 2017 10:32:50 +0100 In-Reply-To: <86a801mxe9.fsf@gnu.org> (Arash Esbati's message of "Sun, 05 Nov 2017 00:34:06 +0100") Message-ID: <87tvy6bfi5.fsf@fencepost.gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 28811 Cc: 28811@debbugs.gnu.org, Ken Sharp X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Arash Esbati writes: > Ken Sharp writes: > >> The problem is that PostScript is a programming language, and the >> snippets above, intermingled with some other language, are a) >> difficult to read and b) shorn of context. Its hard for me to pick out >> just the PostScript from whatever the other language is and without >> knowing what the aim is its pretty much impossible to figure out what >> the PostScript is doing. > > Hi Ken, > > thanks for your response. I was afraid that the solution would not be > that easy by just replacing some PostScript-code in an Elisp-function > :-) > >> I don't suppose there's anyone still around who knows what the >> PostScript is supposed to do ? I really need to discuss this with >> someone who understands the intended purpose of that PostScript code. > > David K. is the principle author of preview-latex and he is still > around. I hope he can manage to find a solution with you, somehow. I've committed an (admittedly ugly) fix to AUCTeX master. Most of the work had actually already been done in previous commits, something which I had not properly remembered, so we did not actually use .runandhide in a security-relevant context any more. My participation in the discussion was based on remembering an earlier implementation we used, so the resulting controversy was disproportionate to the impact of the actually needed fix. While I cannot presume to understand the motivation of the Ghostscript developers in removing the documented operator intended to facilitate temporarily entering safe mode while interpreting externally provided files without working replacement (the jobserver functionality in the official PostScript standard has a known large security hole in Ghostscript's implementation and is not suggested in -dSAFER documentation for use anyway), the truth was that preview-latex already had stopped relying on the security-related aspects of .runandhide in a previous iteration of our code. So the comparatively simplistic fix I committed does not really come with security implications as we don't retain a way for leaving the -dSAFER sandbox once entering it. -- David Kastrup From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 10 12:13:55 2017 Received: (at control) by debbugs.gnu.org; 10 Nov 2017 17:13:55 +0000 Received: from localhost ([127.0.0.1]:34384 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eDCsN-0007CM-FQ for submit@debbugs.gnu.org; Fri, 10 Nov 2017 12:13:55 -0500 Received: from eggs.gnu.org ([208.118.235.92]:54469) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eDCsL-0007C5-Ty for control@debbugs.gnu.org; Fri, 10 Nov 2017 12:13:54 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eDCsC-0001CM-Py for control@debbugs.gnu.org; Fri, 10 Nov 2017 12:13:48 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:40930) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eDCsC-0001Bz-N2 for control@debbugs.gnu.org; Fri, 10 Nov 2017 12:13:44 -0500 Received: from [51.179.102.44] (port=18366 helo=debenv) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1eDCsB-0004oT-TM for control@debbugs.gnu.org; Fri, 10 Nov 2017 12:13:44 -0500 Date: Fri, 10 Nov 2017 18:13:26 +0100 Message-Id: <874lq2ukeh.fsf@gnu.org> To: control@debbugs.gnu.org From: mose@gnu.org (=?utf-8?Q?Mos=C3=A8?= Giordano) Subject: control message for bug #29249 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) merge 29249 28811 From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 18 18:16:22 2017 Received: (at 28811) by debbugs.gnu.org; 18 Nov 2017 23:16:22 +0000 Received: from localhost ([127.0.0.1]:46601 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eGCLW-0005f6-0b for submit@debbugs.gnu.org; Sat, 18 Nov 2017 18:16:22 -0500 Received: from eggs.gnu.org ([208.118.235.92]:42211) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eGCLU-0005em-4t for 28811@debbugs.gnu.org; Sat, 18 Nov 2017 18:16:20 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eGCLL-0006g5-S0 for 28811@debbugs.gnu.org; Sat, 18 Nov 2017 18:16:14 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:38203) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eGCLL-0006fz-O7 for 28811@debbugs.gnu.org; Sat, 18 Nov 2017 18:16:11 -0500 Received: from p5b32689b.dip0.t-ipconnect.de ([91.50.104.155]:50732 helo=MUTANT) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.82) (envelope-from ) id 1eGCLL-0006KW-4M; Sat, 18 Nov 2017 18:16:11 -0500 From: Arash Esbati To: David Kastrup Subject: Re: bug#28811: 11.90.2.2017-07-25; preview-at-point References: <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <87mv4vkurr.fsf@gmail.com> <613aa049-5eb8-bba3-bcf4-33c3b626d065@florianstecker.de> <5.1.0.14.2.20171104083417.0a3d6e50@mail.plus.net> <86a801mxe9.fsf@gnu.org> <87tvy6bfi5.fsf@fencepost.gnu.org> Date: Sun, 19 Nov 2017 00:06:27 +0100 In-Reply-To: <87tvy6bfi5.fsf@fencepost.gnu.org> (David Kastrup's message of "Tue, 07 Nov 2017 10:32:50 +0100") Message-ID: <86mv3j5gr0.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 28811 Cc: 28811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) David Kastrup writes: > I've committed an (admittedly ugly) fix to AUCTeX master. Thanks for fixing this! I've also added a note to changes.texi that preview works with Ghostscript 9.22. Best, Arash From unknown Wed Jun 18 23:13:55 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sun, 17 Dec 2017 12:24:03 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator