Moritz Muehlenhoff wrote:
I looked into this during DebConf: We could modify the default load
behaviour by setting SEARCH_HERE_FIRST=0 in base/Makefile.in, but
this would cause regressions in applications calling Ghostscript:
Well, that's exactly what upstream will do with their next release, see
commit r11494 - or more readable, the combined diff 11468+11494.patch
I've attached. So this is IMHO a good decision.
And it is the same that GNU ghostscript 8.71.0 will definitively do.
http://bugs.ghostscript.com/show_bug.cgi?id=691350 (Comment 17)
I suppose implementing a filepath check as suggested by Werner Fink
is the best course of action.
That patch has been reverted by upstream with release e11494 (yes, the
same as above).
Greetings
Markus Steinborn
only in patch2:
unchanged:
--- trunk/gs/psi/msvc32.mak (Revision 11493)
+++ trunk/gs/psi/msvc32.mak (Revision 11494)
@@ -100,13 +100,10 @@
# Define whether or not searching for initialization files should always
# look in the current directory first. This leads to well-known security
-# and confusion problems, but users insist on it.
-# NOTE: this also affects searching for files named on the command line:
-# see the "File searching" section of Use.htm for full details.
-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
+# and confusion problems, but may be convenient sometimes.
!ifndef SEARCH_HERE_FIRST
-SEARCH_HERE_FIRST=1
+SEARCH_HERE_FIRST=0
!endif
# Define the name of the interpreter initialization file.
only in patch2:
unchanged:
--- trunk/gs/psi/os2.mak (Revision 11493)
+++ trunk/gs/psi/os2.mak (Revision 11494)
@@ -54,12 +54,9 @@
# Define whether or not searching for initialization files should always
# look in the current directory first. This leads to well-known security
-# and confusion problems, but users insist on it.
-# NOTE: this also affects searching for files named on the command line:
-# see the "File searching" section of Use.htm for full details.
-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
+# and confusion problems, but may be convenient sometimes.
-SEARCH_HERE_FIRST=1
+SEARCH_HERE_FIRST=0
# Define the name of the interpreter initialization file.
# (There is no reason to change this.)
only in patch2:
unchanged:
--- trunk/gs/doc/Use.htm (Revision 11493)
+++ trunk/gs/doc/Use.htm (Revision 11494)
@@ -827,8 +827,8 @@
using the name given. Otherwise it tries directories in this order:
<ol>
-<li>The current directory (unless disabled by the
-<a href="#P-_switch"><code>-P-</code> switch</a>);
+<li>The current directory if enabled by the
+<a href="#P-_switch"><code>-P</code> switch</a>;
<li>The directories specified by <a href="#I_switch"><code>-I</code>
switches</a> in the command line, if any;
@@ -851,13 +851,10 @@
directory or a list of directories separated by a character appropriate for
the operating system ("<code>:</code>" on Unix systems,
"<code>,</code>" on VMS systems, and
-"<code>;</code>" on MS Windows systems). We think that trying
-the current directory first is a very bad idea -- it opens serious security
-loopholes and can lead to very confusing errors if one has more than one
-version of Ghostscript in one's environment -- but when we attempted to
-change it, users insisted that we change it back. You can disable looking
-in the current directory first by using the
-<a href="#P_switch"><code>-P-</code> switch</a>.
+"<code>;</code>" on MS Windows systems).
+By default, Ghostscript no longer searches the current directory first
+but provides <a href="#P_switch"><code>-P</code> switch</a> for a degree
+of backward compatibility.
<p>
Note that Ghostscript does not use this file searching algorithm for the
@@ -2072,14 +2069,14 @@
<dl>
<dt><a name="P_switch"></a><code>-P</code>
<dd>Makes Ghostscript look first in the current directory for library
-files. This is currently the default.
+files.
</dl>
<dl>
<dt><a name="P-_switch"></a><code>-P-</code>
<dd>Makes Ghostscript <b><em>not</em></b> look first in the current
directory for library files (unless, of course, the first explicitly
-supplied directory is "<code>.</code>").
+supplied directory is "<code>.</code>"). This is now the default.
</dl>
<h4><a name="Parameters"></a>Setting parameters</h4>
only in patch2:
unchanged:
--- trunk/gs/toolbin/msvcxml.bat (Revision 11493)
+++ trunk/gs/toolbin/msvcxml.bat (Revision 11494)
@@ -1428,7 +1428,7 @@
echo ^<UserMacro Name="GS_INIT" Value="gs_init.ps" /^>
echo ^<UserMacro Name="GS_LIB_DEFAULT" Value="$(GSROOTDIR)/lib;$(GSROOTDIR)/Resource/Font;$(AROOTDIR)/fonts" /^>
echo ^<UserMacro Name="GS_REVISION" Value="$(GS_VERSION)" /^>
-echo ^<UserMacro Name="SEARCH_HERE_FIRST" Value="1" /^>
+echo ^<UserMacro Name="SEARCH_HERE_FIRST" Value="0" /^>
echo ^</VisualStudioPropertySheet^>
goto end
only in patch2:
unchanged:
--- trunk/gs/base/ugcclib.mak (Revision 11493)
+++ trunk/gs/base/ugcclib.mak (Revision 11494)
@@ -30,7 +30,7 @@
gsdatadir = $(gsdir)/$(GS_DOT_VERSION)
GS_DOCDIR=$(gsdatadir)/doc
GS_LIB_DEFAULT=$(gsdatadir)/Resource/Init:$(gsdatadir)/lib:$(gsdatadir)/Resource/Font
-SEARCH_HERE_FIRST=1
+SEARCH_HERE_FIRST=0
GS_INIT=gs_init.ps
#GENOPT=-DDEBUG
only in patch2:
unchanged:
--- trunk/gs/base/bcwin32.mak (Revision 11493)
+++ trunk/gs/base/bcwin32.mak (Revision 11494)
@@ -78,13 +78,10 @@
# Define whether or not searching for initialization files should always
# look in the current directory first. This leads to well-known security
-# and confusion problems, but users insist on it.
-# NOTE: this also affects searching for files named on the command line:
-# see the "File searching" section of Use.htm for full details.
-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
+# and confusion problems, but may be convenient sometimes.
!ifndef SEARCH_HERE_FIRST
-SEARCH_HERE_FIRST=1
+SEARCH_HERE_FIRST=0
!endif
# Define the name of the interpreter initialization file.
only in patch2:
unchanged:
--- trunk/gs/base/macos-mcp.mak (Revision 11493)
+++ trunk/gs/base/macos-mcp.mak (Revision 11494)
@@ -53,12 +53,9 @@
# Define whether or not searching for initialization files should always
# look in the current directory first. This leads to well-known security
-# and confusion problems, but users insist on it.
-# NOTE: this also affects searching for files named on the command line:
-# see the "File searching" section of Use.htm for full details.
-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
+# and confusion problems, but may be convenient sometimes.
-SEARCH_HERE_FIRST=1
+SEARCH_HERE_FIRST=0
# Define the name of the interpreter initialization file.
# (There is no reason to change this.)
only in patch2:
unchanged:
--- trunk/gs/base/watclib.mak (Revision 11493)
+++ trunk/gs/base/watclib.mak (Revision 11494)
@@ -20,7 +20,7 @@
GSROOTDIR=$(AROOTDIR)/gs$(GS_DOT_VERSION)
GS_DOCDIR=$(GSROOTDIR)/doc
GS_LIB_DEFAULT=$(GSROOTDIR)/Resource/Init\;$(GSROOTDIR)/lib\;$(GSROOTDIR)/Resource/Font\;$(AROOTDIR)/fonts
-SEARCH_HERE_FIRST=1
+SEARCH_HERE_FIRST=0
GS_INIT=gs_init.ps
!ifndef DEBUG
only in patch2:
unchanged:
--- trunk/gs/base/openvms.mak (Revision 11493)
+++ trunk/gs/base/openvms.mak (Revision 11494)
@@ -68,12 +68,9 @@
# Define whether or not searching for initialization files should always
# look in the current directory first. This leads to well-known security
-# and confusion problems, but users insist on it.
-# NOTE: this also affects searching for files named on the command line:
-# see the "File searching" section of Use.htm for full details.
-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
+# and confusion problems, but may be convenient sometimes.
-SEARCH_HERE_FIRST=1
+SEARCH_HERE_FIRST=0
# Define the name of the interpreter initialization file.
# (There is no reason to change this.)
only in patch2:
unchanged:
--- trunk/gs/base/unix-gcc.mak (Revision 11493)
+++ trunk/gs/base/unix-gcc.mak (Revision 11494)
@@ -77,12 +77,9 @@
# Define whether or not searching for initialization files should always
# look in the current directory first. This leads to well-known security
-# and confusion problems, but users insist on it.
-# NOTE: this also affects searching for files named on the command line:
-# see the "File searching" section of Use.htm for full details.
-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
+# and confusion problems, but may be convenient sometimes.
-SEARCH_HERE_FIRST=1
+SEARCH_HERE_FIRST=0
# Define the name of the interpreter initialization file.
# (There is no reason to change this.)
only in patch2:
unchanged:
--- trunk/gs/base/unixansi.mak (Revision 11493)
+++ trunk/gs/base/unixansi.mak (Revision 11494)
@@ -73,12 +73,9 @@
# Define whether or not searching for initialization files should always
# look in the current directory first. This leads to well-known security
-# and confusion problems, but users insist on it.
-# NOTE: this also affects searching for files named on the command line:
-# see the "File searching" section of Use.htm for full details.
-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
+# and confusion problems, but may be convenient sometimes.
-SEARCH_HERE_FIRST=1
+SEARCH_HERE_FIRST=0
# Define the name of the interpreter initialization file.
# (There is no reason to change this.)
only in patch2:
unchanged:
--- trunk/gs/base/macosx.mak (Revision 11493)
+++ trunk/gs/base/macosx.mak (Revision 11494)
@@ -78,12 +78,9 @@
# Define whether or not searching for initialization files should always
# look in the current directory first. This leads to well-known security
-# and confusion problems, but users insist on it.
-# NOTE: this also affects searching for files named on the command line:
-# see the "File searching" section of Use.htm for full details.
-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
+# and confusion problems, but may be convenient sometimes.
-SEARCH_HERE_FIRST=1
+SEARCH_HERE_FIRST=0
# Define the name of the interpreter initialization file.
# (There is no reason to change this.)
only in patch2:
unchanged:
--- trunk/gs/base/openvms.mmk (Revision 11493)
+++ trunk/gs/base/openvms.mmk (Revision 11494)
@@ -73,12 +73,9 @@
# Define whether or not searching for initialization files should always
# look in the current directory first. This leads to well-known security
-# and confusion problems, but users insist on it.
-# NOTE: this also affects searching for files named on the command line:
-# see the "File searching" section of Use.htm for full details.
-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
+# and confusion problems, but may be convenient sometimes.
-SEARCH_HERE_FIRST=1
+SEARCH_HERE_FIRST=0
# Define the name of the interpreter initialization file.
# (There is no reason to change this.)
only in patch2:
unchanged:
--- trunk/gs/base/msvclib.mak (Revision 11493)
+++ trunk/gs/base/msvclib.mak (Revision 11494)
@@ -49,13 +49,10 @@
# Define whether or not searching for initialization files should always
# look in the current directory first. This leads to well-known security
-# and confusion problems, but users insist on it.
-# NOTE: this also affects searching for files named on the command line:
-# see the "File searching" section of Use.htm for full details.
-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
+# and confusion problems, but may be convenient sometimes.
!ifndef SEARCH_HERE_FIRST
-SEARCH_HERE_FIRST=1
+SEARCH_HERE_FIRST=0
!endif
# Define the name of the interpreter initialization file.
only in patch2:
unchanged:
--- trunk/gs/base/watcw32.mak (Revision 11493)
+++ trunk/gs/base/watcw32.mak (Revision 11494)
@@ -54,11 +54,8 @@
# Define whether or not searching for initialization files should always
# look in the current directory first. This leads to well-known security
# and confusion problems, but users insist on it.
-# NOTE: this also affects searching for files named on the command line:
-# see the "File searching" section of Use.htm for full details.
-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
-SEARCH_HERE_FIRST=1
+SEARCH_HERE_FIRST=0
# Define the name of the interpreter initialization file.
# (There is no reason to change this.)
only in patch2:
unchanged:
--- trunk/gs/base/Makefile.in (Revision 11493)
+++ trunk/gs/base/Makefile.in (Revision 11494)
@@ -96,12 +96,9 @@
# Define whether or not searching for initialization files should always
# look in the current directory first. This leads to well-known security
-# and confusion problems, but users insist on it.
-# NOTE: this also affects searching for files named on the command line:
-# see the "File searching" section of Use.htm for full details.
-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
+# and confusion problems, but may be convenient sometimes.
-SEARCH_HERE_FIRST=1
+SEARCH_HERE_FIRST=0
# Define the name of the interpreter initialization file.
# (There is no reason to change this.)
