[Bug 608071] New: Ghostscript executes random code on startup
Encoding/pwnd
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c0 Summary: Ghostscript executes random code on startup Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: x86-64 OS/Version: openSUSE 11.2 Status: NEW Severity: Critical Priority: P5 - None Component: Printing AssignedTo: jsmeix@novell.com ReportedBy: giecrilj@stegny.2a.pl QAContact: jsmeix@novell.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9.1.9) Gecko/20100317 SUSE/3.5.9-0.1.1 Firefox/3.5.9 The following script changes the name of file ./test.ps in the current directory to ./pwnd.ps. The attack is performed by a hidden Ghostscript configuration file that should not be treated as a configuration file at all. Steps 1 and 2 are needed only once; indeed, if you have ./Encoding/* for any reason, Ghostscript will execute code from there, and the results will range from annoying to pernicious. The example attack renames a single file; real haxorz are invited to read files or delete them. The script creates ./Encoding for demonstration purposes; if you happen to have any file in ./Encoding/ or $GS_LIB/Encoding, you are PWND each time you run gs. Reproducible: Always Steps to Reproduce: 1. mkdir Encoding 2. echo '(PWND BY ARTIFEX HAXORZ\n) print (test.ps) (pwnd.ps) renamefile quit' 3. gs Actual Results: GPL Ghostscript 8.64 (2009-02-03) Copyright (C) 2009 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file COPYING for details. PWND BY ARTIFEX HAXORZ While reading gs_fntem.ps: Error: /undefined in --quit-- Operand stack: (gs_fntem.ps) 1 FontEmulationProcs encodingnames --nostringval-- --nostringval-- StandardEncoding --nostringval-- ISOLatin1Encoding --nostringval-- SymbolEncoding --nostringval-- DingbatsEncoding --nostringval-- DingbatsEncoding --nostringval-- StandardEncoding --nostringval-- ISOLatin1Encoding --nostringval-- SymbolEncoding --nostringval-- Wingdings pwnd pwnd Encoding Execution stack: %interp_exit --nostringval-- --nostringval-- --nostringval-- %array_continue --nostringval-- --nostringval-- --nostringval-- false 1 %stopped_push --nostringval-- 1831 17 5 %oparray_pop --nostringval-- --nostringval-- --dict:17/21(ro)(G)-- --dict:2/2(G)-- --nostringval-- 1 %dict_continue --nostringval-- --nostringval-- 1829 26 5 %oparray_pop findresource %errorexec_pop --nostringval-- --nostringval-- --nostringval-- --nostringval-- 1220188 pwnd 27 --nostringval-- --nostringval-- false 1 %stopped_push 1755 27 6 %oparray_pop --nostringval-- %errorexec_pop .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- 1820 26 6 %oparray_pop 1754 26 6 %oparray_pop .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- Dictionary stack: --dict:963/3371(G)-- --dict:0/20(G)-- --dict:63/200(L)-- --dict:963/3371(G)-- --dict:10/10(G)-- --dict:17/21(ro)(G)-- Current allocation mode is global The file test.ps is renamed to pwnd.ps Expected Results: Ghostscript should not read ./Encoding/* on startup and start normally. It should not rename any files (unless asked to do it by the user's script). Here is what Artifex has to say: We really do not care about the reporter's opinion or curiosity. A simple "Thank you" is sufficient. Any further comment on this bug report will result in the reporter's account being banned. You have been warned. <URL:http://bugs.ghostscript.com/show_bug.cgi?id=691316> -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c Johannes Meixner <jsmeix@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jsmeix@novell.com AssignedTo|jsmeix@novell.com |werner@novell.com -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c1 Dr. Werner Fink <werner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID --- Comment #1 from Dr. Werner Fink <werner@novell.com> 2010-05-26 07:27:26 UTC --- Without Encoding ghostscript can not work as PostScript depends on Encodings. I've read the URL and it seems the upstream will not change anything. Normally ghostscript is not able to create directories if used by the printer spooler (like lpng or cups). For the user its self there is no need to create the directory Encoding/ in his working environment. If a user want to shoot into its feet he is free to do this. Maybe the user wants to test out other encodings rules. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c2 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | --- Comment #2 from Ludwig Nussel <lnussel@novell.com> 2010-05-26 10:23:43 CEST --- I don't think removing encoding support was the question here. The bug reporter is concerned about having the current working directory in gs' search path. Firefox for example stores ps files you get via some web site in /tmp and then calls the associated ps viewer. The ps viewer will then execute /tmp/Encoding/* which could have been prepared by a different user... Fortunately any sane ps viewer/converter disables use of dangerous commands (gs -dSAFER) so the files in the Encoding directory can't do anything worse than the file that should be displayed. So while have the current directory in the search path can be used to annoy other users security isn't a strong argument here AFAICT. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c3 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |WONTFIX --- Comment #3 from Ludwig Nussel <lnussel@novell.com> 2010-05-26 10:24:54 CEST --- oops, didn't mean to reopen -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c4 --- Comment #4 from Dr. Werner Fink <werner@novell.com> 2010-05-26 08:36:36 UTC --- (In reply to comment #2) This is what I've explained: only the user can shoot into its feet. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c5 --- Comment #5 from Christopher Yeleighton <giecrilj@stegny.2a.pl> 2010-05-26 08:50:59 UTC --- (In reply to comment #4)
(In reply to comment #2)
This is what I've explained: only the user can shoot into its feet.
That means the user should not execute Ghostscript in any directory that has a nonempty Encoding subdirectory (that may be needed for sb/sth else). Why do you call that "shooting into its feet"? The user need not create the Encoding directory itself, she can just stumble upon it. Also, upstream will not do anything about this because they take me for a troll; however, they explicitly stated that they would reconsider given positive feedback from a distro. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c6 --- Comment #6 from Dr. Werner Fink <werner@novell.com> 2010-05-26 09:22:06 UTC --- (In reply to comment #5) Not only ghostscript but also using the `.' in the personal PATH is a simple problem. Suppose that the user does a cd /tmp ls and now suppose an other user had done echo -e '#!/bin/sh\ncd\nrm -rf .' > /tmp/ls chmod 755 /tmp/ls .. do you see the problem of having `.' at first place within the execution path? Please note, that e.g. /tmp, /tmp/.X11-unix, /tmp/.ICE-unix, /var/tmp, /var/crash, /var/tmp/vi.recover, /var/tmp/vi.recover, /var/spool/mail, /var/cache/fonts, and the sub TeX sub directories do show this kind of problem. This because for creating such killer traps within the home directory of the user the attacker has to become the users owner ship. You may compare this with /etc/permissions ... to harden your system you may set PERMISSION_SECURITY in /etc/sysconfig/security to "secure paranoid local" and run SuSEconfig --module permissions but be aware that you're system could be lost some usability. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c7 --- Comment #7 from Christopher Yeleighton <giecrilj@stegny.2a.pl> 2010-05-26 10:16:07 UTC --- (In reply to comment #6)
(In reply to comment #5)
Not only ghostscript but also using the `.' in the personal PATH is a simple problem. Suppose that the user does a
cd /tmp ls
and now suppose an other user had done
echo -e '#!/bin/sh\ncd\nrm -rf .' > /tmp/ls chmod 755 /tmp/ls
... do you see the problem of having `.' at first place within the execution path?
I do not have . in $PATH and I would know how to remove it if I had one. It is not the case with GhostScript: I am exposed and I have no means of preventing it. The various risky directories you cite are just that --- a bunch risky directories. However, with GhostScript, _any_ directory is risky. Chris -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c8 --- Comment #8 from Dr. Werner Fink <werner@novell.com> 2010-05-26 10:26:45 UTC --- If you create the directory Encoding with the appropiate content then yes but why do you want to do this? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c9 --- Comment #9 from Christopher Yeleighton <giecrilj@stegny.2a.pl> 2010-05-26 23:15:19 UTC --- I do not want to create the directory named "Encoding". I just do not want to get PWND when I happen to execute gs where the current directory already has it for unrelated reasons. Having a subdirectory named "Encoding" is not prohibited by any standard and should not serve as an attack vector on Ghostscript unless the parent directory is special to Ghostscript itself. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c10 Thomas Biege <thomas@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WONTFIX | --- Comment #10 from Thomas Biege <thomas@novell.com> 2010-05-27 17:17:21 UTC --- Re: Ghostscript 8.64 executes random code at startup (paul.szabo@sydney.edu.au, Wed May 26 04:32:51 2010) Dear Christopher,
Ghostscript_8.64 on openSuSE_11.2 executes all files matching ./Encoding/* on startup. This search is relative to the current directory so it is easy to poison Ghostscript and cause it to execute arbitrary PostScript code without user action or knowledge.
Details: <URL:https://bugzilla.novell.com/show_bug.cgi?id=608071>
Interesting! So if someone creates /tmp/Encoding then it is dangerous to do cd /tmp; gs any.ps I now used: strace -omylog gs grep '"\./' mylog | sort -u and that shows that gs tries many files in currrent directory, "protection" against just ./Encoding is not enough. Cheers, Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c11 --- Comment #11 from Thomas Biege <thomas@novell.com> 2010-05-27 17:18:39 UTC --- Re: Ghostscript 8.64 executes random code at startup (paul.szabo@sydney.edu.au, Thu May 27 02:51:30 2010) The ghostscript people in http://bugs.ghostscript.com/show_bug.cgi?id=691339 told me to use the -P- switch, and marked it "RESOLVED WONTFIX". I guess -P- should be the default, as well as -dSAFER should be. The way gv invokes gs is "wrong". For example, using command gv /tmp/any.ps will do: chdir("/tmp/") execve(..., "gs", ... "-dSAFER", ... "any.ps", ...) So gv is careful to use -dSAFER but does not know about -P-. I notified bug-gv@gnu.org about this, see http://bugs.debian.org/583316 also. Cheers, Paul -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c14 --- Comment #14 from Ludwig Nussel <lnussel@novell.com> 2010-05-28 09:16:43 CEST --- Aha! So the root of the problem is that -dSAFER isn't honored for those initialization files. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c15 Johannes Meixner <jsmeix@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Platform|x86-64 |All --- Comment #15 from Johannes Meixner <jsmeix@novell.com> 2010-05-28 08:02:55 UTC --- When there is any kind of security issue in Ghostscript we must check to what extent the printing system might be affected: The printing filter /usr/bin/foomatic-rip which is used in the printing system as some kind of wrapper/frontend when a Ghostscript printer driver is used calls Ghostscript as follows: -------------------------------------------------------------------- gs -sstdout=%stderr -dBATCH -dPARANOIDSAFER -dNOPAUSE \ -sDEVICE=ljet4 -dDEVICEWIDTHPOINTS=595 -dDEVICEHEIGHTPOINTS=842 \ -r600x600 -sOutputFile=%stdout -f -_ -------------------------------------------------------------------- i.e. like gv with -dPARANOIDSAFER but without -P- As far as I understand http://www.ghostscript.com/doc/7.07/Use.htm -------------------------------------------------------------------- -dPARANOIDSAFER Disables reading of files other than %stdin, those given as a command line argument, or those contained on one of the paths given by LIBPATH and FONTPATH and specified by the system params /FontResourceDir and /GenericResourceDir. -dPARANOIDSAFER implies -dSAFER -------------------------------------------------------------------- -dPARANOIDSAFER does not avoid that Ghostscript may read stuff from the current directory so that an additional -P- is still needed. On the other hand the currrent working directory when printing filters are executed is "/" where only root can create sub-directories and files so that from my current point of view the printing system seems to be secure. Furthermore http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316#10 ------------------------------------------------------------------ I have been using a wrapper around gs that sets both -P- -dSAFER. That seems to work fine for viewing PS files, but does NOT allow gv to work for PDFs ------------------------------------------------------------------- indicates that we should pay particular attention if "-P-" becomes our default whether or not Ghostscript then still works for PDFs. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:running:33289 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c16 --- Comment #16 from Ludwig Nussel <lnussel@novell.com> 2010-05-28 11:51:43 CEST --- (In reply to comment #15)
[...] Furthermore http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316#10 ------------------------------------------------------------------ I have been using a wrapper around gs that sets both -P- -dSAFER. That seems to work fine for viewing PS files, but does NOT allow gv to work for PDFs ------------------------------------------------------------------- indicates that we should pay particular attention if "-P-" becomes our default whether or not Ghostscript then still works for PDFs.
The mistake in that wrapper is to add -dSAFER always. $ cat ~/bin/gs #!/bin/sh set -- -P- "$@" echo "$@" exec /usr/bin/gs "$@" $ gv /tmp/uebung01.pdf -P- -dNODISPLAY -dQUIET -sPDFname=uebung01.pdf -sDSCname=/tmp/gv_4bff90b8_1_uebung01.pdf.tmp pdf2dsc.ps -c quit For PDFs gv actually calls gs to execute a postscript program. That program is from ghostscript itself so no need for -dSAFER there. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c17 --- Comment #17 from Christopher Yeleighton <giecrilj@stegny.2a.pl> 2010-05-28 17:28:19 UTC --- (In reply to comment #14)
Aha! So the root of the problem is that -dSAFER isn't honored for those initialization files.
The root of the problem is that Ghostscript insists on reading encodings up front, and assumes that whatever is in an Encoding directory is an encoding program. If we accept this, although I really do not think we should, the root of the problem is that Ghostscript allows relative path search in its initialization phase. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c18 --- Comment #18 from Ludwig Nussel <lnussel@novell.com> 2010-05-31 14:42:05 CEST --- The -P- option doesn't work for gs_init.ps: http://bugs.ghostscript.com/show_bug.cgi?id=691350 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c19 --- Comment #19 from Christopher Yeleighton <giecrilj@stegny.2a.pl> 2010-05-31 18:40:01 UTC --- (In reply to comment #18)
The -P- option doesn't work for gs_init.ps: http://bugs.ghostscript.com/show_bug.cgi?id=691350
There are three problems with -P-. 1. It is not obvious, and most users will not know. 2. It also changes the way Ghostscript handles command-line arguments, and the vendor claims that Ghostscript users have vehemently protested against that. 3. Short of recompiling, there is no way to configure Ghostscript to use -P- by default. In particular, it cannot be applied as a per-user policy. It is a big gun to shoot at such a small target, and the cure kills both the infection and the patient :-) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c20 Dr. Werner Fink <werner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEEDINFO CC| |allau@novell.com, | |anicka@novell.com, | |bg@novell.com, | |bnc-team-gnome@forge.provo. | |novell.com, | |bnc-team-java@forge.provo.n | |ovell.com, | |bnc-team-xfce@forge.provo.n | |ovell.com, | |carnold@novell.com, | |daniel.rahn@novell.com, | |dkukawka@novell.com, | |freitag@novell.com CC| |gregkh@novell.com, | |hmacht@novell.com, | |jblunck@novell.com, | |jeffm@novell.com, | |jlee@novell.com, | |jmatejek@novell.com, | |jmcdonough@novell.com, | |jreuter@novell.com, | |jslaby@novell.com, | |jw@novell.com, | |kde-maintainers@suse.de, | |ke@novell.com CC| |kernel-maintainers@forge.pr | |ovo.novell.com, | |kkeil@novell.com, | |lnussel@novell.com, | |lrupp@novell.com, | |mc@novell.com, | |mhrusecky@novell.com, | |mrueckert@novell.com, | |ms@novell.com, | |mseben@novell.com, | |mt@novell.com, | |mvyskocil@novell.com, | |nadvornik@novell.com CC| |pbaudis@novell.com, | |pgajdos@novell.com, | |prusnak@novell.com, | |pth@novell.com, | |puzel@novell.com, | |sbrabec@novell.com, | |sndirsch@novell.com, | |snwint@novell.com, | |thomas.schraitle@novell.com | |, tiwai@novell.com, | |tonyj@novell.com, | |uli@novell.com, | |werner@novell.com InfoProvider| |coolo@novell.com --- Comment #20 from Dr. Werner Fink <werner@novell.com> 2010-06-01 16:14:30 UTC --- Just to be noted: we have 121 packages which requires ghostscript-library therefore I would like to set SEARCH_HERE_FIRST=0 in the main makefile of ghostscript. Beside the problem with gs_init.ps this cause that no file from current working directory will be read. That will break packages at build and at usage time, but the question is how many packages will break away and how many packages will not be fixed even if the maintainers stay in the carbon copy list. Stephan? What is you opinion in respect to factory/11.3? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c21 --- Comment #21 from Petr Baudis <pbaudis@novell.com> 2010-06-01 16:39:41 UTC --- Can you put the list of packages up somewhere? I myself have no idea which of my packages would require it. By a chance, isn't this 121 packages a transitive closure of the requirements? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c22 --- Comment #22 from Christopher Yeleighton <giecrilj@stegny.2a.pl> 2010-06-01 16:47:12 UTC --- OTOH, if you selectively disable the code that loads encodings at startup, at least this particular issue will be fixed and this action would be unlikely to break anything. As an example, the following steps shows that Ghostscript can load encoding at run time: 1. $ mkdir Encoding 2. $ gs 3. $ echo '(gs_il2_e.ps) runlibfile'>Encoding/ISOLatin2Encoding 4. GS> /ISOLatin2Encoding findencoding The command /findencoding succeeds although ISOLatin2Encoding was not loaded at startup. Note: Due to the way Ghostscript is constructed, you have to { rm Encoding/ISOLatin2Encoding; } now or Ghostscript will fail next time you start it. Leave to Ghostscript startup code the encodings it explicitly wants to have, but trying to preload whatever can be found is CRAZY. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c23 --- Comment #23 from Dr. Werner Fink <werner@novell.com> 2010-06-01 16:54:00 UTC --- Created an attachment (id=366182) --> (http://bugzilla.novell.com/attachment.cgi?id=366182) whatdependson ghostscript-library The list of all packages which do depend on ghostscript-library -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c24 --- Comment #24 from Ludwig Nussel <lnussel@novell.com> 2010-06-02 10:49:33 CEST --- (In reply to comment #20)
Just to be noted: we have 121 packages which requires ghostscript-library therefore I would like to set SEARCH_HERE_FIRST=0 in the main makefile of ghostscript. Beside the problem with gs_init.ps this cause that no file from current working directory will be read. That will break
Files from the current directory are read despite -P- (ie SEARCH_HERE_FIRST) even on sles10 so that problem probably only hits very old ghostscripts. Maybe the fix for reading files specified on the command line from the current directory is the cause for the problem with gs_init.ps? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c25 --- Comment #25 from Dr. Werner Fink <werner@novell.com> 2010-06-02 09:01:31 UTC --- (In reply to comment #24) No it's not the reason ... the reason is IMHO that gs_init.ps is used to switch over to secure mode. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c26 --- Comment #26 from Johannes Meixner <jsmeix@novell.com> 2010-06-02 10:33:48 UTC --- Created an attachment (id=366379) --> (http://bugzilla.novell.com/attachment.cgi?id=366379) fix-Use.htm-for-SEARCH_HERE_FIRST-0.patch A proposal how to patch the documentation in Use.htm for ghostscript-8.70 if SEARCH_HERE_FIRST=0 is used. As far as I see it is sufficient to fix the documentation in Use.htm because nowhere else is '-P-' mentioned (in particular not in "man gs") and furthermore "gs -h" points to Use.htm (below the "Search path" output). By the way: According to http://www.ghostscript.com/doc/7.07/Use.htm#Finding_files the Ghostscript authors already agree that "trying the current directory first is a very bad idea" because it "opens serious security loopholes" but they didn't fix the security bug only because some users complained :-( I also agree that a parameter that makes gs safer does not matter as long as it is not the default (see comment #12). I think that at least all Linux distributions should fix Ghostscript accordingly regardless if some users might then complain that they must use the -P (or -I) switch if they need the current directory. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c28 --- Comment #28 from Ludwig Nussel <lnussel@novell.com> 2010-06-02 13:22:38 CEST --- CVE-2010-2055 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c29 Michal Marek <mmarek@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC|kernel-maintainers@forge.pr |mmarek@novell.com |ovo.novell.com | --- Comment #29 from Michal Marek <mmarek@novell.com> 2010-06-02 12:07:03 UTC --- (In reply to comment #20)
Just to be noted: we have 121 packages which requires ghostscript-library therefore I would like to set SEARCH_HERE_FIRST=0 in the main makefile of ghostscript.
Do you have a test package somewhere so that we can try a build against it? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c30 --- Comment #30 from Ludwig Nussel <lnussel@novell.com> 2010-06-02 14:08:46 CEST --- gs -P- on SLES9 (ESP ghostscript 7.07.1) has the problem of not finding files in the current directory anymore. Indeed lib_file_open() lacks the special constructs of newer versions that make it behave differently for startup files. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c31 --- Comment #31 from Dr. Werner Fink <werner@novell.com> 2010-06-02 12:49:48 UTC --- *** Bug 610933 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=610933 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c32 --- Comment #32 from Christopher Yeleighton <giecrilj@stegny.2a.pl> 2010-06-03 14:38:32 UTC --- (In reply to comment #17)
(In reply to comment #14)
Aha! So the root of the problem is that -dSAFER isn't honored for those initialization files.
The root of the problem is that Ghostscript insists on reading encodings up front, and assumes that whatever is in an Encoding directory is an encoding program.
If we accept this, although I really do not think we should, the root of the problem is that Ghostscript allows relative path search in its initialization phase.
Correct me if I am wrong but the information supplied upstream [1] seems to indicate that Ghostscript, just like Emacs, does not run its start-up code when it starts with a core ROM image that is prebuilt unless this feature is switched off. This feature can be turned off during build; it is on by default but it is turned off in openSuSE [2]. It seems that Ghostscript should not be vulnerable when it starts off a core image. OTOH, it makes sense for the code in (gs_fntem.ps) to load all possible encodings ONLY IF it is building the start-up image because a safe environment can be assumed at build time. Summary: I hereby suggest that generating and using the core image for Ghostscript should be turned back on. == References == [1] <URL:http://bugs.ghostscript.com/show_bug.cgi?id=691316#c7> [2] <URL:http://bugs.ghostscript.com/show_bug.cgi?id=691316#c9> -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c33 --- Comment #33 from Stefan Dirsch <sndirsch@novell.com> 2010-06-03 15:26:46 UTC --- Could please somebody summarize what needs to be done in the mentioned 121 packages? That might be less time consuming than about 50 people reading (currently) about 30 comments and trying to make sense of them. Thanks. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c34 --- Comment #34 from Christopher Yeleighton <giecrilj@stegny.2a.pl> 2010-06-03 16:08:43 UTC --- It should be verified that they do not break when Ghostscript is compiled with SEARCH_HERE_FIRST=0 (as explained in Comment #20). This is the workaround recommended by upstream; however, I think there are milder ways to patch this vulnerability. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c35 --- Comment #35 from Stefan Dirsch <sndirsch@novell.com> 2010-06-03 16:31:38 UTC --- (In reply to comment #34)
It should be verified that they do not break when Ghostscript is compiled with SEARCH_HERE_FIRST=0 (as explained in Comment #20). This is the workaround recommended by upstream; however, I think there are milder ways to patch this vulnerability.
Thanks a lot! Are there ghostscript-library packages available for testing? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c36 Danny Kukawka <dkukawka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC|dkukawka@novell.com | --- Comment #36 from Danny Kukawka <dkukawka@novell.com> 2010-06-03 17:50:05 UTC --- Please add the next time only those packages/ppl which are really affected! At least mine are not since they don't use or require (directly) gs. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c37 Stephan Kulow <coolo@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |REOPENED CC| |coolo@novell.com InfoProvider|coolo@novell.com | --- Comment #37 from Stephan Kulow <coolo@novell.com> 2010-06-04 10:50:25 CEST --- If they don't find their files, they will hopefully fail? If so, fixing a couple of packages in adding some extra parameters should be ok if we gain security. If they do not fail, but silently create broken documentation, it's a big problem with the current timing. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c38 --- Comment #38 from Christopher Yeleighton <giecrilj@stegny.2a.pl> 2010-06-04 16:05:48 UTC --- (In reply to comment #37)
If they do not fail, but silently create broken documentation, it's a big problem with the current timing.
kio_man generates broken documentation and nobody cares. For example, try <URL:man:ftp> or <URL:man:groff_char>. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c39 Johannes Meixner <jsmeix@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dkukawka@novell.com --- Comment #39 from Johannes Meixner <jsmeix@novell.com> 2010-06-08 08:14:45 UTC --- Regarding comment #36: Your packages may require gs indirectly when it generates its documentation. This might fail and if you don't list the documantation files explicitely one by one in the files section of your RPMs, your packages might be built without (or with crippled) documentation. Therefore even if gs is not directly required, you packages might be really affected nevertheless. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c40 --- Comment #40 from Dr. Werner Fink <werner@novell.com> 2010-06-08 13:04:53 UTC --- Fronm changelog: Tue Jun 8 14:55:24 CEST 2010 - werner@suse.de - Modify pdf2des to make it work with newer gv (bnc#610933) - Compile ghostscript-library with SEARCH_HERE_FIRST=0 to close vulnerability due reading startup file even from temporary directories (make option -P- to the default) (bnc#608071) .. please note that ghostscript-min behaves to old way. This was submitted to factory. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c41 --- Comment #41 from Christopher Yeleighton <giecrilj@stegny.2a.pl> 2010-06-20 15:03:38 UTC --- (In reply to comment #0)
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9.1.9) Gecko/20100317 SUSE/3.5.9-0.1.1 Firefox/3.5.9
The following script changes the name of file ./test.ps in the current directory to ./pwnd.ps. The attack is performed by a hidden Ghostscript
This attack works as-is with Okular. In addition, it prevents Okular from rendering anything in the affected directory (of course). -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c42 --- Comment #42 from Dr. Werner Fink <werner@novell.com> 2010-06-30 11:52:38 UTC --- Created an attachment (id=372862) --> (http://bugzilla.novell.com/attachment.cgi?id=372862) ghostscript-8.70-gs_init.dif Fix the problem with the gs_init.ps ... only open in current working directory if and only if only the users has write access to the directory -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c43 --- Comment #43 from Ludwig Nussel <lnussel@novell.com> 2010-07-01 10:07:22 CEST --- Weird approach :-) That patch only fixes the very specific problem with /tmp. The patch still accepts any directory with permission 755. So if you view a file in e.g. an nfs exported directory from someone else gs would still read gs_init.ps from that users' directory. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c44 --- Comment #44 from Dr. Werner Fink <werner@novell.com> 2010-07-01 08:14:13 UTC --- The patch has been accepted upstream. NFS imports from unkown origin are always of high risk. NFS imports of a HOME directory should be never a problem otherwise the user is an open target not only for PostScripts attacks but for every one who can influence the NFS share. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c45 Dr. Werner Fink <werner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|werner@novell.com |security-team@suse.de --- Comment #45 from Dr. Werner Fink <werner@novell.com> 2010-07-07 09:05:32 UTC --- Submitted to openSUSE 11.0, 11.1, 11.3, Factory, and SLES11-SP1 see also bug #605043 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c46 --- Comment #46 from Christopher Yeleighton <giecrilj@stegny.2a.pl> 2010-07-07 11:27:35 UTC --- (In reply to comment #42)
Created an attachment (id=372862) --> (http://bugzilla.novell.com/attachment.cgi?id=372862) [details] ghostscript-8.70-gs_init.dif
Fix the problem with the gs_init.ps ... only open in current working directory if and only if only the users has write access to the directory
This is likely to be the case when an archive tool creates a temporary directory to store the files to be viewed; it can set the directory to u=rwx only in order to prevent other users from accessing the data. If I understand the patch correctly, it would not block gs_init.ps in such a setting, which is bad. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c47 --- Comment #47 from Dr. Werner Fink <werner@novell.com> 2010-07-07 11:40:56 UTC --- The patch simply avoids traps within common public directories nothing more and nothing less. It does not break the normal usage of ghostscript. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c48 --- Comment #48 from Dr. Werner Fink <werner@novell.com> 2010-07-09 09:24:26 UTC --- To be noted: I've switched over to the solution used in SVN head of ghostscript. Now it does work within all working directories. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c49 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:33289 |maint:running:33289 | |maint:released:11.0:34434 --- Comment #49 from Swamp Workflow Management <swamp@suse.com> 2010-07-22 17:38:25 UTC --- Update released for: ghostscript-devel, ghostscript-fonts-other, ghostscript-fonts-rus, ghostscript-fonts-std, ghostscript-ijs-devel, ghostscript-library, ghostscript-omni, ghostscript-x11, libgimpprint, libgimpprint-devel Products: openSUSE 11.0 (debug, i386, ppc, x86_64) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c50 Thomas Biege <thomas@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED --- Comment #50 from Thomas Biege <thomas@novell.com> 2010-08-02 06:12:57 UTC --- released (except moblin) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c51 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:33289 |maint:running:33289 |maint:released:11.0:34434 |maint:released:11.0:34434 | |maint:released:11.3:34435 --- Comment #51 from Swamp Workflow Management <swamp@suse.com> 2010-08-02 06:13:42 UTC --- Update released for: ghostscript-library Products: openSUSE 11.3 (debug, i586, x86_64) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c52 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:33289 |maint:running:33289 |maint:released:11.0:34434 |maint:released:11.0:34434 |maint:released:11.3:34435 |maint:released:11.3:34435 | |maint:released:11.1:34433 | |maint:released:11.2:34433 --- Comment #52 from Swamp Workflow Management <swamp@suse.com> 2010-08-02 06:14:49 UTC --- Update released for: ghostscript-devel, ghostscript-fonts-other, ghostscript-fonts-rus, ghostscript-fonts-std, ghostscript-ijs-devel, ghostscript-library, ghostscript-library-debuginfo, ghostscript-library-debugsource, ghostscript-omni, ghostscript-omni-debuginfo, ghostscript-x11, ghostscript-x11-debuginfo, libgimpprint, libgimpprint-debuginfo, libgimpprint-devel Products: openSUSE 11.1 (debug, i586, ppc, x86_64) openSUSE 11.2 (debug, i586, x86_64) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c53 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:33289 |maint:running:33289 |maint:released:11.0:34434 |maint:released:11.0:34434 |maint:released:11.3:34435 |maint:released:11.3:34435 |maint:released:11.1:34433 |maint:released:11.1:34433 |maint:released:11.2:34433 |maint:released:11.2:34433 | |maint:released:sle11-sp1:34 | |431 --- Comment #53 from Swamp Workflow Management <swamp@suse.com> 2010-08-02 13:08:42 UTC --- Update released for: ghostscript-devel, ghostscript-fonts-other, ghostscript-fonts-rus, ghostscript-fonts-std, ghostscript-ijs-devel, ghostscript-library, ghostscript-library-debuginfo, ghostscript-library-debugsource, ghostscript-omni, ghostscript-x11, libgimpprint, libgimpprint-devel Products: SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugzilla.novell.com/show_bug.cgi?id=608071#c54 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:33289 |maint:running:33289 |maint:released:11.0:34434 |maint:released:11.0:34434 |maint:released:11.3:34435 |maint:released:11.3:34435 |maint:released:11.1:34433 |maint:released:11.1:34433 |maint:released:11.2:34433 |maint:released:11.2:34433 |maint:released:sle11-sp1:34 |maint:released:sle11:34429 |431 | --- Comment #54 from Swamp Workflow Management <swamp@suse.com> 2010-08-02 13:09:54 UTC --- Update released for: ghostscript-devel, ghostscript-fonts-other, ghostscript-fonts-rus, ghostscript-fonts-std, ghostscript-ijs-devel, ghostscript-library, ghostscript-library-debuginfo, ghostscript-library-debugsource, ghostscript-omni, ghostscript-x11, libgimpprint, libgimpprint-devel Products: SLE-DEBUGINFO 11 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11 (i386, x86_64) SLE-SDK 11 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11 (i386, ia64, ppc64, s390x, x86_64) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=608071 https://bugzilla.novell.com/show_bug.cgi?id=608071#c55 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:33289 |maint:running:33289 |maint:released:11.0:34434 |maint:released:11.0:34434 |maint:released:11.3:34435 |maint:released:11.3:34435 |maint:released:11.1:34433 |maint:released:11.1:34433 |maint:released:11.2:34433 |maint:released:11.2:34433 |maint:released:sle11:34429 |maint:released:sle11:34429 | |maint:released:sle11-moblin | |20:34430 --- Comment #55 from Swamp Workflow Management <swamp@suse.com> 2010-08-23 09:40:23 UTC --- Update released for: ghostscript-devel, ghostscript-fonts-other, ghostscript-fonts-rus, ghostscript-fonts-std, ghostscript-ijs-devel, ghostscript-library, ghostscript-library-debuginfo, ghostscript-library-debugsource, ghostscript-omni, ghostscript-x11, libgimpprint, libgimpprint-devel Products: SUSE-MOBLIN 2.0 (i386) SUSE-MOBLIN 2.0-DEBUG (i386) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=608071 https://bugzilla.novell.com/show_bug.cgi?id=608071#c56 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:33289 |maint:running:33289 |maint:released:11.0:34434 |maint:released:11.0:34434 |maint:released:11.3:34435 |maint:released:11.3:34435 |maint:released:11.1:34433 |maint:released:11.1:34433 |maint:released:11.2:34433 |maint:released:11.2:34433 |maint:released:sle11:34429 |maint:released:sle11:34429 |maint:released:sle11-moblin |maint:released:sle11-moblin |20:34430 |20:34430 | |maint:released:sle11-moblin | |21:34432 --- Comment #56 from Swamp Workflow Management <swamp@suse.com> 2010-08-23 14:08:36 UTC --- Update released for: ghostscript-devel, ghostscript-fonts-other, ghostscript-fonts-rus, ghostscript-fonts-std, ghostscript-ijs-devel, ghostscript-library, ghostscript-library-debuginfo, ghostscript-library-debugsource, ghostscript-omni, ghostscript-x11, libgimpprint, libgimpprint-devel Products: SUSE-MOBLIN 2.1 (i386) SUSE-MOBLIN 2.1-DEBUG (i386) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=608071 https://bugzilla.novell.com/show_bug.cgi?id=608071#c Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:33289 |maint:released:11.0:34434 |maint:released:11.0:34434 |maint:released:11.3:34435 |maint:released:11.3:34435 |maint:released:11.1:34433 |maint:released:11.1:34433 |maint:released:11.2:34433 |maint:released:11.2:34433 |maint:released:sle11:34429 |maint:released:sle11:34429 |maint:released:sle11-moblin |maint:released:sle11-moblin |20:34430 |20:34430 |maint:released:sle11-moblin |maint:released:sle11-moblin |21:34432 |21:34432 | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=608071 https://bugzilla.novell.com/show_bug.cgi?id=608071#c57 Johannes Meixner <jsmeix@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com --- Comment #57 from Johannes Meixner <jsmeix@suse.com> 2012-01-10 09:07:22 UTC --- *** Bug 739737 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=739737 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com