Discussion:
Still issues with Ghostscript 9.25
(too old to reply)
Uwe Siart
2018-09-15 13:28:30 UTC
Permalink
After the recent update of Ghostscript to v9.25 ps2pdf fails to produce
correct PDFs with transparency. If I process this MWE

\documentclass{article}
\usepackage{pstricks}
\begin{document}
\begin{pspicture}(-3,-3)(3,3)
\pscircle*[linecolor=blue] (-1,0){3}
\pscircle*[linecolor=red,opacity=0.2]( 1,0){3}
\end{pspicture}
\end{document}

with 'latex+dvips+ps2pdf' I don't see the transparency of the red circle
in the PDF.

Probably it's better to revert back to gs 9.23 again.
--
Uwe
Nelson H. F. Beebe
2018-09-15 15:26:11 UTC
Permalink
After confirming the behavior reported on Sat, 15 Sep 2018 15:28:30
+0200 by Uwe Siart <***@siart.de>, I posted a short note to the
gs-devel list, and got an explanation, and a fix. Here is what
...
Assuming that 'test-transparency.ps' uses Ghostscript extension operators,
then its not misbehaviour, its a deliberate policy when -dSAFER is set.
Note; I believe that, in common with most of the shell scripts, ps2pdf
sets -dSAFER.
As a result of the security hardening in the aftermath of the recent
publicly disclosed vulnerabilities, we've made a number of non-standard
PostScript operators unavailable when -dSAFER is set. In particular this
includes the 'transparency' operators.
This policy is likely to be extended in future and more non-standard
operators will be made unavailable (and in some cases, removed entirely)
when -dSAFER is set.
This is because every Postscript operator is potentially vulnerable to
attack, so to reduce the exposure (when the user selects -dSAFER) we intend
to make non-standard operators unavailable, as far as possible. In future
if you want to use non-standard operators you will have to run without SAFER.
So our own example file 'transparency-example.ps' in ghostpdl/examples
throws an error when processed with -dSAFER, because none of the
transparency operators can be found. A program which runs the operators in
a stopped context, or has a custom error handler might simply render
opaque, as described.
In a closed workflow such as described above, the simple answer is to not
set -dSAFER, for the existing shell scripts additionally setting -dNOSAFER
on the command line for the script should, I believe, disable it.
I'd suggest trying that, you could also simply invoke Ghostscript directly
gs -sDEVICE=pdfwrite -o out.pdf test-transparency.ps
...
...
I can confirm that your proposed
gs -sDEVICE=pdfwrite -o out.pdf test-transparency.ps
does indeed produce correct transparency in the out.pdf file.
Our ps2pdf command is the one installed from ghostpdl-9.25; it invokes
ps2pdf14 which in turn invokes ps2pdfwr, and that calls gs with
several options, including -dSAFER.
Thus, the command
ps2pdf -dNOSAFER test-transparency.ps
produces correct transparency.
...
-------------------------------------------------------------------------------
- Nelson H. F. Beebe Tel: +1 801 581 5254 -
- University of Utah FAX: +1 801 581 4148 -
- Department of Mathematics, 110 LCB Internet e-mail: ***@math.utah.edu -
- 155 S 1400 E RM 233 ***@acm.org ***@computer.org -
- Salt Lake City, UT 84112-0090, USA URL: http://www.math.utah.edu/~beebe/ -
-------------------------------------------------------------------------------
Uwe Siart
2018-09-15 15:51:32 UTC
Permalink
Post by Nelson H. F. Beebe
After confirming the behavior reported on Sat, 15 Sep 2018 15:28:30
gs-devel list, and got an explanation, and a fix. Here is what
[...]
In a closed workflow such as described above, the simple answer is to not
set -dSAFER, for the existing shell scripts additionally setting -dNOSAFER
on the command line for the script should, I believe, disable it.
[...]
Many thanks for figuring this out. Now I understand that it's not a bug
but an intended change in the behaviour of ghostscript. I can confirm
that "ps2pdf -dNOSAFER" brings transparency back and I will change my
workflow accordingly.
--
Uwe
Nelson H. F. Beebe
2018-09-15 15:50:45 UTC
Permalink
A quick Web search turned up some recent links that discuss the
newly-discovered security holes that ghostscript 9.25 has fixed:

No Patch Available Yet for New Major Vulnerability in Ghostscript Interpreter
https://www.bleepingcomputer.com/news/security/no-patch-available-yet-for-new-major-vulnerability-in-ghostscript-interpreter/

Ghostscript Flaws Allow Remote Takeover of Systems
https://threatpost.com/unpatched-ghostscript-flaws-allow-remote-takeover-of-systems/136800/

Critical Flaws in Ghostscript Could Leave Many Systems at Risk of Hacking
https://thehackernews.com/2018/08/ghostscript-postscript-vulnerability.html

In the Unix world, it has sadly been several years since Adobe offered
a version of Acrobat Reader for PDF display: our Solaris SPARC version
is dated 8-Oct-2009, and our GNU/Linux x86-64 version is from
8-May-2013.

Thus, ghostscript has become the defacto tool suite for PostScript and
PDF viewing, and few TeX sites outside the Microsoft Windows world
could live without it.

Rather than disabling viewing of PostScript and PDF files, as some of
the above links suggest, we just need to inform our community of the
desirability of upgrading their ghostscript installations.

This will take time: even a Ubuntu Rolling Release (bleeding edge)
system has only ghostscript 9.23 installed; other vendors are much
further behind: CentOS 7 (the latest release from Red Hat) has version
gs 9.07. Mint Linux 19 and Debian 10 has gs 9.22. OpenSUSE 42.3 has
gs 9.15, and OpenSUSE Tumbleweed (bleeding edge) has gs 9.23.

It is unclear whether other PDF and PostScript viewers that are not
based on either ghostscript or Adobe code have similar
vulnerabilities. They include apvlv, evince, mupdf, qpdfview,
viewpdf, zathura, and likely several others, plus built-in PDF viewers
in recent firefox and chrome Web browsers.

-------------------------------------------------------------------------------
- Nelson H. F. Beebe Tel: +1 801 581 5254 -
- University of Utah FAX: +1 801 581 4148 -
- Department of Mathematics, 110 LCB Internet e-mail: ***@math.utah.edu -
- 155 S 1400 E RM 233 ***@acm.org ***@computer.org -
- Salt Lake City, UT 84112-0090, USA URL: http://www.math.utah.edu/~beebe/ -
-------------------------------------------------------------------------------
Werner LEMBERG
2018-09-15 18:29:05 UTC
Permalink
OpenSUSE 42.3 has gs 9.15,
This is not correct. Yesterday I received an automatic update to
9.25.
and OpenSUSE Tumbleweed (bleeding edge) has gs 9.23.
I guess that the next snapshot (tomorrow or in two days) will provide
9.25 also.


Werner

Loading...