The following patch was adapted for GNU Ghostscript by Mark H Weaver based on: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8 From ab109aaeb3ddba59518b036fb288402a65cf7ce8 Mon Sep 17 00:00:00 2001 From: Chris Liddell Date: Sat, 5 Mar 2016 14:56:03 -0800 Subject: [PATCH] Bug 694724: Have filenameforall and getenv honor SAFER --- Resource/Init/gs_init.ps | 2 ++ psi/zfile.c | 36 ++++++++++++++++++++---------------- 2 files changed, 22 insertions(+), 16 deletions(-) diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps index fa33d88..99888ac 100644 --- a/Resource/Init/gs_init.ps +++ b/Resource/Init/gs_init.ps @@ -2018,6 +2018,7 @@ readonly def /.locksafe { .locksafe_userparams + systemdict /getenv {pop //false} put % setpagedevice has the side effect of clearing the page, but % we will just document that. Using setpagedevice keeps the device % properties and pagedevice .LockSafetyParams in agreement even @@ -2036,6 +2037,7 @@ readonly def %% /.locksafeglobal { .locksafe_userparams + systemdict /getenv {pop //false} put % setpagedevice has the side effect of clearing the page, but % we will just document that. Using setpagedevice keeps the device % properties and pagedevice .LockSafetyParams in agreement even diff --git a/psi/zfile.c b/psi/zfile.c index 320ecd5..0b9f299 100644 --- a/psi/zfile.c +++ b/psi/zfile.c @@ -371,22 +371,26 @@ file_continue(i_ctx_t *i_ctx_p) if (len < devlen) return_error(e_rangecheck); /* not even room for device len */ - memcpy((char *)pscratch->value.bytes, iodev->dname, devlen); - code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen, - len - devlen); - if (code == ~(uint) 0) { /* all done */ - esp -= 5; /* pop proc, pfen, devlen, iodev , mark */ - return o_pop_estack; - } else if (code > len) /* overran string */ - return_error(e_rangecheck); - else { - push(1); - ref_assign(op, pscratch); - r_set_size(op, code + devlen); - push_op_estack(file_continue); /* come again */ - *++esp = pscratch[2]; /* proc */ - return o_push_estack; - } + + do { + memcpy((char *)pscratch->value.bytes, iodev->dname, devlen); + code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen, + len - devlen); + if (code == ~(uint) 0) { /* all done */ + esp -= 5; /* pop proc, pfen, devlen, iodev , mark */ + return o_pop_estack; + } else if (code > len) /* overran string */ + return_error(e_rangecheck); + else if (iodev != iodev_default(imemory) + || (check_file_permissions_reduced(i_ctx_p, (char *)pscratch->value.bytes, code + devlen, "PermitFileReading")) == 0) { + push(1); + ref_assign(op, pscratch); + r_set_size(op, code + devlen); + push_op_estack(file_continue); /* come again */ + *++esp = pscratch[2]; /* proc */ + return o_push_estack; + } + } while(1); } /* Cleanup procedure for enumerating files */ static int -- 2.9.1 42 -0500'>2021-02-01gnu: python: Replace PYTHONPATH by GUIX_PYTHONPATH.Maxim Cournoyer Using PYTHONPATH as a mean to discover the Python packages had the following issues: 1. It is not versioned, so different versions of Python would clash if installed in a shared profile. 2. It would interfere with the host Python site on foreign distributions, sometimes preventing a a user to login their GDM session (!). 3. It would take precedence over user installed Python packages installed through pip. 4. It would leak into Python virtualenvs, which are supposed to create isolated Python environments. This changes fixes the above issues by making use of a sitecustomize.py module. The newly introduced GUIX_PYTHONPATH environment variable is read from the environment, filtered for the current Python version of the interpreter, and spliced in 'sys.path' just before Python's own site location, which provides the expected behavior. * gnu/packages/aux-files/python/sitecustomize.py: New file. * Makefile.am: Register it. * gnu/packages/python.scm (customize-site) (guix-pythonpath-search-path): New procedures. (python-2.7)[phases]{install-sitecustomize.py}: New phase. [native-inputs]{sitecustomize.py}: New input. [native-search-paths]: Replace PYTHONPATH with GUIX_PYTHONPATH. (python-3.9)[native-search-paths]: Likewise. [phases]{install-sitecustomize}: Override with correct version. [native-search-paths]: Replace PYTHONPATH with GUIX_PYTHONPATH. * gnu/packages/commencement.scm (python-boot0): [phases]{install-sitecustomize}: Likewise. [native-inputs]{sitecustomize.py}: New input. [native-search-paths]: Replace PYTHONPATH with GUIX_PYTHONPATH. * guix/build/python-build-system.scm (site-packages): Do not add a trailing '/'. squash! gnu: python: Replace PYTHONPATH by GUIX_PYTHONPATH.