Package: xfig
Version: 1:3.2.5.b-1.2
Severity: normal
The bug 612180 and 6146616 are the same.
In FC this is fix (see the patch)
https://bugzilla.redhat.com/show_bug.cgi?id=657290
Fede.
-- System Information:
Debian Release: 6.0
APT prefers squeeze-updates
APT policy: (500, 'squeeze-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Versions of packages xfig depends on:
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG
ii libpng12-0 1.2.44-1 PNG library - runtime
ii libx11-6 2:1.3.3-4 X11 client-side library
ii libxi6 2:1.3-6 X11 Input extension library
ii libxpm4 1:3.5.8-1 X11 pixmap library
ii libxt6 1:1.0.7-1 X11 toolkit intrinsics library
ii xaw3dg 1.5+E-18 Xaw3d widget set
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages xfig recommends:
ii transfig 1:3.2.5.c-1 Utilities for converting XFig figu
ii xfig-libs 1:3.2.5.b-1.2 XFig image libraries and examples
Versions of packages xfig suggests:
ii cups-bsd [lpr] 1.4.4-7 Common UNIX Printing System(tm) -
ii cups-client 1.4.4-7 Common UNIX Printing System(tm) -
ii ghostscript 8.71~dfsg2-9 The GPL Ghostscript PostScript/PDF
ii gimp 2.6.10-1 The GNU Image Manipulation Program
ii gsfonts-x11 0.21 Make Ghostscript fonts available t
ii netpbm 2:10.0-12.2+b1 Graphics conversion tools between
ii spell 1.0-24 GNU Spell, a clone of Unix `spell'
ii xfig-doc 1:3.2.5.b-1.2 XFig on-line documentation and exa
-- no debconf information
diff -ur xfig.3.2.5b/f_readeps.c xfig.3.2.5b.new/f_readeps.c
--- xfig.3.2.5b/f_readeps.c 2009-03-30 17:52:18.000000000 +0200
+++ xfig.3.2.5b.new/f_readeps.c 2010-11-25 16:53:54.328247928 +0100
@@ -252,12 +252,13 @@
{
char buf[300];
FILE *tmpfp, *pixfile, *gsfile;
- char *psnam, *driver;
+ char *driver;
int status, wid, ht, nbitmap, fd;
char tmpfile[PATH_MAX],
pixnam[PATH_MAX],
errnam[PATH_MAX],
- gscom[2 * PATH_MAX];
+ gscom[2 * PATH_MAX],
+ psnam[PATH_MAX];
wid = urx - llx;
ht = ury - lly;
@@ -307,19 +308,14 @@
/* for color, use pcx */
driver = "pcx256";
}
- /* avoid absolute paths (for Cygwin with gswin32) by changing directory */
- if (tmpfile[0] == '/') {
- psnam = strrchr(tmpfile, '/');
- *psnam = 0;
- sprintf(gscom, "cd \"%s/\";", tmpfile);
- *psnam++ = '/'; /* Restore name for unlink() below */
- } else {
- psnam = tmpfile;
- gscom[0] = '\0';
+ /* Canonicalize the eps file filename, needed to "defeat" -dSAFER */
+ if (!realpath(tmpfile, psnam)) {
+ file_msg("Cannot canonicalize %s: %s\n", tmpfile, strerror(errno));
+ return False;
}
- sprintf(&gscom[strlen(gscom)],
- "%s -r72x72 -dSAFER -sDEVICE=%s -g%dx%d -sOutputFile=%s -q - > %s 2>&1",
- appres.ghostscript, driver, wid, ht, pixnam, errnam);
+ sprintf(gscom,
+ "%s -r72x72 -sDEVICE=%s -g%dx%d -sOutputFile=%s -dDELAYSAFER -c '<< /PermitFileReading [ (%s)] >> setuserparams .locksafe' -dSAFER -q - > %s 2>&1",
+ appres.ghostscript, driver, wid, ht, pixnam, psnam, errnam);
if (appres.DEBUG)
fprintf(stderr,"calling: %s\n",gscom);
if ((gsfile = popen(gscom, "w")) == 0) {
