Package: xfig Version: 1:3.2.5.b-1.2 Severity: normal The bug 612180 and 6146616 are the same. In FC this is fix (see the patch) https://bugzilla.redhat.com/show_bug.cgi?id=657290
Fede. -- System Information: Debian Release: 6.0 APT prefers squeeze-updates APT policy: (500, 'squeeze-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Versions of packages xfig depends on: ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG ii libpng12-0 1.2.44-1 PNG library - runtime ii libx11-6 2:1.3.3-4 X11 client-side library ii libxi6 2:1.3-6 X11 Input extension library ii libxpm4 1:3.5.8-1 X11 pixmap library ii libxt6 1:1.0.7-1 X11 toolkit intrinsics library ii xaw3dg 1.5+E-18 Xaw3d widget set ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages xfig recommends: ii transfig 1:3.2.5.c-1 Utilities for converting XFig figu ii xfig-libs 1:3.2.5.b-1.2 XFig image libraries and examples Versions of packages xfig suggests: ii cups-bsd [lpr] 1.4.4-7 Common UNIX Printing System(tm) - ii cups-client 1.4.4-7 Common UNIX Printing System(tm) - ii ghostscript 8.71~dfsg2-9 The GPL Ghostscript PostScript/PDF ii gimp 2.6.10-1 The GNU Image Manipulation Program ii gsfonts-x11 0.21 Make Ghostscript fonts available t ii netpbm 2:10.0-12.2+b1 Graphics conversion tools between ii spell 1.0-24 GNU Spell, a clone of Unix `spell' ii xfig-doc 1:3.2.5.b-1.2 XFig on-line documentation and exa -- no debconf information
diff -ur xfig.3.2.5b/f_readeps.c xfig.3.2.5b.new/f_readeps.c --- xfig.3.2.5b/f_readeps.c 2009-03-30 17:52:18.000000000 +0200 +++ xfig.3.2.5b.new/f_readeps.c 2010-11-25 16:53:54.328247928 +0100 @@ -252,12 +252,13 @@ { char buf[300]; FILE *tmpfp, *pixfile, *gsfile; - char *psnam, *driver; + char *driver; int status, wid, ht, nbitmap, fd; char tmpfile[PATH_MAX], pixnam[PATH_MAX], errnam[PATH_MAX], - gscom[2 * PATH_MAX]; + gscom[2 * PATH_MAX], + psnam[PATH_MAX]; wid = urx - llx; ht = ury - lly; @@ -307,19 +308,14 @@ /* for color, use pcx */ driver = "pcx256"; } - /* avoid absolute paths (for Cygwin with gswin32) by changing directory */ - if (tmpfile[0] == '/') { - psnam = strrchr(tmpfile, '/'); - *psnam = 0; - sprintf(gscom, "cd \"%s/\";", tmpfile); - *psnam++ = '/'; /* Restore name for unlink() below */ - } else { - psnam = tmpfile; - gscom[0] = '\0'; + /* Canonicalize the eps file filename, needed to "defeat" -dSAFER */ + if (!realpath(tmpfile, psnam)) { + file_msg("Cannot canonicalize %s: %s\n", tmpfile, strerror(errno)); + return False; } - sprintf(&gscom[strlen(gscom)], - "%s -r72x72 -dSAFER -sDEVICE=%s -g%dx%d -sOutputFile=%s -q - > %s 2>&1", - appres.ghostscript, driver, wid, ht, pixnam, errnam); + sprintf(gscom, + "%s -r72x72 -sDEVICE=%s -g%dx%d -sOutputFile=%s -dDELAYSAFER -c '<< /PermitFileReading [ (%s)] >> setuserparams .locksafe' -dSAFER -q - > %s 2>&1", + appres.ghostscript, driver, wid, ht, pixnam, psnam, errnam); if (appres.DEBUG) fprintf(stderr,"calling: %s\n",gscom); if ((gsfile = popen(gscom, "w")) == 0) {