On Sun, Oct 16, 2011 at 11:21 AM, Jonathan Nieder <[email protected]> wrote: > severity 414002 normal > found 414002 ghostscript/8.71~dfsg2-6 > quit > > Bastien ROUCARIES wrote: > >> texlive-pstricks pdf documentation of pst-geo could not build from >> source. And even viewed. >> But you could regress this bug since we have the already built >> documentation on the tar.bz2 > > Ah, so you mean the upstream TeXLive pstricks package is another > testcase, rather than that some Debian package such as texlive-extra > is failing to build from source. > > Ok, lowering severity. Do you know what was the intent of the checks > preventing inclusion of files from ../ introduced around 4 years ago > that Ralf Stubner mentioned? In modern gs, they seem to be enabled > by -dSAFER, despite not having anything to do with the description in > the manpage:
I have no idea Thanks Bastien > -dSAFER > Disables the "deletefile" and "renamefile" operators > and the ability to open files in any mode other than > read-only. This strongly recommended for spoolers, > conversion scripts or other sensitive environments > where a badly written or malicious PostScript program > code must be prevented from changing important files. > > By contrast with bug#618530, this ".." check kicks in even for "gs -P". > That is: > > mkdir subdir > man -t ls >ls.ps > > echo '(ls.ps) run' | gs; # displays manpage. > echo '(ls.ps) run' | gs -dSAFER; # fails. > echo '(ls.ps) run' | gs -P -dSAFER; # displays manpage. > > cd subdir > echo '(../ls.ps) run' | gs; # displays manpage. > echo '(../ls.ps) run' | gs -dSAFER; # fails. > echo '(../ls.ps) run' | gs -P -dSAFER; # fails. > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
