Description: CVE-2014-0466: fixps does not invoke gs with -dSAFER
 A malicious PostScript file could delete files with the privileges of
 the invoking user.
Origin: vendor
Bug-Debian: http://bugs.debian.org/742902
Author: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2014-03-28

--- a/contrib/fixps.in
+++ b/contrib/fixps.in
@@ -389,7 +389,7 @@
   	eval "$command" ;;
       gs)
         $verbose "$program: making a full rewrite of the file ($gs)." >&2
-  	$gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+  	$gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
     esac
   )
 fi
--- a/contrib/fixps.m4
+++ b/contrib/fixps.m4
@@ -307,7 +307,7 @@
   	eval "$command" ;;
       gs)
         $verbose "$program: making a full rewrite of the file ($gs)." >&2
-  	$gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+  	$gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
     esac
   )
 fi

<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=58f705c18ebfafc4e291ba3be2ceeeead9e2a289'>refs</a><a class='active' href='/guix/log/gnu/packages/avahi.scm'>log</a><a href='/guix/tree/gnu/packages/avahi.scm?id=58f705c18ebfafc4e291ba3be2ceeeead9e2a289'>tree</a><a href='/guix/commit/gnu/packages/avahi.scm?id=58f705c18ebfafc4e291ba3be2ceeeead9e2a289'>commit</a><a href='/guix/diff/gnu/packages/avahi.scm?id=58f705c18ebfafc4e291ba3be2ceeeead9e2a289'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/packages/avahi.scm'>
<input type='hidden' name='id' value='58f705c18ebfafc4e291ba3be2ceeeead9e2a289'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=58f705c18ebfafc4e291ba3be2ceeeead9e2a289'>root</a>/<a href='/guix/log/gnu?id=58f705c18ebfafc4e291ba3be2ceeeead9e2a289'>gnu</a>/<a href='/guix/log/gnu/packages?id=58f705c18ebfafc4e291ba3be2ceeeead9e2a289'>packages</a>/<a href='/guix/log/gnu/packages/avahi.scm?id=58f705c18ebfafc4e291ba3be2ceeeead9e2a289'>avahi.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/packages/avahi.scm?id=58f705c18ebfafc4e291ba3be2ceeeead9e2a289&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2020-03-18 19:23:46 +0100'>2020-03-18</span></td><td><a href='/guix/commit/gnu/packages/avahi.scm?id=850093ac24f92ae805a2ee90681d1e4cb01ff8eb'>gnu: avahi: Update to 0.8.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/patches/avahi-CVE-2018-1000845.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/avahi.scm (avahi): Update to 0.8.
[source](patches): Remove obsolete patch.
[properties]: Remove.
[arguments]: Remove "--disable-qt3" from #:configure-flags.  Add "--disable-qt5".
[inputs]: Add LIBEVENT.  Sort lexicographically.
[native-inputs]: Remove INTLTOOL.  Add GETTEXT-MINIMAL.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-03-18 19:23:46 +0100'>2020-03-18</span></td><td><a href='/guix/commit/gnu/packages/avahi.scm?id=32b089f4f4e86a32bb34c2c7983be5dbe9603784'>gnu: avahi: Do not build the static libraries.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/avahi.scm (avahi)[arguments]: Add "--disable-static" to
 #:configure-flags.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-01-21 22:39:42 +0100'>2020-01-21</span></td><td><a href='/guix/commit/gnu/packages/avahi.scm?id=8ed9be3faccb865204de46d2a8ed3e96e59281b6'>Merge branch 'staging' into core-updates</a></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-01-19 06:09:01 +0100'>2020-01-19</span></td><td><a href='/guix/commit/gnu/packages/avahi.scm?id=f460f8da68f915dee5aa3ce97e05ba38c92f3106'>gnu: Use HTTPS for avahi.org everywhere.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/avahi.scm (avahi)[home-page]: Use HTTPS.
* gnu/services/avahi.scm (avahi-service): Likewise in docstring.
</span></span></td><td>Tobias Geerinckx-Rice</td></tr>
<tr><td><span title='2019-12-05 17:58:58 +0100'>2019-12-05</span></td><td><a href='/guix/commit/gnu/packages/avahi.scm?id=edb8aa3a28d410ef6fcb9355b57f9be26f87caed'>gnu: avahi: Incorporate grafted changes.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/avahi.scm (avahi)[replacement]: Remove.
[source](patches): Add avahi-CVE-2018-1000845.patch.
[properties]: New field.
(avahi/fixed): Remove variable.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2019-10-23 20:39:46 +0200'>2019-10-23</span></td><td><a href='/guix/commit/gnu/packages/avahi.scm?id=4163b6d855a4e655852029625762fccb077a196d'>gnu: avahi: Don't use package/inherit.</a><span class='msg-avail'>...<span class='msg-tooltip'>Thanks to Mark H Weaver &lt;mhw@netris.org&gt;.

* gnu/packages/avahi.scm (avahi): Use (package (inherit …)) instead of
package/inherit.
</span></span></td><td>Tobias Geerinckx-Rice</td></tr>
<tr><td><span title='2019-10-23 19:58:48 +0200'>2019-10-23</span></td><td><a href='/guix/commit/gnu/packages/avahi.scm?id=3f4ea9a62b5fa68d57724b2f83c35a191e33b7c8'>gnu: avahi: Fix CVE-2018-1000845 and duplicate CVE-2017-6519.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/avahi.scm (avahi/fixed): New variable.
(avahi)[replacement]: Use it.
* gnu/packages/patches/avahi-CVE-2018-1000845.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
</span></span></td><td>Tobias Geerinckx-Rice</td></tr>

Age	Commit message (Expand)	Author
2020-03-18	gnu: avahi: Update to 0.8....* gnu/packages/patches/avahi-CVE-2018-1000845.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/avahi.scm (avahi): Update to 0.8. [source](patches): Remove obsolete patch. [properties]: Remove. [arguments]: Remove "--disable-qt3" from #:configure-flags. Add "--disable-qt5". [inputs]: Add LIBEVENT. Sort lexicographically. [native-inputs]: Remove INTLTOOL. Add GETTEXT-MINIMAL.	Marius Bakke
2020-03-18	gnu: avahi: Do not build the static libraries....* gnu/packages/avahi.scm (avahi)[arguments]: Add "--disable-static" to #:configure-flags.	Marius Bakke
2020-01-21	Merge branch 'staging' into core-updates	Marius Bakke
2020-01-19	gnu: Use HTTPS for avahi.org everywhere....* gnu/packages/avahi.scm (avahi)[home-page]: Use HTTPS. * gnu/services/avahi.scm (avahi-service): Likewise in docstring.	Tobias Geerinckx-Rice
2019-12-05	gnu: avahi: Incorporate grafted changes....* gnu/packages/avahi.scm (avahi)[replacement]: Remove. [source](patches): Add avahi-CVE-2018-1000845.patch. [properties]: New field. (avahi/fixed): Remove variable.	Marius Bakke
2019-10-23	gnu: avahi: Don't use package/inherit....Thanks to Mark H Weaver <mhw@netris.org>. * gnu/packages/avahi.scm (avahi): Use (package (inherit …)) instead of package/inherit.	Tobias Geerinckx-Rice
2019-10-23	gnu: avahi: Fix CVE-2018-1000845 and duplicate CVE-2017-6519....* gnu/packages/avahi.scm (avahi/fixed): New variable. (avahi)[replacement]: Use it. * gnu/packages/patches/avahi-CVE-2018-1000845.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it.	Tobias Geerinckx-Rice