Description: CVE-2014-0466: fixps does not invoke gs with -dSAFER
 A malicious PostScript file could delete files with the privileges of
 the invoking user.
Origin: vendor
Bug-Debian: http://bugs.debian.org/742902
Author: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2014-03-28

--- a/contrib/fixps.in
+++ b/contrib/fixps.in
@@ -389,7 +389,7 @@
   	eval "$command" ;;
       gs)
         $verbose "$program: making a full rewrite of the file ($gs)." >&2
-  	$gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+  	$gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
     esac
   )
 fi
--- a/contrib/fixps.m4
+++ b/contrib/fixps.m4
@@ -307,7 +307,7 @@
   	eval "$command" ;;
       gs)
         $verbose "$program: making a full rewrite of the file ($gs)." >&2
-  	$gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+  	$gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
     esac
   )
 fi
='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=90b1fe57d0fb2f06dd578813c720902a5b2363bc'>refs</a><a class='active' href='/guix/log/tests/guix-pack.sh'>log</a><a href='/guix/tree/tests/guix-pack.sh?id=90b1fe57d0fb2f06dd578813c720902a5b2363bc'>tree</a><a href='/guix/commit/tests/guix-pack.sh?id=90b1fe57d0fb2f06dd578813c720902a5b2363bc'>commit</a><a href='/guix/diff/tests/guix-pack.sh?id=90b1fe57d0fb2f06dd578813c720902a5b2363bc'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/tests/guix-pack.sh'>
<input type='hidden' name='id' value='90b1fe57d0fb2f06dd578813c720902a5b2363bc'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=90b1fe57d0fb2f06dd578813c720902a5b2363bc'>root</a>/<a href='/guix/log/tests?id=90b1fe57d0fb2f06dd578813c720902a5b2363bc'>tests</a>/<a href='/guix/log/tests/guix-pack.sh?id=90b1fe57d0fb2f06dd578813c720902a5b2363bc'>guix-pack.sh</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/guix-pack.sh?id=90b1fe57d0fb2f06dd578813c720902a5b2363bc&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2023-10-28 01:30:37 +0200'>2023-10-28</span></td><td><a href='/guix/commit/tests/guix-pack.sh?id=ff1146fb4f7254a8f644f89d7af6b4b566528603'>tests: Adjust to cope with glibc graft.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2023-04-21 16:16:38 +0200'>2023-04-21</span></td><td><a href='/guix/commit/tests/guix-pack.sh?id=37dd69b44511dc73eb04bdebe8d82c9a0386338e'>tests: Fix checks for expected failures.</a><span class='msg-avail'>...</span></td><td>Eric Bavier</td></tr>
<tr><td><span title='2023-02-27 23:40:43 +0100'>2023-02-27</span></td><td><a href='/guix/commit/tests/guix-pack.sh?id=92a0e60a963a54230e400c5c2ae585205489bf35'>pack: Adjust shell tests to read-only tarball root.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2022-11-15 14:15:11 -0500'>2022-11-15</span></td><td><a href='/guix/commit/tests/guix-pack.sh?id=788602b37ff42f730d4b7b569b0fb51465f147da'>shell: Detect --symlink spec problems early.</a><span class='msg-avail'>...</span></td><td>Maxim Cournoyer</td></tr>

Age	Commit message (Expand)	Author
2023-10-28	tests: Adjust to cope with glibc graft....	Ludovic Courtès
2023-04-21	tests: Fix checks for expected failures....	Eric Bavier
2023-02-27	pack: Adjust shell tests to read-only tarball root....	Ludovic Courtès
2022-11-15	shell: Detect --symlink spec problems early....	Maxim Cournoyer