Bug#414002: [gs-common] Retag FTBS

[Jonathan Nieder <jrnieder@gmail.com>]

severity 414002 normal
found 414002 ghostscript/8.71~dfsg2-6
quit

Bastien ROUCARIES wrote:

>  texlive-pstricks pdf documentation of pst-geo could not build from
> source. And even viewed.
> But you could regress this bug since we have the already built
> documentation on the tar.bz2

Ah, so you mean the upstream TeXLive pstricks package is another
testcase, rather than that some Debian package such as texlive-extra
is failing to build from source.

Ok, lowering severity.  Do you know what was the intent of the checks
preventing inclusion of files from ../ introduced around 4 years ago
that Ralf Stubner mentioned?  In modern gs, they seem to be enabled
by -dSAFER, despite not having anything to do with the description in
the manpage:

	-dSAFER
		Disables the "deletefile" and "renamefile" operators
		and the ability to open files in any mode other than
		read-only.  This strongly recommended for spoolers,
		conversion scripts or other sensitive environments
		where a badly written or malicious PostScript program
		code must be prevented from changing important files.

By contrast with bug#618530, this ".." check kicks in even for "gs -P".
That is:

	mkdir subdir
	man -t ls >ls.ps

	echo '(ls.ps) run' | gs;	# displays manpage.
	echo '(ls.ps) run' | gs -dSAFER;	# fails.
	echo '(ls.ps) run' | gs -P -dSAFER;	# displays manpage.

	cd subdir
	echo '(../ls.ps) run' | gs;	# displays manpage.
	echo '(../ls.ps) run' | gs -dSAFER;	# fails.
	echo '(../ls.ps) run' | gs -P -dSAFER;	# fails.