Package: passepartout / 0.7.1-1.1

Metadata

Package Version Patches format
passepartout 0.7.1-1.1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 Safe handling of gs calls with external eps files.patch | (download)

src/pptout/document/imageframe.cc | 13 12 + 1 - 0 !
src/pptout/postscriptviewent.cc | 4 2 + 2 - 0 !
2 files changed, 14 insertions(+), 3 deletions(-)

 [patch] safe handling of gs calls with external eps files

This removes the -dSAFE/-dSAFER option from the gs calls actually
rendering the EPS files. The generation in imageframe.cc did not work
previously and the -dSAFE option in postscriptviewent.cc had no effect.

Without the -dSAFER option passepartout is vulnerable to malicious EPS
files. This vulnerability is avoided by only allowing read access to the
EPS file being rendered and then locking the SAFER option.

Additionally this patch adds -P- to all gs calls to avoid reading
accidentially reading library files from the current directory. It also
adds -dSAFER to the call detecting the pngalpha driver.

0002 link order.patch | (download)

src/pptout/Makefile.am | 8 4 + 4 - 0 !
src/pptout/Makefile.in | 4 2 + 2 - 0 !
src/ps/Makefile.am | 4 2 + 2 - 0 !
src/ps/Makefile.in | 4 2 + 2 - 0 !
src/xml2ps/Makefile.am | 5 3 + 2 - 0 !
src/xml2ps/Makefile.in | 5 3 + 2 - 0 !
6 files changed, 16 insertions(+), 14 deletions(-)

---