Dear Jonas,
and that it will not be rudely and wrongly closed like #583183 ...
> Please post such info to the actual bug where it is relevant.
Cannot: bug is closed, archived.
> Other people read the bugreports too. If you post your complaints ...
> you may still help shift the agenda ...
On Thu, Aug 12, 2010 at 07:55:33AM +1000, paul.sz...@sydney.edu.au wrote:
Dear Jonas,
and that it will not be rudely and wrongly closed like #583183 was in
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=91;bug=583183
I disagree that the mass-filed bug was wrongly or rudely closed.
Hmm...
Dear Jonas,
>>and that it will not be rudely and wrongly closed like #583183 was in
>>http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=91;bug=583183
>
> I disagree that the mass-filed bug was wrongly or rudely closed.
Hmm... Maybe the closer could have had the courtesy to CC me (e.g. by
CCing #58
I just cherrypicked r11499, r11500, r11510, r11514 and r11515 to my
private (non debian) ghostscript installation. These should fix the
regressions mentioned in the upstream bug report. Works fine.
I already had cherrypicked r11352 (the backported version, see bug
584653), r11468+11494 (attach
On Wed, Aug 11, 2010 at 01:12:10PM +1000, paul.sz...@sydney.edu.au wrote:
Dear Jonas,
I think we should change the default to -dSAFER ...
I think the safest is to track it as a separate bug.
Following your advice, I have now opened bug #592569 .
Hoping I will not get abused for following su
Dear Jonas,
>>> I think we should change the default to -dSAFER ...
> I think the safest is to track it as a separate bug.
Following your advice, I have now opened bug #592569 .
Hoping I will not get abused for following such advice, as I got for
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug
On Tue, Aug 10, 2010 at 08:46:53AM +1000, paul.sz...@sydney.edu.au wrote:
Dear Moritz,
I think we should change the default to -dSAFER, but postpone it for
Squeeze+1. That is something which should be thoroughly tested in
unstable for a few months.
Thanks. Will this now be taken care of, or
Dear Moritz,
> I think we should change the default to -dSAFER, but postpone it for
> Squeeze+1. That is something which should be thoroughly tested in
> unstable for a few months.
Thanks. Will this now be taken care of, or should I open another "grave"
bug against ghostscript?
Thanks, Paul
Pau
On Mon, Aug 09, 2010 at 06:45:03AM +1000, paul.sz...@sydney.edu.au wrote:
> Is this a good time to ask to make -dSAFER the default? (Or should that
> be -dPARANOIDSAFER, does that still exist?)
There is at least one package in the archive where the maintainer
wrote that it breaks with -dSAFER (p
Seems this is now fixed upstream:
http://bugs.ghostscript.com/show_bug.cgi?id=691350#c19
I wonder if that fixes
http://bugs.debian.org/584653
also.
---
Is this a good time to ask to make -dSAFER the default? (Or should that
be -dPARANOIDSAFER, does that still exist?)
---
I find it pleasing that
Moritz Muehlenhoff wrote:
On Sat, Aug 07, 2010 at 11:19:06AM +0200, Markus Steinborn wrote:
Have there also been fixes to deal with the various regressions in
resource loading as described in
http://bugs.ghostscript.com/show_bug.cgi?id=691350 (Comment 17)
The svn commit message of r11510
On Sat, Aug 07, 2010 at 11:19:06AM +0200, Markus Steinborn wrote:
> Moritz Muehlenhoff wrote:
> >I looked into this during DebConf: We could modify the default load
> >behaviour by setting SEARCH_HERE_FIRST=0 in base/Makefile.in, but
> >this would cause regressions in applications calling Ghostscri
>> Yes. All those who wish to call gs in unsafe ways, can (should!)
>> explicitly use -P (and -NOSAFER).
> You surely ment "-dNOSAFER", not "-NOSAFEE".
Sorry, wrote that carelessly "from memory", without consulting the
oh-so-useless Debian man page. Yes, I did mean -dNOSAFER.
Cheers, Paul
Paul S
paul.sz...@sydney.edu.au wrote:
Yes. All those who wish to call gs in unsafe ways, can (should!)
explicitly use -P (and -NOSAFER).
You surely ment "-dNOSAFER", not "-NOSAFEE".
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Conta
Moritz Muehlenhoff wrote:
I looked into this during DebConf: We could modify the default load
behaviour by setting SEARCH_HERE_FIRST=0 in base/Makefile.in, but
this would cause regressions in applications calling Ghostscript:
Well, that's exactly what upstream will do with their next release
Dear Moritz,
> I looked into this during DebConf: We could modify the default ...
> but this would cause regressions ...
Yes. All those who wish to call gs in unsafe ways, can (should!)
explicitly use -P (and -NOSAFER). The alternative is to ensure all
Debian packages explicitly use -P-, but that
On Sat, Jun 05, 2010 at 01:11:22PM +0200, Bernhard R. Link wrote:
> Package: ghostscript
> Version: 8.62.dfsg.1-3.2
> Severity: grave
> Tags: security
>
> Ghostscript defaults to -P, that is to look for all files in the
> current directory first. As this means that especially gs_init.ps
> which is
Package: ghostscript
Version: 8.62.dfsg.1-3.2
Severity: grave
Tags: security
Ghostscript defaults to -P, that is to look for all files in the
current directory first. As this means that especially gs_init.ps
which is responsible for all security measures like honoring -dSAFER
can be replaced by a
18 matches
Mail list logo
