Hi all,
the newest version of Ghostscript arrived into rawhide and there is a
change in default behavior of ghostscript.
In the past Ghostscript Postscript interpreter allowed setting of output
device in the incoming Postscript file, which was one of sources of CVEs
in the past. This type of setting was usually discouraged practice and
setting via command line arguments is highly recommended.
With the new version, setting output device in the input file is
forbidden unless user defines allowed devices which can be set as output
device via argument '--permit-devices' (f.e.
--permit-devices="bit:ps2write").
Any application which depends on now forbidden behavior should add the
new argument to its GS invocation.
IMHO there are not many applications depending on the behavior, but I
wrote this HEADS-UP just in case.
Thank you for your attention and have a nice day!
Zdenek
--
Zdenek Dohnal
Senior Software Engineer
Red Hat, BRQ-TPBC
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue