diff -ur xfig.3.2.5b/f_readeps.c xfig.3.2.5b.new/f_readeps.c
--- xfig.3.2.5b/f_readeps.c	2009-03-30 17:52:18.000000000 +0200
+++ xfig.3.2.5b.new/f_readeps.c	2010-11-25 16:53:54.328247928 +0100
@@ -252,12 +252,13 @@
 {
     char        buf[300];
     FILE       *tmpfp, *pixfile, *gsfile;
-    char       *psnam, *driver;
+    char       *driver;
     int         status, wid, ht, nbitmap, fd;
     char        tmpfile[PATH_MAX],
 		pixnam[PATH_MAX],
 		errnam[PATH_MAX],
-		gscom[2 * PATH_MAX];
+		gscom[2 * PATH_MAX],
+		psnam[PATH_MAX];
 
     wid = urx - llx;
     ht = ury - lly;
@@ -307,19 +308,14 @@
 	/* for color, use pcx */
 	driver = "pcx256";
     }
-    /* avoid absolute paths (for Cygwin with gswin32) by changing directory */
-    if (tmpfile[0] == '/') {
-	psnam = strrchr(tmpfile, '/');
-	*psnam = 0;
-	sprintf(gscom, "cd \"%s/\";", tmpfile);
-	*psnam++ = '/';		/* Restore name for unlink() below */
-    } else {
-	psnam = tmpfile;
-	gscom[0] = '\0';
+    /* Canonicalize the eps file filename, needed to "defeat" -dSAFER */
+    if (!realpath(tmpfile, psnam)) {
+	file_msg("Cannot canonicalize %s: %s\n", tmpfile, strerror(errno));
+	return False;
     }
-    sprintf(&gscom[strlen(gscom)],
-	    "%s -r72x72 -dSAFER -sDEVICE=%s -g%dx%d -sOutputFile=%s -q - > %s 2>&1",
-	    appres.ghostscript, driver, wid, ht, pixnam, errnam);
+    sprintf(gscom,
+	    "%s -r72x72 -sDEVICE=%s -g%dx%d -sOutputFile=%s -dDELAYSAFER -c '<< /PermitFileReading [ (%s)] >> setuserparams .locksafe' -dSAFER -q - > %s 2>&1",
+	    appres.ghostscript, driver, wid, ht, pixnam, psnam, errnam);
     if (appres.DEBUG)
 	fprintf(stderr,"calling: %s\n",gscom);
     if ((gsfile = popen(gscom, "w")) == 0) {