texlive[42625] Build/source/texk/web2c: mplibdir: sync with the

commits+kakuto at tug.org commits+kakuto at tug.org
Sat Dec 3 00:00:23 CET 2016 

Revision: 42625
          http://tug.org/svn/texlive?view=revision&revision=42625
Author:   kakuto
Date:     2016-12-03 00:00:22 +0100 (Sat, 03 Dec 2016)
Log Message:
-----------
mplibdir: sync with the upstream: introduce restricted mode

Modified Paths:
--------------
    trunk/Build/source/texk/web2c/mplibdir/mpost.w
    trunk/Build/source/texk/web2c/pmpostdir/ChangeLog
    trunk/Build/source/texk/web2c/pmpostdir/pmpost.ch

Modified: trunk/Build/source/texk/web2c/mplibdir/mpost.w
===================================================================
--- trunk/Build/source/texk/web2c/mplibdir/mpost.w	2016-12-02 22:57:37 UTC (rev 42624)
+++ trunk/Build/source/texk/web2c/mplibdir/mpost.w	2016-12-02 23:00:22 UTC (rev 42625)
@@ -48,6 +48,7 @@
 static int dvitomp_only = 0;
 static int ini_version_test = false;
 string output_directory;     /* Defaults to NULL.  */
+static boolean restricted_mode = false;
 
 @<getopt structures@>;
 @<Declarations@>;
@@ -111,6 +112,9 @@
   int dontchange = 0;
 #endif
 
+  if (restricted_mode)
+    return;
+
   sdone = ddone = false;
   edit_value = kpse_var_value ("MPEDIT");
   if (edit_value == NULL)
@@ -332,6 +336,10 @@
 static int mpost_run_make_mpx (MP mp, char *mpname, char *mpxname) {
   int ret;
   char *cnf_cmd = kpse_var_value ("MPXCOMMAND");
+  if (restricted_mode) {
+    /* In the restricted mode, just return success */
+    return 0;
+  }
   if (cnf_cmd != NULL && (strcmp (cnf_cmd, "0")==0)) {
     /* If they turned off this feature, just return success.  */
     ret = 0;
@@ -813,6 +821,7 @@
       { "progname",                  1, 0, 0 },
       { "version",                   0, 0, 0 },
       { "recorder",                  0, &recorder_enabled, 1 },
+      { "restricted",                0, 0, 0 },
       { "file-line-error-style",     0, 0, 0 },
       { "no-file-line-error-style",  0, 0, 0 },
       { "file-line-error",           0, 0, 0 },
@@ -894,11 +903,15 @@
       } else {
         fprintf(stdout,"Ignoring unknown argument `%s' to --numbersystem\n", optarg);
       }
+    } else if (ARGUMENT_IS ("restricted")) {
+      restricted_mode = true;
+      mpost_tex_program = NULL;
     } else if (ARGUMENT_IS("troff") || 
                ARGUMENT_IS("T")) {
       options->troff_mode = (int)true;
     } else if (ARGUMENT_IS ("tex")) {
-      mpost_tex_program = optarg;
+      if (!restricted_mode)
+        mpost_tex_program = optarg;
     } else if (ARGUMENT_IS("file-line-error") || 
                ARGUMENT_IS("file-line-error-style")) {
       options->file_line_error_style=true;
@@ -1014,6 +1027,7 @@
 "                            the bits of NUMBER\n"
 "  -mem=MEMNAME or &MEMNAME  use MEMNAME instead of program name or a %%& line\n"
 "  -recorder                 enable filename recorder\n"
+"  -restricted               be secure: disable tex, makempx and editor commands\n"
 "  -troff                    set prologues:=1 and assume TEXPROGRAM is really troff\n"
 "  -s INTERNAL=\"STRING\"      set internal INTERNAL to the string value STRING\n"
 "  -s INTERNAL=NUMBER        set internal INTERNAL to the integer value NUMBER\n"
@@ -1368,6 +1382,10 @@
   options->print_found_names = (int)true;
   {
     const char *base = cleaned_invocation_name(argv[0]);
+    if (FILESTRCASEEQ(base, "rmpost")){
+      base++;
+      restricted_mode = true;
+    }
     if (FILESTRCASEEQ(base, "dvitomp"))
       dvitomp_only=1;
   }
@@ -1400,7 +1418,9 @@
   if (!nokpse) {
     kpse_set_program_enabled (kpse_mem_format, MAKE_TEX_FMT_BY_DEFAULT,
                               kpse_src_compile);
-    kpse_set_program_name(argv[0], user_progname);  
+    kpse_set_program_name(argv[0], user_progname);
+    if (FILESTRCASEEQ(kpse_program_name, "rmpost"))
+      kpse_program_name++;
   }
   @= /*@@=nullpass@@*/ @> 
   if(putenv(xstrdup("engine=metapost")))

Modified: trunk/Build/source/texk/web2c/pmpostdir/ChangeLog
===================================================================
--- trunk/Build/source/texk/web2c/pmpostdir/ChangeLog	2016-12-02 22:57:37 UTC (rev 42624)
+++ trunk/Build/source/texk/web2c/pmpostdir/ChangeLog	2016-12-02 23:00:22 UTC (rev 42625)
@@ -1,3 +1,7 @@
+2016-12-02  Akira Kakuto  <kakuto at fuk.kindai.ac.jp>
+
+	* pmpost.ch: Adapt to the restricted mode in the latest mpost.w.
+
 2016-03-06  Akira Kakuto  <kakuto at fuk.kindai.ac.jp>
 
 	* pmp.ch: Adapt to MetaPost 1.9991.

Modified: trunk/Build/source/texk/web2c/pmpostdir/pmpost.ch
===================================================================
--- trunk/Build/source/texk/web2c/pmpostdir/pmpost.ch	2016-12-02 22:57:37 UTC (rev 42624)
+++ trunk/Build/source/texk/web2c/pmpostdir/pmpost.ch	2016-12-02 23:00:22 UTC (rev 42625)
@@ -244,6 +244,12 @@
 @z
 
 @x
+    if (FILESTRCASEEQ(base, "rmpost")){
+ at y
+    if (FILESTRCASEEQ(base, "r" P_UP "mpost")){
+ at z
+
+ at x
     if (FILESTRCASEEQ(base, "dvitomp"))
 @y
     if (FILESTRCASEEQ(base, P_UP "dvitomp"))
@@ -270,16 +276,15 @@
   if (dvitomp_only) {
     @<Read and set dvitomp command line options@>;
   } else {
-#ifdef WIN32
-    options->mem_name =
-      strlwr(kpse_program_basename(argv[0]));
-#else
-    options->mem_name =
-      kpse_program_basename(argv[0]);
-#endif
 @z
 
 @x
+    if (FILESTRCASEEQ(kpse_program_name, "rmpost"))
+ at y
+    if (FILESTRCASEEQ(kpse_program_name, "r" P_UP "mpost"))
+ at z
+
+ at x
   if(putenv(xstrdup("engine=metapost")))
 @y
   if(putenv(xstrdup("engine=" P_UP "mpost")))

More information about the tex-live-commits mailing list