texlive[41286] Build/source/extra/epstopdf: disallow --device in

commits+karl at tug.org commits+karl at tug.org
Sat May 28 19:39:04 CEST 2016


Revision: 41286
          http://tug.org/svn/texlive?view=revision&revision=41286
Author:   karl
Date:     2016-05-28 19:39:04 +0200 (Sat, 28 May 2016)
Log Message:
-----------
disallow --device in restricted mode.
(@restricted_devlist, @restricted_devlist_ext, %restricted_devlist):
  remove the painful-to-maintain list of allowed devices.
http://tug.org/pipermail/tex-live/2016-February/037738.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797537

Modified Paths:
--------------
    trunk/Build/source/extra/epstopdf/Makefile
    trunk/Build/source/extra/epstopdf/epstopdf.1
    trunk/Build/source/extra/epstopdf/epstopdf.pl

Modified: trunk/Build/source/extra/epstopdf/Makefile
===================================================================
--- trunk/Build/source/extra/epstopdf/Makefile	2016-05-24 22:38:54 UTC (rev 41285)
+++ trunk/Build/source/extra/epstopdf/Makefile	2016-05-28 17:39:04 UTC (rev 41286)
@@ -12,15 +12,20 @@
 # making sure we don't crash.
 check: check-help check-version \
        check-help-r \
+       check-atend \
+       check-binary check-bin2 \
+       check-binhdr-lf check-binhdr-cr check-binhdr-crlf \
+       check-gscmd check-gsopt check-gsopts \
+       check-filter check-filter-outfile \
+       check-gscmd \
        check-nogs \
+       check-percent \
+       check-restricted-device \
        check-restricted-gscmd \
-       check-gscmd check-gsopt check-gsopts \
-       check-filter check-filter-outfile check-write-error check-gscmd \
        check-restricted-safe-in check-restricted-safe-out \
-       check-simple check-atend check-binary check-bin2 \
-       check-binhdr-lf check-binhdr-cr check-binhdr-crlf \
-       check-percent \
-       check-tn5002 #check-floral
+       check-simple \
+       check-tn5002 \
+       check-write-error \
 
 check-help:
 	$(e2p) --help
@@ -39,6 +44,9 @@
 $(re2p_script):
 	ln -s $(prg).pl $@
 
+check-restricted-device:
+	! $(re2p) --device=unsafe test-simple.eps
+
 check-restricted-gscmd:
 	! $(re2p) --gscmd=/bin/unsafe test-simple.eps
 	! $(re2p) --gscmd=unsafe test-simple.eps

Modified: trunk/Build/source/extra/epstopdf/epstopdf.1
===================================================================
--- trunk/Build/source/extra/epstopdf/epstopdf.1	2016-05-24 22:38:54 UTC (rev 41285)
+++ trunk/Build/source/extra/epstopdf/epstopdf.1	2016-05-28 17:39:04 UTC (rev 41286)
@@ -1,4 +1,4 @@
-.TH EPSTOPDF 1 "17 January 2014"
+.TH EPSTOPDF 1 "28 May 2016"
 .\" $Id$
 .SH NAME
 epstopdf, repstopdf \- convert an EPS file to PDF
@@ -22,8 +22,7 @@
 .SH OPTIONS
 Options may start with either "\fB-\fP" or "\fB--\fP", and may be
 unambiguously abbreviated.  It is best to use the full option name in
-scripts, though, to avoid possible collisions with new options in the
-future.
+scripts to avoid possible collisions with new options in the future.
 .PP
 General script options:
 .IP "\fB--help\fP
@@ -68,8 +67,7 @@
 .IP "\fB--\fP[\fBno\fP]\fBcompress\fP"
 use compression in the output (default: on).
 .IP "\fB--device\fP=\fIdev\fP"
-use -sDEVICE=\fIdev\fP (default: pdfwrite); not all devices are allowed
-in restricted mode.
+use -sDEVICE=\fIdev\fP (default: pdfwrite); not allowed in restricted mode.
 .IP "\fB--\fP[\fBno\fP]\fBembed\fP"
 embed fonts (default: on).
 .IP "\fB--pdfsettings\fP=\fIval\fP"
@@ -97,11 +95,11 @@
 and is necessary if an option or its value contains whitespace.
 .PP
 In restricted mode, options are limited to those with names and values
-known to be safe; some options taking booleans, integers or fixed
+known to be safe.  Some options taking booleans, integers or fixed
 names are allowed, those taking general strings are not.
 
 .SH EXAMPLES
-Examples all equivalently converting `test.eps' to `test.pdf':
+These examples all equivalently convert `test.eps' to `test.pdf':
 .nf
 epstopdf test.eps
 cat test.eps | epstopdf --filter >test.pdf
@@ -113,7 +111,7 @@
 epstopdf --hires test.eps
 .fi
 .PP
-Example for producing \fBepstopdf\fP's attempt at corrected PostScript:
+Example for \fBepstopdf\fP's attempt at correcting PostScript:
 .nf
 $program --nogs test.ps >testcorr.ps
 .fi

Modified: trunk/Build/source/extra/epstopdf/epstopdf.pl
===================================================================
--- trunk/Build/source/extra/epstopdf/epstopdf.pl	2016-05-24 22:38:54 UTC (rev 41285)
+++ trunk/Build/source/extra/epstopdf/epstopdf.pl	2016-05-28 17:39:04 UTC (rev 41286)
@@ -37,6 +37,9 @@
 my $ver = "2.23";
 
 # History
+#  2016// (Karl Berry)
+#    * disallow --device completely in restricted mode,
+#      to avoid maintenance of device list.
 #  2015/01/22 v2.23 (Karl Berry)
 #    * use # instead of = to placate msys; report from KUROKI Yusuke,
 #      tex-k mail 20 Jan 2015 12:40:16.
@@ -199,7 +202,7 @@
 $::opt_autorotate = "None";
 $::opt_compress = 1;
 $::opt_debug = 0;
-$::opt_device= $default_device;
+$::opt_device = $default_device;
 $::opt_embed = 1;
 $::opt_exact = 0;
 $::opt_filter = 0;
@@ -315,32 +318,11 @@
 # In any case not suitable for restricted:
 # -dDOPS
 
-### restricted devices
-# More or less copied from ghostscript's configure:
-# BMP_DEVS, JPEG_DEVS, PNG_DEVS, TIFF_DEVS, PCX_DEVS, PBM_DEVS
-# PS_DEVS (without text devices)
-my @restricted_devlist = ($default_device);
-my @restricted_devlist_ext = qw[
-  bmpmono bmpgray bmpsep1 bmpsep8 bmp16 bmp256 bmp16m bmp32b
-  jpeg jpeggray jpegcmyk
-  pbm pbmraw pgm pgmraw pgnm pgnmraw pnm pnmraw ppm ppmraw
-    pkm pkmraw pksm pksmraw pam pamcmyk4 pamcmyk32 plan plang
-    planm planc plank
-  pcxmono pcxgray pcx16 pcx256 pcx24b pcxcmyk pcx2up
-  png16 png16m png256 png48 pngalpha pnggray pngmono
-  psdf psdcmyk psdrgb pdfwrite pswrite ps2write epswrite psgray psmono psrgb
-  tiffs tiff12nc tiff24nc tiff48nc tiff32nc tiff64nc tiffcrle tifflzw
-    tiffpack tiffgray tiffsep tiffsep1 tiffscaled tiffscaled8 tiffscaled24
-  svg svgwrite
-];
-push (@restricted_devlist, @restricted_devlist_ext);
-my %restricted_devlist = ( map {$_, 1} @restricted_devlist );
-
 ### usage
 my @bool = ("false", "true");
 my $resmsg = $::opt_res ? $::opt_res : "[use gs default]";
 my $rotmsg = $::opt_autorotate ? $::opt_autorotate : "[use gs default]";
-my $defgsopts = "-q -dNOPAUSE -sDEVICE=pdfwrite";
+
 my $usage = <<"END_OF_USAGE";
 ${title}Usage: $program [OPTION]... [EPSFILE]
 
@@ -407,7 +389,7 @@
     It can be used multiple times to specify options separately,
     and is necessary if an option or its value contains whitespace.
   In restricted mode, options are limited to those with names and values
-    known to be safe; some options taking booleans, integers or fixed
+    known to be safe.  Some options taking booleans, integers or fixed
     names are allowed, those taking general strings are not.
 
 All options to epstopdf may start with either - or --, and may be
@@ -514,8 +496,7 @@
 }
 
 ### emacs-page
-### start building GS command line for the pipe
-### take --safer and --gsopts into account
+### building the gs invocation.
 
 ### option gscmd
 if ($::opt_gscmd) {
@@ -534,12 +515,14 @@
 push @GS, '-dNOPAUSE';
 push @GS, '-dBATCH';
 
-if ($::opt_device and $restricted and
-    not $restricted_devlist{$::opt_device}) {
-  error "Option forbidden in restricted mode: --device=$::opt_device";
-  $::opt_device = '';
+### option device
+if ($::opt_device) {
+  if ($restricted) {
+    error "Option forbidden in restricted mode: --device";
+  } else {
+    debug "Switching from $default_device to $::opt_device";
+  }
 }
-$::opt_device = $default_device unless $::opt_device;
 push @GS, "-sDEVICE=$::opt_device";
 
 ### option outfile



More information about the tex-live-commits mailing list