texlive[66441] trunk: epstopdf (7mar23)

commits+karl at tug.org commits+karl at tug.org
Tue Mar 7 23:22:26 CET 2023 

Revision: 66441
          http://tug.org/svn/texlive?view=revision&revision=66441
Author:   karl
Date:     2023-03-07 23:22:26 +0100 (Tue, 07 Mar 2023)
Log Message:
-----------
epstopdf (7mar23)

Modified Paths:
--------------
    trunk/Build/source/texk/texlive/linked_scripts/epstopdf/epstopdf.pl
    trunk/Master/texmf-dist/doc/man/man1/epstopdf.1
    trunk/Master/texmf-dist/doc/man/man1/epstopdf.man1.pdf
    trunk/Master/texmf-dist/doc/man/man1/repstopdf.man1.pdf
    trunk/Master/texmf-dist/scripts/epstopdf/epstopdf.pl

Modified: trunk/Build/source/texk/texlive/linked_scripts/epstopdf/epstopdf.pl
===================================================================
--- trunk/Build/source/texk/texlive/linked_scripts/epstopdf/epstopdf.pl	2023-03-07 22:22:01 UTC (rev 66440)
+++ trunk/Build/source/texk/texlive/linked_scripts/epstopdf/epstopdf.pl	2023-03-07 22:22:26 UTC (rev 66441)
@@ -1,5 +1,5 @@
 #!/usr/bin/env perl
-# $Id: epstopdf.pl 64317 2022-09-08 01:25:27Z karl $
+# $Id: epstopdf.pl 66407 2023-03-06 23:44:49Z karl $
 # (Copyright lines below.)
 #
 # Redistribution and use in source and binary forms, with or without
@@ -35,7 +35,11 @@
 #
 # emacs-page
 #
-my $ver = "2.30";
+my $ver = "2.31";
+#  2023/03/06 v2.31 (Karl Berry)
+#    * disallow --nosafer in restricted mode.
+#    * disallow output to pipes in restricted mode.
+#    Report from nikolay.ermishkin to tlsecurity.
 #  2022/09/05 v2.30 (Siep Kroonenberg)
 #    * still use gswin32c if gswin64c.exe not on PATH.
 #  2022/08/29 v2.29 (Karl Berry)
@@ -193,9 +197,9 @@
 ### emacs-page
 ### program identification
 my $program = "epstopdf";
-my $ident = '($Id: epstopdf.pl 64317 2022-09-08 01:25:27Z karl $)' . " $ver";
+my $ident = '($Id: epstopdf.pl 66407 2023-03-06 23:44:49Z karl $)' . " $ver";
 my $copyright = <<END_COPYRIGHT ;
-Copyright 2009-2022 Karl Berry et al.
+Copyright 2009-2023 Karl Berry et al.
 Copyright 2002-2009 Gerben Wierda et al.
 Copyright 1998-2001 Sebastian Rahtz et al.
 License RBSD: Revised BSD <http://www.xfree86.org/3.3.6/COPYRIGHT2.html#5>
@@ -498,8 +502,9 @@
   my $mydirname = dirname $0;
   # $mydirname is the location of the Perl script
   $kpsewhich = "$mydirname/../../../bin/win32/$kpsewhich";
+  debug "Restricted Windows kpsewhich: $kpsewhich";
   $GS = "$mydirname/../../../tlpkg/tlgs/bin/$GS";
-  debug "restricted Windows gs: $GS";
+  debug "Restricted Windows gs: $GS";
 }
 debug "kpsewhich command: $kpsewhich";
 
@@ -512,7 +517,8 @@
   $option = '-safe-out-name' if $mode eq 'out';
   error "Unknown check mode in safe_name(): $mode" unless $option;
   my @args = ($kpsewhich, '-progname', 'repstopdf', $option, $name);
-  my $bad = system {$args[0]} @args;
+  debug "Checking safe_name with: @args";
+  my $bad = system { $args[0] } @args;
   return ! $bad;
 }
 
@@ -569,10 +575,21 @@
   }
 }
 
+### option (no)safer
+my $gs_opt_safer = "-dSAFER";
+if (! $::opt_safer) {
+  if ($restricted) {
+    error "Option forbidden in restricted mode: --nosafer";
+  } else {
+    debug "Switching from $gs_opt_safer to -dNOSAFER";
+    $gs_opt_safer = "--nosafer";
+  }
+}
+
 ### start building GS command line for the pipe
 my @GS = ($GS);
 push @GS, '-q' if $::opt_quiet;
-push @GS, $::opt_safer ? '-dSAFER' : '-dNOSAFER';
+push @GS, $gs_opt_safer;
 push @GS, '-dNOPAUSE';
 push @GS, '-dBATCH';
 push @GS, '-dCompatibilityLevel=1.5';
@@ -609,7 +626,13 @@
     $OutputFilename = "-";
   }
 }
-$OutputFilename =~ s/%/%%/g; # we will do the escaping for gs
+#
+# gs -sOutputFilename opens pipes itself if the string starts with
+# %pipe or |. Disallow this in restricted mode.
+if ($restricted && $OutputFilename =~ /^(%pipe|\|)/) {
+    error "Output to pipe forbidden in restricted mode: $OutputFilename";
+}
+$OutputFilename =~ s/%/%%/g; # stop gs interpretation of % characters
 debug "Output filename:", $OutputFilename;
 push @GS, "-sOutputFile=$OutputFilename";
 
@@ -737,6 +760,7 @@
   debug "No Ghostscript: opening $OutputFilename";
   if ($OutputFilename eq "-") {
     $OUT = *STDOUT;
+    $outname = "-";
   } else {
     open($OUT, '>', $OutputFilename)
     || error ("Cannot write \"$OutputFilename\": $!");
@@ -795,7 +819,7 @@
       debug "  No checksum";
     }
     else {
-      debug "  checksum: $checksum";
+      debug "  Checksum: $checksum";
       my $cs = 0;
       map { $cs ^= $_ } unpack('n14', $header);
       if ($cs != $checksum) {

Modified: trunk/Master/texmf-dist/doc/man/man1/epstopdf.1
===================================================================
--- trunk/Master/texmf-dist/doc/man/man1/epstopdf.1	2023-03-07 22:22:01 UTC (rev 66440)
+++ trunk/Master/texmf-dist/doc/man/man1/epstopdf.1	2023-03-07 22:22:26 UTC (rev 66441)
@@ -1,5 +1,5 @@
-.TH EPSTOPDF 1 "29 August 2022"
-.\" $Id: epstopdf.1 64235 2022-08-29 22:52:01Z karl $
+.TH EPSTOPDF 1 "6 March 2023"
+.\" $Id: epstopdf.1 66408 2023-03-06 23:45:51Z karl $
 .SH NAME
 epstopdf, repstopdf \- convert an EPS file to PDF
 .SH SYNOPSIS
@@ -62,7 +62,7 @@
 scan HiresBoundingBox (default: false).
 .IP "\fB--restricted\fP=\fIval\fP"
 turn on restricted mode (default: [true for repstopdf, else false]);
-this forbids the use of \fB--gscmd\fP and other options and imposes
+this forbids the use of \fB--gscmd\fP, among other options, and imposes
 restrictions on the input and output file names according to the values
 of openin_any and openout_any (see the Web2c manual, https://tug.org/web2c).
 On Windows, the Ghostscript command is forced to be the TeX Live builtin
@@ -108,12 +108,12 @@
 options \fB--gsopts\fP and \fB--gsopt.\fP
 .PP
 \fB--gsopts\fP takes a single string of options, which is split at
-whitespace, each resulting word then added to the gs command line
+whitespace; each resulting word then added to the gs command line
 individually.
 .PP
 \fB--gsopt\fP adds its argument as a single option to the gs command
-line.  It can be used multiple times to specify options separately,
-and is necessary if an option or its value contains whitespace.
+line.  It can be used multiple times to specify options separately.
+This must be used if a gs option or its value contains whitespace.
 .PP
 In restricted mode, options are limited to those with names and values
 known to be safe.  Some options taking booleans, integers or fixed
@@ -135,7 +135,7 @@
 .PP
 Example for \fBepstopdf\fP's attempt at correcting PostScript:
 .nf
-$program --nogs test.ps >testcorr.ps
+epstopdf --nogs test.ps >testcorr.ps
 .fi
 .PP
 In all cases, you can add \fB--debug\fP (\fB-d\fP) to see more about
@@ -144,9 +144,10 @@
 The case of "%%BoundingBox: (atend)" when input is not seekable (e.g.,
 from a pipe) is not supported.
 .PP
-Report bugs in the program or this man page to tex-k at tug.org.  When
-reporting bugs, please include an input file and the command line
-options specified, so the problem can be reproduced.
+Report bugs in the program or this man page to tex-k at tug.org
+(https://lists.tug.org/tex-k). When reporting bugs, please include an
+input file and the command line options specified, so the problem can be
+reproduced.
 .SH SEE ALSO
 \fBgs\fP(1),
 \fBpdfcrop\fP(1).
@@ -163,3 +164,6 @@
 epstopdf home page: https://tug.org/epstopdf.
 .PP
 You may freely use, modify and/or distribute this man page.
+The epstopdf script is released under a modified BSD license.
+.PP
+$Id: epstopdf.1 66408 2023-03-06 23:45:51Z karl $

Modified: trunk/Master/texmf-dist/doc/man/man1/epstopdf.man1.pdf
===================================================================
(Binary files differ)

Modified: trunk/Master/texmf-dist/doc/man/man1/repstopdf.man1.pdf
===================================================================
(Binary files differ)

Modified: trunk/Master/texmf-dist/scripts/epstopdf/epstopdf.pl
===================================================================
--- trunk/Master/texmf-dist/scripts/epstopdf/epstopdf.pl	2023-03-07 22:22:01 UTC (rev 66440)
+++ trunk/Master/texmf-dist/scripts/epstopdf/epstopdf.pl	2023-03-07 22:22:26 UTC (rev 66441)
@@ -1,5 +1,5 @@
 #!/usr/bin/env perl
-# $Id: epstopdf.pl 64317 2022-09-08 01:25:27Z karl $
+# $Id: epstopdf.pl 66407 2023-03-06 23:44:49Z karl $
 # (Copyright lines below.)
 #
 # Redistribution and use in source and binary forms, with or without
@@ -35,7 +35,11 @@
 #
 # emacs-page
 #
-my $ver = "2.30";
+my $ver = "2.31";
+#  2023/03/06 v2.31 (Karl Berry)
+#    * disallow --nosafer in restricted mode.
+#    * disallow output to pipes in restricted mode.
+#    Report from nikolay.ermishkin to tlsecurity.
 #  2022/09/05 v2.30 (Siep Kroonenberg)
 #    * still use gswin32c if gswin64c.exe not on PATH.
 #  2022/08/29 v2.29 (Karl Berry)
@@ -193,9 +197,9 @@
 ### emacs-page
 ### program identification
 my $program = "epstopdf";
-my $ident = '($Id: epstopdf.pl 64317 2022-09-08 01:25:27Z karl $)' . " $ver";
+my $ident = '($Id: epstopdf.pl 66407 2023-03-06 23:44:49Z karl $)' . " $ver";
 my $copyright = <<END_COPYRIGHT ;
-Copyright 2009-2022 Karl Berry et al.
+Copyright 2009-2023 Karl Berry et al.
 Copyright 2002-2009 Gerben Wierda et al.
 Copyright 1998-2001 Sebastian Rahtz et al.
 License RBSD: Revised BSD <http://www.xfree86.org/3.3.6/COPYRIGHT2.html#5>
@@ -498,8 +502,9 @@
   my $mydirname = dirname $0;
   # $mydirname is the location of the Perl script
   $kpsewhich = "$mydirname/../../../bin/win32/$kpsewhich";
+  debug "Restricted Windows kpsewhich: $kpsewhich";
   $GS = "$mydirname/../../../tlpkg/tlgs/bin/$GS";
-  debug "restricted Windows gs: $GS";
+  debug "Restricted Windows gs: $GS";
 }
 debug "kpsewhich command: $kpsewhich";
 
@@ -512,7 +517,8 @@
   $option = '-safe-out-name' if $mode eq 'out';
   error "Unknown check mode in safe_name(): $mode" unless $option;
   my @args = ($kpsewhich, '-progname', 'repstopdf', $option, $name);
-  my $bad = system {$args[0]} @args;
+  debug "Checking safe_name with: @args";
+  my $bad = system { $args[0] } @args;
   return ! $bad;
 }
 
@@ -569,10 +575,21 @@
   }
 }
 
+### option (no)safer
+my $gs_opt_safer = "-dSAFER";
+if (! $::opt_safer) {
+  if ($restricted) {
+    error "Option forbidden in restricted mode: --nosafer";
+  } else {
+    debug "Switching from $gs_opt_safer to -dNOSAFER";
+    $gs_opt_safer = "--nosafer";
+  }
+}
+
 ### start building GS command line for the pipe
 my @GS = ($GS);
 push @GS, '-q' if $::opt_quiet;
-push @GS, $::opt_safer ? '-dSAFER' : '-dNOSAFER';
+push @GS, $gs_opt_safer;
 push @GS, '-dNOPAUSE';
 push @GS, '-dBATCH';
 push @GS, '-dCompatibilityLevel=1.5';
@@ -609,7 +626,13 @@
     $OutputFilename = "-";
   }
 }
-$OutputFilename =~ s/%/%%/g; # we will do the escaping for gs
+#
+# gs -sOutputFilename opens pipes itself if the string starts with
+# %pipe or |. Disallow this in restricted mode.
+if ($restricted && $OutputFilename =~ /^(%pipe|\|)/) {
+    error "Output to pipe forbidden in restricted mode: $OutputFilename";
+}
+$OutputFilename =~ s/%/%%/g; # stop gs interpretation of % characters
 debug "Output filename:", $OutputFilename;
 push @GS, "-sOutputFile=$OutputFilename";
 
@@ -737,6 +760,7 @@
   debug "No Ghostscript: opening $OutputFilename";
   if ($OutputFilename eq "-") {
     $OUT = *STDOUT;
+    $outname = "-";
   } else {
     open($OUT, '>', $OutputFilename)
     || error ("Cannot write \"$OutputFilename\": $!");
@@ -795,7 +819,7 @@
       debug "  No checksum";
     }
     else {
-      debug "  checksum: $checksum";
+      debug "  Checksum: $checksum";
       my $cs = 0;
       map { $cs ^= $_ } unpack('n14', $header);
       if ($cs != $checksum) {

More information about the tex-live-commits mailing list.