texlive[71650] Build/source/texk/kpathsea: Revert "no extractbb in
commits+ascherer at tug.org
commits+ascherer at tug.org
Sat Jun 29 11:38:22 CEST 2024
Revision: 71650
https://tug.org/svn/texlive?view=revision&revision=71650
Author: ascherer
Date: 2024-06-29 11:38:21 +0200 (Sat, 29 Jun 2024)
Log Message:
-----------
Revert "no extractbb in restricted mode"
This reverts commit 4a4953dff0442ef6dda2f762209eac1eec038ace.
Modified Paths:
--------------
trunk/Build/source/texk/kpathsea/ChangeLog
trunk/Build/source/texk/kpathsea/texmf.cnf
Modified: trunk/Build/source/texk/kpathsea/ChangeLog
===================================================================
--- trunk/Build/source/texk/kpathsea/ChangeLog 2024-06-29 09:37:07 UTC (rev 71649)
+++ trunk/Build/source/texk/kpathsea/ChangeLog 2024-06-29 09:38:21 UTC (rev 71650)
@@ -1,7 +1,3 @@
-2024-06-29 Karl Berry <karl at tug.org>
-
- * texmf.cnf (shell_escape_commands): remove extractbb.
-
2024-06-04 Karl Berry <karl at freefriends.org>
* texmf.cnf (MKTEXPK, etc.): adjust values shown to the
Modified: trunk/Build/source/texk/kpathsea/texmf.cnf
===================================================================
--- trunk/Build/source/texk/kpathsea/texmf.cnf 2024-06-29 09:37:07 UTC (rev 71649)
+++ trunk/Build/source/texk/kpathsea/texmf.cnf 2024-06-29 09:38:21 UTC (rev 71650)
@@ -649,6 +649,7 @@
%
shell_escape_commands = \
bibtex,bibtex8,\
+extractbb,\
gregorio,\
kpsewhich,\
l3sys-query,\
@@ -659,8 +660,7 @@
r-mpost,\
texosquery-jre8,\
-% other programs considered:
-% extractbb - allowed in the past, but can be exploited.
+% we'd like to allow:
% dvips - but external commands can be executed, need at least -R1.
% epspdf, ps2pdf, pstopdf - need to respect openout_any,
% and gs -dSAFER must be used and check for shell injection with filenames.
More information about the tex-live-commits
mailing list.