texlive[71651] Build/source/texk/kpathsea: Redo "no extractbb in
commits+ascherer at tug.org
commits+ascherer at tug.org
Sat Jun 29 11:45:11 CEST 2024
Revision: 71651
https://tug.org/svn/texlive?view=revision&revision=71651
Author: ascherer
Date: 2024-06-29 11:45:11 +0200 (Sat, 29 Jun 2024)
Log Message:
-----------
Redo "no extractbb in restricted mode".
Sorry, I reverted the wrong commit.
Modified Paths:
--------------
trunk/Build/source/texk/kpathsea/ChangeLog
trunk/Build/source/texk/kpathsea/texmf.cnf
Modified: trunk/Build/source/texk/kpathsea/ChangeLog
===================================================================
--- trunk/Build/source/texk/kpathsea/ChangeLog 2024-06-29 09:38:21 UTC (rev 71650)
+++ trunk/Build/source/texk/kpathsea/ChangeLog 2024-06-29 09:45:11 UTC (rev 71651)
@@ -1,3 +1,7 @@
+2024-06-29 Karl Berry <karl at tug.org>
+
+ * texmf.cnf (shell_escape_commands): remove extractbb.
+
2024-06-04 Karl Berry <karl at freefriends.org>
* texmf.cnf (MKTEXPK, etc.): adjust values shown to the
Modified: trunk/Build/source/texk/kpathsea/texmf.cnf
===================================================================
--- trunk/Build/source/texk/kpathsea/texmf.cnf 2024-06-29 09:38:21 UTC (rev 71650)
+++ trunk/Build/source/texk/kpathsea/texmf.cnf 2024-06-29 09:45:11 UTC (rev 71651)
@@ -649,7 +649,6 @@
%
shell_escape_commands = \
bibtex,bibtex8,\
-extractbb,\
gregorio,\
kpsewhich,\
l3sys-query,\
@@ -660,6 +659,8 @@
r-mpost,\
texosquery-jre8,\
+% other programs considered:
+% extractbb - allowed in the past, but can be exploited.
% we'd like to allow:
% dvips - but external commands can be executed, need at least -R1.
% epspdf, ps2pdf, pstopdf - need to respect openout_any,
More information about the tex-live-commits
mailing list.