texlive[73804] Build/source/texk/web2c/luatexdir: LuaTeX: fixed

commits+lscarso at tug.org commits+lscarso at tug.org
Sun Feb 9 11:24:16 CET 2025 

Revision: 73804
          https://tug.org/svn/texlive?view=revision&revision=73804
Author:   lscarso
Date:     2025-02-09 11:24:16 +0100 (Sun, 09 Feb 2025)
Log Message:
-----------
LuaTeX: fixed shell-escape bypass (thanks to tex at maxchernoff.ca)

Modified Paths:
--------------
    trunk/Build/source/texk/web2c/luatexdir/ChangeLog
    trunk/Build/source/texk/web2c/luatexdir/lua/luainit.c
    trunk/Build/source/texk/web2c/luatexdir/luatex_svnversion.h

Modified: trunk/Build/source/texk/web2c/luatexdir/ChangeLog
===================================================================
--- trunk/Build/source/texk/web2c/luatexdir/ChangeLog	2025-02-09 08:50:06 UTC (rev 73803)
+++ trunk/Build/source/texk/web2c/luatexdir/ChangeLog	2025-02-09 10:24:16 UTC (rev 73804)
@@ -1,4 +1,8 @@
 2025-02-05 Luigi Scarso <luigi.scarso at gmail.com>
+	* fixed shell-escape bypass (thanks to tex at maxchernoff.ca)
+
+	
+2025-02-05 Luigi Scarso <luigi.scarso at gmail.com>
 	* add mathemptydisplaymode primitive, 
 	* fix nodes leak in end_graf (thanks to udifoglle at gmail.com)
 

Modified: trunk/Build/source/texk/web2c/luatexdir/lua/luainit.c
===================================================================
--- trunk/Build/source/texk/web2c/luatexdir/lua/luainit.c	2025-02-09 08:50:06 UTC (rev 73803)
+++ trunk/Build/source/texk/web2c/luatexdir/lua/luainit.c	2025-02-09 10:24:16 UTC (rev 73804)
@@ -733,6 +733,11 @@
 {
     const char *filename;
     const char *name;
+    if (!clua_loader_function) {
+        /*tex library not found in this path */
+        lua_pushliteral(L, "\n\t[C searcher requires unrestricted shell escape]");
+        return 1;
+    }
     if (safer_option) {
         /*tex library not found in this path */
         lua_pushliteral(L, "\n\t[C searcher disabled in safer mode]");
@@ -1240,6 +1245,9 @@
     /* the lua debug library is enabled if shell escape permits everything */
     if (shellenabledp && restrictedshell != 1) {
       luadebug_option = 1 ;      
+    } else {
+        luaL_unref(Luas, LUA_REGISTRYINDEX, clua_loader_function);
+        clua_loader_function = 0;
     }
     /*tex Here we load luatex-core.lua which takes care of some protection on demand. */
     if (load_luatex_core_lua(Luas)) {

Modified: trunk/Build/source/texk/web2c/luatexdir/luatex_svnversion.h
===================================================================
--- trunk/Build/source/texk/web2c/luatexdir/luatex_svnversion.h	2025-02-09 08:50:06 UTC (rev 73803)
+++ trunk/Build/source/texk/web2c/luatexdir/luatex_svnversion.h	2025-02-09 10:24:16 UTC (rev 73804)
@@ -1,4 +1,4 @@
 #ifndef luatex_svn_revision_h
 #define luatex_svn_revision_h
-#define luatex_svn_revision 7659
+#define luatex_svn_revision 7660
 #endif

More information about the tex-live-commits mailing list.