[Debian-tex-commits] SVN tex-common commit + diffs: r4812 - in tex-common/trunk: conf/texmf.d debian debian/po

Norbert Preining preining at alioth.debian.org
Wed Mar 23 00:43:43 UTC 2011 

Author: preining
Date: 2011-03-23 00:43:41 +0000 (Wed, 23 Mar 2011)
New Revision: 4812

Modified:
   tex-common/trunk/conf/texmf.d/95NonPath.cnf
   tex-common/trunk/debian/changelog
   tex-common/trunk/debian/control
   tex-common/trunk/debian/po/da.po
Log:
- update da.po
- bump standards version
- disable shell_escape completely, fix for DSA-2198-1, CVE-2011-1400


Modified: tex-common/trunk/conf/texmf.d/95NonPath.cnf
===================================================================
--- tex-common/trunk/conf/texmf.d/95NonPath.cnf	2011-03-18 13:22:21 UTC (rev 4811)
+++ tex-common/trunk/conf/texmf.d/95NonPath.cnf	2011-03-23 00:43:41 UTC (rev 4812)
@@ -45,19 +45,11 @@
 % commands listed in shell_escape_commands are allowed.  Although this
 % is not fully secure either, it is much better, and so useful that we
 % enable it for everything but bare tex.
-shell_escape = p
+shell_escape = f
 
-% Special: convert is the standard command name for ImageMagick, but it
-% is also the name of a dangerous filesystem-changing command on
-% Windows.  So enable imgconvert (used in w32tex), but not convert.
-
 % No spaces in this command list.
 shell_escape_commands = \
-bibtex,bibtex8,dvips,epstopdf,epspdf,etex,fc-match,\
-imgconvert,\
-kpsewhich,makeindex,mkgrkindex,\
-pdfluatex,ps2pdf,ps4pdf,pstopdf,pygmentize,\
-rpdfcrop,texindy,xindy,ulqda\
+false
 
 % plain TeX should remain unenhanced.
 shell_escape.tex = f

Modified: tex-common/trunk/debian/changelog
===================================================================
--- tex-common/trunk/debian/changelog	2011-03-18 13:22:21 UTC (rev 4811)
+++ tex-common/trunk/debian/changelog	2011-03-23 00:43:41 UTC (rev 4812)
@@ -1,12 +1,13 @@
 tex-common (2.09) unstable; urgency=low
 
-  * UNRELEASED
   * fix creation of ls-R files in /usr/local/share/texmf by updmap-sys
     which is called in the trigger section of tex-common's postinst.
     This fixes a policy violation. (Closes: #607857)
   * update Danish translation (Closes: #608423)
+  * disable shell escape completely (fix for CVE-2011-1400, DSA-2198-1)
+  * bump standards version to 3.9.1, no changes necessary
 
- -- Norbert Preining <preining at debian.org>  Sun, 02 Jan 2011 16:57:39 +0900
+ -- Norbert Preining <preining at debian.org>  Wed, 23 Mar 2011 09:42:02 +0900
 
 tex-common (2.08) unstable; urgency=low
 

Modified: tex-common/trunk/debian/control
===================================================================
--- tex-common/trunk/debian/control	2011-03-18 13:22:21 UTC (rev 4811)
+++ tex-common/trunk/debian/control	2011-03-23 00:43:41 UTC (rev 4812)
@@ -5,7 +5,7 @@
 Uploaders: Julian Gilbey <jdg at debian.org>, C.M. Connelly <cmc at debian.org>, Atsuhito KOHDA <kohda at debian.org>, Frank Küster <frank at debian.org>, Florent Rougon <frn at debian.org>, Norbert Preining <preining at debian.org>
 Build-Depends: debhelper (>= 5.0.0), po-debconf
 Build-Depends-Indep: debiandoc-sgml, eperl
-Standards-Version: 3.8.4
+Standards-Version: 3.9.1
 Vcs-Svn: svn://svn.debian.org/svn/debian-tex/tex-common/trunk
 Vcs-Browser: http://svn.debian.org/wsvn/debian-tex/tex-common/trunk/
 

Modified: tex-common/trunk/debian/po/da.po
===================================================================
--- tex-common/trunk/debian/po/da.po	2011-03-18 13:22:21 UTC (rev 4811)
+++ tex-common/trunk/debian/po/da.po	2011-03-23 00:43:41 UTC (rev 4812)
@@ -12,6 +12,7 @@
 "PO-Revision-Date: 2010-12-30 19:25+0200\n"
 "Last-Translator: Joe Hansen <joedalton2 at yahoo.dk>\n"
 "Language-Team: Danish <debian-l10n-danish at lists.debian.org>\n"
+"Language: da\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
@@ -45,9 +46,9 @@
 "${filename} that is provided by the package should be available as "
 "${filename}.ucf-dist."
 msgstr ""
-"TeX vil ikke fungere før, at konfigurationsfilerne er rettet. Den udgave "
-"af ${filename}, som følger med pakken, skulle være tilgængelig som "
-"${filename}.ucf-dist."
+"TeX vil ikke fungere før, at konfigurationsfilerne er rettet. Den udgave af "
+"${filename}, som følger med pakken, skulle være tilgængelig som ${filename}."
+"ucf-dist."
 
 #. Type: error
 #. Description
@@ -70,5 +71,3 @@
 "An essential entry is invalid in ${filename}: ${variable} does not contain:"
 msgstr ""
 "En essentiel linje er ugyldig i ${filename}: ${variable} indeholder ikke:"
-
-

More information about the Debian-tex-commits mailing list