[Debian-tex-commits] SVN tex-common commit + diffs: r4824 - in tex-common/branches/squeeze: conf/texmf.d debian

Norbert Preining preining at alioth.debian.org
Thu Mar 24 23:58:50 UTC 2011 

Author: preining
Date: 2011-03-24 23:58:46 +0000 (Thu, 24 Mar 2011)
New Revision: 4824

Modified:
   tex-common/branches/squeeze/conf/texmf.d/95NonPath.cnf
   tex-common/branches/squeeze/debian/changelog
Log:
commit the security release for squeeze


Modified: tex-common/branches/squeeze/conf/texmf.d/95NonPath.cnf
===================================================================
--- tex-common/branches/squeeze/conf/texmf.d/95NonPath.cnf	2011-03-24 14:22:47 UTC (rev 4823)
+++ tex-common/branches/squeeze/conf/texmf.d/95NonPath.cnf	2011-03-24 23:58:46 UTC (rev 4824)
@@ -45,19 +45,11 @@
 % commands listed in shell_escape_commands are allowed.  Although this
 % is not fully secure either, it is much better, and so useful that we
 % enable it for everything but bare tex.
-shell_escape = p
+shell_escape = f
 
-% Special: convert is the standard command name for ImageMagick, but it
-% is also the name of a dangerous filesystem-changing command on
-% Windows.  So enable imgconvert (used in w32tex), but not convert.
-
 % No spaces in this command list.
 shell_escape_commands = \
-bibtex,bibtex8,dvips,epstopdf,epspdf,etex,fc-match,\
-imgconvert,\
-kpsewhich,makeindex,mkgrkindex,\
-pdfluatex,ps2pdf,ps4pdf,pstopdf,pygmentize,\
-rpdfcrop,texindy,xindy,ulqda\
+false
 
 % plain TeX should remain unenhanced.
 shell_escape.tex = f

Modified: tex-common/branches/squeeze/debian/changelog
===================================================================
--- tex-common/branches/squeeze/debian/changelog	2011-03-24 14:22:47 UTC (rev 4823)
+++ tex-common/branches/squeeze/debian/changelog	2011-03-24 23:58:46 UTC (rev 4824)
@@ -1,3 +1,9 @@
+tex-common (2.08.1) stable-security; urgency=high
+
+  * disable shell_escape completely
+
+ -- Norbert Preining <preining at debian.org>  Fri, 18 Feb 2011 02:12:16 +0900
+
 tex-common (2.08) unstable; urgency=low
 
   * include again 80DVIPDFMx.cnf and replace dvipdfmx (if it is still there)

More information about the Debian-tex-commits mailing list