diff options
| author | Josh Triplett <josh@joshtriplett.org> | 2009-08-28 23:07:27 -0700 |
|---|---|---|
| committer | Josh Triplett <josh@joshtriplett.org> | 2009-08-28 23:18:07 -0700 |
| commit | 9f75d3b1f3c43820cff9ce554601f64c60d72b14 (patch) | |
| tree | 0b8907816f99d63ac9579c9a56ad05bd1beb1abc /debian | |
| parent | 03449610d6c666ba24bea68f01d896613e522278 (diff) | |
| download | ikiwiki-9f75d3b1f3c43820cff9ce554601f64c60d72b14.tar ikiwiki-9f75d3b1f3c43820cff9ce554601f64c60d72b14.tar.gz | |
teximg: Make TeX handle preventing unsafe things; remove insufficient blacklist
TeX has configuration options that prevent unsafe things like shell
escapes and insecure file reads/writes. Turn all of them on.
teximg's regex-based blacklist does not suffice. For instance:
[[!teximg code="""
\catcode`\%=0
%input{/etc/passwd}
"""]]
Remove the blacklist, since the TeX configuration options seal off the
underlying mechanisms more safely, and the blacklist blocks other TeX
commands that can prove useful.
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 992692566..a5b07aac1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,6 @@ ikiwiki (3.1415926) UNRELEASED; urgency=low + [ Joey Hess ] * po: Detect if nowrapi18n can't be passed to po4a, and warn about the old version, but continue. Closes: #541205 * inline: Avoid use of my $_ as it fails with older perls. @@ -40,6 +41,10 @@ ikiwiki (3.1415926) UNRELEASED; urgency=low * img: Don't generate new verison of image if it is scaled to be larger in either dimension. + [ Josh Triplett ] + * teximg: Replace the insufficient blacklist with the built-in security + mechanisms of TeX. + -- Joey Hess <joeyh@debian.org> Wed, 12 Aug 2009 12:25:30 -0400 ikiwiki (3.141592) unstable; urgency=low |