File: dvips.patch

package info (click to toggle)
tetex-bin 1.0.7%2B20011202-7.3
  • links: PTS
  • area: main
  • in suites: woody
  • size: 45,604 kB
  • ctags: 32,286
  • sloc: ansic: 254,806; cpp: 195,997; sh: 17,818; perl: 9,319; makefile: 3,461; yacc: 1,918; pascal: 1,328; awk: 986; asm: 851; lex: 813; sed: 511; lisp: 276; csh: 47
file content (123 lines) | stat: -rw-r--r-- 4,680 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
 
--- tetex-bin-0.9.orig/texk/dvipsk/dvips.info-1
+++ tetex-bin-0.9/texk/dvipsk/dvips.info-1
@@ -867,11 +867,14 @@
 `-r*'
      Output pages in reverse order.  By default, page 1 is output first.
 
-`-R'
+`-R*'
      Run securely.  This disables shell command execution in `\special'
      (via ``', *note Dynamic creation of graphics::.) and config files
      (via the `E' option, *note Configuration file commands::.), pipes
-     as output files, and opening of any absolute filenames.
+     as output files, and opening of any absolute filenames.  If Dvips
+     is compiled with ``'-`\special's disabled (this is recommended
+     when using Dvips as a printer backend), then `-R0' will permit them
+     anyway.
 
 `-s*'
      Enclose the output in a global save/restore pair.  This causes the
--- tetex-bin-0.9.orig/texk/dvipsk/dvips.c
+++ tetex-bin-0.9/texk/dvipsk/dvips.c
@@ -64,7 +64,14 @@
 Boolean cropmarks ;           /* add cropmarks? */
 Boolean abspage = 0 ;         /* are page numbers absolute? */
 Boolean tryepsf = 0 ;         /* should we try to make it espf? */
+#ifdef SECURE
+Boolean secure = 1 ;          /* force safe for suid */
+#else
 Boolean secure = 0 ;          /* make safe for suid */
+#endif
+#ifdef BACKEND
+Boolean backendsecure = 0 ;   /* make safe for root-owned backend only */
+#endif
 int collatedcopies = 1 ;      /* how many collated copies? */
 int sectioncopies = 1 ;       /* how many times to repeat each section? */
 integer pagecopies = 1 ;          /* how many times to repeat each page? */
@@ -279,7 +286,7 @@
 "p # First page                     P s Load config.$s                  ",
 #endif
 "q*  Run quietly                                                        ",
-"r*  Reverse order of pages         R   Run securely                    ",
+"r*  Reverse order of pages         R*  Run securely                    ",
 "s*  Enclose output in save/restore S # Max section size in pages       ",
 "t s Paper format                   T c Specify desired page size       ",  
 "u s PS mapfile                     U*  Disable string param trick      ",
@@ -732,7 +739,10 @@
                cropmarks = (*p != '0') ;
                break ;
 case 'R':
-               secure = 1 ;
+               secure = secure || (*p != '0') ;
+#ifdef BACKEND
+              backendsecure = 1;
+#endif
                break ;
 case 'S':
                if (*p == 0 && argv[i+1])
--- tetex-bin-0.9.orig/texk/dvipsk/dvips.texi
+++ tetex-bin-0.9/texk/dvipsk/dvips.texi
@@ -1004,7 +1004,7 @@
 @cindex reverse pagination
 Output pages in reverse order.  By default, page 1 is output first.
 
-@item -R
+@item -R*
 @opindex -R
 @cindex security
 @cindex shell command execution, disabling
@@ -1013,7 +1013,10 @@
 Run securely.  This disables shell command execution in @code{\special}
 (via @samp{`}, @pxref{Dynamic creation of graphics}) and config files
 (via the @samp{E} option, @pxref{Configuration file commands}), pipes as
-output files, and opening of any absolute filenames.
+output files, and opening of any absolute filenames.  If Dvips is
+compiled with @samp{`}-@code{\special}s disabled (this is recommended
+when using Dvips as a printer backend), then @samp{-R0} will permit them
+anyway.
 
 @item -s*
 @opindex -s
--- tetex-bin-0.9.orig/texk/dvipsk/Makefile.in
+++ tetex-bin-0.9/texk/dvipsk/Makefile.in
@@ -3,6 +3,7 @@
 
 # Add -DDEFRES=dpi to DEFS to change the default resolution from 600.
 # Add -DSECURE if you will install dvips with special privileges.
+# Add -DBACKEND if dvips is used as a printer backend (on non-trusted .dvis)
 # Add -DNO_DEBUG to omit debugging support.
 # Add -DNO_EMTEX to omit EMTEX specials.
 # Add -DNO_HPS to omit hypertex support.
@@ -17,7 +18,7 @@
 ac_include ../make/common.make
 ac_include ../make/programs.make
 ac_include ../make/texi.make
-prog_cflags = -DUNIX -DKPATHSEA -DNeedFunctionPrototypes
+prog_cflags = -DUNIX -DKPATHSEA -DNeedFunctionPrototypes -DBACKEND
 
 # The `t[mp]-' business is so that we don't create an empty .pro file,
 # if running squeeze fails for some reason.  A dependency on squeeze
--- tetex-bin-0.9.orig/texk/dvipsk/output.c
+++ tetex-bin-0.9/texk/dvipsk/output.c
@@ -34,6 +34,9 @@
 extern FILE *bitfile ;
 extern char *oname ;
 extern Boolean secure ;
+#ifdef BACKEND
+extern Boolean backendsecure ;
+#endif
 extern Boolean reverse ;
 extern Boolean removecomments ;
 extern Boolean sendcontrolD, disablecomments, multiplesects ;
@@ -173,7 +176,11 @@
 #ifdef OS2
       if (_osmode == OS2_MODE) {
 #endif
+#ifdef BACKEND
+      if (secure == 0 && backendsecure)
+#else
       if (secure == 0)
+#endif
          f = popen(s, FOPEN_RBIN_MODE) ;
 #ifdef OS2
       }