% If you modify this original file, YOUR CHANGES WILL BE LOST when it is
% updated. Instead, put your changes -- and only your changes, not an
% entire copy! -- in ../../texmf.cnf. That is, if this file is
-% installed in /some/path/to/texlive/2015/texmf-dist/web2c/texmf.cnf,
-% add your custom settings to /some/path/to/texlive/2015/texmf.cnf.
+% installed in /some/path/to/texlive/2016/texmf-dist/web2c/texmf.cnf,
+% add your custom settings to /some/path/to/texlive/2016/texmf.cnf.
%
% What follows is a super-summary of what this .cnf file can
% contain. Please read the Kpathsea manual for more information.
%
+% Each statement in this file boils down to:
+% <variable>[.<program>] [=] <value>
+%
+% Neither the <variable> nor the <value> may be empty.
% Any identifier (sticking to A-Za-z_ for names is safest) can be assigned.
% The `=' (and surrounding spaces) is optional.
% $foo (or ${foo}) in a value expands to the envvar or cnf value of foo.
-% Long lines can be continued with a \.
+% Lines can be continued with a \; no whitespace removal is done.
%
% Earlier entries (in the same or another file) override later ones, and
% an environment variable foo overrides any texmf.cnf definition of foo.
% expanded into the compile-time default. Probably not what you want.
%
% Brace notation is supported, for example: /usr/local/{mytex,othertex}
-% expands to /usr/local/mytex:/usr/local/othertex. We make extensive
-% use of this.
+% expands to /usr/local/mytex:/usr/local/othertex.
% (e)up(La)TeX, and for upmpost
TEXINPUTS.uplatex = .;$TEXMF/tex/{uplatex,platex,latex,generic,}//
TEXINPUTS.uptex = .;$TEXMF/tex/{uptex,ptex,plain,generic,}//
-TEXINPUTS.euptex = .;$TEXMF/tex/{uptex,ptex,plain,generic}//
+TEXINPUTS.euptex = .;$TEXMF/tex/{uptex,ptex,plain,generic,}//
TEX.upmpost = euptex
% pBibTeX bibliographies and style files.
BSTINPUTS.pbibtex = .;$TEXMF/{pbibtex,bibtex}/bst//
% ConTeXt.
-TEXINPUTS.context = .;$TEXMF/tex/{context,plain,generic}//
+TEXINPUTS.context = .;$TEXMF/tex/{context,plain,generic,}//
% jadetex.
TEXINPUTS.jadetex = .;$TEXMF/tex/{jadetex,latex,generic,}//
MLBSTINPUTS = .;$TEXMF/bibtex/{mlbst,bst}//
% .ris and .bltxml bibliography formats.
-RISINPUTS = .;$TEXMF/bibtex/ris//
-BLTXMLINPUTS = .;$TEXMF/bibtex/bltxml//
+RISINPUTS = .;$TEXMF/biber/ris//
+BLTXMLINPUTS = .;$TEXMF/biber/bltxml//
% MFT style files.
MFTINPUTS = .;$TEXMF/mft//
%
% The programs listed here are as safe as any we know: they either do
% not write any output files, respect openout_any, or have hard-coded
-% restrictions similar or higher to openout_any=p. They also have no
-% features to invoke arbitrary other programs, and no known exploitable
-% bugs. All to the best of our knowledge. They also have practical use
-% for being called from TeX.
+% restrictions similar to or higher than openout_any=p. They also have
+% no features to invoke arbitrary other programs, and no known
+% exploitable bugs. All to the best of our knowledge. They also have
+% practical use for being called from TeX.
%
shell_escape_commands = \
bibtex,bibtex8,\
extractbb,\
+gregorio,\
kpsewhich,\
makeindex,\
-mpost,\
repstopdf,\
% we'd like to allow:
% dvips - but external commands can be executed, need at least -R1.
% epspdf, ps2pdf, pstopdf - need to respect openout_any,
% and gs -dSAFER must be used and check for shell injection with filenames.
-% (img)convert (ImageMagick) - delegates.mgk possible misconfig, besides,
-% without Unix convert it hardly seems worth it, and Windows convert
-% is something completely different that destroys filesystems, so skip.
% pygmentize - but is the filter feature insecure?
% ps4pdf - but it calls an unrestricted latex.
% rpdfcrop - maybe ok, but let's get experience with repstopdf first.
% ulqda - but requires optional SHA1.pm, so why bother.
% tex, latex, etc. - need to forbid --shell-escape, and inherit openout_any.
-% plain TeX should remain unenhanced.
+% plain "tex" should remain unenhanced.
shell_escape.tex = f
shell_escape.initex = f
TEXMF_RESTRICTED_SCRIPTS = \
{!!$TEXMFLOCAL,!!$TEXMFDIST}/scripts/{$progname,$engine,}//
-% Allow TeX \openin, \openout, or \input on filenames starting with `.'
-% (e.g., .rhosts) or outside the current tree (e.g., /etc/passwd)?
+% Do we allow TeX \input or \openin (openin_any), or \openout
+% (openout_any) on filenames starting with `.' (e.g., .rhosts) or
+% outside the current tree (e.g., /etc/passwd)?
% a (any) : any file can be opened.
-% r (restricted) : disallow opening "dotfiles".
+% r (restricted) : disallow opening dot files
% p (paranoid) : as `r' and disallow going to parent directories, and
% restrict absolute paths to be under $TEXMFOUTPUT.
-openout_any = p
openin_any = a
+openout_any = p
-% Write .log/.dvi/etc. files here, if the current directory is unwritable.
+% Write .log/.dvi/.aux/etc. files here, if the current directory is unwritable.
%TEXMFOUTPUT = /tmp
% If a dynamic file creation fails, log the command to this file, in
% To suppress nothing, use TEX_HUSH = none or do not set the variable at all.
TEX_HUSH = none
-% Allow TeX, and MF to parse the first line of an input file for
+% Allow TeX and MF to parse the first line of an input file for
% the %&format construct.
parse_first_line = t
% Used by makempx to run TeX. We use "etex" because MetaPost is
% expecting DVI, and not "tex" because we want first line parsing.
TEX = etex
-#
-# Use Japanese eptex for Japanese pmpost.
+
+% Use Japanese eptex for Japanese pmpost.
TEX.pmpost = eptex
% These variables specify the external program called for the
projects / config / helga / etc.git / commitdiff