diff --git a/manual/luatex-lua.tex b/manual/luatex-lua.tex
index b9c4b08a5e0ed6c92a212a851d5a5a643f977159..225f911a16e1a048844fa18b33733e0b350061b4 100644
--- a/manual/luatex-lua.tex
+++ b/manual/luatex-lua.tex
@@ -88,6 +88,7 @@ consequence. The following command|-|line options are understood:
\NC \type{--[no-]mktex=FMT} \NC disable/enable \type {mktexFMT} generation with \type {FMT} is
\type {tex} or \type {tfm} \NC \NR
\NC \type{--nosocket} \NC disable the \LUA\ socket library \NC\NR
+\NC \type{--socket} \NC enable the \LUA\ socket library \NC\NR
\NC \type{--output-comment=STRING} \NC use \type {STRING} for \DVI\ file comment instead of date (no
effect for \PDF) \NC \NR
\NC \type{--output-directory=DIR} \NC use \type {DIR} as the directory to write files to \NC \NR
@@ -147,7 +148,7 @@ in the following order:
\startitem
First, it will parse the command line as usual, but it will only interpret a
small subset of the options immediately: \type {--safer}, \type {--nosocket},
- \type {--[no-]shell-escape}, \type {--enable-write18}, \type
+ \type {--socket}, \type {--[no-]shell-escape}, \type {--enable-write18}, \type
{--disable-write18}, \type {--shell-restricted}, \type {--help}, \type
{--version}, and \type {--credits}.
\stopitem
@@ -182,6 +183,8 @@ in the following order:
Furthermore, it disables loading of compiled \LUA\ libraries and it makes
\type {io.open()} fail on files that are opened for anything besides reading.
+
+ Finally, it disables the socket library unconditionally.
\stopitem
\startitem
@@ -195,14 +198,20 @@ in the following order:
\stoptyping
The \type {--nosocket} option makes the socket library unavailable, so that \LUA\
- cannot use networking.
+ cannot use networking;
+ \type {--socket} option makes the socket library available.
The switches \type {--[no-]shell-escape}, \type {--[enable|disable]-write18}, and
\type {--shell-restricted} have the same effects as in \PDFTEX, and additionally
make \type {io.popen()}, \type {os.execute}, \type {os.exec}, \type {os.kpsepopen}
- and \type {os.spawn} adhere to the requested option. Also, by default
- the socket library is not enabled: one can enable it with \type {--shell-escape}
- without \type {--shell-restricted}.
+ and \type {os.spawn} adhere to the requested option.
+
+ By default
+ the socket library is not enabled: one can enable it with with \type {--socket}
+ or with \type {--shell-escape} (but without \type {--shell-restricted})
+ and disable it with \type {--nosocket} or unconditionally with \type {--safer}.
+
+ In case of conflictual options, the most restrictive wins.
\stopitem
\startitem
diff --git a/manual/luatex.pdf b/manual/luatex.pdf
index db9be6fb31433f7797f13266981cee1e0fda27e2..eee48e7d5aa97898cc97d045e954a1118cf02722 100644
Binary files a/manual/luatex.pdf and b/manual/luatex.pdf differ
diff --git a/source/texk/web2c/luatexdir/ChangeLog b/source/texk/web2c/luatexdir/ChangeLog
index 58b93122a4fb549995d1323cb69e065d304df734..c21cf195c15063bf21e8468bbe683222ebd68550 100644
--- a/source/texk/web2c/luatexdir/ChangeLog
+++ b/source/texk/web2c/luatexdir/ChangeLog
@@ -1,10 +1,14 @@
+2023-04-27 Luigi Scarso <luigi.scarso@gmail.com>
+ * new option --socket to split socket and shell escape;
+ * Fixed ChangeLog
+
2023-04-25 Luigi Scarso <luigi.scarso@gmail.com>
* socket library by default not enabled;
it is enabled with --shell-escape but not with --shell-restricted.
The option ---nosocket remains unchanged.
The two new functions os.socketgettime and os.socketsleep are
like socket.gettime and socket.sleep, but they are always available.
- * Luatex 1.17.2
+ * Luatex 1.17.0
2023-04-24 Luigi Scarso <luigi.scarso@gmail.com>
* static kpse.check_permissions in os.kpsepopen
diff --git a/source/texk/web2c/luatexdir/lua/luainit.c b/source/texk/web2c/luatexdir/lua/luainit.c
index 885b4b267707ab38c9635b96fb39ad0ea7487de2..ee838ae57324b8402272505a27a57736b5f41ed9 100644
--- a/source/texk/web2c/luatexdir/lua/luainit.c
+++ b/source/texk/web2c/luatexdir/lua/luainit.c
@@ -85,6 +85,7 @@ const_string LUATEX_IHELP[] = {
" --lua=FILE load and execute a lua initialization script",
" --[no-]mktex=FMT disable/enable mktexFMT generation (FMT=tex/tfm)",
" --nosocket disable the lua socket library",
+ " --socket enable the lua socket library",
" --output-comment=STRING use STRING for DVI file comment instead of date (no effect for PDF)",
" --output-directory=DIR use existing DIR as the directory to write files in",
" --output-format=FORMAT use FORMAT for job output; FORMAT is 'dvi' or 'pdf'",
@@ -213,8 +214,29 @@ char *jithash_hashname = NULL;
int safer_option = 0;
int nosocket_option = 1;
+int nosocket_cli_option = 0;
+int yessocket_cli_option = 0;
+int socket_bitmask = 0;
int utc_option = 0;
+/*tex We use a bitmask for the socket library: |0000| and |1xxx| implies |--nosocket|,
+ otherwise the socket library is enabled. Default value is |0000|, i.e. |--nosocket|.
+*/
+#define UPDATE_SOCKET_STATUS() do { \
+ socket_bitmask = 0; \
+ socket_bitmask = safer_option==1? (8+socket_bitmask):socket_bitmask;\
+ socket_bitmask = nosocket_cli_option==1? (4+socket_bitmask):socket_bitmask;\
+ socket_bitmask = (shellenabledp == 1 && restrictedshell == 0)?(2+socket_bitmask):socket_bitmask;\
+ socket_bitmask = yessocket_cli_option==1? (1+socket_bitmask):socket_bitmask;\
+ if( socket_bitmask==0) { \
+ nosocket_option = 1; \
+ } else if ( socket_bitmask<4) { \
+ nosocket_option = 0; \
+ } else { \
+ nosocket_option = 1; \
+ } \
+} while (0)
+
/*tex
Test whether getopt found an option ``A''. Assumes the option index is in the
@@ -242,7 +264,8 @@ static struct option long_options[] = {
#endif
{"safer", 0, &safer_option, 1},
{"utc", 0, &utc_option, 1},
- {"nosocket", 0, &nosocket_option, 1},
+ {"nosocket", 0, &nosocket_cli_option, 1},
+ {"socket", 0, &yessocket_cli_option, 1},
{"help", 0, 0, 0},
{"ini", 0, &ini_version, 1},
{"interaction", 1, 0, 0},
@@ -524,21 +547,11 @@ static void parse_options(int ac, char **av)
input_name = xstrdup(sargv[sargc-1]);
sargv[sargc-1] = normalize_quotes(input_name, "argument");
}
- /* --safer implies --nosocket */
- if (safer_option) {
- nosocket_option = 1;
- } else if (shellenabledp == 1 && restrictedshell == 0) {
- nosocket_option = 0;
- }
+ UPDATE_SOCKET_STATUS();
return;
#endif
}
- /*tex |--safer| implies |--nosocket| */
- if (safer_option) {
- nosocket_option = 1;
- } else if (shellenabledp==1 && restrictedshell==0) {
- nosocket_option = 0;
- }
+ UPDATE_SOCKET_STATUS();
/*tex Finalize the input filename. */
if (input_name != NULL) {
argv[optind] = normalize_quotes(input_name, "argument");
@@ -1157,6 +1170,7 @@ void lua_initialize(int ac, char **av)
}
free(v1);
}
+ UPDATE_SOCKET_STATUS();
/*tex If shell escapes are restricted, get allowed cmds from cnf. */
if (shellenabledp && restrictedshell == 1) {
v1 = NULL;
diff --git a/source/texk/web2c/luatexdir/luatex_svnversion.h b/source/texk/web2c/luatexdir/luatex_svnversion.h
index 44087d08f2b6aacf6b7f77ed3b45378b12b88ff7..799ba5e27fb5defc5e88e569facce47bb09b512b 100644
--- a/source/texk/web2c/luatexdir/luatex_svnversion.h
+++ b/source/texk/web2c/luatexdir/luatex_svnversion.h
@@ -1,4 +1,4 @@
#ifndef luatex_svn_revision_h
#define luatex_svn_revision_h
-#define luatex_svn_revision 7577
+#define luatex_svn_revision 7578
#endif