gnu: texlive: Fix CVE-2016-10243.

* gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/tex.scm (texlive-texmf-src): Use it.
This commit is contained in:
Leo Famulari 2017-03-05 20:41:36 -05:00
parent e2948ef5c1
commit e20784e65e
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
3 changed files with 21 additions and 0 deletions

View File

@ -930,6 +930,7 @@ dist_patch_DATA = \
%D%/packages/patches/tcsh-fix-autotest.patch \
%D%/packages/patches/tcsh-fix-out-of-bounds-read.patch \
%D%/packages/patches/teensy-loader-cli-help.patch \
%D%/packages/patches/texlive-texmf-CVE-2016-10243.patch \
%D%/packages/patches/texi2html-document-encoding.patch \
%D%/packages/patches/texi2html-i18n.patch \
%D%/packages/patches/tidy-CVE-2015-5522+5523.patch \

View File

@ -0,0 +1,18 @@
Fix CVE-2016-10243:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10243
Patch adapted from upstream commit:
https://www.tug.org/svn/texlive?view=revision&revision=42605
--- trunk/Master/texmf-dist/web2c/texmf.cnf 2016/11/29 23:10:33 42604
+++ trunk/Master/texmf-dist/web2c/texmf.cnf 2016/11/29 23:27:53 42605
@@ -568,7 +568,6 @@ extractbb,\
gregorio,\
kpsewhich,\
makeindex,\
-mpost,\
repstopdf,\
% we'd like to allow:

View File

@ -72,6 +72,8 @@
(origin
(method url-fetch)
(uri "ftp://tug.org/historic/systems/texlive/2016/texlive-20160523b-texmf.tar.xz")
(patches (search-patches "texlive-texmf-CVE-2016-10243.patch"))
(patch-flags '("-p2"))
(sha256 (base32
"1dv8vgfzpczqw82hv9g7a8djhhyzywljmrarlcyy6g2qi5q51glr"))))