fix bz#1429452, mpost allows to run non-whitelisted external program
This commit is contained in:
Than Ngo
parent
1d23a55d6a
commit
a5c3f4d576
|
|
@ -0,0 +1,31 @@
|
|||
diff -up texlive-2016/source/inst/share/texmf-dist/web2c/texmf.cnf.than texlive-2016/source/inst/share/texmf-dist/web2c/texmf.cnf
|
||||
--- texlive-2016/source/inst/share/texmf-dist/web2c/texmf.cnf.than 2017-03-07 17:39:23.327888786 +0100
|
||||
+++ texlive-2016/source/inst/share/texmf-dist/web2c/texmf.cnf 2017-03-07 17:39:37.413355544 +0100
|
||||
@@ -568,7 +568,6 @@ extractbb,\
|
||||
gregorio,\
|
||||
kpsewhich,\
|
||||
makeindex,\
|
||||
-mpost,\
|
||||
repstopdf,\
|
||||
|
||||
% we'd like to allow:
|
||||
diff -U0 texlive-2016/source/texk/kpathsea/ChangeLog.than texlive-2016/source/texk/kpathsea/ChangeLog
|
||||
--- texlive-2016/source/texk/kpathsea/ChangeLog.than 2017-03-07 17:36:09.052243607 +0100
|
||||
+++ texlive-2016/source/texk/kpathsea/ChangeLog 2017-03-07 17:36:55.525484239 +0100
|
||||
@@ -0,0 +1,5 @@
|
||||
+2016-11-30 Karl Berry <karl@ks.tug.org>
|
||||
+
|
||||
+ * texmf.cnf (shell_escape_commands): remove mpost, due to
|
||||
+ the -tex option. Oops! Report from Bruno Le Floch.
|
||||
+
|
||||
diff -up texlive-2016/source/texk/kpathsea/texmf.cnf.than texlive-2016/source/texk/kpathsea/texmf.cnf
|
||||
--- texlive-2016/source/texk/kpathsea/texmf.cnf.than 2017-03-07 17:37:14.160778751 +0100
|
||||
+++ texlive-2016/source/texk/kpathsea/texmf.cnf 2017-03-07 17:37:39.688812317 +0100
|
||||
@@ -568,7 +568,6 @@ extractbb,\
|
||||
gregorio,\
|
||||
kpsewhich,\
|
||||
makeindex,\
|
||||
-mpost,\
|
||||
repstopdf,\
|
||||
|
||||
% we'd like to allow:
|
||||
12
texlive.spec
12
texlive.spec
|
|
@ -1,6 +1,6 @@
|
|||
%global source_date 20160520
|
||||
%global tl_version 2016
|
||||
%global tl_rel 32
|
||||
%global tl_rel 33
|
||||
%global tl_release %{tl_rel}.%{source_date}%{?dist}
|
||||
%global tl_noarch_release %{tl_rel}%{?dist}
|
||||
%global source_name texlive-%{source_date}-source
|
||||
|
|
@ -57,10 +57,13 @@ Patch2: tl-format.patch
|
|||
Patch3: texlive-20160520-selinux-context.patch
|
||||
Patch4: texlive-fix-system-teckit.patch
|
||||
Patch5: texlive-2016-kpathsea-texlive-path.patch
|
||||
Patch100: texlive-bz979176.patch
|
||||
# security fix for bz#979176
|
||||
Patch100: texlive-bz979176.patch
|
||||
Patch101: etex-addlanguage-fix-bz1215257.patch
|
||||
Patch102: texlive-latexpand-perl518.patch
|
||||
Patch103: texlive-2016-latexdiff-perl518.patch
|
||||
# security fix for bz#1429452, CVE-2016-10243
|
||||
Patch104: texlive-mpost-CVE-2016-10243.patch
|
||||
Source0: %{source_name}.tar.xz
|
||||
Source1: tl2rpm.c
|
||||
Source2: texlive.tlpdb
|
||||
|
|
@ -180022,8 +180025,8 @@ cp %{SOURCE7597} .
|
|||
%patch3 -p0
|
||||
%patch4 -p0
|
||||
%patch5 -p0
|
||||
# security fix for bz#979176
|
||||
%patch100 -p0
|
||||
%patch104 -p1
|
||||
for l in `unxz -c %{SOURCE3} | tar t`; do
|
||||
ln -s %{_texdir}/licenses/$l $l
|
||||
done
|
||||
|
|
@ -222028,6 +222031,9 @@ fi
|
|||
%{_libdir}/pkgconfig/*.pc
|
||||
|
||||
%changelog
|
||||
* Tue Mar 07 2017 Than Ngo <than@redhat.com> - 6:2016-33.20160520
|
||||
- fix bz#1429452, mpost allows to run non-whitelisted external programs
|
||||
|
||||
* Mon Feb 20 2017 Tom Callaway <spot@fedoraproject.org> 6:2016-32.20160520
|
||||
- fix issue with epstopdf.pl (bz1415301)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue