summary refs log tree commit diff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-03-05 20:41:36 -0500
committerLeo Famulari <leo@famulari.name>2017-03-06 16:47:37 -0500
commite20784e65efa7c783792e8a830d4b4aaf35750d5 (patch)
tree801b92f00e380a4887b2060454f03610dba6cb66
parente2948ef5c1578b229dd849e0a15b47a18d19f662 (diff)
downloadguix-e20784e65efa7c783792e8a830d4b4aaf35750d5.tar.gz
gnu: texlive: Fix CVE-2016-10243.
* gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/tex.scm (texlive-texmf-src): Use it.
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch18
-rw-r--r--gnu/packages/tex.scm2
3 files changed, 21 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index c88892df54..9f83c2bcae 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -930,6 +930,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/tcsh-fix-autotest.patch			\
   %D%/packages/patches/tcsh-fix-out-of-bounds-read.patch	\
   %D%/packages/patches/teensy-loader-cli-help.patch		\
+  %D%/packages/patches/texlive-texmf-CVE-2016-10243.patch	\
   %D%/packages/patches/texi2html-document-encoding.patch	\
   %D%/packages/patches/texi2html-i18n.patch			\
   %D%/packages/patches/tidy-CVE-2015-5522+5523.patch		\
diff --git a/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch b/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch
new file mode 100644
index 0000000000..3a9ae993f6
--- /dev/null
+++ b/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch
@@ -0,0 +1,18 @@
+Fix CVE-2016-10243:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10243
+
+Patch adapted from upstream commit:
+
+https://www.tug.org/svn/texlive?view=revision&revision=42605
+
+--- trunk/Master/texmf-dist/web2c/texmf.cnf	2016/11/29 23:10:33	42604
++++ trunk/Master/texmf-dist/web2c/texmf.cnf	2016/11/29 23:27:53	42605
+@@ -568,7 +568,6 @@ extractbb,\
+ gregorio,\
+ kpsewhich,\
+ makeindex,\
+-mpost,\
+ repstopdf,\
+ 
+ % we'd like to allow:
diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm
index 7c84ed7194..404fd03393 100644
--- a/gnu/packages/tex.scm
+++ b/gnu/packages/tex.scm
@@ -72,6 +72,8 @@
   (origin
     (method url-fetch)
     (uri "ftp://tug.org/historic/systems/texlive/2016/texlive-20160523b-texmf.tar.xz")
+    (patches (search-patches "texlive-texmf-CVE-2016-10243.patch"))
+    (patch-flags '("-p2"))
     (sha256 (base32
               "1dv8vgfzpczqw82hv9g7a8djhhyzywljmrarlcyy6g2qi5q51glr"))))