[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#25993: texlive CVE-2016-10243
|
From: |
Leo Famulari |
|
Subject: |
bug#25993: texlive CVE-2016-10243 |
|
Date: |
Mon, 6 Mar 2017 16:49:27 -0500 |
|
User-agent: |
Mutt/1.8.0 (2017-02-23) |
On Mon, Mar 06, 2017 at 10:32:04PM +0100, Ricardo Wurmus wrote:
>
> Leo Famulari <address@hidden> writes:
>
> > On Mon, Mar 06, 2017 at 10:02:06AM +0100, Ricardo Wurmus wrote:
> >> Is this sufficient? I see here that two files need this change:
> >>
> >> https://www.tug.org/svn/texlive?view=revision&revision=42605
> >>
> >> Should “trunk/Build/source/texk/kpathsea/texmf.cnf” also be patched?
> >
> > I inspected the built output of texlive, texlive-bin, and texlive-texmf,
> > and none of them include the texmf.cnf file for kpathsea.
> >
> > That file does exist in the source.
> >
> > AFAICT, the only .cnf file in our built package that whitelists mpost is
> > the one I patched.
>
> Thank you for confirming this. The patch looks good to me!
Thanks for your review!
Pushed as e20784e65efa7c783792e8a830d4b4aaf35750d5
By the way, I'd normally adjust the patch to use the default patch-level
of 'p1', and to include another, more descriptive, link about the bug.
But I lack the disk space to rebuild texlive again. Building it before
and after the bug-fix, for testing, used ~12 GB.