(address . guix-patches@gnu.org)
This fixes CVE-2016-10243:
"The TeX system allows for calling external programs from within the
TeX source code (called \write18). This has been restricted to a
small set of programs since a long time ago.
Unfortunately it turned out that one program in the list, mpost
(also shipped with TeX Live), allows in turn to specify other
programs to be run, which allows arbitrary code execution when
compiling a TeX document."
source:
This patch prevents the POC described in blog post:
From 09cb7073e44b04b778b5b26a75074aaf2c8ee8e4 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Sun, 5 Mar 2017 20:41:36 -0500
Subject: [PATCH] gnu: texlive: Fix CVE-2016-10243.
* gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/tex.scm (texlive-texmf-src): Use it.
---
gnu/local.mk | 1 +
.../patches/texlive-texmf-CVE-2016-10243.patch | 18 ++++++++++++++++++
gnu/packages/tex.scm | 2 ++
3 files changed, 21 insertions(+)
create mode 100644 gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch
Toggle diff (51 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index c88892df5..9f83c2bca 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -930,6 +930,7 @@ dist_patch_DATA = \
%D%/packages/patches/tcsh-fix-autotest.patch \
%D%/packages/patches/tcsh-fix-out-of-bounds-read.patch \
%D%/packages/patches/teensy-loader-cli-help.patch \
+ %D%/packages/patches/texlive-texmf-CVE-2016-10243.patch \
%D%/packages/patches/texi2html-document-encoding.patch \
%D%/packages/patches/texi2html-i18n.patch \
%D%/packages/patches/tidy-CVE-2015-5522+5523.patch \
diff --git a/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch b/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch
new file mode 100644
index 000000000..3a9ae993f
--- /dev/null
+++ b/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch
@@ -0,0 +1,18 @@
+Fix CVE-2016-10243:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10243
+
+Patch adapted from upstream commit:
+
+https://www.tug.org/svn/texlive?view=revision&revision=42605
+
+--- trunk/Master/texmf-dist/web2c/texmf.cnf 2016/11/29 23:10:33 42604
++++ trunk/Master/texmf-dist/web2c/texmf.cnf 2016/11/29 23:27:53 42605
+@@ -568,7 +568,6 @@ extractbb,\
+ gregorio,\
+ kpsewhich,\
+ makeindex,\
+-mpost,\
+ repstopdf,\
+
+ % we'd like to allow:
diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm
index 7c84ed719..404fd0339 100644
--- a/gnu/packages/tex.scm
+++ b/gnu/packages/tex.scm
@@ -72,6 +72,8 @@
(origin
(method url-fetch)
(uri "ftp://tug.org/historic/systems/texlive/2016/texlive-20160523b-texmf.tar.xz")
+ (patches (search-patches "texlive-texmf-CVE-2016-10243.patch"))
+ (patch-flags '("-p2"))
(sha256 (base32
"1dv8vgfzpczqw82hv9g7a8djhhyzywljmrarlcyy6g2qi5q51glr"))))
--
2.12.0
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAli81+8ACgkQJkb6MLrK
fwgbgRAAvmK4skkiIQHGR6s+MY6PlguXOIiIWHGznzLEM5liOVZ/PqjYg9lAwXg4
TjXerB7o1vC7njHC4hhPd2DGq4P9Bkz5M7nx7AKOHNxJ6vU5LVrZgDofnYFVT/Er
lS/Z9lVrA86nKTlmY+7f9MqFVBpd7FArU9LdJvI9mcPkA5BGhgTNfAlVqnqwPDrZ
1EBWX82wAsyVLto9xxHUYFGmn6n1SMZLEjonpMN1/4W9+qEzx/pnTvkmbuq4RZFX
mGQP0X3sA3FyzyCLTMbz1sBSHMOtA27zNexj5UQm9cR/EliVJsdFAj4VNYF5HSF9
uWRi7u/tAb7myiA99UPDxuoq2XGvFhRq4YzfITVgCp8oJO1nGbz18THhGUW28nPF
kliISyc7X4At1DpooXTxLTI6kBEOhJjq/Q+q5eLzpi3oBvVO7KsRXJwWYXlRi2DO
MxAkJ6DA9a4nuC31ro5TXwN1+Xzl3FRm1eYLp+td3t4rk/L82wDk7hpB42NDiDkq
8ecxZ68NhX85cNKW0/t+ozH6tEwXn/ESIjKQhaooxzD1nPBngo32ANPlXthQTEC4
fr9DiLaR6BrekGMRSqrjJ/s1nEJHe6mQ9ks+yXOy9DIYOCb8NFxq0xdM7xkTfu2w
DrcecIN2llAoN9TQzR/mpSehuL+jxDRFpYs6fRzibRBiL6X3bNY=
=H4uz
-----END PGP SIGNATURE-----