GNU bug report logs

#25993 texlive CVE-2016-10243

PackageSource(s)Maintainer(s)
guix-patches PTS Buildd Popcon
Full log

Message #17 received at 25993@debbugs.gnu.org (full text, mbox, reply):

Received: (at 25993) by debbugs.gnu.org; 6 Mar 2017 21:49:30 +0000
From debbugs-submit-bounces@debbugs.gnu.org Mon Mar 06 16:49:30 2017
Received: from localhost ([127.0.0.1]:43300 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1cl0VW-0004Kv-Fn
	for submit@debbugs.gnu.org; Mon, 06 Mar 2017 16:49:30 -0500
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:50819)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1cl0VV-0004Ko-1b
 for 25993@debbugs.gnu.org; Mon, 06 Mar 2017 16:49:29 -0500
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id DAF8F20B5F;
 Mon,  6 Mar 2017 16:49:28 -0500 (EST)
Received: from frontend1 ([10.202.2.160])
 by compute4.internal (MEProxy); Mon, 06 Mar 2017 16:49:28 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h=
 cc:content-transfer-encoding:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-sender
 :x-me-sender:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=LHQ7zomiQp0qVnt
 JZsMTjRRTWY0=; b=YwbGSreENe/h3q25oLqYEczhFtwlAlG4EhLB3ewoK/b03U6
 0ohMd2j1A7fYXro3Je+1eSUdsFpv6pbr7ZTWM4iwGx+n6wxQCwZlCKmY0rvfxO2L
 YZV2/NtFbKZwzu//+D8nCnXQl70QRUPkbc8tXmmGdv8lKY3nADjSmFeE4g5w=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :date:from:in-reply-to:message-id:mime-version:references
 :subject:to:x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s=
 smtpout; bh=LHQ7zomiQp0qVntJZsMTjRRTWY0=; b=nClv3x+FHacISmNGyRa3
 kL0DiEW3CnIxN5BjaCjzaMTk0kk9Mv3u44i6JrhhpAMpcOXR6Ic+Mo+dAYPgYsoY
 fY9lEwVsDwng6kFkSRCWNbP+yUrDNqNDuzO6ISK5/V1zuXYCIOEAQ7VKZs9b6w6Q
 GbYzhQC9BbZ3b0pkUCzc9Gk=
X-ME-Sender: <xms:aNm9WHthdLn8Jsm86kHTsPVhXN_ZSRb1DlPfc5umVL0P-bRzKEM6gg>
X-Sasl-enc: 9frMzoYFNMBYc91n3btXH9mrUS/KwBDEaMjPQrjo/r1L 1488836968
Received: from localhost (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148])
 by mail.messagingengine.com (Postfix) with ESMTPA id 925F47E5E4;
 Mon,  6 Mar 2017 16:49:28 -0500 (EST)
Date: Mon, 6 Mar 2017 16:49:27 -0500
From: Leo Famulari <leo@famulari.name>
To: Ricardo Wurmus <rekado@elephly.net>
Subject: Re: bug#25993: texlive CVE-2016-10243
Message-ID: <20170306214927.GA3639@jasmine>
References: <20170306033058.GA19658@jasmine> <87bmte4w35.fsf@elephly.net>
 <20170306183000.GA2185@jasmine> <87zigy2isr.fsf@elephly.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <87zigy2isr.fsf@elephly.net>
User-Agent: Mutt/1.8.0 (2017-02-23)
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 25993
Cc: 25993@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

On Mon, Mar 06, 2017 at 10:32:04PM +0100, Ricardo Wurmus wrote:
> 
> Leo Famulari <leo@famulari.name> writes:
> 
> > On Mon, Mar 06, 2017 at 10:02:06AM +0100, Ricardo Wurmus wrote:
> >> Is this sufficient?  I see here that two files need this change:
> >> 
> >>     https://www.tug.org/svn/texlive?view=revision&revision=42605
> >> 
> >> Should “trunk/Build/source/texk/kpathsea/texmf.cnf” also be patched?
> >
> > I inspected the built output of texlive, texlive-bin, and texlive-texmf,
> > and none of them include the texmf.cnf file for kpathsea.
> >
> > That file does exist in the source.
> >
> > AFAICT, the only .cnf file in our built package that whitelists mpost is
> > the one I patched.
> 
> Thank you for confirming this.  The patch looks good to me!

Thanks for your review!

Pushed as e20784e65efa7c783792e8a830d4b4aaf35750d5

By the way, I'd normally adjust the patch to use the default patch-level
of 'p1', and to include another, more descriptive, link about the bug.
But I lack the disk space to rebuild texlive again. Building it before
and after the bug-fix, for testing, used ~12 GB.

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Tue Nov 5 04:24:05 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.