M gnu/local.mk => gnu/local.mk +1 -0
@@ 930,6 930,7 @@ dist_patch_DATA = \
%D%/packages/patches/tcsh-fix-autotest.patch \
%D%/packages/patches/tcsh-fix-out-of-bounds-read.patch \
%D%/packages/patches/teensy-loader-cli-help.patch \
+ %D%/packages/patches/texlive-texmf-CVE-2016-10243.patch \
%D%/packages/patches/texi2html-document-encoding.patch \
%D%/packages/patches/texi2html-i18n.patch \
%D%/packages/patches/tidy-CVE-2015-5522+5523.patch \
A gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch => gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch +18 -0
@@ 0,0 1,18 @@
+Fix CVE-2016-10243:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10243
+
+Patch adapted from upstream commit:
+
+https://www.tug.org/svn/texlive?view=revision&revision=42605
+
+--- trunk/Master/texmf-dist/web2c/texmf.cnf 2016/11/29 23:10:33 42604
++++ trunk/Master/texmf-dist/web2c/texmf.cnf 2016/11/29 23:27:53 42605
+@@ -568,7 +568,6 @@ extractbb,\
+ gregorio,\
+ kpsewhich,\
+ makeindex,\
+-mpost,\
+ repstopdf,\
+
+ % we'd like to allow:
M gnu/packages/tex.scm => gnu/packages/tex.scm +2 -0
@@ 72,6 72,8 @@
(origin
(method url-fetch)
(uri "ftp://tug.org/historic/systems/texlive/2016/texlive-20160523b-texmf.tar.xz")
+ (patches (search-patches "texlive-texmf-CVE-2016-10243.patch"))
+ (patch-flags '("-p2"))
(sha256 (base32
"1dv8vgfzpczqw82hv9g7a8djhhyzywljmrarlcyy6g2qi5q51glr"))))