Accepting request 1087241 from Publishing:TeXLive

- Add patch source-luatex.dif * Update to luatex 1.17.0 with the fixes for CVE-2023-32668 and CVE-2023-32700 (bsc#1211389) VUL-0: TeXLive: Arbitrary code execution in LuaTeX OBS-URL: https://build.opensuse.org/request/show/1087241 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/texlive?expand=0&rev=87
2023-05-16 12:15:58 +00:00 · 2023-05-16 12:15:58 +00:00 · ccc3c33f17
commit ccc3c33f17
parent ed8d5e2e00 b3fd9a0b02
3 changed files with 1891 additions and 1 deletions
--- a/source-luatex.dif
+++ b/source-luatex.dif
--- a/texlive.changes
+++ b/texlive.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon May 15 12:31:32 UTC 2023 - Dr. Werner Fink <werner@suse.de>
+
+- Add patch source-luatex.dif
+  * Update to luatex 1.17.0 with the fixes for CVE-2023-32668 and
+    CVE-2023-32700 (bsc#1211389) VUL-0: TeXLive: Arbitrary code
+    execution in LuaTeX
+
 -------------------------------------------------------------------
 Fri May  5 07:02:45 UTC 2023 - Dr. Werner Fink <werner@suse.de>

--- a/texlive.spec
+++ b/texlive.spec
@ -19,7 +19,7 @@
 %define texlive_version  2023
 %define texlive_previous 2022
 %define texlive_release  20230311
-%define texlive_noarch   204
+%define texlive_noarch   208
 %define texlive_source   texlive-20230311-source
 %define biber_version    2.19

@ -272,6 +272,8 @@ Patch45:        biblatex-ms-missing.dif
 Patch47:        biber-perl-5.18.2.dif
 #
 Patch50:        luametatex.dif
+# PATCH-SECURITY: VUL-0: CVE-2023-32700: texlive: Arbitrary code execution in LuaTeX
+Patch51:        source-luatex.dif
 # PATCH-FIX-SUSE Let it build even without ls-R files around
 Patch62:        source-psutils-kpathsea.dif
 # Missed luajit fix for ppc/ppc64/ppc64le and riscv64
@ -4116,6 +4118,7 @@ pushd ../luametatex*
 %patch50 -p0 -b .unicode
 popd
 %endif
+%patch51
 %if %{with buildbiber}
 pushd ../biber-*/
 /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .