boo#1212006: update operates unsafely on /var/cache/texmf/fonts/ls-R

OBS-URL: https://build.opensuse.org/package/show/Publishing:TeXLive/texlive-filesystem?expand=0&rev=172

texlive-filesystem.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Jun  5 11:12:19 UTC 2023 - Dr. Werner Fink <werner@suse.de>
+
+- For creation of ls-R after transactional update used secure
+  way via setpriv(8) (boo#1212006) 
+
 -------------------------------------------------------------------
 Thu May 25 10:58:46 UTC 2023 - Dr. Werner Fink <werner@suse.de>
 

update.texlive

@@ -46,16 +46,18 @@ if test -n "$1" -a "$1" = force; then
 	useradd -U -d /var/cache/texmf/fonts -c "System user for mktex" -s "/usr/sbin/nologin" mktex
     fi
     test -e /var/cache/texmf/fonts/ls-R || {
-	echo '% ls-R -- filename database for kpathsea; do not change this line.' > /var/cache/texmf/fonts/ls-R
-	chmod 0664 /var/cache/texmf/fonts/ls-R
-	chown mktex:mktex /var/cache/texmf/fonts/ls-R
+	setpriv --reuid mktex --regid mktex --init-groups bash -c \
+	    "umask 0002
+	     set -C
+	     echo '% ls-R -- filename database for kpathsea; do not change this line.' > /var/cache/texmf/fonts/ls-R"
     }
     for lsr in /var/lib/texmf/ls-R /var/lib/texmf/dist/ls-R /var/lib/texmf/main/ls-R
     do
 	test -e $lsr && continue
-	echo '% ls-R -- filename database for kpathsea; do not change this line.' > $lsr
-	chmod 0664 $lsr
-	chgrp mktex $lsr
+	setpriv --ruid root --regid mktex --init-groups bash -c \
+	    "umask 0002
+	     set -C
+	     echo '% ls-R -- filename database for kpathsea; do not change this line.' > $lsr"
     done
 fi