mirror of
git://slackware.nl/current.git
synced 2024-12-29 10:25:00 +01:00
73b668742a
patches/packages/curl-8.1.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/texlive-2023.230322-x86_64-1_slack15.0.txz: Upgraded.
This update patches a security issue:
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when
compiling a TeX file obtained from an untrusted source. This occurs
because luatex-core.lua lets the original io.popen be accessed. This also
affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
Thanks to Johannes Schoepfer.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32700
(* Security fix *)
18 lines
773 B
Text
18 lines
773 B
Text
The TeXLive Package Manager, i.e. tlmgr(1), is not shipped with this
|
|
TeXLive package, as it's not expected to work properly (if at all).
|
|
The general consensus from the TeXLive users mailing list is that
|
|
distributions should not be shipping tlpkg.
|
|
|
|
The *proper* way to upgrade the TeXLive Slackware package (or any
|
|
part of it) is through your Slackware's package manager. If you
|
|
elect to try tlmgr(1), and it doesn't work at all, or worse, it messes
|
|
up part of your TeXLive installation, too bad. On the other hand,
|
|
if you are able to document exactly what we need to do in order to
|
|
make it:
|
|
1) work
|
|
2) put updates and such in a user-specific directory, i.e.
|
|
*not* alter/replace system package contents
|
|
then we would love to hear from you. :-)
|
|
|
|
--rworkman :-)
|
|
|