mirror of
git://slackware.nl/current.git
synced 2024-12-29 10:25:00 +01:00
73b668742a
patches/packages/curl-8.1.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/texlive-2023.230322-x86_64-1_slack15.0.txz: Upgraded.
This update patches a security issue:
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when
compiling a TeX file obtained from an untrusted source. This occurs
because luatex-core.lua lets the original io.popen be accessed. This also
affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
Thanks to Johannes Schoepfer.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32700
(* Security fix *)
|
||
|---|---|---|
| .. | ||
| prep | ||
| doinst.sh | ||
| douninst.sh | ||
| dump.unused.internal.libraries.from.sources.sh | ||
| README.tlpkg | ||
| slack-desc | ||
| texlive-20230313-source-security_fix-1.patch | ||
| texlive.SlackBuild | ||
| texlive.unicode5.0.diff | ||
| texlive.url | ||
The TeXLive Package Manager, i.e. tlmgr(1), is not shipped with this
TeXLive package, as it's not expected to work properly (if at all).
The general consensus from the TeXLive users mailing list is that
distributions should not be shipping tlpkg.
The *proper* way to upgrade the TeXLive Slackware package (or any
part of it) is through your Slackware's package manager. If you
elect to try tlmgr(1), and it doesn't work at all, or worse, it messes
up part of your TeXLive installation, too bad. On the other hand,
if you are able to document exactly what we need to do in order to
make it:
1) work
2) put updates and such in a user-specific directory, i.e.
*not* alter/replace system package contents
then we would love to hear from you. :-)
--rworkman :-)