Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package texlive for openSUSE:Factory checked in at 2023-05-16 14:15:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/texlive (Old) and /work/SRC/openSUSE:Factory/.texlive.new.1533 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "texlive" Tue May 16 14:15:58 2023 rev:87 rq:1087241 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/texlive/texlive.changes 2023-05-06 22:08:35.116514183 +0200 +++ /work/SRC/openSUSE:Factory/.texlive.new.1533/texlive.changes 2023-05-16 14:27:07.555638874 +0200 @@ -1,0 +2,8 @@ +Mon May 15 12:31:32 UTC 2023 - Dr. Werner Fink <[email protected]> + +- Add patch source-luatex.dif + * Update to luatex 1.17.0 with the fixes for CVE-2023-32668 and + CVE-2023-32700 (bsc#1211389) VUL-0: TeXLive: Arbitrary code + execution in LuaTeX + +------------------------------------------------------------------- New: ---- source-luatex.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ texlive.spec ++++++ --- /var/tmp/diff_new_pack.E8ZX31/_old 2023-05-16 14:27:08.723645554 +0200 +++ /var/tmp/diff_new_pack.E8ZX31/_new 2023-05-16 14:27:08.727645576 +0200 @@ -19,7 +19,7 @@ %define texlive_version 2023 %define texlive_previous 2022 %define texlive_release 20230311 -%define texlive_noarch 204 +%define texlive_noarch 208 %define texlive_source texlive-20230311-source %define biber_version 2.19 @@ -272,6 +272,8 @@ Patch47: biber-perl-5.18.2.dif # Patch50: luametatex.dif +# PATCH-SECURITY: VUL-0: CVE-2023-32700: texlive: Arbitrary code execution in LuaTeX +Patch51: source-luatex.dif # PATCH-FIX-SUSE Let it build even without ls-R files around Patch62: source-psutils-kpathsea.dif # Missed luajit fix for ppc/ppc64/ppc64le and riscv64 @@ -4116,6 +4118,7 @@ %patch50 -p0 -b .unicode popd %endif +%patch51 %if %{with buildbiber} pushd ../biber-*/ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . ++++++ source-luatex.dif ++++++ ++++ 1880 lines (skipped)
