swendel/nixpkgs
1
0
Fork 0
mirror of https://github.com/SebastianWendel/nixpkgs.git synced 2024-09-20 20:39:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #233000 from apfelkuchen6/luatex-fix-shell-escape

Browse source 
texlive.bin.core-big: fix CVE-2023-32700
This commit is contained in:
Dmitry Kalinkin 2023-05-20 15:13:16 -04:00 committed by GitHub
parent b0a993e6ba 23cf0d4b69
commit 868aa79d72
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
pkgs/tools/typesetting/tex/texlive/bin.nix
View file

@ -202,6 +202,14 @@ core-big = stdenv.mkDerivation { #TODO: upmendex
url = "https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=1009196;filename=reproducible_exception_strings.patch;msg=5";
sha256 = "sha256-RNZoEeTcWnrLaltcYrhNIORh42fFdwMzBfxMRWVurbk=";
})
# fixes a security-issue in luatex that allows arbitrary code execution even with shell-escape disabled, see https://tug.org/~mseven/luatex.html
(fetchpatch {
name = "CVE-2023-32700.patch";
url = "https://tug.org/~mseven/luatex-files/2022/patch";
hash = "sha256-o9ENLc1ZIIOMX6MdwpBIgrR/Jdw6tYLmAyzW8i/FUbY=";
excludes = [ "build.sh" ];
stripLen = 1;
})
];
hardeningDisable = [ "format" ];