diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-05-25 00:24:33 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-05-25 13:30:31 +0200 |
commit | 73b668742a86c06c84cde2da658b5135367d23fe (patch) | |
tree | ff414f05e1499907a1970b1f062918ab73b7f4ef /patches/source/texlive/README.tlpkg | |
parent | 8e0b115ff3be360a6e31635f57629008062a66f3 (diff) | |
download | current-73b668742a86c06c84cde2da658b5135367d23fe.tar.gz current-73b668742a86c06c84cde2da658b5135367d23fe.tar.xz |
Thu May 25 00:24:33 UTC 202320230525002433_15.0
patches/packages/curl-8.1.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/texlive-2023.230322-x86_64-1_slack15.0.txz: Upgraded.
This update patches a security issue:
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when
compiling a TeX file obtained from an untrusted source. This occurs
because luatex-core.lua lets the original io.popen be accessed. This also
affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
Thanks to Johannes Schoepfer.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32700
(* Security fix *)
Diffstat (limited to 'patches/source/texlive/README.tlpkg')
-rw-r--r-- | patches/source/texlive/README.tlpkg | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/patches/source/texlive/README.tlpkg b/patches/source/texlive/README.tlpkg new file mode 100644 index 000000000..35c25dd25 --- /dev/null +++ b/patches/source/texlive/README.tlpkg @@ -0,0 +1,18 @@ +The TeXLive Package Manager, i.e. tlmgr(1), is not shipped with this +TeXLive package, as it's not expected to work properly (if at all). +The general consensus from the TeXLive users mailing list is that +distributions should not be shipping tlpkg. + +The *proper* way to upgrade the TeXLive Slackware package (or any +part of it) is through your Slackware's package manager. If you +elect to try tlmgr(1), and it doesn't work at all, or worse, it messes +up part of your TeXLive installation, too bad. On the other hand, +if you are able to document exactly what we need to do in order to +make it: + 1) work + 2) put updates and such in a user-specific directory, i.e. + *not* alter/replace system package contents +then we would love to hear from you. :-) + +--rworkman :-) + |