From 73b668742a86c06c84cde2da658b5135367d23fe Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Thu, 25 May 2023 00:24:33 +0000
Subject: Thu May 25 00:24:33 UTC 2023

patches/packages/curl-8.1.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/texlive-2023.230322-x86_64-1_slack15.0.txz:  Upgraded.
  This update patches a security issue:
  LuaTeX before 1.17.0 allows execution of arbitrary shell commands when
  compiling a TeX file obtained from an untrusted source. This occurs
  because luatex-core.lua lets the original io.popen be accessed. This also
  affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
  Thanks to Johannes Schoepfer.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-32700
  (* Security fix *)
---
 patches/source/texlive/douninst.sh | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 patches/source/texlive/douninst.sh

(limited to 'patches/source/texlive/douninst.sh')

diff --git a/patches/source/texlive/douninst.sh b/patches/source/texlive/douninst.sh
new file mode 100644
index 000000000..27d51c4ae
--- /dev/null
+++ b/patches/source/texlive/douninst.sh
@@ -0,0 +1,4 @@
+# Remove directories/data generated by doinst.sh
+rm -rf usr/share/texmf-config
+rm -rf usr/share/texmf-local
+rm -rf usr/share/texmf-var
-- 
cgit v1.2.3-65-gdbad