Hello community, here is the log from the commit of package texlive for openSUSE:Leap:15.2 checked in at 2020-03-20 05:52:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/texlive (Old) and /work/SRC/openSUSE:Leap:15.2/.texlive.new.3160 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "texlive" Fri Mar 20 05:52:17 2020 rev:50 rq:781745 version:unknown Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/texlive/texlive.changes 2020-01-15 16:06:41.608029544 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.texlive.new.3160/texlive.changes 2020-03-20 05:52:23.080042631 +0100 @@ -1,0 +2,15 @@ +Thu Feb 20 06:21:10 UTC 2020 - Dr. Werner Fink <wer...@suse.de> + +- Switch also to user mktex in fmtutil script (boo#1159740, CVE-2020-8016) + +------------------------------------------------------------------- +Wed Feb 5 06:56:24 UTC 2020 - Dr. Werner Fink <wer...@suse.de> + +- Check passwd not group file for user mktex + +------------------------------------------------------------------- +Fri Jan 31 12:32:25 UTC 2020 - Dr. Werner Fink <wer...@suse.de> + +- Introduce a user mktex as replacement for user nobody (boo#1159740, CVE-2020-8016) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ texlive.spec ++++++ --- /var/tmp/diff_new_pack.6q72t0/_old 2020-03-20 05:52:26.160044683 +0100 +++ /var/tmp/diff_new_pack.6q72t0/_new 2020-03-20 05:52:26.164044685 +0100 @@ -304,7 +304,9 @@ %define _appdefdir %{_x11data}/app-defaults # %define texgrp mktex +%define texusr mktex #%define texgid 505 +#%define texuid 505 # %description After installing texlive and the package texlive-latex, find a large @@ -3648,7 +3650,7 @@ # compile public mkdir -p ${prefix}/lib/mktex - $CC ${RPM_OPT_FLAGS} -DTEXGRP='"%{texgrp}"' -DMKTEX='"%{_libexecdir}/mktex"' -fPIE -pie -o ${prefix}/lib/mktex/public %{S:50} + $CC ${RPM_OPT_FLAGS} -DTEXGRP='"%{texgrp}"' -DTEXUSR='"%{texusr}"' -DMKTEX='"%{_libexecdir}/mktex"' -fPIE -pie -o ${prefix}/lib/mktex/public %{S:50} # install our own scripts mkdir -p ${prefix}/bin @@ -3969,8 +3971,14 @@ %endif %pre kpathsea-bin -if test "$1" = 1 -a -z "$(%{_bindir}/getent group %{texgrp} 2>/dev/null)"; then +if test "$1" = 1 +then + if test -z "$(%{_bindir}/getent group %{texgrp} 2>/dev/null)"; then %{_sbindir}/groupadd -r %{?texgid:-g %texgid} %{texgrp} + fi + if test -z "$(%{_bindir}/getent passwd %{texusr} 2>/dev/null)"; then + %{_sbindir}/useradd -r %{?texuid:-u %texuid} -g %{texgrp} -d %{_fontcache} -s /bin/false %{texusr} + fi fi %post kpathsea-bin @@ -3978,6 +3986,17 @@ %set_permissions %{_libexecdir}/mktex/public %endif +%pre +if test "$1" = 1 +then + if test -z "$(%{_bindir}/getent group %{texgrp} 2>/dev/null)"; then + %{_sbindir}/groupadd -r %{?texgid:-g %texgid} %{texgrp} + fi + if test -z "$(%{_bindir}/getent passwd %{texusr} 2>/dev/null)"; then + %{_sbindir}/useradd -r %{?texuid:-u %texuid} -g %{texgrp} -d %{_fontcache} -s /bin/false %{texusr} + fi +fi + %post mkdir -p /var/run/texlive > /var/run/texlive/run-mktexlsr ++++++ public.8 ++++++ --- /var/tmp/diff_new_pack.6q72t0/_old 2020-03-20 05:52:26.224044726 +0100 +++ /var/tmp/diff_new_pack.6q72t0/_new 2020-03-20 05:52:26.228044728 +0100 @@ -17,9 +17,9 @@ .\" .TH NOBODY 8 "Apr 27, 2012" "" "Linux System Administrator's Manual" .SH NAME -public \- for user root run specific TeX programs as user \fInobody\fP +public \- for user root run specific TeX programs as user \fImktex\fP .br -public \- for all users run specific TeX programs as group \fIpublic\fP +public \- for all users run specific TeX programs as group \fImktex\fP .SH SYNOPSIS .B public .RB \->\ [ texhash | mktexlsr | mktexmf | mktexpk | mktextfm ] ++++++ public.c ++++++ --- /var/tmp/diff_new_pack.6q72t0/_old 2020-03-20 05:52:26.248044741 +0100 +++ /var/tmp/diff_new_pack.6q72t0/_new 2020-03-20 05:52:26.248044741 +0100 @@ -1,5 +1,5 @@ /* - * Public For user root run a specific program as user nobody + * Public For user root run a specific program as user mktex * for user root and others use group public and umask 0002 * * Usage: public -> [texhash|mktexlsr|mktexmf|mktexpk|mktextfm] @@ -36,7 +36,10 @@ #include <sys/stat.h> #ifndef TEXGRP -# define TEXGRP "public" +# define TEXGRP "mktex" +#endif +#ifndef TEXUSR +# define TEXUSR "mktex" #endif #ifndef MKTEX # define "/usr/lib/mktex" @@ -122,10 +125,10 @@ if ((grp = getgrnam(TEXGRP)) == (struct group*)0) goto err; - if (ruid == 0 || euid == 0) { /* If user is root switch over to nobody:public */ + if (ruid == 0 || euid == 0) { /* If user is root switch over to mktex:mktex */ int initgrp = 0; - if ((pwd = getpwnam("nobody")) == (struct passwd*)0) + if ((pwd = getpwnam(TEXUSR)) == (struct passwd*)0) goto err; if (ruid != pwd->pw_uid) ++++++ source.dif ++++++ --- /var/tmp/diff_new_pack.6q72t0/_old 2020-03-20 05:52:26.292044771 +0100 +++ /var/tmp/diff_new_pack.6q72t0/_new 2020-03-20 05:52:26.296044773 +0100 @@ -854,7 +854,7 @@ } else { + my ($uid, $gid); $tmpdir = File::Temp::tempdir(CLEANUP => 1); -+ if ($> == 0 && ($uid=getpwnam("nobody")) && ($gid=getgrnam("mktex"))) { ++ if ($> == 0 && ($uid=getpwnam("mktex")) && ($gid=getgrnam("mktex"))) { + my $cnt = chown $uid, $gid, $tmpdir; + die "could not create directory $tmpdir" if $cnt <= 0; + $cnt = chmod 0770, $tmpdir;