Hello community,
here is the log from the commit of package texlive-filesystem for
openSUSE:Factory checked in at 2020-03-25 23:42:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/texlive-filesystem (Old)
and /work/SRC/openSUSE:Factory/.texlive-filesystem.new.3160 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "texlive-filesystem"
Wed Mar 25 23:42:47 2020 rev:44 rq:787537 version:unknown
Changes:
--------
--- /work/SRC/openSUSE:Factory/texlive-filesystem/texlive-filesystem.changes
2020-02-22 18:57:18.129274836 +0100
+++
/work/SRC/openSUSE:Factory/.texlive-filesystem.new.3160/texlive-filesystem.changes
2020-03-25 23:43:06.379989871 +0100
@@ -1,0 +2,13 @@
+Mon Mar 23 16:18:13 UTC 2020 - Dr. Werner Fink <wer...@suse.de>
+
+- Add new configuration variable HAVE_MKTEX_MEMBERS to texlive
+ sysconfig file to control the behaviour of the cron job.
+- Change the cron job to clear data of other users which are
+ member of the group mktex
+
+-------------------------------------------------------------------
+Wed Mar 11 16:03:20 UTC 2020 - Dr. Werner Fink <wer...@suse.de>
+
+- Use CVE numbers
+
+-------------------------------------------------------------------
@@ -5 +18 @@
- use uid mktex for this (boo#1159740)
+ use uid mktex for this (boo#1159740, CVE-2020-8016)
@@ -16 +29 @@
- the files of this owner (boo#1159740)
+ the files of this owner (boo#1159740, CVE-2020-8016)
@@ -38 +51 @@
- to user nobody (bsc#1159740)
+ to user nobody (bsc#1159740, CVE-2020-8016)
@@ -40 +53 @@
- font cache directories (bsc#1158910)
+ font cache directories (bsc#1158910, CVE-2020-8017)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ texlive-filesystem.spec ++++++
--- /var/tmp/diff_new_pack.ocr9HI/_old 2020-03-25 23:43:11.775991637 +0100
+++ /var/tmp/diff_new_pack.ocr9HI/_new 2020-03-25 23:43:11.787991640 +0100
@@ -15305,13 +15305,13 @@
%{_texmfvardir}/fonts/dvips/ root:root 1755
%{_texmfvardir}/fonts/pdftex/ root:root 1755
%{_texmfcache}/ root:root 1755
- %{_fontcache}/ %{texusr}:%{texgrp} 1775
- %{_fontcache}/pk/ %{texusr}:%{texgrp} 1775
- %{_fontcache}/source/ %{texusr}:%{texgrp} 1775
- %{_fontcache}/tfm/ %{texusr}:%{texgrp} 1775
+ %{_fontcache}/ %{texusr}:%{texgrp} 3775
+ %{_fontcache}/pk/ %{texusr}:%{texgrp} 3775
+ %{_fontcache}/source/ %{texusr}:%{texgrp} 3775
+ %{_fontcache}/tfm/ %{texusr}:%{texgrp} 3775
EOF
(cat > %{buildroot}%{_sysconfdir}/permissions.d/texlive) <<-EOF
- %{_libexecdir}/mktex/public root:%{texgrp} 0755
+ %{_libexecdir}/mktex/public root:%{texgrp} 2755
%{_texmfconfdir}/ls-R root:%{texgrp} 0664
%{_fontcache}/ls-R %{texusr}:%{texgrp} 0664
%{_texmfvardir}/ls-R root:%{texgrp} 0664
@@ -15325,10 +15325,10 @@
%{_texmfvardir}/fonts/dvips/ root:root 1755
%{_texmfvardir}/fonts/pdftex/ root:root 1755
%{_texmfcache}/ root:root 1755
- %{_fontcache}/ %{texusr}:%{texgrp} 1775
- %{_fontcache}/pk/ %{texusr}:%{texgrp} 1775
- %{_fontcache}/source/ %{texusr}:%{texgrp} 1775
- %{_fontcache}/tfm/ %{texusr}:%{texgrp} 1775
+ %{_fontcache}/ %{texusr}:%{texgrp} 3775
+ %{_fontcache}/pk/ %{texusr}:%{texgrp} 3775
+ %{_fontcache}/source/ %{texusr}:%{texgrp} 3775
+ %{_fontcache}/tfm/ %{texusr}:%{texgrp} 3775
EOF
%if %{with zypper_posttrans}
@@ -15388,55 +15388,32 @@
%{_bindir}/getent group %{texgrp} > /dev/null 2>&1 || %{_sbindir}/groupadd -r
%{?texgid:-g %texgid} %{texgrp}
%{_bindir}/getent passwd %{texusr} > /dev/null 2>&1 || %{_sbindir}/useradd -r
%{?texuid:-u %texuid} -g %{texgrp} -d %{_fontcache} -s /bin/false %{texusr}
# the ls-R file on update
-error=0
for dir in %{_texmfconfdir} \
+ %{_fontcache} \
%{_texmfvardir} \
%{_texmfvardir}/dist \
%{_texmfvardir}/main
do
- test ! -h ${dir}/ls-R || rm -vf ${dir}/ls-R
- test -e ${dir}/ls-R || continue
- test "$(stat --format '%U:%G' ${dir}/ls-R)" != root:%{texgrp} || continue
- chown root:%{texgrp} ${dir}/ls-R || error=1
-done
-for dir in %{_fontcache}
-do
- test ! -h ${dir}/ls-R || rm -vf ${dir}/ls-R
- test -e ${dir}/ls-R || continue
- test "$(stat --format '%U:%G' ${dir}/ls-R)" != %{texusr}:%{texgrp} ||
continue
- chown %{texusr}:%{texgrp} ${dir}/ls-R || error=1
+ rm -f ${dir}/ls-R
done
-test $error = 0 || exit 1
%post
%fillup_only -n texlive
# the ls-R file (empty at package time)
error=0
+user=
for dir in %{_texmfconfdir} \
+ %{_fontcache} \
%{_texmfvardir} \
%{_texmfvardir}/dist \
%{_texmfvardir}/main
do
- test ! -e ${dir}/ls-R -o -h ${dir}/ls-R || continue
- tmp=$(setpriv --reuid root --regid mktex --init-groups mktemp
${dir}/ls-R.XXXXXX) || error=1
- test $error = 0 || continue
- setpriv --reuid root --regid mktex --init-groups mv ${tmp} ${dir}/ls-R ||
error=1
- test $error = 0 || continue
- chmod 0664 ${dir}/ls-R || error=1
- test $error = 0 || continue
- echo '%% ls-R -- filename database for kpathsea; do not change this line.'
> \
- ${dir}/ls-R
-done
-for dir in %{_fontcache}
-do
- test ! -e ${dir}/ls-R -o -h ${dir}/ls-R || continue
- tmp=$(setpriv --reuid mktex --regid mktex --init-groups mktemp
${dir}/ls-R.XXXXXX) || error=1
- test $error = 0 || continue
- setpriv --reuid mktex --regid mktex --init-groups mv ${tmp} ${dir}/ls-R ||
error=1
- test $error = 0 || continue
- chmod 0664 ${dir}/ls-R || error=1
- echo '%% ls-R -- filename database for kpathsea; do not change this line.'
> \
- ${dir}/ls-R
+ test "$dir" = %{_fontcache} && user=%{texusr} || user=root
+ setpriv --reuid $user --regid mktex --init-groups /bin/sh -ec "
+ tmp=\$(mktemp ${dir}/ls-R.XXXXXX)
+ chmod 0664 \${tmp}
+ echo '%% ls-R -- filename database for kpathsea; do not change this
line.' > \${tmp}
+ mv \${tmp} ${dir}/ls-R" || error=1
done
%if %{defined set_permissions}
%set_permissions %{_texmfconfdir}/ls-R
@@ -26892,10 +26869,10 @@
%dir %attr(1755,root,root) %{_texmfvardir}/web2c/tex
%dir %attr(1755,root,root) %{_texmfvardir}/web2c/xetex
%dir %attr(1755,root,root) %{_texmfcache}
-%dir %attr(1775,%{texusr},%{texgrp}) %verify(not mode) %{_fontcache}
-%dir %attr(1775,%{texusr},%{texgrp}) %verify(not mode) %{_fontcache}/pk
-%dir %attr(1775,%{texusr},%{texgrp}) %verify(not mode) %{_fontcache}/source
-%dir %attr(1775,%{texusr},%{texgrp}) %verify(not mode) %{_fontcache}/tfm
+%dir %attr(3775,%{texusr},%{texgrp}) %verify(not mode) %{_fontcache}
+%dir %attr(3775,%{texusr},%{texgrp}) %verify(not mode) %{_fontcache}/pk
+%dir %attr(3775,%{texusr},%{texgrp}) %verify(not mode) %{_fontcache}/source
+%dir %attr(3775,%{texusr},%{texgrp}) %verify(not mode) %{_fontcache}/tfm
%dir %{_texmfvardir}/md5
%verify(link) %{_texmfmaindir}/ls-R
%verify(link) %{_texmfdistdir}/ls-R
++++++ rc.config.texlive ++++++
--- /var/tmp/diff_new_pack.ocr9HI/_old 2020-03-25 23:43:11.915991682 +0100
+++ /var/tmp/diff_new_pack.ocr9HI/_new 2020-03-25 23:43:11.919991683 +0100
@@ -10,3 +10,16 @@
# will be cleared from fonts not used in the last 20 days.
#
CLEAR_TEXMF_FONTS="no"
+
+## Type: yesno
+## Default: no
+## Command:
+#
+# If above is set to yes and there are users which are member
+# of the group mktex then it might be that users have set an
+# umask which does not allow the user mktex to clear the cache
+# below /var/cache/fonts/. Setting HAVE_MKTEX_MEMBERS to "yes"
+# will allow the cron job to change the group mask hence allow
+# to clear older data.
+#
+HAVE_MKTEX_MEMBERS="no"
++++++ texlive.cron ++++++
--- /var/tmp/diff_new_pack.ocr9HI/_old 2020-03-25 23:43:12.587991902 +0100
+++ /var/tmp/diff_new_pack.ocr9HI/_new 2020-03-25 23:43:12.599991906 +0100
@@ -14,46 +14,63 @@
type -f -p setpriv >& /dev/null || exit 0
type -f -p sort >& /dev/null || exit 0
type -f -p rm >& /dev/null || exit 0
+type -f -p seq >& /dev/null || exit 0
+type -f -p getent >& /dev/null || exit 0
test -r /etc/sysconfig/texlive && . /etc/sysconfig/texlive
OLDIFS=$IFS; IFS=':;'
VARTEXFONTS="$(kpsewhich --expand-var '$VARTEXFONTS' 2> /dev/null)"
IFS=$OLDIFS
-uids=$(find $VARTEXFONTS/ \( -not -type d \) -printf '%U\n' | sort -u)
-
-if test "$CLEAR_TEXMF_FONTS" = "yes" -a -n "$VARTEXFONTS"
+if test -n "$VARTEXFONTS" -a "$HAVE_MKTEX_MEMBERS" = yes
then
- for uid in ${uids[@]}
+ IFS=:
+ users=($(getent group mktex))
+ IFS=$OLDIFS
+ typeset -i i
+ typeset -i u=${#users[*]}
+ let u--
+ for p in $VARTEXFONTS
do
- for p in $VARTEXFONTS
+ test -d $p || continue
+ for i in $(seq 3 $u)
do
- test -d $p/pk/ && find $p/pk/ \( -not -type d -and -atime
+20 -and -uid $uid \) -print0
- test -d $p/tfm/ && find $p/tfm/ \( -not -type d -and -atime
+60 -and -uid $uid \) -print0
- test -d $p/source/ && find $p/source/ \( -not -type d -and -atime
+60 -and -uid $uid \) -print0
- done > >(exec -a xargs xargs -r -L100 -0 -- setpriv --reuid $uid
--regid mktex --init-groups rm -f)
+ find -P $p \( \( -type f -and -not -type l \) -and -user
${users[$i]} \) -print0 | \
+ xargs -r -L100 -0 -- setpriv --reuid ${users[$i]} --regid mktex
--init-groups chmod g+rw
+ find -P $p \( \( -type d -and -not -type l \) -and -user
${users[$i]} \) -print0 | \
+ xargs -r -L100 -0 -- setpriv --reuid ${users[$i]} --regid mktex
--init-groups chmod g+rwsx
+ done
done
+ unset i u
+fi
+
+if test "$CLEAR_TEXMF_FONTS" = "yes" -a -n "$VARTEXFONTS"
+then
+ for p in $VARTEXFONTS
+ do
+ test -d $p/pk && find -P $p/pk \( -not -type d -and
-atime +20 \) -print0
+ test -d $p/tfm && find -P $p/tfm \( -not -type d -and
-atime +60 \) -print0
+ test -d $p/source && find -P $p/source \( -not -type d -and
-atime +60 \) -print0
+ done > >(exec -a xargs xargs -r -L100 -0 -- setpriv --reuid mktex --regid
mktex --init-groups rm -f)
fi
if test -n "$VARTEXFONTS"
then
- for uid in ${uids[@]}
+ for p in $VARTEXFONTS
do
- for p in $VARTEXFONTS
- do
- test -d $p/pk/ && find $p/pk/ \( -not -type d -and -not
-name '*.*pk' -uid $uid \) -print0
- test -d $p/tfm/ && find $p/tfm/ \( -not -type d -and -not
-name '*.tfm' -uid $uid \) -print0
- test -d $p/source/ && find $p/source/ \( -not -type d -and -not
-name '*.mf' -uid $uid \) -print0
- test -d $p/ && find $p/ \( -not -type d -and -path
'*/[^[:alnum:]]*' -uid $uid \) -print0
- done > >(exec -a xargs xargs -r -L100 -0 -- setpriv --reuid $uid
--regid mktex --init-groups rm -vf)
- for p in $VARTEXFONTS
- do
- test -d $p/ && find $p/ -depth \( -type d -and -path
'*/[^[:alnum:]]*' -and -uid $uid \) -print0
- done > >(exec -a xargs xargs -r -L100 -0 -- setpriv --reuid $uid
--regid mktex --init-groups rm -vfr)
- done
+ test -d $p/pk && find -P $p/pk \( -not -type d -and
-not -name '*.*pk' \) -print0
+ test -d $p/tfm && find -P $p/tfm \( -not -type d -and
-not -name '*.tfm' \) -print0
+ test -d $p/source && find -P $p/source \( -not -type d -and
-not -name '*.mf' \) -print0
+ test -d $p && find -P $p \( -not -type d -and
-path '*/[^[:alnum:]]*' \) -print0
+ done > >(exec -a xargs xargs -r -L100 -0 -- setpriv --reuid mktex --regid
mktex --init-groups rm -vf)
+ for p in $VARTEXFONTS
+ do
+ test -d $p && find -P $p -depth \( -type d -and -path '*/[^[:alnum:]]*'
\) -print0
+ done > >(exec -a xargs xargs -r -L100 -0 -- setpriv --reuid mktex --regid
mktex --init-groups rm -vfr)
fi
#
# Update the ls-R's
+# Note that this is done as user mktex
#
mktexlsr > /dev/null
++++++ update.texlive ++++++
--- /var/tmp/diff_new_pack.ocr9HI/_old 2020-03-25 23:43:13.039992050 +0100
+++ /var/tmp/diff_new_pack.ocr9HI/_new 2020-03-25 23:43:13.063992058 +0100
@@ -56,7 +56,7 @@
#
# Sanity check
#
-size=$(find /etc/texmf/ls-R -follow -printf '%s')
+size=$(find /etc/texmf/ls-R -follow -printf '%s' || echo 0)
test $size -lt 80 && > /var/run/texlive/run-mktexlsr
rotator ()
