Hello community,
here is the log from the commit of package texlive for openSUSE:Leap:15.2
checked in at 2020-03-20 05:52:17
Comparing /work/SRC/openSUSE:Leap:15.2/texlive (Old)
and /work/SRC/openSUSE:Leap:15.2/.texlive.new.3160 (New)
Package is "texlive"
Fri Mar 20 05:52:17 2020 rev:50 rq:781745 version:unknown
Changes:
--- /work/SRC/openSUSE:Leap:15.2/texlive/texlive.changes2020-01-15
16:06:41.608029544 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.texlive.new.3160/texlive.changes
2020-03-20 05:52:23.080042631 +0100
@@ -1,0 +2,15 @@
+Thu Feb 20 06:21:10 UTC 2020 - Dr. Werner Fink
+
+- Switch also to user mktex in fmtutil script (boo#1159740, CVE-2020-8016)
+
+---
+Wed Feb 5 06:56:24 UTC 2020 - Dr. Werner Fink
+
+- Check passwd not group file for user mktex
+
+---
+Fri Jan 31 12:32:25 UTC 2020 - Dr. Werner Fink
+
+- Introduce a user mktex as replacement for user nobody (boo#1159740,
CVE-2020-8016)
+
+---
Other differences:
--
++ texlive.spec ++
--- /var/tmp/diff_new_pack.6q72t0/_old 2020-03-20 05:52:26.160044683 +0100
+++ /var/tmp/diff_new_pack.6q72t0/_new 2020-03-20 05:52:26.164044685 +0100
@@ -304,7 +304,9 @@
%define _appdefdir %{_x11data}/app-defaults
#
%define texgrp mktex
+%define texusr mktex
#%define texgid505
+#%define texuid505
#
%description
After installing texlive and the package texlive-latex, find a large
@@ -3648,7 +3650,7 @@
# compile public
mkdir -p ${prefix}/lib/mktex
-$CC ${RPM_OPT_FLAGS} -DTEXGRP='"%{texgrp}"'
-DMKTEX='"%{_libexecdir}/mktex"' -fPIE -pie -o ${prefix}/lib/mktex/public
%{S:50}
+$CC ${RPM_OPT_FLAGS} -DTEXGRP='"%{texgrp}"' -DTEXUSR='"%{texusr}"'
-DMKTEX='"%{_libexecdir}/mktex"' -fPIE -pie -o ${prefix}/lib/mktex/public
%{S:50}
# install our own scripts
mkdir -p ${prefix}/bin
@@ -3969,8 +3971,14 @@
%endif
%pre kpathsea-bin
-if test "$1" = 1 -a -z "$(%{_bindir}/getent group %{texgrp} 2>/dev/null)"; then
+if test "$1" = 1
+then
+if test -z "$(%{_bindir}/getent group %{texgrp} 2>/dev/null)"; then
%{_sbindir}/groupadd -r %{?texgid:-g %texgid} %{texgrp}
+fi
+if test -z "$(%{_bindir}/getent passwd %{texusr} 2>/dev/null)"; then
+ %{_sbindir}/useradd -r %{?texuid:-u %texuid} -g %{texgrp} -d
%{_fontcache} -s /bin/false %{texusr}
+fi
fi
%post kpathsea-bin
@@ -3978,6 +3986,17 @@
%set_permissions %{_libexecdir}/mktex/public
%endif
+%pre
+if test "$1" = 1
+then
+if test -z "$(%{_bindir}/getent group %{texgrp} 2>/dev/null)"; then
+ %{_sbindir}/groupadd -r %{?texgid:-g %texgid} %{texgrp}
+fi
+if test -z "$(%{_bindir}/getent passwd %{texusr} 2>/dev/null)"; then
+ %{_sbindir}/useradd -r %{?texuid:-u %texuid} -g %{texgrp} -d
%{_fontcache} -s /bin/false %{texusr}
+fi
+fi
+
%post
mkdir -p /var/run/texlive
> /var/run/texlive/run-mktexlsr
++ public.8 ++
--- /var/tmp/diff_new_pack.6q72t0/_old 2020-03-20 05:52:26.224044726 +0100
+++ /var/tmp/diff_new_pack.6q72t0/_new 2020-03-20 05:52:26.228044728 +0100
@@ -17,9 +17,9 @@
.\"
.TH NOBODY 8 "Apr 27, 2012" "" "Linux System Administrator's Manual"
.SH NAME
-public \- for user root run specific TeX programs as user \fInobody\fP
+public \- for user root run specific TeX programs as user \fImktex\fP
.br
-public \- for all users run specific TeX programs as group \fIpublic\fP
+public \- for all users run specific TeX programs as group \fImktex\fP
.SH SYNOPSIS
.B public
.RB \->\ [ texhash | mktexlsr | mktexmf | mktexpk | mktextfm ]
++ public.c ++
--- /var/tmp/diff_new_pack.6q72t0/_old 2020-03-20 05:52:26.248044741 +0100
+++ /var/tmp/diff_new_pack.6q72t0/_new 2020-03-20 05:52:26.248044741 +0100
@@ -1,5 +1,5 @@
/*
- * Public For user root run a specific program as user nobody
+ * Public For user root run a specific program as user mktex
* for user root and others use group public and umask 0002
*
* Usage: public -> [texhash|mktexlsr|mktexmf|mktexpk|mktextfm]
@@ -36,7 +36,10 @@
#include
#ifndef TEXGRP
-# define TEXGRP "public"
+# define TEXGRP "mktex"
+#endif
+#ifndef TEXUSR
+# define TEXUSR "mktex"
#endif
#ifndef MKTEX
# define "/usr/lib/mktex"
@@ -122,10 +125,10 @@
if ((grp = getgrnam(TEXGRP)) == (struct group*)0)
goto err;
-if (ruid == 0 || euid == 0) { /* If user is root switch over to
nobody:public */
+if (ruid == 0 || euid == 0) { /* If user is root switch over to
mktex:mktex */
int initgrp = 0;
- if ((pwd = getpwn