Control: tag -1 - moreinfo > On Fri, Oct 18, 2024 at 11:14:34PM +0200, Hilmar Preusse wrote:
Hello Jonathan,
Thanks for response!
> > diff -Nru texlive-bin-2022.20220321.62855/debian/changelog
> > texlive-bin-2022.20220321.62855/debian/changelog
> > --- texlive-bin-2022.20220321.62855/debian/changelog 2023-06-27
> > 22:07:12.000000000 +0200
> > +++ texlive-bin-2022.20220321.62855/debian/changelog 2024-10-11
> > 22:47:45.000000000 +0200
> > @@ -1,3 +1,11 @@
> > +texlive-bin (2022.20220321.62855-5.1+deb12u2) bookworm; urgency=medium
> > +
> > + * Add patches from upstream for "luatex loses or changes text when
> > + discretionaries with priorities are used" (Closes: #1041441).
>
> Is that bug metadata wrong, or is the bug unfixed in unstable? That's a
> pre-requisite.
>
The bug is fixed in unstable. That #1041441 is just a clone of the
original bug: #1018206, which has been solved in 2023.20230311.66589-1.
> > + * Add patch for CVE-2024-25262.
>
> If you end up needing to do a revised upload for any reason, please expand
> this description of what the CVE actually is.
>
I would copy the "description" from [1] into the patch. Would this be
OK?
> > +diff --git a/source/texk/web2c/luatexdir/lang/texlang.c
> > b/source/texk/web2c/luatexdir/lang/texlang.c
> > +index f9e53bbba..a0d067251 100644
> > +--- a/texk/web2c/luatexdir/lang/texlang.c
> > ++++ b/texk/web2c/luatexdir/lang/texlang.c
> > +@@ -705,6 +705,7 @@ static void do_exception(halfword wordstart, halfword
> > r, char *replacement)
> > + /*tex check if we have two exceptions in a row */
> > + if (uword[i + 1] == '{') {
> > + i--;
> > ++t = alink(t);
> > + }
> > + } else {
> > + t = vlink(t);
>
> Is this indented as you intended?
>
This is how it has been done by upstream, see [2] line 705.
Hilmar
[1] https://nvd.nist.gov/vuln/detail/CVE-2024-25262
[2]
https://github.com/TeX-Live/texlive-source/blob/trunk/texk/web2c/luatexdir/lang/texlang.c
signature.asc
Description: PGP signature
