texlive: remove mpost from s hell_escape_commands.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@18044 af4574ff-66df-0310-9fd7-8a98e5e911e0

general.ent

@@ -1,6 +1,6 @@
 <!-- $LastChangedBy$ $Date$ -->
 
-<!ENTITY day          "05">                   <!-- Always 2 digits -->
+<!ENTITY day          "07">                   <!-- Always 2 digits -->
 <!ENTITY month        "12">                   <!-- Always 2 digits -->
 <!ENTITY year         "2016">
 <!ENTITY copyrightdate "2001-&year;">

introduction/welcome/changelog.xml

@@ -43,6 +43,16 @@
     </listitem>
 -->
 
+    <listitem>
+      <para>December 7th, 2016</para>
+      <itemizedlist>
+        <listitem>
+          <para>[ken] - Remove mpost from texlive shell_escape_commands. Fixes
+          <ulink url="&blfs-ticket-root;8619">#8619</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
     <listitem>
       <para>December 5th, 2016</para>
       <itemizedlist>

pst/typesetting/texlive.xml

@@ -244,6 +244,13 @@ popd
 fmtutil-sys --all &&
 mtxrun --generate</userinput></screen>
 
+   <!-- December 2016, by TL2017 the problem might be fixed -->
+    <para>Now, or if returning here because you were advised, fix a new vulnerability.
+    As the <systemitem class="username">root</systemitem> user:</para>
+
+<screen role="root"><userinput>sed -i '/^mpost,/d' /opt/texlive/&texlive-year;/texmf-dist/web2c/texmf.cnf &amp;&amp;
+fmtutil-sys --all &amp;&amp;</userinput></screen>
+
     <para>You can now proceed to <xref linkend="asymptote"/>,
     <xref linkend="biber"/> and / or <xref linkend="xindy"/> if you
     wish to install them.</para>