gnu: texlive: Fix CVE-2016-10243.

* gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/tex.scm (texlive-texmf-src): Use it.

gnu/local.mk

@@ -930,6 +930,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/tcsh-fix-autotest.patch			\
   %D%/packages/patches/tcsh-fix-out-of-bounds-read.patch	\
   %D%/packages/patches/teensy-loader-cli-help.patch		\
+  %D%/packages/patches/texlive-texmf-CVE-2016-10243.patch	\
   %D%/packages/patches/texi2html-document-encoding.patch	\
   %D%/packages/patches/texi2html-i18n.patch			\
   %D%/packages/patches/tidy-CVE-2015-5522+5523.patch		\

gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch

@@ -0,0 +1,18 @@
+Fix CVE-2016-10243:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10243
+
+Patch adapted from upstream commit:
+
+https://www.tug.org/svn/texlive?view=revision&revision=42605
+
+--- trunk/Master/texmf-dist/web2c/texmf.cnf	2016/11/29 23:10:33	42604
++++ trunk/Master/texmf-dist/web2c/texmf.cnf	2016/11/29 23:27:53	42605
+@@ -568,7 +568,6 @@ extractbb,\
+ gregorio,\
+ kpsewhich,\
+ makeindex,\
+-mpost,\
+ repstopdf,\
+ 
+ % we'd like to allow:

gnu/packages/tex.scm

@@ -72,6 +72,8 @@
   (origin
     (method url-fetch)
     (uri "ftp://tug.org/historic/systems/texlive/2016/texlive-20160523b-texmf.tar.xz")
+    (patches (search-patches "texlive-texmf-CVE-2016-10243.patch"))
+    (patch-flags '("-p2"))
     (sha256 (base32
               "1dv8vgfzpczqw82hv9g7a8djhhyzywljmrarlcyy6g2qi5q51glr"))))