Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!

Full Text Bug Listing

This bug submission has been resquested by Thierry Carrez in bug #114428.

CAN-2005-319{1|2|3} affect tetex since xpdf code is included in tetex-src tarball.

I've checked tetex-src-3.0/xpdf/xpdf/Stream.cc from tetex-src-3.0.tar.gz and
verified that patch ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch has not
been applied.

Moreover Fedora has already issued an 2 updates :
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html


Reproducible: Always
Steps to Reproduce:

Ccing maintainers so that they know about it.
For now just waiting, more issues coming up.

Further Xpdf issues. See bug #117481 for details.

See patch on bug 117481

Madrive released their fixed version.

text-markup any news on this one?

I'll include patch on bug 117481 with tetex-3.0_p1-r1, which should hopefully
happen very soon (I still have an unsolved issue about which file generates
which during a tetex build, so patch in bug 98029 can be applied correctly).

If it's still delayed, poke me again and I'll do a special revision just for
this.


Thanks, and sorry for the delay

tetex-3.0_p1-r1 has just been commited and it includes the fixes from bug
#117481, though the patch was not directly applied as upstream had already
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch in the tarball of 3.0_p1.

Reopening: tetex-3 is not stable so we need a fix for tetex-2.

Done in tetex-2.0.2-r8 (which uses xpdf2 code). 
Please stabilize.

dear arches, please test and mark tetex-2.0.2-r8 stable

dear security, sparc stable!

Stable on hppa

ppc stable

stable on ppc64

amd64 stable

stable on x86, horray for latex :)

Are the tetex tests working fine?

Failed on alpha. Any other way of proper testing?

----------------------------------------------------------
make[2]: Entering directory
`/var/tmp/portage/tetex-2.0.2-r8/work/tetex-src-2.0.2/texk/web2c'
test -f tests/exampl.aux || \
  cp ./tests/exampl.aux tests/exampl.aux
TEXMFCNF=../kpathsea/texmf.cnf BSTINPUTS=./tests ./bibtex tests/exampl
This is BibTeX, Version 0.99c (Web2C 7.4.5)
The top-level auxiliary file: tests/exampl.aux
I couldn't open database file xampl.bib
---line 1 of file tests/exampl.aux
 : \bibdata{xampl
 :               }
I'm skipping whatever remains of this command
The style file: apalike.bst
I found no database files---while reading file tests/exampl.aux
Warning--I didn't find a database entry for "whole-journal"
Warning--I didn't find a database entry for "whole-set"
Warning--I didn't find a database entry for "whole-collection"
Warning--I didn't find a database entry for "whole-proceedings"
Warning--I didn't find a database entry for "book-full"
(There were 2 error messages)
make[2]: *** [bibtex-check] Error 2
make[2]: Leaving directory
`/var/tmp/portage/tetex-2.0.2-r8/work/tetex-src-2.0.2/texk/web2c'
make[1]: *** [check] Error 1
make[1]: Leaving directory
`/var/tmp/portage/tetex-2.0.2-r8/work/tetex-src-2.0.2/texk'
make: *** [check] Error 2
----------------------------------------------------------

text-markup please advise.

Back to ebuild wating to apply fix from bug #120985

nattfodd, could you do your magic again ?

Is there some way I can access an alpha box with emerge capabilities?

The alpha herd is probably your friend in such a quest...

@jaervosz: I just check the source of tetex-2.0.2-r8 and the incriminated file
from bug 120985 isn't there (tetex only uses part of xpdf source code, not the
whole application).

@yoswink: I tested tetex-2.0.2-r8 on an alpha box (thanks to the alpha herd)
and it worked fine. Can you tell me if you have the file
tetex-src-2.0.2/texmf/bibtex/bib/base/xampl.bib? Maybe we should move this
elsewhere, as it doesn't seem to be related at all to xpdf patches or security
matters.

Ready for GLSA then.

I fear app-text/cstetex app-text/ptex are affected as well... Maintainer herds,
care to comment ?

I'm almost done with cstetex, which uses the tetex base code, so it's just a
matter of adding the extra patch. Just checking it compiles fine and I'll
commit it as 2.0.2-r2. It will need stabilization for x86 and amd64 though.

I'll have a look at ptex after that, too.

I ended up porting most of the recent tetex patches to both of these packages.
Anyway, cstetex-2.0.2-r2 and ptex-3.1.5-r1 have now the required fixes. 
They should be stabilized but I didn't know if I should ask for it myself or
let you do it, so I didn't added the arch teams to Cc.

arches please test and mark cstetex-2.0.2-r2 and ptex-3.1.5-r1 stable

cstetex-2.0.2-r2 has no ppc-macos keywords, so not marcked.
ptex-3.1.5-r1 ppc-macos stable

x86 stable

ptex-3.1.5-r1 stable on ppc64. cstetex never got ppc64 keyword

ptex sparc stable (and no cstetex for us).

ptex stable, no stable cstetex for ppc.

ptex stable on hppa. No cstetex for us.

tetex missing ppc-macos and mips [non-blocking]
ptex still missing alpha and amd64 [blocking] + ia64
cstex missing amd64 [blocking]

make test fails for ptex on amd64, seems like the bug mentioned in comment 17,
but i only had a very quick glance at it:

make[2]: Entering directory
`/var/tmp/portage/ptex-3.1.5-r1/work/tetex-src-2.0.2/texk/web2c'
test -f tests/exampl.aux || \
  cp ./tests/exampl.aux tests/exampl.aux
TEXMFCNF=../kpathsea/texmf.cnf BSTINPUTS=./tests ./bibtex tests/exampl
This is BibTeX, Version 0.99c (Web2C 7.4.5)
The top-level auxiliary file: tests/exampl.aux
I couldn't open database file xampl.bib
---line 1 of file tests/exampl.aux
 : \bibdata{xampl
 :               }
I'm skipping whatever remains of this command
The style file: apalike.bst
I found no database files---while reading file tests/exampl.aux
Warning--I didn't find a database entry for "whole-journal"
Warning--I didn't find a database entry for "whole-set"
Warning--I didn't find a database entry for "whole-collection"
Warning--I didn't find a database entry for "whole-proceedings"
Warning--I didn't find a database entry for "book-full"
(There were 2 error messages)
make[2]: *** [bibtex-check] Error 2
make[2]: Leaving directory
`/var/tmp/portage/ptex-3.1.5-r1/work/tetex-src-2.0.2/texk/web2c'
make[1]: *** [check] Error 1
make[1]: Leaving directory
`/var/tmp/portage/ptex-3.1.5-r1/work/tetex-src-2.0.2/texk'
make: *** [check] Error 2

!!! ERROR: app-text/ptex-3.1.5-r1 failed.
!!! Function src_test, Line 592, Exitcode 0
!!! Make check failed. See above for details.

(In reply to comment #36)
> make test fails for ptex on amd64, seems like the bug mentioned in comment 17,
> but i only had a very quick glance at it:

Could you please answer to the question in comment #23? I still fail to see why
this is happening...

Sure:

# file
/var/tmp/portage/ptex-3.1.5-r1/work/tetex-src-2.0.2/texmf/bibtex/bib/base/xampl.bib
/var/tmp/portage/ptex-3.1.5-r1/work/tetex-src-2.0.2/texmf/bibtex/bib/base/xampl.bib:
BibTeX text file

The problem you are having is described in bug 68878.
It only happens if FEATURES="test" the first time tetex is emerged. It doesn't
happen on up/down-grades.

i see. so it shouldn't affect users who upgrade because of this security bug ->
marked stable on amd64

Alpha: we still need you to mark ptex-3.1.5-r1 stable. The GLSA is blocked for
quite some time now...

ptex-3.1.5-r1 stable on alpha.

Sorry Thierry about the delay.

Ready for GLSa, will send it right now.

GLSA 200603-02
ia64, mips and ppc-macos should mark missing ebuilds stable

app-text/tetex-2.0.2-r8 ppc-macos stable
Sorry for the delay!