This bug submission has been resquested by Thierry Carrez in bug #114428. CAN-2005-319{1|2|3} affect tetex since xpdf code is included in tetex-src tarball. I've checked tetex-src-3.0/xpdf/xpdf/Stream.cc from tetex-src-3.0.tar.gz and verified that patch ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch has not been applied. Moreover Fedora has already issued an 2 updates : http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html Reproducible: Always Steps to Reproduce:
Ccing maintainers so that they know about it. For now just waiting, more issues coming up.
Further Xpdf issues. See bug #117481 for details.
See patch on bug 117481
Madrive released their fixed version.
text-markup any news on this one?
I'll include patch on bug 117481 with tetex-3.0_p1-r1, which should hopefully happen very soon (I still have an unsolved issue about which file generates which during a tetex build, so patch in bug 98029 can be applied correctly). If it's still delayed, poke me again and I'll do a special revision just for this. Thanks, and sorry for the delay
tetex-3.0_p1-r1 has just been commited and it includes the fixes from bug #117481, though the patch was not directly applied as upstream had already ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch in the tarball of 3.0_p1.
Reopening: tetex-3 is not stable so we need a fix for tetex-2.
Done in tetex-2.0.2-r8 (which uses xpdf2 code). Please stabilize.
dear arches, please test and mark tetex-2.0.2-r8 stable
dear security, sparc stable!
Stable on hppa
ppc stable
stable on ppc64
amd64 stable
stable on x86, horray for latex :)
Are the tetex tests working fine? Failed on alpha. Any other way of proper testing? ---------------------------------------------------------- make[2]: Entering directory `/var/tmp/portage/tetex-2.0.2-r8/work/tetex-src-2.0.2/texk/web2c' test -f tests/exampl.aux || \ cp ./tests/exampl.aux tests/exampl.aux TEXMFCNF=../kpathsea/texmf.cnf BSTINPUTS=./tests ./bibtex tests/exampl This is BibTeX, Version 0.99c (Web2C 7.4.5) The top-level auxiliary file: tests/exampl.aux I couldn't open database file xampl.bib ---line 1 of file tests/exampl.aux : \bibdata{xampl : } I'm skipping whatever remains of this command The style file: apalike.bst I found no database files---while reading file tests/exampl.aux Warning--I didn't find a database entry for "whole-journal" Warning--I didn't find a database entry for "whole-set" Warning--I didn't find a database entry for "whole-collection" Warning--I didn't find a database entry for "whole-proceedings" Warning--I didn't find a database entry for "book-full" (There were 2 error messages) make[2]: *** [bibtex-check] Error 2 make[2]: Leaving directory `/var/tmp/portage/tetex-2.0.2-r8/work/tetex-src-2.0.2/texk/web2c' make[1]: *** [check] Error 1 make[1]: Leaving directory `/var/tmp/portage/tetex-2.0.2-r8/work/tetex-src-2.0.2/texk' make: *** [check] Error 2 ----------------------------------------------------------
text-markup please advise.
Back to ebuild wating to apply fix from bug #120985
nattfodd, could you do your magic again ?
Is there some way I can access an alpha box with emerge capabilities?
The alpha herd is probably your friend in such a quest...
@jaervosz: I just check the source of tetex-2.0.2-r8 and the incriminated file from bug 120985 isn't there (tetex only uses part of xpdf source code, not the whole application). @yoswink: I tested tetex-2.0.2-r8 on an alpha box (thanks to the alpha herd) and it worked fine. Can you tell me if you have the file tetex-src-2.0.2/texmf/bibtex/bib/base/xampl.bib? Maybe we should move this elsewhere, as it doesn't seem to be related at all to xpdf patches or security matters.
Ready for GLSA then.
I fear app-text/cstetex app-text/ptex are affected as well... Maintainer herds, care to comment ?
I'm almost done with cstetex, which uses the tetex base code, so it's just a matter of adding the extra patch. Just checking it compiles fine and I'll commit it as 2.0.2-r2. It will need stabilization for x86 and amd64 though. I'll have a look at ptex after that, too.
I ended up porting most of the recent tetex patches to both of these packages. Anyway, cstetex-2.0.2-r2 and ptex-3.1.5-r1 have now the required fixes. They should be stabilized but I didn't know if I should ask for it myself or let you do it, so I didn't added the arch teams to Cc.
arches please test and mark cstetex-2.0.2-r2 and ptex-3.1.5-r1 stable
cstetex-2.0.2-r2 has no ppc-macos keywords, so not marcked. ptex-3.1.5-r1 ppc-macos stable
x86 stable
ptex-3.1.5-r1 stable on ppc64. cstetex never got ppc64 keyword
ptex sparc stable (and no cstetex for us).
ptex stable, no stable cstetex for ppc.
ptex stable on hppa. No cstetex for us.
tetex missing ppc-macos and mips [non-blocking] ptex still missing alpha and amd64 [blocking] + ia64 cstex missing amd64 [blocking]
make test fails for ptex on amd64, seems like the bug mentioned in comment 17, but i only had a very quick glance at it: make[2]: Entering directory `/var/tmp/portage/ptex-3.1.5-r1/work/tetex-src-2.0.2/texk/web2c' test -f tests/exampl.aux || \ cp ./tests/exampl.aux tests/exampl.aux TEXMFCNF=../kpathsea/texmf.cnf BSTINPUTS=./tests ./bibtex tests/exampl This is BibTeX, Version 0.99c (Web2C 7.4.5) The top-level auxiliary file: tests/exampl.aux I couldn't open database file xampl.bib ---line 1 of file tests/exampl.aux : \bibdata{xampl : } I'm skipping whatever remains of this command The style file: apalike.bst I found no database files---while reading file tests/exampl.aux Warning--I didn't find a database entry for "whole-journal" Warning--I didn't find a database entry for "whole-set" Warning--I didn't find a database entry for "whole-collection" Warning--I didn't find a database entry for "whole-proceedings" Warning--I didn't find a database entry for "book-full" (There were 2 error messages) make[2]: *** [bibtex-check] Error 2 make[2]: Leaving directory `/var/tmp/portage/ptex-3.1.5-r1/work/tetex-src-2.0.2/texk/web2c' make[1]: *** [check] Error 1 make[1]: Leaving directory `/var/tmp/portage/ptex-3.1.5-r1/work/tetex-src-2.0.2/texk' make: *** [check] Error 2 !!! ERROR: app-text/ptex-3.1.5-r1 failed. !!! Function src_test, Line 592, Exitcode 0 !!! Make check failed. See above for details.
(In reply to comment #36) > make test fails for ptex on amd64, seems like the bug mentioned in comment 17, > but i only had a very quick glance at it: Could you please answer to the question in comment #23? I still fail to see why this is happening...
Sure: # file /var/tmp/portage/ptex-3.1.5-r1/work/tetex-src-2.0.2/texmf/bibtex/bib/base/xampl.bib /var/tmp/portage/ptex-3.1.5-r1/work/tetex-src-2.0.2/texmf/bibtex/bib/base/xampl.bib: BibTeX text file
The problem you are having is described in bug 68878. It only happens if FEATURES="test" the first time tetex is emerged. It doesn't happen on up/down-grades.
i see. so it shouldn't affect users who upgrade because of this security bug -> marked stable on amd64
Alpha: we still need you to mark ptex-3.1.5-r1 stable. The GLSA is blocked for quite some time now...
ptex-3.1.5-r1 stable on alpha. Sorry Thierry about the delay.
Ready for GLSa, will send it right now.
GLSA 200603-02 ia64, mips and ppc-macos should mark missing ebuilds stable
app-text/tetex-2.0.2-r8 ppc-macos stable Sorry for the delay!
