Debian Bug Tracking System | 1 Nov 12:03 2004
Picon

Processed: reassign 279042 to tetex-bin

Processing commands for control <at> bugs.debian.org:

> reassign 279042 tetex-bin
Bug#279042: xdvi: xdvi.bin terminated abnormally: 11
Warning: Unknown package 'xdvi'
Warning: Unknown package 'k'
Bug reassigned from package `xdvi(k)' to `tetex-bin'.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)

Frank Küster | 1 Nov 14:51 2004
Picon

Bug#273789: Re Bug #273789, fmtutil.cnf not found, Installation OK

Sebastian Canagaratna <s-canagaratna <at> onu.edu> wrote:

>
> kpsewhich latex.fmt:  as scanagar no output.
>                       as root, /var/lib/texmf/web2c/latex.efmt
> 		      
[...]
> kdebug:Search path for fmt files (from texmf.cnf)
> kdebug:  = .:/usr/share/texmf/web2c

This shows that you have some local settings for your user scanagar that
prevent latex from working correctly. 

What is, as user and as root, the output of 

kpsewhich --format='web2c files' texmf.cnf
env | egrep 'TEX|texmf'

Regards, Frank
--

-- 
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer

Debian Bug Tracking System | 1 Nov 15:18 2004
Picon

Bug#278705: marked as done (tetex-bin: pdflatex seg faults on loading particular PNG)

Your message dated Mon, 01 Nov 2004 16:01:51 +0100
with message-id <87r7nd8vfk.fsf <at> alhambra.bioz.unibas.ch>
and subject line Bug#278705: tetex-bin: pdflatex seg faults on loading particular PNG
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 28 Oct 2004 20:39:46 +0000
>From gjw <at> togaware.com Thu Oct 28 13:39:46 2004
Return-path: <gjw <at> togaware.com>
Received: from mail-03.iinet.net.au (mail.iinet.net.au) [203.59.3.35] 
	by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
	id 1CNH3i-0006VY-00; Thu, 28 Oct 2004 13:39:46 -0700
Received: (qmail 13895 invoked from network); 28 Oct 2004 20:39:40 -0000
Received: from unknown (HELO friends.togaware.com) (203.173.9.140)
  by mail.iinet.net.au with SMTP; 28 Oct 2004 20:39:40 -0000
Received: from gjw by friends.togaware.com with local (Exim 4.34)
	id 1CNH3b-0005mO-9z; Fri, 29 Oct 2004 06:39:39 +1000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
(Continue reading)

Martin Pitt | 1 Nov 15:45 2004
Picon

New xpdf vulnerabilities related to CAN-2004-0888

Hi xpdf/cupsys/tetex-bin maintainers, hi Debian security team!

Markus Meissner discovered even more instances of integer overflows
(see CAN-2004-0888), see forwarded message below.

Several packages follow the bad habit to include xpdf source code;
among them are tetex-bin and cupsys, other ones are not supported by
Ubuntu.

I prepared updated Ubuntu packages for xpdf, cupsys and tetex-bin,
which are based on Markus's patches. However, Debian/Ubuntu use
slightly different solutions for the former bugs, so my patches look a
bit different.

Find attached the package interdiffs aganst tetex-bin_2.0.2-23,
xpdf_3.00-9, and cupsys_1.1.20final+rc1-10. Our version numbers do not
directly follow fhese Debian versions, but should apply cleanly to
them.

Thanks for considering and have a nice day!

Martin

----- Forwarded message from Matt Zimmerman <mdz <at> canonical.com> -----
From: Marcus Meissner <meissner <at> suse.de>
To: vendor-sec <at> lst.de
Cc: derekn <at> foolabs.com
Subject: [vendor-sec] xpdf .... 64bit fun
Date: Fri, 29 Oct 2004 15:50:53 +0200

(Continue reading)

Frank Küster | 1 Nov 17:43 2004
Picon

Re: New xpdf vulnerabilities related to CAN-2004-0888

Martin Pitt <martin <at> piware.de> wrote:

> Hi xpdf/cupsys/tetex-bin maintainers, hi Debian security team!
>
> Markus Meissner discovered even more instances of integer overflows
> (see CAN-2004-0888), see forwarded message below.
>
> Several packages follow the bad habit to include xpdf source code;

Why do you think this is a bad habit? As long as xpdf does not provide a
library which we could use, what other choice is there (except rewriting
it)?

> ----- Forwarded message from Matt Zimmerman <mdz <at> canonical.com> -----
> From: Marcus Meissner <meissner <at> suse.de>
> To: vendor-sec <at> lst.de
> Cc: derekn <at> foolabs.com
> Subject: [vendor-sec] xpdf .... 64bit fun
> Date: Fri, 29 Oct 2004 15:50:53 +0200
>
> I have identified 2 problems:
>
> - We are using "if (size * sizeof(Foo)/sizeof(Foo) != size)" checks, 
>   which operate on "size_t" which is 64bit unsigned long on 64bit systems.

In the fixes for tetex-bin and pdftohtml in Debian, we used instead

#include <limits.h>
...
if (size >= INT_MAX/sizeof(Foo))
(Continue reading)

Martin Pitt | 1 Nov 17:04 2004

Re: New xpdf vulnerabilities related to CAN-2004-0888

Hi!

Frank Küster [2004-11-01 17:43 +0100]:
> Why do you think this is a bad habit? 

Because every time a security bug pops up in xpdf, one needs to fix
not only xpdf itself, but also cupsys, tetex, kpdf, gpdf, and the
other gazillion packages that include a million different versions of
the xpdf code.

> As long as xpdf does not provide a library which we could use, what
> other choice is there (except rewriting it)?

Please do not get me wrong, this was not a blame against you :-) I
know that xpdf does not export a library, so there is only little a
Debian maintainer can do. It's a matter of upstream coordination
(mainly).

Sorry for the misunderstanding, and have a nice evening!

Martin

--

-- 
Martin Pitt                       http://www.piware.de
Ubuntu Developer            http://www.ubuntulinux.org
Debian GNU/Linux Developer       http://www.debian.org
Sebastian Canagaratna | 1 Nov 19:28 2004

Bug#273789: Bug # 273789: tetex-base: fmtutil.cnf not found, Installation OK

Dear Frank:

   Thank you for your note. Here are the outputs of the commands you
   wanted me to evaluate.

   kpsewhich --format='web2c files' texmf.cnf
       As scanagar: /usr/share/texmf/web2c/texmf.cnf
       As root: same.

  env|egrep 'TEX|texmf'
       As scanagar: 
          latex=/usr/share/texmf/tex/latex
	  latexdoc=/usr/share/texmf/doc/latex
	  TEXMF=/usr/share/texmf
       as root: nothing.

   A question: should I, scanagar be a memeber of the users group? I am
   presently not. 

   Thank you.

   Sebastian Canagaratna
   Department of Chemistry
   Ohio Northern University
   Ada, OH 45810

s-canagaratna | 1 Nov 19:47 2004

Bug#273789: Re Bug # 273789: tetex-base: fmtutil.cnf not found, Installation OK


Dear Frank:

   Thank you for your note. Here are the outputs of the commands you
   wanted me to evaluate.

   kpsewhich --format='web2c files' texmf.cnf
       As scanagar: /usr/share/texmf/web2c/texmf.cnf
       As root: same.

  env|egrep 'TEX|texmf'
       As scanagar: 
          latex=/usr/share/texmf/tex/latex
	  latexdoc=/usr/share/texmf/doc/latex
	  TEXMF=/usr/share/texmf
       as root: nothing.

   A question: should I, scanagar be a memeber of the users group? I am
   presently not. 

    Thank you.

    Sebastian Canagaratna
    Department of Chemistry
    Ohio Northern University
    Ada, OH 45810

Frank Küster | 1 Nov 21:01 2004
Picon

Bug#273789: Bug # 273789: tetex-base: fmtutil.cnf not found, Installation OK

Sebastian Canagaratna <s-canagaratna <at> onu.edu> wrote:

>   env|egrep 'TEX|texmf'
>        As scanagar: 
>           latex=/usr/share/texmf/tex/latex
> 	  latexdoc=/usr/share/texmf/doc/latex
> 	  TEXMF=/usr/share/texmf

Do you see the problem? The tetex packages take great care to ensure
that TEXMF is what is configured in /etc/texmf/texmf.d/*. If you do not
change the defaults, it is:

 kpsewhich --expand-path='$TEXMF'
/usr/local/share/texmf:/usr/local/lib/texmf:/var/lib/texmf:/usr/share/texmf

(or with /home/$username/texmf prepended if that exists). Now you tell
it to ignore all the rest, and what you observe is the result of this.

Find out where this variable is set and remove the setting.

>    A question: should I, scanagar be a memeber of the users group? I am
>    presently not. 

This is a good idea - you are then able to write into the font cache,
which will speed up dvips and xdvi. But it has nothing to do with the
problem.

Regards, Frank
--

-- 
Frank Küster
(Continue reading)

Florent Rougon | 1 Nov 21:51 2004
Picon

Re: Policy, updmap --enable and updmap.cfg in /etc or /var

Hi,

Florent Rougon <f.rougon <at> free.fr> wrote:

> Well, well, well. I looked at ucf this morning, and it is supposed to do
> just what I need. Unfortunately, my tests with --three-way all failed
> miserably (the file was never put into the cache), and since the docs
> don't say much about it, I had to read the ucf script and add debugging
> statements here and there to find out why it didn't work.

[...]

> As a consequence, I'm still pondering what I'm going to do about this
> issue...

I reported the aforementioned bug last week and Manoj fixed it quickly,
so I decided to eventually try ucf for lmodern (I also read[1] in the
debian-devel list archives that the current ucf could be considered a
prototype, which somehow confirms the judgement I stated in the previous
mail). I like the concept of ucf, and being able to update
/etc/texmf/updmap.d/10lmodern.cfg is a good thing.

So, I uploaded and tested version 0.92-4 of lmodern using ucf here:

  deb http://people.via.ecp.fr/~flo/debian sid/binary-all/
  deb-src http://people.via.ecp.fr/~flo/debian sid/source/

There are a few problems caused by ucf bugs that I just reported
(cf. #279259, #279261 and #279262), but I think that the benefits from
using it outweigh the drawbacks. So, unless I here your protests, I will
(Continue reading)


Gmane