Debian Bug report logs - #520920
texlive-base-bin: bibtex crashes with large bib file

version graph

Package: texlive-base-bin; Maintainer for texlive-base-bin is (unknown);

Reported by: Vincent Lefevre <vincent@vinc17.org>

Date: Mon, 23 Mar 2009 16:06:02 UTC

Severity: important

Tags: patch, security

Found in versions texlive-bin/2007.dfsg.2-5, texlive-bin/2005.dfsg.2-12

Fixed in versions texlive-bin/2009-1, texlive-bin/2007.dfsg.2-4+lenny2

Done: Hilmar Preusse <hille42@web.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin. (Mon, 23 Mar 2009 16:06:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. (Mon, 23 Mar 2009 16:06:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: texlive-base-bin: bibtex crashes on realloc (invalid next size)
Date: Mon, 23 Mar 2009 16:53:30 +0100
Package: texlive-base-bin
Version: 2007.dfsg.2-5
Severity: grave
Tags: security
Justification: user security hole

(Note: I suppose that there's some memory corruption, that can lead
to security problems, hence the severity.)

I've got the following error with bibtex (someone else here mentioned
the same problem on a different machine, but on the same set of files,
possibly a slightly different version). Unfortenately I don't have a
simple testcase (I'll try to make one, but this may be difficult), and
the files are private.

vin:~/private/fp_arith> pdfnlatex livre_fp.tex
Making backup of old .idx file: livre_fp.idx.bak. Then makeindex...
This is makeindex, version 2.14 [02-Oct-2002] (kpathsea + Thai support).
Scanning input file livre_fp.idx....done (651 entries accepted, 0 rejected).
Sorting entries........done (6772 comparisons).
Generating output file livre_fp.ind....done (493 lines written, 0 warnings).
Output written in livre_fp.ind.
Transcript written in livre_fp.ilg.
 
Making backup of old .aux file: livre_fp.aux.bak
Need bibtex run before first pass...
This is BibTeX, Version 0.99c (Web2C 7.5.6)
The top-level auxiliary file: livre_fp.aux
A level-1 auxiliary file: preface.aux
A level-1 auxiliary file: ch_introduction.aux
A level-1 auxiliary file: ch_definitions.aux
A level-1 auxiliary file: ch_formats.aux
A level-1 auxiliary file: ch_smallalgs.aux
A level-1 auxiliary file: ch_fma.aux
A level-1 auxiliary file: ch_summation.aux
A level-1 auxiliary file: ch_languages.aux
A level-1 auxiliary file: ch_algorithms.aux
A level-1 auxiliary file: ch_hard.aux
A level-1 auxiliary file: ch_soft.aux
A level-1 auxiliary file: ch_elemfun.aux
A level-1 auxiliary file: ch_correctrounding.aux
A level-1 auxiliary file: ch_certifying.aux
A level-1 auxiliary file: ch_extending.aux
A level-1 auxiliary file: perspectives.aux
A level-1 auxiliary file: ch_nttools.aux
The style file: plain.bst
Database file #1: biblio.bib
*** glibc detected *** bibtex: realloc(): invalid next size: 0x0000000001d47d90 
***
======= Backtrace: =========
/lib64/libc.so.6[0x7f899a8c81b8]
/lib64/libc.so.6[0x7f899a8cc101]
/lib64/libc.so.6(realloc+0x12f)[0x7f899a8cce5f]
/usr/lib/libkpathsea.so.4(xrealloc+0xf)[0x7f899ae39d9f]
bibtex[0x40337a]
bibtex[0x40346d]
bibtex[0x40be45]
bibtex[0x40bb15]
bibtex[0x40bb15]
bibtex[0x40bb15]
bibtex[0x4109e2]
bibtex[0x412375]
bibtex[0x412676]
/lib64/libc.so.6(__libc_start_main+0xe6)[0x7f899a8745a6]
bibtex[0x401239]
======= Memory map: ========
00400000-00417000 r-xp 00000000 08:01 5489883                            /usr/bi
n/bibtex
00617000-00618000 rw-p 00017000 08:01 5489883                            /usr/bi
n/bibtex
00618000-006e0000 rw-p 00618000 00:00 0 
01d3d000-01fdf000 rw-p 01d3d000 00:00 0                                  [heap]
7f8994000000-7f8994021000 rw-p 7f8994000000 00:00 0 
7f8994021000-7f8998000000 ---p 7f8994021000 00:00 0 
7f899a63f000-7f899a655000 r-xp 00000000 08:01 28082213                   /lib/li
bgcc_s.so.1
7f899a655000-7f899a855000 ---p 00016000 08:01 28082213                   /lib/li
bgcc_s.so.1
7f899a855000-7f899a856000 rw-p 00016000 08:01 28082213                   /lib/li
bgcc_s.so.1
7f899a856000-7f899a99f000 r-xp 00000000 08:01 28082578                   /lib/li
bc-2.9.so
7f899a99f000-7f899ab9f000 ---p 00149000 08:01 28082578                   /lib/li
bc-2.9.so
7f899ab9f000-7f899aba3000 r--p 00149000 08:01 28082578                   /lib/li
bc-2.9.so
7f899aba3000-7f899aba4000 rw-p 0014d000 08:01 28082578                   /lib/li
bc-2.9.so
7f899aba4000-7f899aba9000 rw-p 7f899aba4000 00:00 0 
7f899aba9000-7f899ac2b000 r-xp 00000000 08:01 28082575                   /lib/li
bm-2.9.so
7f899ac2b000-7f899ae2a000 ---p 00082000 08:01 28082575                   /lib/li
bm-2.9.so
7f899ae2a000-7f899ae2b000 r--p 00081000 08:01 28082575                   /lib/li
bm-2.9.so
7f899ae2b000-7f899ae2c000 rw-p 00082000 08:01 28082575                   /lib/li
bm-2.9.so
7f899ae2c000-7f899ae3d000 r-xp 00000000 08:01 5603886                    /usr/li
b/libkpathsea.so.4.0.0
7f899ae3d000-7f899b03d000 ---p 00011000 08:01 5603886                    /usr/li
b/libkpathsea.so.4.0.0
7f899b03d000-7f899b03e000 rw-p 00011000 08:01 5603886                    /usr/li
b/libkpathsea.so.4.0.0
7f899b03e000-7f899b041000 rw-p 7f899b03e000 00:00 0 
7f899b041000-7f899b05e000 r-xp 00000000 08:01 28082577                   /lib/ld
-2.9.so
7f899b17d000-7f899b237000 rw-p 7f899b17d000 00:00 0 
7f899b257000-7f899b25d000 rw-p 7f899b257000 00:00 0 
7f899b25d000-7f899b25e000 r--p 0001c000 08:01 28082577                   /lib/ld
-2.9.so
7f899b25e000-7f899b25f000 rw-p 0001d000 08:01 28082577                   /lib/ld
-2.9.so
7fffa3249000-7fffa325f000 rw-p 7ffffffe9000 00:00 0                      [stack]
7fffa33fe000-7fffa33ff000 r-xp 7fffa33fe000 00:00 0                      [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsysca
ll]
Abort (core dumped)

The backtrace:

vin:~/private/fp_arith> gdb =bibtex core
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
(no debugging symbols found)

warning: Can't read pathname for load map: Input/output error.
Reading symbols from /usr/lib/libkpathsea.so.4...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libkpathsea.so.4
Reading symbols from /lib/libm.so.6...Reading symbols from /usr/lib/debug/lib/libm-2.9.so...done.
done.
Loaded symbols for /lib64/libm.so.6
Reading symbols from /lib/libc.so.6...Reading symbols from /usr/lib/debug/lib/libc-2.9.so...done.
done.
Loaded symbols for /lib64/libc.so.6
Reading symbols from /lib/ld-linux-x86-64.so.2...Reading symbols from /usr/lib/debug/lib/ld-2.9.so...done.
done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /lib/libgcc_s.so.1...done.
Loaded symbols for /lib64/libgcc_s.so.1
Core was generated by `bibtex livre_fp'.
Program terminated with signal 6, Aborted.
[New process 784]
#0  0x00007f899a888105 in *__GI_raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64      ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
        in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) bt
#0  0x00007f899a888105 in *__GI_raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007f899a889623 in *__GI_abort () at abort.c:88
#2  0x00007f899a8c2b18 in __libc_message (do_abort=2, 
    fmt=0x7f899a972fa8 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#3  0x00007f899a8c81b8 in malloc_printerr (action=2, 
    str=0x7f899a97061d "realloc(): invalid next size", 
    ptr=<value optimized out>) at malloc.c:5994
#4  0x00007f899a8cc101 in _int_realloc (av=0x0, oldmem=0x0, 
    bytes=<value optimized out>) at malloc.c:4983
#5  0x00007f899a8cce5f in *__GI___libc_realloc (oldmem=0x1d47d90, bytes=130001)
    at malloc.c:3708
#6  0x00007f899ae39d9f in xrealloc () from /usr/lib/libkpathsea.so.4
#7  0x000000000040337a in ?? ()
#8  0x000000000040346d in ?? ()
#9  0x000000000040be45 in ?? ()
#10 0x000000000040bb15 in ?? ()
#11 0x000000000040bb15 in ?? ()
#12 0x000000000040bb15 in ?? ()
#13 0x00000000004109e2 in ?? ()
#14 0x0000000000412375 in ?? ()
#15 0x0000000000412676 in ?? ()
#16 0x00007f899a8745a6 in __libc_start_main (
    main=0x412660 <_IO_putc@plt+70760>, argc=2, ubp_av=0x7fffa325cd38, 
    init=0x412e70 <_IO_putc@plt+72824>, fini=<value optimized out>, 
    rtld_fini=<value optimized out>, stack_end=0x7fffa325cd28)
    at libc-start.c:222
#17 0x0000000000401239 in ?? ()
#18 0x00007fffa325cd28 in ?? ()
#19 0x000000000000001c in ?? ()
#20 0x0000000000000002 in ?? ()
#21 0x00007fffa325df92 in ?? ()
#22 0x00007fffa325df99 in ?? ()
#23 0x0000000000000000 in ?? ()
(gdb) 

Note for my own use (to be able to reproduce this problem, as it is
reproduceable):
$ svn up -r1589
$ pdfnlatex livre_fp.tex
$ svn up -r1616
$ pdfnlatex livre_fp.tex

Any suggestion to identify the bug?

-- Package-specific info:
If you report an error when running one of the TeX-related binaries 
(latex, pdftex, metafont,...), or if the bug is related to bad or wrong
output, please include a MINIMAL example input file that produces the
error in your report. Don't forget to also include minimal examples of
other files that are needed, e.g. bibtex databases. Often it also helps
to include the logfile. Please, never send included pictures!

If your example file isn't short or produces more than one page of
output (except when multiple pages are needed to show the problem),
you can probably minimize it further. Instructions on how to do that
can be found at

http://www.latex-einfuehrung.de/mini-en.html (english)

or 

http://www.latex-einfuehrung.de/mini.html (german)

##################################
minimal input file


##################################
other files

######################################
 List of ls-R files

-rw-r--r-- 1 root root 1001 2009-03-23 00:51:03 /var/lib/texmf/ls-R
-rw-rw-r-- 1 root staff 79 2009-03-23 00:50:23 /usr/local/share/texmf/ls-R
lrwxrwxrwx 1 root root 29 2009-03-18 10:58:17 /usr/share/texmf/ls-R -> /var/lib/texmf/ls-R-TEXMFMAIN
lrwxrwxrwx 1 root root 27 2009-03-18 10:58:18 /usr/share/texmf-texlive/ls-R -> /var/lib/texmf/ls-R-TEXLIVE
lrwxrwxrwx 1 root root 27 2009-03-18 10:58:18 /usr/share/texmf-texlive/ls-R -> /var/lib/texmf/ls-R-TEXLIVE
######################################
 Config files
lrwxrwxrwx 1 root root 20 2009-03-18 10:58:17 /usr/share/texmf/web2c/texmf.cnf -> /etc/texmf/texmf.cnf
-rw-r--r-- 1 root root 6351 2009-03-18 11:00:39 /var/lib/texmf/web2c/fmtutil.cnf
-rw-r--r-- 1 root root 10349 2009-03-19 22:05:34 /var/lib/texmf/web2c/updmap.cfg
-rw-r--r-- 1 root root 5288 2009-03-18 11:00:39 /var/lib/texmf/tex/generic/config/language.dat
######################################
 Files in /etc/texmf/web2c/
total 4
-rw-r--r-- 1 root root 283 2006-12-11 19:48:14 mktex.cnf
######################################
 md5sums of texmf.d
42c20d7e8bd343542772b5a145bf8ad8  /etc/texmf/texmf.d/05TeXMF.cnf
5f7f6652cc8b8071c9e4ea6ba9e9f0a1  /etc/texmf/texmf.d/15Plain.cnf
d588a08518f705d06ac262acd78f2bc4  /etc/texmf/texmf.d/20xmltex.cnf
f68e5add6afd6585b982f2f78e2e6a92  /etc/texmf/texmf.d/45TeXinputs.cnf
ea33127256c6a9f37145ae5b16fdb80c  /etc/texmf/texmf.d/55Fonts.cnf
afccf1d3f87057411166a77c58e00bd1  /etc/texmf/texmf.d/65BibTeX.cnf
9da7c1c7b1eaf06f941af91f48a23068  /etc/texmf/texmf.d/75DviPS.cnf
7ae52efac46feb97010986e57877d12e  /etc/texmf/texmf.d/80DVIPDFMx.cnf
37329819f1109e8a457e64b8b58fecdb  /etc/texmf/texmf.d/85Misc.cnf
a8952d594677235951d447665ec46e9c  /etc/texmf/texmf.d/90TeXDoc.cnf
30f4f13357c2761ed01a6a15f28725a5  /etc/texmf/texmf.d/95NonPath.cnf

-- System Information:
Debian Release: squeeze/sid
  APT prefers oldstable
  APT policy: (500, 'oldstable'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26.5-20080922 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=POSIX, LC_CTYPE=en_US.ISO8859-1 (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages texlive-base-bin depends on:
ii  dpkg                   1.14.25           Debian package management system
ii  ed                     0.7-3             The classic unix line editor
ii  libc6                  2.9-6             GNU C Library: Shared libraries
ii  libgcc1                1:4.3.3-5         GCC support library
ii  libkpathsea4           2007.dfsg.2-5     TeX Live: path search library for 
ii  libncurses5            5.7+20090314-1    shared libraries for terminal hand
ii  libpng12-0             1.2.35-1          PNG library - runtime
ii  libpoppler4            0.10.4-3          PDF rendering library
ii  libstdc++6             4.3.3-5           The GNU Standard C++ Library v3
ii  libx11-6               2:1.2-1           X11 client-side library
ii  libxaw7                2:1.0.5-2         X11 Athena Widget library
ii  libxmu6                2:1.0.4-1         X11 miscellaneous utility library
ii  libxpm4                1:3.5.7-1         X11 pixmap library
ii  libxt6                 1:1.0.5-3         X11 toolkit intrinsics library
ii  mime-support           3.44-1            MIME files 'mime.types' & 'mailcap
ii  perl                   5.10.0-19         Larry Wall's Practical Extraction 
ii  tex-common             1.17              common infrastructure for building
ii  texlive-common         2007.dfsg.2-2     TeX Live: Base component
ii  zlib1g                 1:1.2.3.3.dfsg-13 compression library - runtime

Versions of packages texlive-base-bin recommends:
ii  texlive-base-bin-doc       2007.dfsg.2-5 TeX Live: Documentation files for 

Versions of packages texlive-base-bin suggests:
ii  evince [postscript-viewer]  2.24.2-2     Document (postscript, pdf) viewer
ii  ghostscript [postscript-vie 8.64~dfsg-1  The GPL Ghostscript PostScript/PDF
ii  gv [postscript-viewer]      1:3.6.6.91-1 PostScript and PDF viewer for X
ii  perl-tk                     1:804.028-3  Perl module providing the Tk graph
ii  xpdf-reader [pdf-viewer]    3.02-1.4     Portable Document Format (PDF) sui
ii  xpdf-utils [pdf-viewer]     3.02-1.4     Portable Document Format (PDF) sui

Versions of packages tex-common depends on:
ii  debconf [debconf-2.0]         1.5.26     Debian configuration management sy
ii  dpkg                          1.14.25    Debian package management system
ii  ucf                           3.0018     Update Configuration File: preserv

Versions of packages texlive-base-bin is related to:
pn  tetex-base                    <none>     (no description available)
pn  tetex-bin                     <none>     (no description available)
pn  tetex-extra                   <none>     (no description available)
ii  tex-common                    1.17       common infrastructure for building

-- debconf information:
  tex-common/check_texmf_wrong:
  tex-common/check_texmf_missing:




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin. (Mon, 23 Mar 2009 16:42:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Norbert Preining <preining@logic.at>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. (Mon, 23 Mar 2009 16:42:06 GMT) Full text and rfc822 format available.

Message #10 received at 520920@bugs.debian.org (full text, mbox):

From: Norbert Preining <preining@logic.at>
To: Vincent Lefevre <vincent@vinc17.org>, 520920@bugs.debian.org
Subject: Re: Bug#520920: texlive-base-bin: bibtex crashes on realloc (invalid next size)
Date: Mon, 23 Mar 2009 17:40:13 +0100
On Mo, 23 Mär 2009, Vincent Lefevre wrote:
> (Note: I suppose that there's some memory corruption, that can lead
> to security problems, hence the severity.)
> 
> I've got the following error with bibtex (someone else here mentioned
> the same problem on a different machine, but on the same set of files,

Can you please send a *MINIMAL* test suite? Anything else is hard to
trace down.

Best wishes

Norbert

-------------------------------------------------------------------------------
Dr. Norbert Preining <preining@logic.at>        Vienna University of Technology
Debian Developer <preining@debian.org>                         Debian TeX Group
gpg DSA: 0x09C5B094      fp: 14DF 2E6C 0307 BE6D AD76  A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
YADDLETHORPE (vb.)
(Of offended pooves.) To exit huffily from a boutique.
			--- Douglas Adams, The Meaning of Liff




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin. (Mon, 23 Mar 2009 17:27:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. (Mon, 23 Mar 2009 17:27:05 GMT) Full text and rfc822 format available.

Message #15 received at 520920@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: Norbert Preining <preining@logic.at>
Cc: 520920@bugs.debian.org
Subject: Re: Bug#520920: texlive-base-bin: bibtex crashes on realloc (invalid next size)
Date: Mon, 23 Mar 2009 18:25:21 +0100
On 2009-03-23 17:40:13 +0100, Norbert Preining wrote:
> Can you please send a *MINIMAL* test suite? Anything else is hard to
> trace down.

I think I'll be able to do it tonight.

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin. (Mon, 23 Mar 2009 17:42:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. (Mon, 23 Mar 2009 17:42:02 GMT) Full text and rfc822 format available.

Message #20 received at 520920@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: 520920@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#520920: Acknowledgement (texlive-base-bin: bibtex crashes on realloc (invalid next size))
Date: Mon, 23 Mar 2009 18:40:53 +0100
retitle 520920 texlive-base-bin: bibtex crashes with large bib file
found 520920 2005.dfsg.2-12
thanks

I've added the texlive-base-bin version of the other machine
where the bug occurs.

The crash can be a segmentation fault.

I suspect a buffer overflow in a buffer for strings that has around
65000 characters.

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)




Changed Bug title to `texlive-base-bin: bibtex crashes with large bib file' from `texlive-base-bin: bibtex crashes on realloc (invalid next size)'. Request was from Vincent Lefevre <vincent@vinc17.org> to control@bugs.debian.org. (Mon, 23 Mar 2009 17:42:03 GMT) Full text and rfc822 format available.

Bug marked as found in version 2005.dfsg.2-12. Request was from Vincent Lefevre <vincent@vinc17.org> to control@bugs.debian.org. (Mon, 23 Mar 2009 17:42:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin. (Tue, 24 Mar 2009 02:06:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. (Tue, 24 Mar 2009 02:06:03 GMT) Full text and rfc822 format available.

Message #29 received at 520920@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: Norbert Preining <preining@logic.at>
Cc: 520920@bugs.debian.org
Subject: Re: Bug#520920: texlive-base-bin: bibtex crashes on realloc (invalid next size)
Date: Tue, 24 Mar 2009 03:02:17 +0100
[Message part 1 (text/plain, inline)]
On 2009-03-23 17:40:13 +0100, Norbert Preining wrote:
> Can you please send a *MINIMAL* test suite? Anything else is hard to
> trace down.

Attached. This is still large, but this seems to be needed.
Just type "bibtex livre_fp" in the directory.

I can reproduce the bug on an x86_64 machine and on a ppc machine.

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
[bibtex-crash.tar.lzma (application/octet-stream, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin. (Tue, 24 Mar 2009 06:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Norbert Preining <preining@logic.at>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. (Tue, 24 Mar 2009 06:57:03 GMT) Full text and rfc822 format available.

Message #34 received at 520920@bugs.debian.org (full text, mbox):

From: Norbert Preining <preining@logic.at>
To: Vincent Lefevre <vincent@vinc17.org>
Cc: 520920@bugs.debian.org
Subject: Re: Bug#520920: texlive-base-bin: bibtex crashes on realloc (invalid next size)
Date: Tue, 24 Mar 2009 07:56:21 +0100
Hi Vincent,

> > Can you please send a *MINIMAL* test suite? Anything else is hard to
> > trace down.
> 
> Attached. This is still large, but this seems to be needed.
> Just type "bibtex livre_fp" in the directory.

thanks. I can reproduce that, too.

Is it ok if I forward these example files to upstream?

Best wishes

Norbert

-------------------------------------------------------------------------------
Dr. Norbert Preining <preining@logic.at>        Vienna University of Technology
Debian Developer <preining@debian.org>                         Debian TeX Group
gpg DSA: 0x09C5B094      fp: 14DF 2E6C 0307 BE6D AD76  A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
PABBY (n.,vb.)
(Fencing term.) The play, or manoeuvre, where one swordsman leaps on
to the table and pulls the battleaxe off the wall.
			--- Douglas Adams, The Meaning of Liff




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin. (Tue, 24 Mar 2009 08:39:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. (Tue, 24 Mar 2009 08:39:02 GMT) Full text and rfc822 format available.

Message #39 received at 520920@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: Norbert Preining <preining@logic.at>
Cc: 520920@bugs.debian.org
Subject: Re: Bug#520920: texlive-base-bin: bibtex crashes on realloc (invalid next size)
Date: Tue, 24 Mar 2009 09:38:19 +0100
On 2009-03-24 07:56:21 +0100, Norbert Preining wrote:
> Is it ok if I forward these example files to upstream?

Yes, I randomized the file (in case there would have been a problem
related to copyright or whatever with the contents).

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin. (Wed, 25 Mar 2009 14:27:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Hilmar Preusse <hille42@web.de>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. (Wed, 25 Mar 2009 14:27:05 GMT) Full text and rfc822 format available.

Message #44 received at 520920@bugs.debian.org (full text, mbox):

From: Hilmar Preusse <hille42@web.de>
To: Norbert Preining <preining@logic.at>, 520920@bugs.debian.org
Subject: Re: Bug#520920: texlive-base-bin: bibtex crashes on realloc (invalid next size)
Date: Wed, 25 Mar 2009 15:23:33 +0100
On 24.03.09 Norbert Preining (preining@logic.at) wrote:

Hi Norbert,

> > > Can you please send a *MINIMAL* test suite? Anything else is
> > > hard to trace down.
> > 
> > Attached. This is still large, but this seems to be needed. Just
> > type "bibtex livre_fp" in the directory.
> 
> thanks. I can reproduce that, too.
> 
> Is it ok if I forward these example files to upstream?
> 
Who is upstream in your opinion? Are you sure this is a problem in
bibtex? It could be in glibc and kpathsea too (IMHO).

H.
-- 
sigmentation fault




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin. (Wed, 25 Mar 2009 14:45:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. (Wed, 25 Mar 2009 14:45:06 GMT) Full text and rfc822 format available.

Message #49 received at 520920@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: 520920@bugs.debian.org
Subject: Re: Bug#520920: texlive-base-bin: bibtex crashes on realloc (invalid next size)
Date: Wed, 25 Mar 2009 15:42:48 +0100
On 2009-03-25 15:23:33 +0100, Hilmar Preusse wrote:
> Who is upstream in your opinion? Are you sure this is a problem in
> bibtex? It could be in glibc and kpathsea too (IMHO).

Since the crash occurs in kpathsea, perhaps, but see the valgrind
output below (I doubt this is a glibc bug, even though the crash
doesn't occur under Mac OS X -- but maybe one needs a different
testcase for Mac OS X).

$ valgrind bibtex livre_fp
==13096== Memcheck, a memory error detector.
==13096== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al.
==13096== Using LibVEX rev 1884, a library for dynamic binary translation.
==13096== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP.
==13096== Using valgrind-3.4.1-Debian, a dynamic binary instrumentation framewor
k.
==13096== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al.
==13096== For more details, rerun with: -v
==13096== 
This is BibTeX, Version 0.99c (Web2C 7.5.6)
The top-level auxiliary file: livre_fp.aux
A level-1 auxiliary file: ch_introduction.aux
A level-1 auxiliary file: ch_definitions.aux
A level-1 auxiliary file: ch_formats.aux
A level-1 auxiliary file: ch_smallalgs.aux
A level-1 auxiliary file: ch_fma.aux
A level-1 auxiliary file: ch_summation.aux
A level-1 auxiliary file: ch_languages.aux
A level-1 auxiliary file: ch_algorithms.aux
A level-1 auxiliary file: ch_hard.aux
A level-1 auxiliary file: ch_soft.aux
A level-1 auxiliary file: ch_elemfun.aux
A level-1 auxiliary file: ch_correctrounding.aux
A level-1 auxiliary file: ch_certifying.aux
A level-1 auxiliary file: ch_extending.aux
A level-1 auxiliary file: ch_nttools.aux
The style file: plain.bst
==13096== Use of uninitialised value of size 8
==13096==    at 0x40F410: (within /usr/bin/bibtex)
==13096==    by 0x41237C: (within /usr/bin/bibtex)
==13096==    by 0x412675: (within /usr/bin/bibtex)
==13096==    by 0x52DD5A5: (below main) (libc-start.c:222)
Database file #1: biblio.bib
==13096== 
==13096== Use of uninitialised value of size 8
==13096==    at 0x40D80D: (within /usr/bin/bibtex)
==13096==    by 0x40EE41: (within /usr/bin/bibtex)
==13096==    by 0x40F784: (within /usr/bin/bibtex)
==13096==    by 0x412374: (within /usr/bin/bibtex)
==13096==    by 0x412675: (within /usr/bin/bibtex)
==13096==    by 0x52DD5A5: (below main) (libc-start.c:222)
==13096== 
==13096== Use of uninitialised value of size 8
==13096==    at 0x40D80D: (within /usr/bin/bibtex)
==13096==    by 0x40DD74: (within /usr/bin/bibtex)
==13096==    by 0x40E19F: (within /usr/bin/bibtex)
==13096==    by 0x40EF29: (within /usr/bin/bibtex)
==13096==    by 0x40F784: (within /usr/bin/bibtex)
==13096==    by 0x412374: (within /usr/bin/bibtex)
==13096==    by 0x412675: (within /usr/bin/bibtex)
==13096==    by 0x52DD5A5: (below main) (libc-start.c:222)
==13096== 
==13096== Invalid write of size 1
==13096==    at 0x407224: (within /usr/bin/bibtex)
==13096==    by 0x40BE14: (within /usr/bin/bibtex)
==13096==    by 0x40BB14: (within /usr/bin/bibtex)
==13096==    by 0x40BF31: (within /usr/bin/bibtex)
==13096==    by 0x40BB14: (within /usr/bin/bibtex)
==13096==    by 0x40BB14: (within /usr/bin/bibtex)
==13096==    by 0x40BB14: (within /usr/bin/bibtex)
==13096==    by 0x4109E1: (within /usr/bin/bibtex)
==13096==    by 0x412374: (within /usr/bin/bibtex)
==13096==    by 0x412675: (within /usr/bin/bibtex)
==13096==    by 0x52DD5A5: (below main) (libc-start.c:222)
==13096==  Address 0x56e4b21 is 0 bytes after a block of size 65,001 alloc'd
==13096==    at 0x4C2391E: malloc (vg_replace_malloc.c:207)
==13096==    by 0x4E34AC4: xmalloc (in /usr/lib/libkpathsea.so.4.0.0)
==13096==    by 0x411FDD: (within /usr/bin/bibtex)
==13096==    by 0x412675: (within /usr/bin/bibtex)
==13096==    by 0x52DD5A5: (below main) (libc-start.c:222)
==13096== 
==13096== Invalid read of size 1
==13096==    at 0x404959: (within /usr/bin/bibtex)
==13096==    by 0x4073C4: (within /usr/bin/bibtex)
==13096==    by 0x40BE44: (within /usr/bin/bibtex)
==13096==    by 0x40BB14: (within /usr/bin/bibtex)
==13096==    by 0x40BB14: (within /usr/bin/bibtex)
==13096==    by 0x40BB14: (within /usr/bin/bibtex)
==13096==    by 0x4109E1: (within /usr/bin/bibtex)
==13096==    by 0x412374: (within /usr/bin/bibtex)
==13096==    by 0x412675: (within /usr/bin/bibtex)
==13096==    by 0x52DD5A5: (below main) (libc-start.c:222)
==13096==  Address 0x56e4b21 is 0 bytes after a block of size 65,001 alloc'd
==13096==    at 0x4C2391E: malloc (vg_replace_malloc.c:207)
==13096==    by 0x4E34AC4: xmalloc (in /usr/lib/libkpathsea.so.4.0.0)
==13096==    by 0x411FDD: (within /usr/bin/bibtex)
==13096==    by 0x412675: (within /usr/bin/bibtex)
==13096==    by 0x52DD5A5: (below main) (libc-start.c:222)
Warning--empty institution in SebGou02
Warning--empty note in Gonnet2002
Warning--empty publisher in Newton1664
Warning--empty institution in SunInterval2002
Warning--empty note in May2008
Warning--empty note in Bernstein2001
(There were 6 warnings)
==13096== 
==13096== ERROR SUMMARY: 48 errors from 5 contexts (suppressed: 8 from 1)
==13096== malloc/free: in use at exit: 2,513,533 bytes in 63,901 blocks.
==13096== malloc/free: 101,217 allocs, 37,316 frees, 5,395,297 bytes allocated.
==13096== For counts of detected errors, rerun with: -v
==13096== Use --track-origins=yes to see where uninitialised values come from
==13096== searching for pointers to 63,901 not-freed blocks.
==13096== checked 2,330,952 bytes.
==13096== 
==13096== LEAK SUMMARY:
==13096==    definitely lost: 2,176 bytes in 133 blocks.
==13096==      possibly lost: 0 bytes in 0 blocks.
==13096==    still reachable: 2,511,357 bytes in 63,768 blocks.
==13096==         suppressed: 0 bytes in 0 blocks.
==13096== Rerun with --leak-check=full to see details of leaked memory.

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin. (Wed, 25 Mar 2009 16:51:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Norbert Preining <preining@logic.at>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. (Wed, 25 Mar 2009 16:51:05 GMT) Full text and rfc822 format available.

Message #54 received at 520920@bugs.debian.org (full text, mbox):

From: Norbert Preining <preining@logic.at>
To: Hilmar Preusse <hille42@web.de>
Cc: 520920@bugs.debian.org
Subject: Re: Bug#520920: texlive-base-bin: bibtex crashes on realloc (invalid next size)
Date: Wed, 25 Mar 2009 17:46:55 +0100
On Mi, 25 Mär 2009, Hilmar Preusse wrote:
> Who is upstream in your opinion? Are you sure this is a problem in
> bibtex? It could be in glibc and kpathsea too (IMHO).

I would forward it to the texlive and/or the tex-k list for now and ask
for help.

Hilmar, can you do that please, my laptop is broken, I have to use
others' computers for now and cannot come to anything on it for the time
being. Thanks

Best wishes

Norbert

-------------------------------------------------------------------------------
Dr. Norbert Preining <preining@logic.at>        Vienna University of Technology
Debian Developer <preining@debian.org>                         Debian TeX Group
gpg DSA: 0x09C5B094      fp: 14DF 2E6C 0307 BE6D AD76  A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
THRUMSTRER (n.)
The irritating man next to you in a concert who thinks he's (a) the
conductor, (b) the brass section.
			--- Douglas Adams, The Meaning of Liff




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin. (Thu, 26 Mar 2009 13:09:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Hilmar Preusse <hille42@web.de>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. (Thu, 26 Mar 2009 13:09:05 GMT) Full text and rfc822 format available.

Message #59 received at 520920@bugs.debian.org (full text, mbox):

From: Hilmar Preusse <hille42@web.de>
To: Vincent Lefevre <vincent@vinc17.org>, 520920@bugs.debian.org
Subject: Re: Bug#520920: texlive-base-bin: bibtex crashes on realloc (invalid next size)
Date: Thu, 26 Mar 2009 14:07:08 +0100
[Message part 1 (text/plain, inline)]
On 23.03.09 Vincent Lefevre (vincent@vinc17.org) wrote:

Hi Vincent,

> Package: texlive-base-bin
> Version: 2007.dfsg.2-5
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> (Note: I suppose that there's some memory corruption, that can lead
> to security problems, hence the severity.)
> 
> I've got the following error with bibtex (someone else here
> mentioned the same problem on a different machine, but on the same
> set of files, possibly a slightly different version). Unfortenately
> I don't have a simple testcase (I'll try to make one, but this may
> be difficult), and the files are private.
> 
I can reproduce the problem using bibtex. Then I tried bibtex8 and
could generate a livre_fp.bbl file (blg file is attached). Do you
still assume it an "user security hole", which justifies the severity
"grave" or can you accept the work around and hence a lower severity?

H.
-- 
sigmentation fault
[livre_fp.blg (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin. (Thu, 26 Mar 2009 13:57:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. (Thu, 26 Mar 2009 13:57:02 GMT) Full text and rfc822 format available.

Message #64 received at 520920@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: Hilmar Preusse <hille42@web.de>
Cc: 520920@bugs.debian.org
Subject: Re: Bug#520920: texlive-base-bin: bibtex crashes on realloc (invalid next size)
Date: Thu, 26 Mar 2009 14:56:06 +0100
Hi,

On 2009-03-26 14:07:08 +0100, Hilmar Preusse wrote:
> I can reproduce the problem using bibtex. Then I tried bibtex8 and
> could generate a livre_fp.bbl file (blg file is attached). Do you
> still assume it an "user security hole", which justifies the severity
> "grave" or can you accept the work around and hence a lower severity?

I've set that in doubt. I think that all buffer overflows should
seriously be taken into consideration as they can potentially be a
real security hole (remember when Debian servers were compromised
even though an exploit was thought to be impossible).

Now, as here the bug seems to require a large bibtex file and action
from the user (assuming no tex-compilation servers), the severity
can probably be lowered.

BTW, can bibtex8 safely be used in place of bibtex (no compatibility
problems)?

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin. (Thu, 26 Mar 2009 16:48:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Hilmar Preusse <hille42@web.de>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. (Thu, 26 Mar 2009 16:48:07 GMT) Full text and rfc822 format available.

Message #69 received at 520920@bugs.debian.org (full text, mbox):

From: Hilmar Preusse <hille42@web.de>
To: Vincent Lefevre <vincent@vinc17.org>, 520920@bugs.debian.org
Subject: Re: Bug#520920: texlive-base-bin: bibtex crashes on realloc (invalid next size)
Date: Thu, 26 Mar 2009 17:41:47 +0100
On 26.03.09 Vincent Lefevre (vincent@vinc17.org) wrote:

Hi,

> BTW, can bibtex8 safely be used in place of bibtex (no
> compatibility problems)?
> 
From the manual page:

       8-bit BibTeX is an enhanced, portable C version of BibTeX
       0.99. It has been enhanced in these areas:

       - conversion to "big" (32-bit) capacity
       - capacity selectable at run time
       - flexible support for non-English languages using 8-bit
         character sets
       - well matched to LateX2e and its "inputenc" package

       Oren  Patashnik,  the creator of BibTeX, is working on a new
       BibTeX 1.0 that will be a modern implementation supporting
       large capacities and non-English languages (see TUGboat, pages
       269--274, volume 15, number 3, September 1994).  He is content
       for this version to be released, but hopes that people will
       eventually migrate to BibTeX 1.0 when it is released.  Its
       release date is uncertain at the moment.

So I guess bibtex8 is compatible, but I can't really say. I'll ask
some more experienced people.

H.
-- 
sigmentation fault




Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin. (Mon, 06 Apr 2009 10:39:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Hilmar Preusse <hille42@web.de>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. (Mon, 06 Apr 2009 10:39:03 GMT) Full text and rfc822 format available.

Message #74 received at 520920@bugs.debian.org (full text, mbox):

From: Hilmar Preusse <hille42@web.de>
To: Vincent Lefevre <vincent@vinc17.org>, 520920@bugs.debian.org
Subject: Re: Bug#520920: texlive-base-bin: bibtex crashes on realloc (invalid next size)
Date: Mon, 6 Apr 2009 12:32:06 +0200
severity 520920 important
stop

On 26.03.09 Vincent Lefevre (vincent@vinc17.org) wrote:

Hi,

> Now, as here the bug seems to require a large bibtex file and
> action from the user (assuming no tex-compilation servers), the
> severity can probably be lowered.
> 
[x] Done

> BTW, can bibtex8 safely be used in place of bibtex (no
> compatibility problems)?
> 
I googled a little bit and found only these two main differences:

- the sort order has changed
  * bibtex: 0-9,A-Z,a-z
  * bibtex8: 0-9,A,a,B,b,C etc.
- bibtex8 returns exit code 1 in case of warnings.

I propose to remove the old bibtex binary and document that change
prominently in the NEWS file.

H.
-- 
sigmentation fault




Severity set to `important' from `grave' Request was from Hilmar Preusse <hille42@web.de> to control@bugs.debian.org. (Mon, 06 Apr 2009 10:39:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin. (Fri, 30 Oct 2009 17:39:18 GMT) Full text and rfc822 format available.

Acknowledgement sent to Hilmar Preusse <hille42@web.de>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>. (Fri, 30 Oct 2009 17:39:18 GMT) Full text and rfc822 format available.

Message #81 received at 520920@bugs.debian.org (full text, mbox):

From: Hilmar Preusse <hille42@web.de>
To: Vincent Lefevre <vincent@vinc17.org>, 520920@bugs.debian.org
Subject: Re: Bug#520920: texlive-base-bin: bibtex crashes on realloc (invalid next size)
Date: Fri, 30 Oct 2009 18:12:03 +0100
tags 520920 + patch
stop

On 23.03.09 Vincent Lefevre (vincent@vinc17.org) wrote:

Hi,

> I've got the following error with bibtex (someone else here
> mentioned the same problem on a different machine, but on the same
> set of files, possibly a slightly different version). 
> Unfortenately I don't have a simple testcase (I'll try to make one,
> but this may be difficult), and the files are private.
> 
Patch exists made by KB: http://tug.org/mailman/htdig/tex-live/2009-August/021998.html

H.
-- 
sigmentation fault




Added tag(s) patch. Request was from Hilmar Preusse <hille42@web.de> to control@bugs.debian.org. (Fri, 30 Oct 2009 17:39:21 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Anibal Monsalve Salazar <anibal@debian.org> to control@bugs.debian.org. (Thu, 12 Nov 2009 19:27:41 GMT) Full text and rfc822 format available.

Reply sent to Norbert Preining <preining@debian.org>:
You have taken responsibility. (Mon, 16 Nov 2009 22:04:55 GMT) Full text and rfc822 format available.

Notification sent to Vincent Lefevre <vincent@vinc17.org>:
Bug acknowledged by developer. (Mon, 16 Nov 2009 22:04:55 GMT) Full text and rfc822 format available.

Message #90 received at 520920-close@bugs.debian.org (full text, mbox):

From: Norbert Preining <preining@debian.org>
To: 520920-close@bugs.debian.org
Subject: Bug#520920: fixed in texlive-bin 2009-1
Date: Mon, 16 Nov 2009 22:01:49 +0000
Source: texlive-bin
Source-Version: 2009-1

We believe that the bug you reported is fixed in the latest version of
texlive-bin, which is due to be installed in the Debian FTP archive:

libkpathsea-dev_2009-1_amd64.deb
  to main/t/texlive-bin/libkpathsea-dev_2009-1_amd64.deb
libkpathsea5_2009-1_amd64.deb
  to main/t/texlive-bin/libkpathsea5_2009-1_amd64.deb
texlive-bin_2009-1.diff.gz
  to main/t/texlive-bin/texlive-bin_2009-1.diff.gz
texlive-bin_2009-1.dsc
  to main/t/texlive-bin/texlive-bin_2009-1.dsc
texlive-bin_2009.orig.tar.gz
  to main/t/texlive-bin/texlive-bin_2009.orig.tar.gz
texlive-binaries_2009-1_amd64.deb
  to main/t/texlive-bin/texlive-binaries_2009-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 520920@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Norbert Preining <preining@debian.org> (supplier of updated texlive-bin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 13 Nov 2009 01:20:08 +0900
Source: texlive-bin
Binary: texlive-binaries libkpathsea5 libkpathsea-dev
Architecture: source amd64
Version: 2009-1
Distribution: experimental
Urgency: low
Maintainer: Debian TeX Maintainers <debian-tex-maint@lists.debian.org>
Changed-By: Norbert Preining <preining@debian.org>
Description: 
 libkpathsea-dev - TeX Live: path search library for TeX (development part)
 libkpathsea5 - TeX Live: path search library for TeX (runtime part)
 texlive-binaries - Binaries for TeX Live
Closes: 336807 342529 350292 351672 357462 361218 413652 420836 421464 446617 450552 450553 450554 450555 450556 450557 450558 450559 450560 457711 459571 461818 464351 478176 481060 485563 489943 507652 517600 517601 518536 520920 536795 538557 542463
Changes: 
 texlive-bin (2009-1) experimental; urgency=low
 .
   [ Frank Küster ]
   * New upstream (closes: #481060) version (pre-release, but not far from)
     with lots of internal changes, hence the upload to experimental. This
     upstream version fixes the following bugs:
 .
     - many manpage typos, with warm thanks and a virtual QA bouquet to
       A. Costa <agcosta@gis.net>, closes: #450552, #450553, #450554,
       #450555, #450556, #450557, #450558, #450559, #450560, #464351 (the
       last was found by Joachim Breitner <nomeata@debian.org>
 .
       [xdvi bugs]
     - closes: #336807, crashes with (breaklinks) hyperrefs
     - closes: #357462, shrinkFactor 0 is broken
     - closes: #361218, dies while printing
     - closes: #342529, unnecessarily noisy in expert mode
     - closes: #350292, please use cntl-wheel to zoom
     - closes: #351672, please use shift-wheel to scroll left or right
     - closes: #478176, transition to texlive has lost xdvi 'grid' feature
     - closes: #461818, typo in oxdvi.1 and xdvi.1 man pages
 .
       [mixed executables]
     - dvips: Upstream added a patch that closes: #520920
 .
     - dvipdfm is now a symlink to dvipdfmx. Among other problems, this
       closes: #485563
 .
     - closes: #421464, pdfetex: Not embedding Base-14 fonts creates
       somewhat broken files
     - closes: #518536, fresh upstream of pdftex is needed (latest stable
       pdftex is 1.40.9 available)
     - #532074, 'man pdftex': missing .ds WB
 .
     - closes: #446617, texlive-metapost: Omits font encoding from output
     - closes: #457711, texlive-metapost: mpost man page does not match reality
 .
     - closes: #507652, make math support working in xe(la)tex and lmodern
       fonts
     - closes: #489943, mktexpk does not work in directories containing
       spaces
     - closes: #536795, 'man texconfig' typos (the fix also affects a
       Debian-specific patch)
     - closes: #420836, "texdoc -s" is too slow, should use ls-R database
 .
     - closes: #459571, please include the TeXcount.pl script to do TeX
       word count
     - closes: #413652, a2ping: embedding all fonts
     - closes: #542463, vlna program missing from texlive-lang-czechslovak
 .
   * The texlive-bin source package is now handled independently from the
     other TeXLive source packages, i.e. it is not configured in
     tpm2deb.cfg in our svn repository and the debian directory. Instead,
     it now looks more like a standard compiled package and should be
     easier to work on in case of security uploads or NMUs.
   * This also means that some of it's older binary packages, like
     texlive-metapost, have moved source package. By chance, this closes:
     #517600, #517601
   * Support a create-orig-source target in debian/rules.  The orig.tar.gz
     is now either wget'ed if we are working on a released version, or
     automatically created from a svn repository for development
   * There are now only three binary packages, texlive-binaries and the two
     library packages.  texlive-binaries Replaces/Conflicts/Provides
     texlive-base-bin in order to get a working (if not smooth)
     transition.
   * Add Build-Depends: time, since the upstream Build script uses it
   * Don't install the format links, they will generated by dh_installtex
     in the other packages, also do not install the man pages for the
     links
   * do not install rungs, it is not necessary
   * do not install script links, they will be shipped together with
     the script itself
   * Add patch 60_unneeded_linking. These needs testing!
 .
   [ أحمد المحمودي (Ahmed El-Mahmoudy) ]
   * debian/rules: use /usr/share/quilt/quilt.make provided by quilt and remove
     patch-stamp & unpatch targets
   * Install changelog into libkpathsea packages
   * Add a README.source
 .
   [ Norbert Preining ]
   * fix postinst update-alternatives, the xdvi-xaw does not have .bin anymore
   * add texlive-binaries.prerm to remove the alternative
   * add same version number to libkpathsea-dev deps on libkpathsea5 to make
     lintian happy
   * make texlive-binaries replace/conflict/provide dvipdfmx (in accordance
     with the maintainer of dvipdfmx we will phase out dvipdfmx itself)
   * new source package format "3.0 (quilt)" can be used (closes: #538557)
   * Install copyright file
   * add patch for libpoppler 0.12 (thanks to Ubuntu for inspiration)
Checksums-Sha1: 
 87ef8895d97895b4b7eba7b75ff7c682cb2c550a 1376 texlive-bin_2009-1.dsc
 0a63e9d6f942933d274eb801f289f81e64ee39e8 51837345 texlive-bin_2009.orig.tar.gz
 1590178e97654bd97931d7a4cf357aa64cd9f9dd 50138 texlive-bin_2009-1.diff.gz
 1170f890f27402d160355c46bd03c423bb7fc29d 7995368 texlive-binaries_2009-1_amd64.deb
 f5d8d8e9fe8461c51936706627a4dc2550d8245f 133424 libkpathsea5_2009-1_amd64.deb
 eaf3f7a8c8e5b8ac4ff3b2d8c9b19fa5f7ac95ba 174928 libkpathsea-dev_2009-1_amd64.deb
Checksums-Sha256: 
 95ea9d9dea974fe91d0c1446c117e6f4b899836c04ca01e997e8f0875b4313b8 1376 texlive-bin_2009-1.dsc
 875ff9623decee7e3896e710df1efd462657f88e22ca05b41be5452b09448c7b 51837345 texlive-bin_2009.orig.tar.gz
 07017277678231b1c301f369b3187d33f5ae92bfaf71375f1654ca7b18a0f131 50138 texlive-bin_2009-1.diff.gz
 94a9689cdb325e14ff54901189452df73eede298ec6631988eb000d04fbb3835 7995368 texlive-binaries_2009-1_amd64.deb
 ccaaabd3f4d94f388d57e153069ed53207b066e69eddf033a9d13e2f4c6953dc 133424 libkpathsea5_2009-1_amd64.deb
 45a4631f95c2b3c07ecd4db592d92e0c448aa94b753dd6a90dee69dff8e381c7 174928 libkpathsea-dev_2009-1_amd64.deb
Files: 
 e15d6893a2587d534fdab549bcb5f062 1376 tex optional texlive-bin_2009-1.dsc
 71e96632cff062dd8d9e4aa4973c2d8e 51837345 tex optional texlive-bin_2009.orig.tar.gz
 9cec7ef66fb01ef44a0393e4288ace3c 50138 tex optional texlive-bin_2009-1.diff.gz
 39aa9b1d97c6d2f63917c8b2d652fa36 7995368 tex optional texlive-binaries_2009-1_amd64.deb
 7d2977e39ec620dabcefb8b6e04cc343 133424 libs optional libkpathsea5_2009-1_amd64.deb
 ca82cb8584804ca19208f9af8f9a4120 174928 libdevel optional libkpathsea-dev_2009-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFK/DlU0r9KownFsJQRAhJgAJ97qCXeybq7j4Z1yugMdyA8ul/ZhgCfeob9
8phVZLuV3aY0zBwOivgpZyo=
=QV0I
-----END PGP SIGNATURE-----





Reply sent to Hilmar Preusse <hille42@web.de>:
You have taken responsibility. (Mon, 28 Dec 2009 02:03:22 GMT) Full text and rfc822 format available.

Notification sent to Vincent Lefevre <vincent@vinc17.org>:
Bug acknowledged by developer. (Mon, 28 Dec 2009 02:03:22 GMT) Full text and rfc822 format available.

Message #95 received at 520920-close@bugs.debian.org (full text, mbox):

From: Hilmar Preusse <hille42@web.de>
To: 520920-close@bugs.debian.org
Subject: Bug#520920: fixed in texlive-bin 2007.dfsg.2-4+lenny2
Date: Mon, 28 Dec 2009 02:02:51 +0000
Source: texlive-bin
Source-Version: 2007.dfsg.2-4+lenny2

We believe that the bug you reported is fixed in the latest version of
texlive-bin, which is due to be installed in the Debian FTP archive:

libkpathsea-dev_2007.dfsg.2-4+lenny2_amd64.deb
  to main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-4+lenny2_amd64.deb
libkpathsea4_2007.dfsg.2-4+lenny2_amd64.deb
  to main/t/texlive-bin/libkpathsea4_2007.dfsg.2-4+lenny2_amd64.deb
texlive-base-bin-doc_2007.dfsg.2-4+lenny2_amd64.deb
  to main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-4+lenny2_amd64.deb
texlive-base-bin_2007.dfsg.2-4+lenny2_amd64.deb
  to main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-4+lenny2_amd64.deb
texlive-bin_2007.dfsg.2-4+lenny2.diff.gz
  to main/t/texlive-bin/texlive-bin_2007.dfsg.2-4+lenny2.diff.gz
texlive-bin_2007.dfsg.2-4+lenny2.dsc
  to main/t/texlive-bin/texlive-bin_2007.dfsg.2-4+lenny2.dsc
texlive-extra-utils_2007.dfsg.2-4+lenny2_amd64.deb
  to main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-4+lenny2_amd64.deb
texlive-font-utils_2007.dfsg.2-4+lenny2_amd64.deb
  to main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-4+lenny2_amd64.deb
texlive-lang-indic_2007.dfsg.2-4+lenny2_amd64.deb
  to main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-4+lenny2_amd64.deb
texlive-metapost-doc_2007.dfsg.2-4+lenny2_amd64.deb
  to main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-4+lenny2_amd64.deb
texlive-metapost_2007.dfsg.2-4+lenny2_amd64.deb
  to main/t/texlive-bin/texlive-metapost_2007.dfsg.2-4+lenny2_amd64.deb
texlive-music_2007.dfsg.2-4+lenny2_amd64.deb
  to main/t/texlive-bin/texlive-music_2007.dfsg.2-4+lenny2_amd64.deb
texlive-omega_2007.dfsg.2-4+lenny2_amd64.deb
  to main/t/texlive-bin/texlive-omega_2007.dfsg.2-4+lenny2_amd64.deb
texlive-xetex_2007.dfsg.2-4+lenny2_amd64.deb
  to main/t/texlive-bin/texlive-xetex_2007.dfsg.2-4+lenny2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 520920@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hilmar Preusse <hille42@web.de> (supplier of updated texlive-bin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 02 Dec 2009 17:11:30 +0100
Source: texlive-bin
Binary: texlive-base-bin texlive-extra-utils texlive-font-utils texlive-metapost texlive-omega texlive-xetex texlive-music texlive-lang-indic libkpathsea4 libkpathsea-dev texlive-metapost-doc texlive-base-bin-doc
Architecture: source amd64
Version: 2007.dfsg.2-4+lenny2
Distribution: stable-proposed-updates
Urgency: low
Maintainer: Debian TeX Maintainers <debian-tex-maint@lists.debian.org>
Changed-By: Hilmar Preusse <hille42@web.de>
Description: 
 libkpathsea-dev - TeX Live: path search library for TeX (development part)
 libkpathsea4 - TeX Live: path search library for TeX (runtime part)
 texlive-base-bin - TeX Live: Essential binaries
 texlive-base-bin-doc - TeX Live: Documentation files for texlive-base-bin
 texlive-extra-utils - TeX Live: TeX auxiliary programs
 texlive-font-utils - TeX Live: TeX font-related programs
 texlive-lang-indic - TeX Live: Indic
 texlive-metapost - TeX Live: MetaPost (and Metafont) drawing packages
 texlive-metapost-doc - TeX Live: Documentation files for texlive-metapost
 texlive-music - TeX Live: Music typesetting
 texlive-omega - TeX Live: Omega
 texlive-xetex - TeX Live: XeTeX macros
Closes: 520920
Changes: 
 texlive-bin (2007.dfsg.2-4+lenny2) stable-proposed-updates; urgency=low
 .
   * Patch for CVE-2009-1284 by Karl Berry (Closes: #520920)
     http://tug.org/mailman/htdig/tex-live/2009-August/021998.html
     [hilmar-guest]
Checksums-Sha1: 
 cbb417396ea5f97c8306f53a586de4ab1ade4231 1720 texlive-bin_2007.dfsg.2-4+lenny2.dsc
 662e768a7e6dd79ba9dec4fc416f4cbb64092242 352304 texlive-bin_2007.dfsg.2-4+lenny2.diff.gz
 efe321c196cffe86851dba61697cfedd8d3fa9cc 2637120 texlive-base-bin_2007.dfsg.2-4+lenny2_amd64.deb
 78856c582b0fb4fee0b57d20896dba9d387407ad 691262 texlive-extra-utils_2007.dfsg.2-4+lenny2_amd64.deb
 1b2f02f2ad54b75e92b581722cf5cd53d826d8a1 1297928 texlive-font-utils_2007.dfsg.2-4+lenny2_amd64.deb
 98dae474b3c1db1bad6bea4eef6ff2f82f31bcc8 642420 texlive-metapost_2007.dfsg.2-4+lenny2_amd64.deb
 06431e9586510b83f50329c3cb96e2c15db5dcad 2845756 texlive-omega_2007.dfsg.2-4+lenny2_amd64.deb
 668df4a368af5bfa2dccf63e402e6e03a79fa2a1 6417832 texlive-xetex_2007.dfsg.2-4+lenny2_amd64.deb
 e018c6ec69511584f7404063eb730082b77585af 1723592 texlive-music_2007.dfsg.2-4+lenny2_amd64.deb
 8fd29f2a14340f4cc73e1ad23899c002cc5706b0 6735670 texlive-lang-indic_2007.dfsg.2-4+lenny2_amd64.deb
 96b9ed105fb3f027c84e6a84ad2b59ad74f0fbf5 123662 libkpathsea4_2007.dfsg.2-4+lenny2_amd64.deb
 d2004dc7f668d1f7ac9d28907e72c5efb455af83 165550 libkpathsea-dev_2007.dfsg.2-4+lenny2_amd64.deb
 8c0aa2380325f393433f3a6795268a01ccc5e7ae 6803984 texlive-metapost-doc_2007.dfsg.2-4+lenny2_amd64.deb
 9c20c09648bcd435dab4572c497525a0ba521dda 8606714 texlive-base-bin-doc_2007.dfsg.2-4+lenny2_amd64.deb
Checksums-Sha256: 
 63c7347f7dc2deba0026f01a68f4647a978ccd38387fb4e27e84a9af89c69ab0 1720 texlive-bin_2007.dfsg.2-4+lenny2.dsc
 b85c88b37e27b80c08ca8e69f042988bbc0ab06f3a2a709e4f450cd6e27b981b 352304 texlive-bin_2007.dfsg.2-4+lenny2.diff.gz
 bfa28afbcf6715fe5dba337f6dc2589d633eb8811e822c32ef7980bc6ee5a754 2637120 texlive-base-bin_2007.dfsg.2-4+lenny2_amd64.deb
 e3a7741488ea64eaa2c779fe83afa898955e2bd03c7d1cadfa72ca0f424d2f41 691262 texlive-extra-utils_2007.dfsg.2-4+lenny2_amd64.deb
 8e928be764d7c6e43e4ca78e60226bdf9d27b4498750de164a5d05af663f9161 1297928 texlive-font-utils_2007.dfsg.2-4+lenny2_amd64.deb
 96605d525f72cc95ff12a31ce5af8edc1731a7c6c0ea68d365c5be06f851e64f 642420 texlive-metapost_2007.dfsg.2-4+lenny2_amd64.deb
 beaa6127ed120d6a6af37d74bd6748dc01742460e31255d33b58c7ee86558cf6 2845756 texlive-omega_2007.dfsg.2-4+lenny2_amd64.deb
 8629bf071de0cb1eaaf8a1d5de39bdf3053cccf0d09fa3bee5c4fefa4500e5ba 6417832 texlive-xetex_2007.dfsg.2-4+lenny2_amd64.deb
 56a8c274a79c78df3e3901dff040365c4bcf3fea14ebf1bc66ccda4b939ae8ed 1723592 texlive-music_2007.dfsg.2-4+lenny2_amd64.deb
 a24379d2bcb067bac502cac938d896f6f56820840b29db590e46d90831b1889f 6735670 texlive-lang-indic_2007.dfsg.2-4+lenny2_amd64.deb
 49968cc72c8b9fdd5dca752faf760acb08daec1ab1bb5d1c64642cd35471d902 123662 libkpathsea4_2007.dfsg.2-4+lenny2_amd64.deb
 4c0fedc4617991bd06c793e389e2477516fcc67d571434a4e69353801adff358 165550 libkpathsea-dev_2007.dfsg.2-4+lenny2_amd64.deb
 f325a68bb228308d5971f2be030ebb1f611daf8025dc82d9ef6bf91a0e6f4bc0 6803984 texlive-metapost-doc_2007.dfsg.2-4+lenny2_amd64.deb
 9c0abdeeb80fc972c286168cb677900fce6046efe404fbbead595db304bf7092 8606714 texlive-base-bin-doc_2007.dfsg.2-4+lenny2_amd64.deb
Files: 
 1f1280229d8f81d6403c0ae893ad9b96 1720 tex optional texlive-bin_2007.dfsg.2-4+lenny2.dsc
 2ec49fa4133b99d66c22f5188a94bc68 352304 tex optional texlive-bin_2007.dfsg.2-4+lenny2.diff.gz
 9841fe864d5b73ad5b8211a15f93ce36 2637120 tex optional texlive-base-bin_2007.dfsg.2-4+lenny2_amd64.deb
 d18af099ca21dfbdf21a1542a0af9fc5 691262 tex optional texlive-extra-utils_2007.dfsg.2-4+lenny2_amd64.deb
 e43950bde6dd31bb566920b63b7b816d 1297928 tex optional texlive-font-utils_2007.dfsg.2-4+lenny2_amd64.deb
 2ceb967eba52edb2c986445e372c1836 642420 tex optional texlive-metapost_2007.dfsg.2-4+lenny2_amd64.deb
 47f60ee8dbbedce752db7cdd34359c08 2845756 tex optional texlive-omega_2007.dfsg.2-4+lenny2_amd64.deb
 28da1df953133e810d6eb19072aeee1d 6417832 tex optional texlive-xetex_2007.dfsg.2-4+lenny2_amd64.deb
 db80aa8c28bf8b007b49408df9eb7ce1 1723592 tex optional texlive-music_2007.dfsg.2-4+lenny2_amd64.deb
 2a10ee632236d4a13d2d24e6ced99538 6735670 tex optional texlive-lang-indic_2007.dfsg.2-4+lenny2_amd64.deb
 68c3fa511686df25f97c6c203324ad29 123662 libs optional libkpathsea4_2007.dfsg.2-4+lenny2_amd64.deb
 8367fd1c23730b5378f56f4074eb0d45 165550 libdevel optional libkpathsea-dev_2007.dfsg.2-4+lenny2_amd64.deb
 776a21c2ab9c1a0942c1bb3cb646857f 6803984 doc optional texlive-metapost-doc_2007.dfsg.2-4+lenny2_amd64.deb
 05c6b8b97ab743a62b96c152c446d601 8606714 doc optional texlive-base-bin-doc_2007.dfsg.2-4+lenny2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFLM4el0r9KownFsJQRAqtIAJ4wMOB5EM5NYDko0OINTpOUp6PTJgCfWq2d
oqe7m2PUGCWcXNqhvhTnwMU=
=qHym
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Jan 2010 07:32:43 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 07:34:50 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.