Package: texlive-base-bin; Maintainer for texlive-base-bin is (unknown);
Reported by: Vincent Lefevre <vincent@vinc17.org>
Date: Mon, 23 Mar 2009 16:06:02 UTC
Severity: important
Tags: patch, security
Found in versions texlive-bin/2007.dfsg.2-5, texlive-bin/2005.dfsg.2-12
Fixed in versions texlive-bin/2009-1, texlive-bin/2007.dfsg.2-4+lenny2
Done: Hilmar Preusse <hille42@web.de>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin.
(Mon, 23 Mar 2009 16:06:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Vincent Lefevre <vincent@vinc17.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>.
(Mon, 23 Mar 2009 16:06:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: texlive-base-bin
Version: 2007.dfsg.2-5
Severity: grave
Tags: security
Justification: user security hole
(Note: I suppose that there's some memory corruption, that can lead
to security problems, hence the severity.)
I've got the following error with bibtex (someone else here mentioned
the same problem on a different machine, but on the same set of files,
possibly a slightly different version). Unfortenately I don't have a
simple testcase (I'll try to make one, but this may be difficult), and
the files are private.
vin:~/private/fp_arith> pdfnlatex livre_fp.tex
Making backup of old .idx file: livre_fp.idx.bak. Then makeindex...
This is makeindex, version 2.14 [02-Oct-2002] (kpathsea + Thai support).
Scanning input file livre_fp.idx....done (651 entries accepted, 0 rejected).
Sorting entries........done (6772 comparisons).
Generating output file livre_fp.ind....done (493 lines written, 0 warnings).
Output written in livre_fp.ind.
Transcript written in livre_fp.ilg.
Making backup of old .aux file: livre_fp.aux.bak
Need bibtex run before first pass...
This is BibTeX, Version 0.99c (Web2C 7.5.6)
The top-level auxiliary file: livre_fp.aux
A level-1 auxiliary file: preface.aux
A level-1 auxiliary file: ch_introduction.aux
A level-1 auxiliary file: ch_definitions.aux
A level-1 auxiliary file: ch_formats.aux
A level-1 auxiliary file: ch_smallalgs.aux
A level-1 auxiliary file: ch_fma.aux
A level-1 auxiliary file: ch_summation.aux
A level-1 auxiliary file: ch_languages.aux
A level-1 auxiliary file: ch_algorithms.aux
A level-1 auxiliary file: ch_hard.aux
A level-1 auxiliary file: ch_soft.aux
A level-1 auxiliary file: ch_elemfun.aux
A level-1 auxiliary file: ch_correctrounding.aux
A level-1 auxiliary file: ch_certifying.aux
A level-1 auxiliary file: ch_extending.aux
A level-1 auxiliary file: perspectives.aux
A level-1 auxiliary file: ch_nttools.aux
The style file: plain.bst
Database file #1: biblio.bib
*** glibc detected *** bibtex: realloc(): invalid next size: 0x0000000001d47d90
***
======= Backtrace: =========
/lib64/libc.so.6[0x7f899a8c81b8]
/lib64/libc.so.6[0x7f899a8cc101]
/lib64/libc.so.6(realloc+0x12f)[0x7f899a8cce5f]
/usr/lib/libkpathsea.so.4(xrealloc+0xf)[0x7f899ae39d9f]
bibtex[0x40337a]
bibtex[0x40346d]
bibtex[0x40be45]
bibtex[0x40bb15]
bibtex[0x40bb15]
bibtex[0x40bb15]
bibtex[0x4109e2]
bibtex[0x412375]
bibtex[0x412676]
/lib64/libc.so.6(__libc_start_main+0xe6)[0x7f899a8745a6]
bibtex[0x401239]
======= Memory map: ========
00400000-00417000 r-xp 00000000 08:01 5489883 /usr/bi
n/bibtex
00617000-00618000 rw-p 00017000 08:01 5489883 /usr/bi
n/bibtex
00618000-006e0000 rw-p 00618000 00:00 0
01d3d000-01fdf000 rw-p 01d3d000 00:00 0 [heap]
7f8994000000-7f8994021000 rw-p 7f8994000000 00:00 0
7f8994021000-7f8998000000 ---p 7f8994021000 00:00 0
7f899a63f000-7f899a655000 r-xp 00000000 08:01 28082213 /lib/li
bgcc_s.so.1
7f899a655000-7f899a855000 ---p 00016000 08:01 28082213 /lib/li
bgcc_s.so.1
7f899a855000-7f899a856000 rw-p 00016000 08:01 28082213 /lib/li
bgcc_s.so.1
7f899a856000-7f899a99f000 r-xp 00000000 08:01 28082578 /lib/li
bc-2.9.so
7f899a99f000-7f899ab9f000 ---p 00149000 08:01 28082578 /lib/li
bc-2.9.so
7f899ab9f000-7f899aba3000 r--p 00149000 08:01 28082578 /lib/li
bc-2.9.so
7f899aba3000-7f899aba4000 rw-p 0014d000 08:01 28082578 /lib/li
bc-2.9.so
7f899aba4000-7f899aba9000 rw-p 7f899aba4000 00:00 0
7f899aba9000-7f899ac2b000 r-xp 00000000 08:01 28082575 /lib/li
bm-2.9.so
7f899ac2b000-7f899ae2a000 ---p 00082000 08:01 28082575 /lib/li
bm-2.9.so
7f899ae2a000-7f899ae2b000 r--p 00081000 08:01 28082575 /lib/li
bm-2.9.so
7f899ae2b000-7f899ae2c000 rw-p 00082000 08:01 28082575 /lib/li
bm-2.9.so
7f899ae2c000-7f899ae3d000 r-xp 00000000 08:01 5603886 /usr/li
b/libkpathsea.so.4.0.0
7f899ae3d000-7f899b03d000 ---p 00011000 08:01 5603886 /usr/li
b/libkpathsea.so.4.0.0
7f899b03d000-7f899b03e000 rw-p 00011000 08:01 5603886 /usr/li
b/libkpathsea.so.4.0.0
7f899b03e000-7f899b041000 rw-p 7f899b03e000 00:00 0
7f899b041000-7f899b05e000 r-xp 00000000 08:01 28082577 /lib/ld
-2.9.so
7f899b17d000-7f899b237000 rw-p 7f899b17d000 00:00 0
7f899b257000-7f899b25d000 rw-p 7f899b257000 00:00 0
7f899b25d000-7f899b25e000 r--p 0001c000 08:01 28082577 /lib/ld
-2.9.so
7f899b25e000-7f899b25f000 rw-p 0001d000 08:01 28082577 /lib/ld
-2.9.so
7fffa3249000-7fffa325f000 rw-p 7ffffffe9000 00:00 0 [stack]
7fffa33fe000-7fffa33ff000 r-xp 7fffa33fe000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsysca
ll]
Abort (core dumped)
The backtrace:
vin:~/private/fp_arith> gdb =bibtex core
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
(no debugging symbols found)
warning: Can't read pathname for load map: Input/output error.
Reading symbols from /usr/lib/libkpathsea.so.4...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libkpathsea.so.4
Reading symbols from /lib/libm.so.6...Reading symbols from /usr/lib/debug/lib/libm-2.9.so...done.
done.
Loaded symbols for /lib64/libm.so.6
Reading symbols from /lib/libc.so.6...Reading symbols from /usr/lib/debug/lib/libc-2.9.so...done.
done.
Loaded symbols for /lib64/libc.so.6
Reading symbols from /lib/ld-linux-x86-64.so.2...Reading symbols from /usr/lib/debug/lib/ld-2.9.so...done.
done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /lib/libgcc_s.so.1...done.
Loaded symbols for /lib64/libgcc_s.so.1
Core was generated by `bibtex livre_fp'.
Program terminated with signal 6, Aborted.
[New process 784]
#0 0x00007f899a888105 in *__GI_raise (sig=<value optimized out>)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) bt
#0 0x00007f899a888105 in *__GI_raise (sig=<value optimized out>)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00007f899a889623 in *__GI_abort () at abort.c:88
#2 0x00007f899a8c2b18 in __libc_message (do_abort=2,
fmt=0x7f899a972fa8 "*** glibc detected *** %s: %s: 0x%s ***\n")
at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#3 0x00007f899a8c81b8 in malloc_printerr (action=2,
str=0x7f899a97061d "realloc(): invalid next size",
ptr=<value optimized out>) at malloc.c:5994
#4 0x00007f899a8cc101 in _int_realloc (av=0x0, oldmem=0x0,
bytes=<value optimized out>) at malloc.c:4983
#5 0x00007f899a8cce5f in *__GI___libc_realloc (oldmem=0x1d47d90, bytes=130001)
at malloc.c:3708
#6 0x00007f899ae39d9f in xrealloc () from /usr/lib/libkpathsea.so.4
#7 0x000000000040337a in ?? ()
#8 0x000000000040346d in ?? ()
#9 0x000000000040be45 in ?? ()
#10 0x000000000040bb15 in ?? ()
#11 0x000000000040bb15 in ?? ()
#12 0x000000000040bb15 in ?? ()
#13 0x00000000004109e2 in ?? ()
#14 0x0000000000412375 in ?? ()
#15 0x0000000000412676 in ?? ()
#16 0x00007f899a8745a6 in __libc_start_main (
main=0x412660 <_IO_putc@plt+70760>, argc=2, ubp_av=0x7fffa325cd38,
init=0x412e70 <_IO_putc@plt+72824>, fini=<value optimized out>,
rtld_fini=<value optimized out>, stack_end=0x7fffa325cd28)
at libc-start.c:222
#17 0x0000000000401239 in ?? ()
#18 0x00007fffa325cd28 in ?? ()
#19 0x000000000000001c in ?? ()
#20 0x0000000000000002 in ?? ()
#21 0x00007fffa325df92 in ?? ()
#22 0x00007fffa325df99 in ?? ()
#23 0x0000000000000000 in ?? ()
(gdb)
Note for my own use (to be able to reproduce this problem, as it is
reproduceable):
$ svn up -r1589
$ pdfnlatex livre_fp.tex
$ svn up -r1616
$ pdfnlatex livre_fp.tex
Any suggestion to identify the bug?
-- Package-specific info:
If you report an error when running one of the TeX-related binaries
(latex, pdftex, metafont,...), or if the bug is related to bad or wrong
output, please include a MINIMAL example input file that produces the
error in your report. Don't forget to also include minimal examples of
other files that are needed, e.g. bibtex databases. Often it also helps
to include the logfile. Please, never send included pictures!
If your example file isn't short or produces more than one page of
output (except when multiple pages are needed to show the problem),
you can probably minimize it further. Instructions on how to do that
can be found at
http://www.latex-einfuehrung.de/mini-en.html (english)
or
http://www.latex-einfuehrung.de/mini.html (german)
##################################
minimal input file
##################################
other files
######################################
List of ls-R files
-rw-r--r-- 1 root root 1001 2009-03-23 00:51:03 /var/lib/texmf/ls-R
-rw-rw-r-- 1 root staff 79 2009-03-23 00:50:23 /usr/local/share/texmf/ls-R
lrwxrwxrwx 1 root root 29 2009-03-18 10:58:17 /usr/share/texmf/ls-R -> /var/lib/texmf/ls-R-TEXMFMAIN
lrwxrwxrwx 1 root root 27 2009-03-18 10:58:18 /usr/share/texmf-texlive/ls-R -> /var/lib/texmf/ls-R-TEXLIVE
lrwxrwxrwx 1 root root 27 2009-03-18 10:58:18 /usr/share/texmf-texlive/ls-R -> /var/lib/texmf/ls-R-TEXLIVE
######################################
Config files
lrwxrwxrwx 1 root root 20 2009-03-18 10:58:17 /usr/share/texmf/web2c/texmf.cnf -> /etc/texmf/texmf.cnf
-rw-r--r-- 1 root root 6351 2009-03-18 11:00:39 /var/lib/texmf/web2c/fmtutil.cnf
-rw-r--r-- 1 root root 10349 2009-03-19 22:05:34 /var/lib/texmf/web2c/updmap.cfg
-rw-r--r-- 1 root root 5288 2009-03-18 11:00:39 /var/lib/texmf/tex/generic/config/language.dat
######################################
Files in /etc/texmf/web2c/
total 4
-rw-r--r-- 1 root root 283 2006-12-11 19:48:14 mktex.cnf
######################################
md5sums of texmf.d
42c20d7e8bd343542772b5a145bf8ad8 /etc/texmf/texmf.d/05TeXMF.cnf
5f7f6652cc8b8071c9e4ea6ba9e9f0a1 /etc/texmf/texmf.d/15Plain.cnf
d588a08518f705d06ac262acd78f2bc4 /etc/texmf/texmf.d/20xmltex.cnf
f68e5add6afd6585b982f2f78e2e6a92 /etc/texmf/texmf.d/45TeXinputs.cnf
ea33127256c6a9f37145ae5b16fdb80c /etc/texmf/texmf.d/55Fonts.cnf
afccf1d3f87057411166a77c58e00bd1 /etc/texmf/texmf.d/65BibTeX.cnf
9da7c1c7b1eaf06f941af91f48a23068 /etc/texmf/texmf.d/75DviPS.cnf
7ae52efac46feb97010986e57877d12e /etc/texmf/texmf.d/80DVIPDFMx.cnf
37329819f1109e8a457e64b8b58fecdb /etc/texmf/texmf.d/85Misc.cnf
a8952d594677235951d447665ec46e9c /etc/texmf/texmf.d/90TeXDoc.cnf
30f4f13357c2761ed01a6a15f28725a5 /etc/texmf/texmf.d/95NonPath.cnf
-- System Information:
Debian Release: squeeze/sid
APT prefers oldstable
APT policy: (500, 'oldstable'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26.5-20080922 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=POSIX, LC_CTYPE=en_US.ISO8859-1 (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages texlive-base-bin depends on:
ii dpkg 1.14.25 Debian package management system
ii ed 0.7-3 The classic unix line editor
ii libc6 2.9-6 GNU C Library: Shared libraries
ii libgcc1 1:4.3.3-5 GCC support library
ii libkpathsea4 2007.dfsg.2-5 TeX Live: path search library for
ii libncurses5 5.7+20090314-1 shared libraries for terminal hand
ii libpng12-0 1.2.35-1 PNG library - runtime
ii libpoppler4 0.10.4-3 PDF rendering library
ii libstdc++6 4.3.3-5 The GNU Standard C++ Library v3
ii libx11-6 2:1.2-1 X11 client-side library
ii libxaw7 2:1.0.5-2 X11 Athena Widget library
ii libxmu6 2:1.0.4-1 X11 miscellaneous utility library
ii libxpm4 1:3.5.7-1 X11 pixmap library
ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library
ii mime-support 3.44-1 MIME files 'mime.types' & 'mailcap
ii perl 5.10.0-19 Larry Wall's Practical Extraction
ii tex-common 1.17 common infrastructure for building
ii texlive-common 2007.dfsg.2-2 TeX Live: Base component
ii zlib1g 1:1.2.3.3.dfsg-13 compression library - runtime
Versions of packages texlive-base-bin recommends:
ii texlive-base-bin-doc 2007.dfsg.2-5 TeX Live: Documentation files for
Versions of packages texlive-base-bin suggests:
ii evince [postscript-viewer] 2.24.2-2 Document (postscript, pdf) viewer
ii ghostscript [postscript-vie 8.64~dfsg-1 The GPL Ghostscript PostScript/PDF
ii gv [postscript-viewer] 1:3.6.6.91-1 PostScript and PDF viewer for X
ii perl-tk 1:804.028-3 Perl module providing the Tk graph
ii xpdf-reader [pdf-viewer] 3.02-1.4 Portable Document Format (PDF) sui
ii xpdf-utils [pdf-viewer] 3.02-1.4 Portable Document Format (PDF) sui
Versions of packages tex-common depends on:
ii debconf [debconf-2.0] 1.5.26 Debian configuration management sy
ii dpkg 1.14.25 Debian package management system
ii ucf 3.0018 Update Configuration File: preserv
Versions of packages texlive-base-bin is related to:
pn tetex-base <none> (no description available)
pn tetex-bin <none> (no description available)
pn tetex-extra <none> (no description available)
ii tex-common 1.17 common infrastructure for building
-- debconf information:
tex-common/check_texmf_wrong:
tex-common/check_texmf_missing:
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin.
(Mon, 23 Mar 2009 16:42:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Norbert Preining <preining@logic.at>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>.
(Mon, 23 Mar 2009 16:42:06 GMT) (full text, mbox, link).
Message #10 received at 520920@bugs.debian.org (full text, mbox, reply):
On Mo, 23 Mär 2009, Vincent Lefevre wrote: > (Note: I suppose that there's some memory corruption, that can lead > to security problems, hence the severity.) > > I've got the following error with bibtex (someone else here mentioned > the same problem on a different machine, but on the same set of files, Can you please send a *MINIMAL* test suite? Anything else is hard to trace down. Best wishes Norbert ------------------------------------------------------------------------------- Dr. Norbert Preining <preining@logic.at> Vienna University of Technology Debian Developer <preining@debian.org> Debian TeX Group gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094 ------------------------------------------------------------------------------- YADDLETHORPE (vb.) (Of offended pooves.) To exit huffily from a boutique. --- Douglas Adams, The Meaning of Liff
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin.
(Mon, 23 Mar 2009 17:27:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>.
(Mon, 23 Mar 2009 17:27:05 GMT) (full text, mbox, link).
Message #15 received at 520920@bugs.debian.org (full text, mbox, reply):
On 2009-03-23 17:40:13 +0100, Norbert Preining wrote: > Can you please send a *MINIMAL* test suite? Anything else is hard to > trace down. I think I'll be able to do it tonight. -- Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/> Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin.
(Mon, 23 Mar 2009 17:42:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>.
(Mon, 23 Mar 2009 17:42:02 GMT) (full text, mbox, link).
Message #20 received at 520920@bugs.debian.org (full text, mbox, reply):
retitle 520920 texlive-base-bin: bibtex crashes with large bib file found 520920 2005.dfsg.2-12 thanks I've added the texlive-base-bin version of the other machine where the bug occurs. The crash can be a segmentation fault. I suspect a buffer overflow in a buffer for strings that has around 65000 characters. -- Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/> Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
Changed Bug title to `texlive-base-bin: bibtex crashes with large bib file' from `texlive-base-bin: bibtex crashes on realloc (invalid next size)'.
Request was from Vincent Lefevre <vincent@vinc17.org>
to control@bugs.debian.org.
(Mon, 23 Mar 2009 17:42:03 GMT) (full text, mbox, link).
Bug marked as found in version 2005.dfsg.2-12.
Request was from Vincent Lefevre <vincent@vinc17.org>
to control@bugs.debian.org.
(Mon, 23 Mar 2009 17:42:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin.
(Tue, 24 Mar 2009 02:06:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>.
(Tue, 24 Mar 2009 02:06:03 GMT) (full text, mbox, link).
Message #29 received at 520920@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On 2009-03-23 17:40:13 +0100, Norbert Preining wrote: > Can you please send a *MINIMAL* test suite? Anything else is hard to > trace down. Attached. This is still large, but this seems to be needed. Just type "bibtex livre_fp" in the directory. I can reproduce the bug on an x86_64 machine and on a ppc machine. -- Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/> Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
[bibtex-crash.tar.lzma (application/octet-stream, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin.
(Tue, 24 Mar 2009 06:57:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Norbert Preining <preining@logic.at>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>.
(Tue, 24 Mar 2009 06:57:03 GMT) (full text, mbox, link).
Message #34 received at 520920@bugs.debian.org (full text, mbox, reply):
Hi Vincent, > > Can you please send a *MINIMAL* test suite? Anything else is hard to > > trace down. > > Attached. This is still large, but this seems to be needed. > Just type "bibtex livre_fp" in the directory. thanks. I can reproduce that, too. Is it ok if I forward these example files to upstream? Best wishes Norbert ------------------------------------------------------------------------------- Dr. Norbert Preining <preining@logic.at> Vienna University of Technology Debian Developer <preining@debian.org> Debian TeX Group gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094 ------------------------------------------------------------------------------- PABBY (n.,vb.) (Fencing term.) The play, or manoeuvre, where one swordsman leaps on to the table and pulls the battleaxe off the wall. --- Douglas Adams, The Meaning of Liff
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin.
(Tue, 24 Mar 2009 08:39:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>.
(Tue, 24 Mar 2009 08:39:02 GMT) (full text, mbox, link).
Message #39 received at 520920@bugs.debian.org (full text, mbox, reply):
On 2009-03-24 07:56:21 +0100, Norbert Preining wrote: > Is it ok if I forward these example files to upstream? Yes, I randomized the file (in case there would have been a problem related to copyright or whatever with the contents). -- Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/> Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin.
(Wed, 25 Mar 2009 14:27:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Hilmar Preusse <hille42@web.de>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>.
(Wed, 25 Mar 2009 14:27:05 GMT) (full text, mbox, link).
Message #44 received at 520920@bugs.debian.org (full text, mbox, reply):
On 24.03.09 Norbert Preining (preining@logic.at) wrote: Hi Norbert, > > > Can you please send a *MINIMAL* test suite? Anything else is > > > hard to trace down. > > > > Attached. This is still large, but this seems to be needed. Just > > type "bibtex livre_fp" in the directory. > > thanks. I can reproduce that, too. > > Is it ok if I forward these example files to upstream? > Who is upstream in your opinion? Are you sure this is a problem in bibtex? It could be in glibc and kpathsea too (IMHO). H. -- sigmentation fault
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin.
(Wed, 25 Mar 2009 14:45:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>.
(Wed, 25 Mar 2009 14:45:06 GMT) (full text, mbox, link).
Message #49 received at 520920@bugs.debian.org (full text, mbox, reply):
On 2009-03-25 15:23:33 +0100, Hilmar Preusse wrote: > Who is upstream in your opinion? Are you sure this is a problem in > bibtex? It could be in glibc and kpathsea too (IMHO). Since the crash occurs in kpathsea, perhaps, but see the valgrind output below (I doubt this is a glibc bug, even though the crash doesn't occur under Mac OS X -- but maybe one needs a different testcase for Mac OS X). $ valgrind bibtex livre_fp ==13096== Memcheck, a memory error detector. ==13096== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al. ==13096== Using LibVEX rev 1884, a library for dynamic binary translation. ==13096== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP. ==13096== Using valgrind-3.4.1-Debian, a dynamic binary instrumentation framewor k. ==13096== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al. ==13096== For more details, rerun with: -v ==13096== This is BibTeX, Version 0.99c (Web2C 7.5.6) The top-level auxiliary file: livre_fp.aux A level-1 auxiliary file: ch_introduction.aux A level-1 auxiliary file: ch_definitions.aux A level-1 auxiliary file: ch_formats.aux A level-1 auxiliary file: ch_smallalgs.aux A level-1 auxiliary file: ch_fma.aux A level-1 auxiliary file: ch_summation.aux A level-1 auxiliary file: ch_languages.aux A level-1 auxiliary file: ch_algorithms.aux A level-1 auxiliary file: ch_hard.aux A level-1 auxiliary file: ch_soft.aux A level-1 auxiliary file: ch_elemfun.aux A level-1 auxiliary file: ch_correctrounding.aux A level-1 auxiliary file: ch_certifying.aux A level-1 auxiliary file: ch_extending.aux A level-1 auxiliary file: ch_nttools.aux The style file: plain.bst ==13096== Use of uninitialised value of size 8 ==13096== at 0x40F410: (within /usr/bin/bibtex) ==13096== by 0x41237C: (within /usr/bin/bibtex) ==13096== by 0x412675: (within /usr/bin/bibtex) ==13096== by 0x52DD5A5: (below main) (libc-start.c:222) Database file #1: biblio.bib ==13096== ==13096== Use of uninitialised value of size 8 ==13096== at 0x40D80D: (within /usr/bin/bibtex) ==13096== by 0x40EE41: (within /usr/bin/bibtex) ==13096== by 0x40F784: (within /usr/bin/bibtex) ==13096== by 0x412374: (within /usr/bin/bibtex) ==13096== by 0x412675: (within /usr/bin/bibtex) ==13096== by 0x52DD5A5: (below main) (libc-start.c:222) ==13096== ==13096== Use of uninitialised value of size 8 ==13096== at 0x40D80D: (within /usr/bin/bibtex) ==13096== by 0x40DD74: (within /usr/bin/bibtex) ==13096== by 0x40E19F: (within /usr/bin/bibtex) ==13096== by 0x40EF29: (within /usr/bin/bibtex) ==13096== by 0x40F784: (within /usr/bin/bibtex) ==13096== by 0x412374: (within /usr/bin/bibtex) ==13096== by 0x412675: (within /usr/bin/bibtex) ==13096== by 0x52DD5A5: (below main) (libc-start.c:222) ==13096== ==13096== Invalid write of size 1 ==13096== at 0x407224: (within /usr/bin/bibtex) ==13096== by 0x40BE14: (within /usr/bin/bibtex) ==13096== by 0x40BB14: (within /usr/bin/bibtex) ==13096== by 0x40BF31: (within /usr/bin/bibtex) ==13096== by 0x40BB14: (within /usr/bin/bibtex) ==13096== by 0x40BB14: (within /usr/bin/bibtex) ==13096== by 0x40BB14: (within /usr/bin/bibtex) ==13096== by 0x4109E1: (within /usr/bin/bibtex) ==13096== by 0x412374: (within /usr/bin/bibtex) ==13096== by 0x412675: (within /usr/bin/bibtex) ==13096== by 0x52DD5A5: (below main) (libc-start.c:222) ==13096== Address 0x56e4b21 is 0 bytes after a block of size 65,001 alloc'd ==13096== at 0x4C2391E: malloc (vg_replace_malloc.c:207) ==13096== by 0x4E34AC4: xmalloc (in /usr/lib/libkpathsea.so.4.0.0) ==13096== by 0x411FDD: (within /usr/bin/bibtex) ==13096== by 0x412675: (within /usr/bin/bibtex) ==13096== by 0x52DD5A5: (below main) (libc-start.c:222) ==13096== ==13096== Invalid read of size 1 ==13096== at 0x404959: (within /usr/bin/bibtex) ==13096== by 0x4073C4: (within /usr/bin/bibtex) ==13096== by 0x40BE44: (within /usr/bin/bibtex) ==13096== by 0x40BB14: (within /usr/bin/bibtex) ==13096== by 0x40BB14: (within /usr/bin/bibtex) ==13096== by 0x40BB14: (within /usr/bin/bibtex) ==13096== by 0x4109E1: (within /usr/bin/bibtex) ==13096== by 0x412374: (within /usr/bin/bibtex) ==13096== by 0x412675: (within /usr/bin/bibtex) ==13096== by 0x52DD5A5: (below main) (libc-start.c:222) ==13096== Address 0x56e4b21 is 0 bytes after a block of size 65,001 alloc'd ==13096== at 0x4C2391E: malloc (vg_replace_malloc.c:207) ==13096== by 0x4E34AC4: xmalloc (in /usr/lib/libkpathsea.so.4.0.0) ==13096== by 0x411FDD: (within /usr/bin/bibtex) ==13096== by 0x412675: (within /usr/bin/bibtex) ==13096== by 0x52DD5A5: (below main) (libc-start.c:222) Warning--empty institution in SebGou02 Warning--empty note in Gonnet2002 Warning--empty publisher in Newton1664 Warning--empty institution in SunInterval2002 Warning--empty note in May2008 Warning--empty note in Bernstein2001 (There were 6 warnings) ==13096== ==13096== ERROR SUMMARY: 48 errors from 5 contexts (suppressed: 8 from 1) ==13096== malloc/free: in use at exit: 2,513,533 bytes in 63,901 blocks. ==13096== malloc/free: 101,217 allocs, 37,316 frees, 5,395,297 bytes allocated. ==13096== For counts of detected errors, rerun with: -v ==13096== Use --track-origins=yes to see where uninitialised values come from ==13096== searching for pointers to 63,901 not-freed blocks. ==13096== checked 2,330,952 bytes. ==13096== ==13096== LEAK SUMMARY: ==13096== definitely lost: 2,176 bytes in 133 blocks. ==13096== possibly lost: 0 bytes in 0 blocks. ==13096== still reachable: 2,511,357 bytes in 63,768 blocks. ==13096== suppressed: 0 bytes in 0 blocks. ==13096== Rerun with --leak-check=full to see details of leaked memory. -- Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/> Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin.
(Wed, 25 Mar 2009 16:51:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Norbert Preining <preining@logic.at>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>.
(Wed, 25 Mar 2009 16:51:05 GMT) (full text, mbox, link).
Message #54 received at 520920@bugs.debian.org (full text, mbox, reply):
On Mi, 25 Mär 2009, Hilmar Preusse wrote: > Who is upstream in your opinion? Are you sure this is a problem in > bibtex? It could be in glibc and kpathsea too (IMHO). I would forward it to the texlive and/or the tex-k list for now and ask for help. Hilmar, can you do that please, my laptop is broken, I have to use others' computers for now and cannot come to anything on it for the time being. Thanks Best wishes Norbert ------------------------------------------------------------------------------- Dr. Norbert Preining <preining@logic.at> Vienna University of Technology Debian Developer <preining@debian.org> Debian TeX Group gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094 ------------------------------------------------------------------------------- THRUMSTRER (n.) The irritating man next to you in a concert who thinks he's (a) the conductor, (b) the brass section. --- Douglas Adams, The Meaning of Liff
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin.
(Thu, 26 Mar 2009 13:09:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Hilmar Preusse <hille42@web.de>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>.
(Thu, 26 Mar 2009 13:09:05 GMT) (full text, mbox, link).
Message #59 received at 520920@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On 23.03.09 Vincent Lefevre (vincent@vinc17.org) wrote: Hi Vincent, > Package: texlive-base-bin > Version: 2007.dfsg.2-5 > Severity: grave > Tags: security > Justification: user security hole > > (Note: I suppose that there's some memory corruption, that can lead > to security problems, hence the severity.) > > I've got the following error with bibtex (someone else here > mentioned the same problem on a different machine, but on the same > set of files, possibly a slightly different version). Unfortenately > I don't have a simple testcase (I'll try to make one, but this may > be difficult), and the files are private. > I can reproduce the problem using bibtex. Then I tried bibtex8 and could generate a livre_fp.bbl file (blg file is attached). Do you still assume it an "user security hole", which justifies the severity "grave" or can you accept the work around and hence a lower severity? H. -- sigmentation fault
[livre_fp.blg (text/plain, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin.
(Thu, 26 Mar 2009 13:57:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>.
(Thu, 26 Mar 2009 13:57:02 GMT) (full text, mbox, link).
Message #64 received at 520920@bugs.debian.org (full text, mbox, reply):
Hi, On 2009-03-26 14:07:08 +0100, Hilmar Preusse wrote: > I can reproduce the problem using bibtex. Then I tried bibtex8 and > could generate a livre_fp.bbl file (blg file is attached). Do you > still assume it an "user security hole", which justifies the severity > "grave" or can you accept the work around and hence a lower severity? I've set that in doubt. I think that all buffer overflows should seriously be taken into consideration as they can potentially be a real security hole (remember when Debian servers were compromised even though an exploit was thought to be impossible). Now, as here the bug seems to require a large bibtex file and action from the user (assuming no tex-compilation servers), the severity can probably be lowered. BTW, can bibtex8 safely be used in place of bibtex (no compatibility problems)? -- Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/> Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin.
(Thu, 26 Mar 2009 16:48:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Hilmar Preusse <hille42@web.de>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>.
(Thu, 26 Mar 2009 16:48:07 GMT) (full text, mbox, link).
Message #69 received at 520920@bugs.debian.org (full text, mbox, reply):
On 26.03.09 Vincent Lefevre (vincent@vinc17.org) wrote:
Hi,
> BTW, can bibtex8 safely be used in place of bibtex (no
> compatibility problems)?
>
From the manual page:
8-bit BibTeX is an enhanced, portable C version of BibTeX
0.99. It has been enhanced in these areas:
- conversion to "big" (32-bit) capacity
- capacity selectable at run time
- flexible support for non-English languages using 8-bit
character sets
- well matched to LateX2e and its "inputenc" package
Oren Patashnik, the creator of BibTeX, is working on a new
BibTeX 1.0 that will be a modern implementation supporting
large capacities and non-English languages (see TUGboat, pages
269--274, volume 15, number 3, September 1994). He is content
for this version to be released, but hopes that people will
eventually migrate to BibTeX 1.0 when it is released. Its
release date is uncertain at the moment.
So I guess bibtex8 is compatible, but I can't really say. I'll ask
some more experienced people.
H.
--
sigmentation fault
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin.
(Mon, 06 Apr 2009 10:39:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Hilmar Preusse <hille42@web.de>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>.
(Mon, 06 Apr 2009 10:39:03 GMT) (full text, mbox, link).
Message #74 received at 520920@bugs.debian.org (full text, mbox, reply):
severity 520920 important stop On 26.03.09 Vincent Lefevre (vincent@vinc17.org) wrote: Hi, > Now, as here the bug seems to require a large bibtex file and > action from the user (assuming no tex-compilation servers), the > severity can probably be lowered. > [x] Done > BTW, can bibtex8 safely be used in place of bibtex (no > compatibility problems)? > I googled a little bit and found only these two main differences: - the sort order has changed * bibtex: 0-9,A-Z,a-z * bibtex8: 0-9,A,a,B,b,C etc. - bibtex8 returns exit code 1 in case of warnings. I propose to remove the old bibtex binary and document that change prominently in the NEWS file. H. -- sigmentation fault
Severity set to `important' from `grave'
Request was from Hilmar Preusse <hille42@web.de>
to control@bugs.debian.org.
(Mon, 06 Apr 2009 10:39:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian TeX Maintainers <debian-tex-maint@lists.debian.org>:
Bug#520920; Package texlive-base-bin.
(Fri, 30 Oct 2009 17:39:18 GMT) (full text, mbox, link).
Acknowledgement sent
to Hilmar Preusse <hille42@web.de>:
Extra info received and forwarded to list. Copy sent to Debian TeX Maintainers <debian-tex-maint@lists.debian.org>.
(Fri, 30 Oct 2009 17:39:18 GMT) (full text, mbox, link).
Message #81 received at 520920@bugs.debian.org (full text, mbox, reply):
tags 520920 + patch stop On 23.03.09 Vincent Lefevre (vincent@vinc17.org) wrote: Hi, > I've got the following error with bibtex (someone else here > mentioned the same problem on a different machine, but on the same > set of files, possibly a slightly different version). > Unfortenately I don't have a simple testcase (I'll try to make one, > but this may be difficult), and the files are private. > Patch exists made by KB: http://tug.org/mailman/htdig/tex-live/2009-August/021998.html H. -- sigmentation fault
Added tag(s) patch.
Request was from Hilmar Preusse <hille42@web.de>
to control@bugs.debian.org.
(Fri, 30 Oct 2009 17:39:21 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from Anibal Monsalve Salazar <anibal@debian.org>
to control@bugs.debian.org.
(Thu, 12 Nov 2009 19:27:41 GMT) (full text, mbox, link).
Reply sent
to Norbert Preining <preining@debian.org>:
You have taken responsibility.
(Mon, 16 Nov 2009 22:04:55 GMT) (full text, mbox, link).
Notification sent
to Vincent Lefevre <vincent@vinc17.org>:
Bug acknowledged by developer.
(Mon, 16 Nov 2009 22:04:55 GMT) (full text, mbox, link).
Message #90 received at 520920-close@bugs.debian.org (full text, mbox, reply):
Source: texlive-bin
Source-Version: 2009-1
We believe that the bug you reported is fixed in the latest version of
texlive-bin, which is due to be installed in the Debian FTP archive:
libkpathsea-dev_2009-1_amd64.deb
to main/t/texlive-bin/libkpathsea-dev_2009-1_amd64.deb
libkpathsea5_2009-1_amd64.deb
to main/t/texlive-bin/libkpathsea5_2009-1_amd64.deb
texlive-bin_2009-1.diff.gz
to main/t/texlive-bin/texlive-bin_2009-1.diff.gz
texlive-bin_2009-1.dsc
to main/t/texlive-bin/texlive-bin_2009-1.dsc
texlive-bin_2009.orig.tar.gz
to main/t/texlive-bin/texlive-bin_2009.orig.tar.gz
texlive-binaries_2009-1_amd64.deb
to main/t/texlive-bin/texlive-binaries_2009-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 520920@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Norbert Preining <preining@debian.org> (supplier of updated texlive-bin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 13 Nov 2009 01:20:08 +0900
Source: texlive-bin
Binary: texlive-binaries libkpathsea5 libkpathsea-dev
Architecture: source amd64
Version: 2009-1
Distribution: experimental
Urgency: low
Maintainer: Debian TeX Maintainers <debian-tex-maint@lists.debian.org>
Changed-By: Norbert Preining <preining@debian.org>
Description:
libkpathsea-dev - TeX Live: path search library for TeX (development part)
libkpathsea5 - TeX Live: path search library for TeX (runtime part)
texlive-binaries - Binaries for TeX Live
Closes: 336807 342529 350292 351672 357462 361218 413652 420836 421464 446617 450552 450553 450554 450555 450556 450557 450558 450559 450560 457711 459571 461818 464351 478176 481060 485563 489943 507652 517600 517601 518536 520920 536795 538557 542463
Changes:
texlive-bin (2009-1) experimental; urgency=low
.
[ Frank Küster ]
* New upstream (closes: #481060) version (pre-release, but not far from)
with lots of internal changes, hence the upload to experimental. This
upstream version fixes the following bugs:
.
- many manpage typos, with warm thanks and a virtual QA bouquet to
A. Costa <agcosta@gis.net>, closes: #450552, #450553, #450554,
#450555, #450556, #450557, #450558, #450559, #450560, #464351 (the
last was found by Joachim Breitner <nomeata@debian.org>
.
[xdvi bugs]
- closes: #336807, crashes with (breaklinks) hyperrefs
- closes: #357462, shrinkFactor 0 is broken
- closes: #361218, dies while printing
- closes: #342529, unnecessarily noisy in expert mode
- closes: #350292, please use cntl-wheel to zoom
- closes: #351672, please use shift-wheel to scroll left or right
- closes: #478176, transition to texlive has lost xdvi 'grid' feature
- closes: #461818, typo in oxdvi.1 and xdvi.1 man pages
.
[mixed executables]
- dvips: Upstream added a patch that closes: #520920
.
- dvipdfm is now a symlink to dvipdfmx. Among other problems, this
closes: #485563
.
- closes: #421464, pdfetex: Not embedding Base-14 fonts creates
somewhat broken files
- closes: #518536, fresh upstream of pdftex is needed (latest stable
pdftex is 1.40.9 available)
- #532074, 'man pdftex': missing .ds WB
.
- closes: #446617, texlive-metapost: Omits font encoding from output
- closes: #457711, texlive-metapost: mpost man page does not match reality
.
- closes: #507652, make math support working in xe(la)tex and lmodern
fonts
- closes: #489943, mktexpk does not work in directories containing
spaces
- closes: #536795, 'man texconfig' typos (the fix also affects a
Debian-specific patch)
- closes: #420836, "texdoc -s" is too slow, should use ls-R database
.
- closes: #459571, please include the TeXcount.pl script to do TeX
word count
- closes: #413652, a2ping: embedding all fonts
- closes: #542463, vlna program missing from texlive-lang-czechslovak
.
* The texlive-bin source package is now handled independently from the
other TeXLive source packages, i.e. it is not configured in
tpm2deb.cfg in our svn repository and the debian directory. Instead,
it now looks more like a standard compiled package and should be
easier to work on in case of security uploads or NMUs.
* This also means that some of it's older binary packages, like
texlive-metapost, have moved source package. By chance, this closes:
#517600, #517601
* Support a create-orig-source target in debian/rules. The orig.tar.gz
is now either wget'ed if we are working on a released version, or
automatically created from a svn repository for development
* There are now only three binary packages, texlive-binaries and the two
library packages. texlive-binaries Replaces/Conflicts/Provides
texlive-base-bin in order to get a working (if not smooth)
transition.
* Add Build-Depends: time, since the upstream Build script uses it
* Don't install the format links, they will generated by dh_installtex
in the other packages, also do not install the man pages for the
links
* do not install rungs, it is not necessary
* do not install script links, they will be shipped together with
the script itself
* Add patch 60_unneeded_linking. These needs testing!
.
[ أحمد المحمودي (Ahmed El-Mahmoudy) ]
* debian/rules: use /usr/share/quilt/quilt.make provided by quilt and remove
patch-stamp & unpatch targets
* Install changelog into libkpathsea packages
* Add a README.source
.
[ Norbert Preining ]
* fix postinst update-alternatives, the xdvi-xaw does not have .bin anymore
* add texlive-binaries.prerm to remove the alternative
* add same version number to libkpathsea-dev deps on libkpathsea5 to make
lintian happy
* make texlive-binaries replace/conflict/provide dvipdfmx (in accordance
with the maintainer of dvipdfmx we will phase out dvipdfmx itself)
* new source package format "3.0 (quilt)" can be used (closes: #538557)
* Install copyright file
* add patch for libpoppler 0.12 (thanks to Ubuntu for inspiration)
Checksums-Sha1:
87ef8895d97895b4b7eba7b75ff7c682cb2c550a 1376 texlive-bin_2009-1.dsc
0a63e9d6f942933d274eb801f289f81e64ee39e8 51837345 texlive-bin_2009.orig.tar.gz
1590178e97654bd97931d7a4cf357aa64cd9f9dd 50138 texlive-bin_2009-1.diff.gz
1170f890f27402d160355c46bd03c423bb7fc29d 7995368 texlive-binaries_2009-1_amd64.deb
f5d8d8e9fe8461c51936706627a4dc2550d8245f 133424 libkpathsea5_2009-1_amd64.deb
eaf3f7a8c8e5b8ac4ff3b2d8c9b19fa5f7ac95ba 174928 libkpathsea-dev_2009-1_amd64.deb
Checksums-Sha256:
95ea9d9dea974fe91d0c1446c117e6f4b899836c04ca01e997e8f0875b4313b8 1376 texlive-bin_2009-1.dsc
875ff9623decee7e3896e710df1efd462657f88e22ca05b41be5452b09448c7b 51837345 texlive-bin_2009.orig.tar.gz
07017277678231b1c301f369b3187d33f5ae92bfaf71375f1654ca7b18a0f131 50138 texlive-bin_2009-1.diff.gz
94a9689cdb325e14ff54901189452df73eede298ec6631988eb000d04fbb3835 7995368 texlive-binaries_2009-1_amd64.deb
ccaaabd3f4d94f388d57e153069ed53207b066e69eddf033a9d13e2f4c6953dc 133424 libkpathsea5_2009-1_amd64.deb
45a4631f95c2b3c07ecd4db592d92e0c448aa94b753dd6a90dee69dff8e381c7 174928 libkpathsea-dev_2009-1_amd64.deb
Files:
e15d6893a2587d534fdab549bcb5f062 1376 tex optional texlive-bin_2009-1.dsc
71e96632cff062dd8d9e4aa4973c2d8e 51837345 tex optional texlive-bin_2009.orig.tar.gz
9cec7ef66fb01ef44a0393e4288ace3c 50138 tex optional texlive-bin_2009-1.diff.gz
39aa9b1d97c6d2f63917c8b2d652fa36 7995368 tex optional texlive-binaries_2009-1_amd64.deb
7d2977e39ec620dabcefb8b6e04cc343 133424 libs optional libkpathsea5_2009-1_amd64.deb
ca82cb8584804ca19208f9af8f9a4120 174928 libdevel optional libkpathsea-dev_2009-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFK/DlU0r9KownFsJQRAhJgAJ97qCXeybq7j4Z1yugMdyA8ul/ZhgCfeob9
8phVZLuV3aY0zBwOivgpZyo=
=QV0I
-----END PGP SIGNATURE-----
Reply sent
to Hilmar Preusse <hille42@web.de>:
You have taken responsibility.
(Mon, 28 Dec 2009 02:03:22 GMT) (full text, mbox, link).
Notification sent
to Vincent Lefevre <vincent@vinc17.org>:
Bug acknowledged by developer.
(Mon, 28 Dec 2009 02:03:22 GMT) (full text, mbox, link).
Message #95 received at 520920-close@bugs.debian.org (full text, mbox, reply):
Source: texlive-bin
Source-Version: 2007.dfsg.2-4+lenny2
We believe that the bug you reported is fixed in the latest version of
texlive-bin, which is due to be installed in the Debian FTP archive:
libkpathsea-dev_2007.dfsg.2-4+lenny2_amd64.deb
to main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-4+lenny2_amd64.deb
libkpathsea4_2007.dfsg.2-4+lenny2_amd64.deb
to main/t/texlive-bin/libkpathsea4_2007.dfsg.2-4+lenny2_amd64.deb
texlive-base-bin-doc_2007.dfsg.2-4+lenny2_amd64.deb
to main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-4+lenny2_amd64.deb
texlive-base-bin_2007.dfsg.2-4+lenny2_amd64.deb
to main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-4+lenny2_amd64.deb
texlive-bin_2007.dfsg.2-4+lenny2.diff.gz
to main/t/texlive-bin/texlive-bin_2007.dfsg.2-4+lenny2.diff.gz
texlive-bin_2007.dfsg.2-4+lenny2.dsc
to main/t/texlive-bin/texlive-bin_2007.dfsg.2-4+lenny2.dsc
texlive-extra-utils_2007.dfsg.2-4+lenny2_amd64.deb
to main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-4+lenny2_amd64.deb
texlive-font-utils_2007.dfsg.2-4+lenny2_amd64.deb
to main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-4+lenny2_amd64.deb
texlive-lang-indic_2007.dfsg.2-4+lenny2_amd64.deb
to main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-4+lenny2_amd64.deb
texlive-metapost-doc_2007.dfsg.2-4+lenny2_amd64.deb
to main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-4+lenny2_amd64.deb
texlive-metapost_2007.dfsg.2-4+lenny2_amd64.deb
to main/t/texlive-bin/texlive-metapost_2007.dfsg.2-4+lenny2_amd64.deb
texlive-music_2007.dfsg.2-4+lenny2_amd64.deb
to main/t/texlive-bin/texlive-music_2007.dfsg.2-4+lenny2_amd64.deb
texlive-omega_2007.dfsg.2-4+lenny2_amd64.deb
to main/t/texlive-bin/texlive-omega_2007.dfsg.2-4+lenny2_amd64.deb
texlive-xetex_2007.dfsg.2-4+lenny2_amd64.deb
to main/t/texlive-bin/texlive-xetex_2007.dfsg.2-4+lenny2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 520920@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hilmar Preusse <hille42@web.de> (supplier of updated texlive-bin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 02 Dec 2009 17:11:30 +0100
Source: texlive-bin
Binary: texlive-base-bin texlive-extra-utils texlive-font-utils texlive-metapost texlive-omega texlive-xetex texlive-music texlive-lang-indic libkpathsea4 libkpathsea-dev texlive-metapost-doc texlive-base-bin-doc
Architecture: source amd64
Version: 2007.dfsg.2-4+lenny2
Distribution: stable-proposed-updates
Urgency: low
Maintainer: Debian TeX Maintainers <debian-tex-maint@lists.debian.org>
Changed-By: Hilmar Preusse <hille42@web.de>
Description:
libkpathsea-dev - TeX Live: path search library for TeX (development part)
libkpathsea4 - TeX Live: path search library for TeX (runtime part)
texlive-base-bin - TeX Live: Essential binaries
texlive-base-bin-doc - TeX Live: Documentation files for texlive-base-bin
texlive-extra-utils - TeX Live: TeX auxiliary programs
texlive-font-utils - TeX Live: TeX font-related programs
texlive-lang-indic - TeX Live: Indic
texlive-metapost - TeX Live: MetaPost (and Metafont) drawing packages
texlive-metapost-doc - TeX Live: Documentation files for texlive-metapost
texlive-music - TeX Live: Music typesetting
texlive-omega - TeX Live: Omega
texlive-xetex - TeX Live: XeTeX macros
Closes: 520920
Changes:
texlive-bin (2007.dfsg.2-4+lenny2) stable-proposed-updates; urgency=low
.
* Patch for CVE-2009-1284 by Karl Berry (Closes: #520920)
http://tug.org/mailman/htdig/tex-live/2009-August/021998.html
[hilmar-guest]
Checksums-Sha1:
cbb417396ea5f97c8306f53a586de4ab1ade4231 1720 texlive-bin_2007.dfsg.2-4+lenny2.dsc
662e768a7e6dd79ba9dec4fc416f4cbb64092242 352304 texlive-bin_2007.dfsg.2-4+lenny2.diff.gz
efe321c196cffe86851dba61697cfedd8d3fa9cc 2637120 texlive-base-bin_2007.dfsg.2-4+lenny2_amd64.deb
78856c582b0fb4fee0b57d20896dba9d387407ad 691262 texlive-extra-utils_2007.dfsg.2-4+lenny2_amd64.deb
1b2f02f2ad54b75e92b581722cf5cd53d826d8a1 1297928 texlive-font-utils_2007.dfsg.2-4+lenny2_amd64.deb
98dae474b3c1db1bad6bea4eef6ff2f82f31bcc8 642420 texlive-metapost_2007.dfsg.2-4+lenny2_amd64.deb
06431e9586510b83f50329c3cb96e2c15db5dcad 2845756 texlive-omega_2007.dfsg.2-4+lenny2_amd64.deb
668df4a368af5bfa2dccf63e402e6e03a79fa2a1 6417832 texlive-xetex_2007.dfsg.2-4+lenny2_amd64.deb
e018c6ec69511584f7404063eb730082b77585af 1723592 texlive-music_2007.dfsg.2-4+lenny2_amd64.deb
8fd29f2a14340f4cc73e1ad23899c002cc5706b0 6735670 texlive-lang-indic_2007.dfsg.2-4+lenny2_amd64.deb
96b9ed105fb3f027c84e6a84ad2b59ad74f0fbf5 123662 libkpathsea4_2007.dfsg.2-4+lenny2_amd64.deb
d2004dc7f668d1f7ac9d28907e72c5efb455af83 165550 libkpathsea-dev_2007.dfsg.2-4+lenny2_amd64.deb
8c0aa2380325f393433f3a6795268a01ccc5e7ae 6803984 texlive-metapost-doc_2007.dfsg.2-4+lenny2_amd64.deb
9c20c09648bcd435dab4572c497525a0ba521dda 8606714 texlive-base-bin-doc_2007.dfsg.2-4+lenny2_amd64.deb
Checksums-Sha256:
63c7347f7dc2deba0026f01a68f4647a978ccd38387fb4e27e84a9af89c69ab0 1720 texlive-bin_2007.dfsg.2-4+lenny2.dsc
b85c88b37e27b80c08ca8e69f042988bbc0ab06f3a2a709e4f450cd6e27b981b 352304 texlive-bin_2007.dfsg.2-4+lenny2.diff.gz
bfa28afbcf6715fe5dba337f6dc2589d633eb8811e822c32ef7980bc6ee5a754 2637120 texlive-base-bin_2007.dfsg.2-4+lenny2_amd64.deb
e3a7741488ea64eaa2c779fe83afa898955e2bd03c7d1cadfa72ca0f424d2f41 691262 texlive-extra-utils_2007.dfsg.2-4+lenny2_amd64.deb
8e928be764d7c6e43e4ca78e60226bdf9d27b4498750de164a5d05af663f9161 1297928 texlive-font-utils_2007.dfsg.2-4+lenny2_amd64.deb
96605d525f72cc95ff12a31ce5af8edc1731a7c6c0ea68d365c5be06f851e64f 642420 texlive-metapost_2007.dfsg.2-4+lenny2_amd64.deb
beaa6127ed120d6a6af37d74bd6748dc01742460e31255d33b58c7ee86558cf6 2845756 texlive-omega_2007.dfsg.2-4+lenny2_amd64.deb
8629bf071de0cb1eaaf8a1d5de39bdf3053cccf0d09fa3bee5c4fefa4500e5ba 6417832 texlive-xetex_2007.dfsg.2-4+lenny2_amd64.deb
56a8c274a79c78df3e3901dff040365c4bcf3fea14ebf1bc66ccda4b939ae8ed 1723592 texlive-music_2007.dfsg.2-4+lenny2_amd64.deb
a24379d2bcb067bac502cac938d896f6f56820840b29db590e46d90831b1889f 6735670 texlive-lang-indic_2007.dfsg.2-4+lenny2_amd64.deb
49968cc72c8b9fdd5dca752faf760acb08daec1ab1bb5d1c64642cd35471d902 123662 libkpathsea4_2007.dfsg.2-4+lenny2_amd64.deb
4c0fedc4617991bd06c793e389e2477516fcc67d571434a4e69353801adff358 165550 libkpathsea-dev_2007.dfsg.2-4+lenny2_amd64.deb
f325a68bb228308d5971f2be030ebb1f611daf8025dc82d9ef6bf91a0e6f4bc0 6803984 texlive-metapost-doc_2007.dfsg.2-4+lenny2_amd64.deb
9c0abdeeb80fc972c286168cb677900fce6046efe404fbbead595db304bf7092 8606714 texlive-base-bin-doc_2007.dfsg.2-4+lenny2_amd64.deb
Files:
1f1280229d8f81d6403c0ae893ad9b96 1720 tex optional texlive-bin_2007.dfsg.2-4+lenny2.dsc
2ec49fa4133b99d66c22f5188a94bc68 352304 tex optional texlive-bin_2007.dfsg.2-4+lenny2.diff.gz
9841fe864d5b73ad5b8211a15f93ce36 2637120 tex optional texlive-base-bin_2007.dfsg.2-4+lenny2_amd64.deb
d18af099ca21dfbdf21a1542a0af9fc5 691262 tex optional texlive-extra-utils_2007.dfsg.2-4+lenny2_amd64.deb
e43950bde6dd31bb566920b63b7b816d 1297928 tex optional texlive-font-utils_2007.dfsg.2-4+lenny2_amd64.deb
2ceb967eba52edb2c986445e372c1836 642420 tex optional texlive-metapost_2007.dfsg.2-4+lenny2_amd64.deb
47f60ee8dbbedce752db7cdd34359c08 2845756 tex optional texlive-omega_2007.dfsg.2-4+lenny2_amd64.deb
28da1df953133e810d6eb19072aeee1d 6417832 tex optional texlive-xetex_2007.dfsg.2-4+lenny2_amd64.deb
db80aa8c28bf8b007b49408df9eb7ce1 1723592 tex optional texlive-music_2007.dfsg.2-4+lenny2_amd64.deb
2a10ee632236d4a13d2d24e6ced99538 6735670 tex optional texlive-lang-indic_2007.dfsg.2-4+lenny2_amd64.deb
68c3fa511686df25f97c6c203324ad29 123662 libs optional libkpathsea4_2007.dfsg.2-4+lenny2_amd64.deb
8367fd1c23730b5378f56f4074eb0d45 165550 libdevel optional libkpathsea-dev_2007.dfsg.2-4+lenny2_amd64.deb
776a21c2ab9c1a0942c1bb3cb646857f 6803984 doc optional texlive-metapost-doc_2007.dfsg.2-4+lenny2_amd64.deb
05c6b8b97ab743a62b96c152c446d601 8606714 doc optional texlive-base-bin-doc_2007.dfsg.2-4+lenny2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFLM4el0r9KownFsJQRAqtIAJ4wMOB5EM5NYDko0OINTpOUp6PTJgCfWq2d
oqe7m2PUGCWcXNqhvhTnwMU=
=qHym
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 25 Jan 2010 07:32:43 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.