Bug#127893: marked as done (Throwing out the dvips baby with the security bathwater)

To: Atsuhito KOHDA <kohda@debian.org>
Cc: teTeX maintainers <debian-tetex-maint@lists.debian.org>, tetex-bin@packages.qa.debian.org
Subject: Bug#127893: marked as done (Throwing out the dvips baby with the security bathwater)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 08 Dec 2002 22:48:07 -0600
Message-id: <[🔎] handler.127893.D127893.103940868516834.ackdone@bugs.debian.org>
In-reply-to: <E18LFav-0007X8-00@auric.debian.org>
References: <E18LFav-0007X8-00@auric.debian.org> <m16Mp4L-0067MuC@snot.cs.unm.edu>

Your message dated Sun, 08 Dec 2002 23:32:37 -0500
with message-id <E18LFav-0007X8-00@auric.debian.org>
and subject line Bug#127893: fixed in tetex-base 1.0.2+20021025-3
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 5 Jan 2002 11:32:58 +0000
>From bap@cs.unm.edu Sat Jan 05 05:32:58 2002
Return-path: <bap@cs.unm.edu>
Received: from snot.cs.unm.edu [64.106.43.211] (foobar)
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 16Mp4M-0003WB-00; Sat, 05 Jan 2002 05:32:58 -0600
Received: by snot.cs.unm.edu
	via sendmail from stdin
	id <m16Mp4L-0067MuC@snot.cs.unm.edu> (Debian Smail3.2.0.114)
	Sat, 5 Jan 2002 04:32:57 -0700 (MST) 
Message-Id: <m16Mp4L-0067MuC@snot.cs.unm.edu>
Date: Sat, 5 Jan 2002 04:32:57 -0700 (MST)
From: Barak Pearlmutter <bap@cs.unm.edu>
To: submit@bugs.debian.org
Subject: Throwing out the dvips baby with the security bathwater
Reply-to: bap@cs.unm.edu
Mime-Version: 1.0 (generated by tm-edit 7.106)
Content-Type: text/plain; charset=US-ASCII
Delivered-To: submit@bugs.debian.org

Package: tetex-bin
Version: 1.0.7+20011202-2
Severity: important

I cannot find a way to re-enable the dvips "security mode" which
refuses to run subprocesses specified in the dvi file.  This means
that latex files using sophisticated graphics and doing their
convertion from bitmap format to postscript at dvips time fail.

You'd think "dvips -R0" would turn it back on, as per "dvips --help"
with its "R*" entry, where the "*" mean to use a zero to turn the
feature off.  But that doesn't work!  And the dvips info documentation
has the little "*" removed from its "R" entry, which is not consistent
with "dvips --help".

I'm flagging this as important because

 (1) it causes previously working latex files to fail to dvips, and

 (2) I'm a latex jock and even *I* can't find any way to get dvips
     back into insecure mode.  Ie, no simple workaround.

---------------------------------------
Received: (at 127893-close) by bugs.debian.org; 9 Dec 2002 04:38:05 +0000
>From katie@auric.debian.org Sun Dec 08 22:38:05 2002
Return-path: <katie@auric.debian.org>
Received: from auric.debian.org [206.246.226.45] (mail)
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 18LFgD-0004NO-00; Sun, 08 Dec 2002 22:38:05 -0600
Received: from katie by auric.debian.org with local (Exim 3.35 1 (Debian))
	id 18LFav-0007X8-00; Sun, 08 Dec 2002 23:32:37 -0500
From: Atsuhito KOHDA <kohda@debian.org>
To: 127893-close@bugs.debian.org
X-Katie: $Revision: 1.28 $
Subject: Bug#127893: fixed in tetex-base 1.0.2+20021025-3
Message-Id: <E18LFav-0007X8-00@auric.debian.org>
Sender: Archive Administrator <katie@auric.debian.org>
Date: Sun, 08 Dec 2002 23:32:37 -0500
Delivered-To: 127893-close@bugs.debian.org

We believe that the bug you reported is fixed in the latest version of
tetex-base, which is due to be installed in the Debian FTP archive:

tetex-base_1.0.2+20021025-3.diff.gz
  to pool/main/t/tetex-base/tetex-base_1.0.2+20021025-3.diff.gz
tetex-base_1.0.2+20021025-3.dsc
  to pool/main/t/tetex-base/tetex-base_1.0.2+20021025-3.dsc
tetex-base_1.0.2+20021025-3_all.deb
  to pool/main/t/tetex-base/tetex-base_1.0.2+20021025-3_all.deb
tetex-doc_1.0.2+20021025-3_all.deb
  to pool/main/t/tetex-base/tetex-doc_1.0.2+20021025-3_all.deb
tetex-extra_1.0.2+20021025-3_all.deb
  to pool/main/t/tetex-base/tetex-extra_1.0.2+20021025-3_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 127893@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Atsuhito KOHDA <kohda@debian.org> (supplier of updated tetex-base package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon,  2 Dec 2002 08:05:11 +0900
Source: tetex-base
Binary: tetex-extra tetex-doc tetex-base
Architecture: source all
Version: 1.0.2+20021025-3
Distribution: unstable
Urgency: low
Maintainer: teTeX maintainers <debian-tetex-maint@lists.debian.org>
Changed-By: Atsuhito KOHDA <kohda@debian.org>
Description: 
 tetex-base - basic teTeX library files
 tetex-doc  - teTeX documentation
 tetex-extra - extra teTeX library files
Closes: 51586 78640 127893 133589 139085 153891 156406 169902 170102 170592 171196 171913
Changes: 
 tetex-base (1.0.2+20021025-3) unstable; urgency=low
 .
   * Changed Conflicts: revtex4 (<= 4.0-2) as the revtex4 maintainer,
     Alexei Kaminski, kindly made a dummy revtex4 4.0-3 for smooth upgrade.
     I would like to express the greatest thanks to Alexei Kaminski!
     (Closes: #169902)
   * Now provided xdvi.cfg  [kohda]  (Closes: #171196, #171913)
   * Fixed config.ps with patch-tmp.  Now dvips was in secure mode by default
     and '-R' option should work fine.  This will be fixed in the upstream
     soon, so we should remove this modification at that instance!  [kohda]
     (Closes: #51586, #127893, #133589, #139085, #156406)
   * Removed tetex-extra.preinst and preinst completely.  [advised by jdg and
     done by kohda]  (Closes: #170592)
    - I believe this would fix the failure of installation
      (Closes: #78640, #153891, #170102)
   * Removed listings.*, this package might be not DFSG-free.  [kohda]
Files: 
 3dd1dc5cefa0daab4cc85d708e6a669a 807 tex optional tetex-base_1.0.2+20021025-3.dsc
 539a5834663c6d1633486cb4c53b9037 35831 tex optional tetex-base_1.0.2+20021025-3.diff.gz
 749eefa579d4263eb6460af12a1d5492 17695460 tex optional tetex-base_1.0.2+20021025-3_all.deb
 e3e4ac66bf5782d63a5c6ce617256f6b 10301232 tex optional tetex-extra_1.0.2+20021025-3_all.deb
 edff402392eec4447612560c27d44f50 21100222 tex optional tetex-doc_1.0.2+20021025-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE99AVF1IXdL1v6kOwRAlAgAJwNcWfGVEtKp9ZD00wml668Li0Y9wCbBHDo
/vMezdXxJV+5DMYk/HwxVeE=
=vUvQ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Bug#139085: marked as done (dvips secure mode patch is *busted*)
Next by Date: Bug#133589: marked as done (PSfile="`zcat -q somegraphics.eps.gz" in .dvi fails)
Previous by thread: Bug#139085: marked as done (dvips secure mode patch is *busted*)
Next by thread: Bug#133589: marked as done (PSfile="`zcat -q somegraphics.eps.gz" in .dvi fails)
Index(es):
- Date
- Thread