Re: Braindump: Can we get rid of the font-cache-group question?
On Thu, Jun 01, 2006 at 11:06 +0200, Frank Küster wrote:
> We were waiting on upstreams decision to apply the patch, and you were
> unsure whether he applied the complete patch, or only the change in the
> kpathsea call. I think Karl has applied it completely:
>
> http://tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexnam?r1=1485&r2=1607
Good, that's the improved version of the patch.
> So we can go ahead. If I remember correctly, the steps would be:
>
> - apply the patch to tetex-bin and the respective texlive package
> (although texlive does not need to be synchronized)
Should I create a new quilt patch for this, or use one of the existing
ones? I first thought patch-deb would be appropriate, but then this
patch isn't Debian specific but accepted by upstream.
> - make the changes in tex-common, make sure that it does not get to
> testing before the tetex-bin change is in
>
> Is that correct?
Yes. I am not sure about the fallback VARTEXFONTS, but I think with the
new scheme we are still bettter off security wise, since the potentially
dangerous VARTEXFONTS is only used as a fall back. BTW, I have looked in
mktextfm, and the attack angle looks a bit different than first thought.
I think creating a link named like the file that is to be created won't
work, but the name of the intermediate temporary file can be easily
guessed:
# Install the TFM file carefully, since others may be working simultaneously.
# Use cp when mv fails, since DOS will fail mv for deeply-nested directories.
mv $TFMNAME "$TFMDESTDIR/tfm$$.tmp" 2>/dev/null \
|| cp $TFMNAME "$TFMDESTDIR/tfm$$.tmp" || exit 1
cd "$TFMDESTDIR" || exit 1
chmod `kpsestat -xst,go-w .` tfm$$.tmp
test -r $TFMNAME || mv tfm$$.tmp $TFMNAME || exit 1
(similar things occur in mktexpk)
In patch-deb we allready patch mktexlsr to use tempfile. Maybe we should
do this here, too.
cheerio
ralf
Reply to: