[tex-live] TeXLive2007: Bug in (Xe)TeX for 64bit and big endianess

Dr. Werner Fink werner at suse.de
Wed May 9 14:16:19 CEST 2007


On Wed, May 09, 2007 at 01:58:19PM +0200, Taco Hoekwater wrote:
> 
> 
> Dr. Werner Fink wrote:
> >On Wed, May 09, 2007 at 01:08:38PM +0200, Taco Hoekwater wrote:
> >>George N. White III wrote:
> >>>TeX Live needs to accommodate the needs of distributors so it can be the
> >>>successor to teTeX.  Standards for robustness and reliability are higher 
> >>>today
> >>>because you have more systems where TeX is used as part of the build 
> >>>process
> >>>for complex systems where the coders may never actually use TeX directly.
> >>In my opinion, Linux (re)distributors patching an upstream package to
> >>use a different subsystem from the one it is shipped with, should never
> >>have happened. That is not ' applying security fixes', it is 'forking'.
> >
> >Hmmm ... does this mean that (re)distributors should not use the
> >configure options to use system libraries instead of the provided
> >within source.tar.bz2? Hopefully not ;)
> 
> xpdf != poppler !

Come on .. the only reason why poppler exists is that Derek
was/is not willingly to provide a shared interface of xpdf.

This had lead in history to the fact that every software
project fiddeling with pdf has used its own copy xpdf source.
Sometimes with own patches and/or enhancements ... sometimes
with an outdated and therefore unsecure version of the xpdf
sources.

Now remembering on CESA-2004-007, CAN-2004-0888, CAN-2005-0064,
CAN-2005-3191,3192,3193, CVE-2006-0301 and CVE-2007-0104 ...
all of these programs including teTeX had to be fixed due
to the fact that there was no shared libxpdf. Beside this
I can not remember any updates on tug.org for teTeX or
TeXLive for any of those reports ;)

With the shared libpoppler all this maintenence nightmare
is shrinked heavily to _one_ package in the system ...
and even for the xpdf this would be a win ... at least
from the security and maintenence point of view.

Now the question: what is wrong on the wish to have only
one central interface in the system with may have potential
security risk in handling pdf files?


       Werner

-- 
  "Having a smoking section in a restaurant is like having
          a peeing section in a swimming pool." -- Edward Burr


More information about the tex-live mailing list