-
tetex-bin (3.0-13ubuntu6.1) dapper-security; urgency=low
* SECURITY UPDATE: improper bounds on static buffer results in stack-based
buffer overflow
* debian/patches/SECURITY_CVE-2007-5935.patch: make sure tmpbuf is allocated
enough memory in texk/dvipsk/hps.c
* SECURITY UPDATE: temporary file race condition in dviljk due to use of
tmpnam()
* SECURITY UPDATE: various buffer overflows in dviljk due to not checking
memory boundaries
* debian/patches/SECURITY_CVE-2007-5936+5937.patch: use mkdtemp() if
available in dvi2xx.c. Replace calls to strcpy() and do proper bounds
checking in dvi2xx.*.
* References
CVE-2007-5935
CVE-2007-5936
CVE-2007-5937
-- Jamie Strandboge <email address hidden> Tue, 4 Dec 2007 13:57:25 -0500
-
tetex-bin (3.0-13ubuntu6) dapper; urgency=low
* No-change upload to build against the current poppler library (which
changed API a bit due to the last bug fix). Closes: LP#42075
-- Martin Pitt <email address hidden> Mon, 29 May 2006 15:02:01 +0200
-
tetex-bin (3.0-13ubuntu5) dapper; urgency=low
* debian/postinst.in: Do not install oxdvi.bin alternative, since oxdvi.real
does not exist any more. Closes: LP#38321.
-- Martin Pitt <email address hidden> Mon, 10 Apr 2006 12:43:11 +0200
-
tetex-bin (3.0-13ubuntu4) dapper; urgency=low
* debian/postinst.functions: Enclose regular epxression in m!! instead of //
to cope with the contained slashes. Thanks to Chris Moore!
Closes: LP#33449
* debian/rules.in: Clean up build cruft in clean rule.
-- Martin Pitt <email address hidden> Thu, 6 Apr 2006 14:57:35 +0200
-
tetex-bin (3.0-13ubuntu3) dapper; urgency=low
* debian/patches/patch-poppler: Port to poppler 0.5.1 API (changes due to
new UGooString class).
* debian/control: Bump libpoppler-dev dependency.
-- Martin Pitt <email address hidden> Thu, 9 Mar 2006 16:50:22 +0100
-
tetex-bin (3.0-13ubuntu2) dapper; urgency=low
* debian/postinst.in:
- remove the old formats before cleaning environment
(fixes breezy->dapper upgrade problem)
-- Michael Vogt <email address hidden> Thu, 23 Feb 2006 20:27:19 +0100
-
tetex-bin (3.0-13ubuntu1) dapper; urgency=low
* debian/patches/patch-poppler: Additionally include <poppler/Link.h> in
pdftoepdf.cc to fix FTBFS with poppler >= 0.5.
-- Martin Pitt <email address hidden> Tue, 24 Jan 2006 15:59:55 +0100
-
tetex-bin (3.0-13) unstable; urgency=low
* {texconfig,fmtutil,updmap}-sys: improve handling to avoid spurious
warnings when fmtutil is called from texconfig-sys (Closes: #343172) [jdg]
* fmtutil: change $scriptname back to $progname to simplify patch [jdg]
* fmtutil, updmap: fix mktexfmt handling (now called correctly by root
and non-root) and error message handling when fmtutil/updmap called by
root [jdg]
* Fix patch-poppler: Accidently all binaries where linked against
libpoppler and everything it links to (closes: #344912) [frank]
* Add CVE ID to the changelog entry for 3.0-11 to indicate clearly which
security issues have been fixed.
* Bump standards version to 3.6.2 (no changes needed)
* Fixes to manpages to make lintian happy
* Translations:
- Added Swedish debconf translation, thanks to Daniel Nylander
<email address hidden> (closes: #343741) [frank]
-- Frank Küster <email address hidden> Tue, 27 Dec 2005 21:21:00 +0100
-
tetex-bin (3.0-10.1ubuntu5) dapper; urgency=low
* Add debian/patches/patch-poppler to build the two files that require xpdf
(texk/web2c/pdftexdir/{pdftosrc.cc,pdftoepdf.cc}) against poppler:
- Adapt include file paths.
- s/GString/GooString/ (poppler change to not conflict with glib).
- Adapt GlobalParams() constructor.
- web2c/pdftexdir/depend.mk: Removed, and re-generated with 'make depend'
to get rid of all the zlib and xpdf references to the shipped sources.
- configure.in: Set needs_libxpdf=no even when building with pdftex, to
avoid trying to build the internal xpdf copy.
- configure: Stripped down changes generated by running autoconf 2.13.
* Removed xpdf security patches, they are not necessary any more.
* debian/control: Build-Depend on libpoppler-dev.
* debian/rules.in:
- Build with XXCFLAGS='-I/usr/include/poppler' and LDFLAGS='-lpoppler'.
- Remove libs/xpdf and libs/zlib before building, just to make sure that
we really don't use it.
- Clean debian/latex.info on clean to be able to build the
source package after building binaries.
-- Martin Pitt <email address hidden> Mon, 12 Dec 2005 10:37:31 +0100
