[opensuse-factory] t1lib droppable?
Hi list, let us consider removing t1lib from factory. t1lib is unmaintained, see e. g.: CVE-2010-2642 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 CVE-2011-0433 Packages which requires t1lib for build in factory: evince texlive VFlib3 evince and VFlib3 could perhaps drop --with-t1lib configure switch, texlive could either use its own copy or drop support as well -- it appears from code that it uses t1lib as fallback if freetype2 can't handle given font. Opinions? Do you see any drawbacks? Thanks, Petr
On Tue, Mar 26, 2013 at 11:47:58AM +0100, pgajdos@suse.cz wrote:
Hi list,
let us consider removing t1lib from factory. t1lib is unmaintained, see e. g.: CVE-2010-2642 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 CVE-2011-0433
Packages which requires t1lib for build in factory: evince texlive VFlib3
evince and VFlib3 could perhaps drop --with-t1lib configure switch, texlive could either use its own copy or drop support as well -- it appears from code that it uses t1lib as fallback if freetype2 can't handle given font.
Opinions? Do you see any drawbacks?
No way, if there is no system t1lib then TeXLive will fall back to the t1lib in its own source tar ball. It is required for xdvi, dvipng, and ps2pkm Werner -- "Having a smoking section in a restaurant is like having a peeing section in a swimming pool." -- Edward Burr -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Tue, Mar 26, 2013 at 12:00:01PM +0100, Dr. Werner Fink wrote:
No way, if there is no system t1lib then TeXLive will fall back to the t1lib in its own source tar ball. It is required for xdvi, dvipng, and ps2pkm
It seems to me that dvipng should not be problem: from font.c [...] #ifdef HAVE_FT2 if ((option_flags & USE_FREETYPE)==0 || !InitFT(tfontptr)) { #endif #ifdef HAVE_LIBT1 if ((option_flags & USE_LIBT1)==0 || !InitT1(tfontptr)) { #endif [...] I hope freetype would cover all requests. But, xdvi seems to be at least from reading following thread: http://lists.debian.org/debian-tex-maint/2012/04/msg00122.htm Ok... sorry for noise. Petr
On 26-03-2013 14:11, pgajdos@suse.cz wrote:
On Tue, Mar 26, 2013 at 12:00:01PM +0100, Dr. Werner Fink wrote:
No way, if there is no system t1lib then TeXLive will fall back to the t1lib in its own source tar ball. It is required for xdvi, dvipng, and ps2pkm
It seems to me that dvipng should not be problem: from font.c
[...] #ifdef HAVE_FT2 if ((option_flags & USE_FREETYPE)==0 || !InitFT(tfontptr)) { #endif #ifdef HAVE_LIBT1 if ((option_flags & USE_LIBT1)==0 || !InitT1(tfontptr)) { #endif [...]
I hope freetype would cover all requests. But, xdvi seems to be at least from reading following thread:
http://lists.debian.org/debian-tex-maint/2012/04/msg00122.htm
There is work going on this area, http://sourceforge.net/tracker/?func=detail&aid=3511443&group_id=23164&atid=377583 Would be a good idea to keep an eye on it. Regards. -- SUSE LINUX Products GmbH Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 26-03-2013 14:14, Ismail Doenmez wrote:
On 26-03-2013 14:11, pgajdos@suse.cz wrote:
On Tue, Mar 26, 2013 at 12:00:01PM +0100, Dr. Werner Fink wrote:
No way, if there is no system t1lib then TeXLive will fall back to the t1lib in its own source tar ball. It is required for xdvi, dvipng, and ps2pkm
It seems to me that dvipng should not be problem: from font.c
[...] #ifdef HAVE_FT2 if ((option_flags & USE_FREETYPE)==0 || !InitFT(tfontptr)) { #endif #ifdef HAVE_LIBT1 if ((option_flags & USE_LIBT1)==0 || !InitT1(tfontptr)) { #endif [...]
I hope freetype would cover all requests. But, xdvi seems to be at least from reading following thread:
http://lists.debian.org/debian-tex-maint/2012/04/msg00122.htm
There is work going on this area, http://sourceforge.net/tracker/?func=detail&aid=3511443&group_id=23164&atid=377583
Just a heads up, pre-release notes for upcoming TexLive 2013 states: xdvi: now uses freetype instead of t1lib for rendering. which is good news. -- SUSE LINUX Products GmbH Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Quoting pgajdos@suse.cz:
Hi list,
let us consider removing t1lib from factory. t1lib is unmaintained, see e. g.: CVE-2010-2642 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 CVE-2011-0433
Packages which requires t1lib for build in factory: evince texlive VFlib3
evince and VFlib3 could perhaps drop --with-t1lib configure switch, texlive could either use its own copy or drop support as well -- it appears from code that it uses t1lib as fallback if freetype2 can't handle given font.
No objection for the proposed evince change... I'll incorporate this into the just upcoming 3.8.0 release. Best regards, Dom -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (4)
-
Dominique Leuenberger a.k.a. Dimstar -
Dr. Werner Fink -
Ismail Doenmez -
pgajdos@suse.cz