[tex-k] [rhn-admin@rhn.redhat.com: RHN Errata Alert: Command execution vulnerability in dvips]

Stefan Ulrich stefan.ulrich@dsl.pipex.com
Mon, 4 Nov 2002 14:07:20 +0000


Tim Waugh <twaugh@redhat.com> writes:

>> FWIW, they did the same with xdvik (by adding the
>> `japanese' extensions).

> This is distributed under the name 'pxdvik'.

That's true (it used to be different some versions ago ;-)

> By the way, does stock xdvik still need this patch?

AFAICT, the patch consists of several parts:

(a) extensions in general functionality/GUI:
    Pagelist, color special support, printing support.

(b) VFlib support:

    We have support for Type1 via t1lib, but not for full VFLib
    (i.e. no TrueType support). There's a feature request for it
    at:

    http://sourceforge.net/tracker/index.php?func=detail&aid=443503&group_id=23164&atid=377583

    but nobody is working on it at the moment.


(c) Japanese font support:

    I don't really know what this involves, since all the
    documentation seems to be in japanese (which I don't
    read ;-)


Some of the items in (a) have been in non-k xdvi for a while
(implemented differently), and will be in the next `minor'
release of xdvik (> 22.40). A beta is planned by the end of
this year. The status of that can be tracked via:
http://xdvi.sourceforge.net/roadmap.html

For (b) and (c) we would need to co-operate with the maintainers
of the japanese patch. (There has been no communication so far on
that matter.) I'm planning to email them about it, but not until
the next release is out.


So, to sum it up: It seems that the patches are still needed.
BTW, last time I checked, RedHat 8.0,
tetex-xdvi-1.0.7-57.i386.rpm featured this version:

xdvi(k) version 22.05d-k

On
http://www.nn.iij4u.or.jp/~tutimura/tex/tetex-beta.html#xdvi
there seem to be patches for the much more up-to-date
version xdvik-22.40o; it might be worth considering to
upgrade to that one.

Best,
Stefan