Discussion:
Update texlive-bin or not?
(too old to reply)
Bob
2018-10-12 10:22:11 UTC
Permalink
A few months ago I installed TeX Live 2018 following the instructions at

https://tug.org/texlive/

I did not use the package manager on linux mint.

Linux mint is now recommending that I update texlive-bin.  I find this
surprising since I did not use the package manager to install texlive;
furthermore, the package manager says that texlive-bin is not installed.

Should I install the update or ignore it?

More information about my version of texlive and the changelog for the
update are given below.

--Bob

=================
pdfTeX 3.14159265-2.6-1.40.19 (TeX Live 2018)
kpathsea version 6.3.0
Copyright 2018 Han The Thanh (pdfTeX) et al.
There is NO warranty.  Redistribution of this software is
covered by the terms of both the pdfTeX copyright and
the Lesser GNU General Public License.
For more information about these matters, see the file
named COPYING and the pdfTeX source.
Primary author of pdfTeX: Han The Thanh (pdfTeX) et al.
Compiled with libpng 1.6.34; using libpng 1.6.34
Compiled with zlib 1.2.11; using zlib 1.2.11
Compiled with xpdf version 4.00
=============



==============
texlive-bin (2013.20130729.30972-2ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Symlink attack
    - debian/patches/CVE-2015-5700.patch: fix in
      texk/kpathsea/mktexlsr.
    - CVE-2015-5700
  * SECURITY UPDATE: Arbitrary code execution
    - debian/patches/CVE-2018-17407.patch: fix in
      texk/dvipsk/writet1.c, texk/web2c/luatexdir/font/writet1.w,
      texk/web2c/pdftexdir/writet1.c.
    - CVE-2018-17407

 -- Leonidas S. Barbosa <***@canonical.com>  Tue, 09 Oct 2018
13:50:26 -0300
================
Lars Madsen
2018-10-12 12:00:13 UTC
Permalink
This is very normal.

You linux box does not know you installed something equivalent to packages that are in the Linux dist.

Often things like texlie-bin pops up as recommended packages when you install say a LaTeX editor.

It can be avoied by

sudo apt install --no-install-recommends programme

However, my preferred method is to tell the system that I've installed something equivalent to the dist packages.

I usually use this method

https://www.tug.org/texlive/debian.html

under

Integrating vanilla TeX Live with Debian

I usuallt skip the step

equivs-control texlive-local

and instead wgets the relevant file, for TL-2018 it is

wget https://www.tug.org/texlive/files/debian-equivs-2018-ex.txt -O texlive-local

then build the package and install it.

It tells the package manager that packages equivalent to the listes packages have been installed, it does not need to install them again



/Lars Madsen
Institut for Matematik / Department of Mathematics
Aarhus Universitet / Aarhus University
Mere info: http://au.dk/***@math / More information: http://au.dk/en/***@math


________________________________________
From: tex-live <tex-live-bounces+daleif=***@tug.org> on behalf of Bob <***@bellsouth.net>
Sent: 12 October 2018 12:22
To: tex-***@tug.org
Subject: [tex-live] Update texlive-bin or not?

A few months ago I installed TeX Live 2018 following the instructions at

https://tug.org/texlive/

I did not use the package manager on linux mint.

Linux mint is now recommending that I update texlive-bin. I find this
surprising since I did not use the package manager to install texlive;
furthermore, the package manager says that texlive-bin is not installed.

Should I install the update or ignore it?

More information about my version of texlive and the changelog for the
update are given below.

--Bob

=================
pdfTeX 3.14159265-2.6-1.40.19 (TeX Live 2018)
kpathsea version 6.3.0
Copyright 2018 Han The Thanh (pdfTeX) et al.
There is NO warranty. Redistribution of this software is
covered by the terms of both the pdfTeX copyright and
the Lesser GNU General Public License.
For more information about these matters, see the file
named COPYING and the pdfTeX source.
Primary author of pdfTeX: Han The Thanh (pdfTeX) et al.
Compiled with libpng 1.6.34; using libpng 1.6.34
Compiled with zlib 1.2.11; using zlib 1.2.11
Compiled with xpdf version 4.00
=============



==============
texlive-bin (2013.20130729.30972-2ubuntu0.1) trusty-security; urgency=medium

* SECURITY UPDATE: Symlink attack
- debian/patches/CVE-2015-5700.patch: fix in
texk/kpathsea/mktexlsr.
- CVE-2015-5700
* SECURITY UPDATE: Arbitrary code execution
- debian/patches/CVE-2018-17407.patch: fix in
texk/dvipsk/writet1.c, texk/web2c/luatexdir/font/writet1.w,
texk/web2c/pdftexdir/writet1.c.
- CVE-2018-17407

-- Leonidas S. Barbosa <***@canonical.com>  Tue, 09 Oct 2018
13:50:26 -0300
================
Norbert Preining
2018-10-12 13:51:14 UTC
Permalink
Hi

> A few months ago I installed TeX Live 2018 following the instructions at
> https://tug.org/texlive/

That is fine.

> I did not use the package manager on linux mint.

Mint = Debian/Ubuntu, so there is apt whatever.

> Linux mint is now recommending that I update texlive-bin.  I find this

Yes, because there are some fixes (CVE) that I have backported even to
old version.

> surprising since I did not use the package manager to install texlive;
> furthermore, the package manager says that texlive-bin is not installed.

*WHICH* package manager? What does
dpkg -l texlive-bin
say?

> Should I install the update or ignore it?

In principle you can ignore it if you only use the TL installed via
install-tl. But see also the answer by Lars about using equivs.

Best

Norbert

--
PREINING Norbert http://www.preining.info
Accelia Inc. + JAIST + TeX Live + Debian Developer
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Bob
2018-10-12 14:08:32 UTC
Permalink
Hi Norbert,

The output of dpkg -l texlive-bin is:

dpkg-query: no packages found matching texlive-bin

Thank you to you and to Lars.  I am looking into Lars recommendation of
using equivs.

--Bob


On 10/12/2018 09:51 AM, Norbert Preining wrote:
> Hi
>
>> A few months ago I installed TeX Live 2018 following the instructions at
>> https://tug.org/texlive/
> That is fine.
>
>> I did not use the package manager on linux mint.
> Mint = Debian/Ubuntu, so there is apt whatever.
>
>> Linux mint is now recommending that I update texlive-bin.  I find this
> Yes, because there are some fixes (CVE) that I have backported even to
> old version.
>
>> surprising since I did not use the package manager to install texlive;
>> furthermore, the package manager says that texlive-bin is not installed.
> *WHICH* package manager? What does
> dpkg -l texlive-bin
> say?
>
>> Should I install the update or ignore it?
> In principle you can ignore it if you only use the TL installed via
> install-tl. But see also the answer by Lars about using equivs.
>
> Best
>
> Norbert
>
> --
> PREINING Norbert http://www.preining.info
> Accelia Inc. + JAIST + TeX Live + Debian Developer
> GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
>
Norbert Preining
2018-10-15 05:26:57 UTC
Permalink
Hi

coming back to this after the weekend ;-)

On Fri, 12 Oct 2018, Bob wrote:
> The output of dpkg -l texlive-bin is:
> dpkg-query: no packages found matching texlive-bin

Sorry, stupid me, should have been
dpkg -l texlive-binaries

Norbert

--
PREINING Norbert http://www.preining.info
Accelia Inc. + JAIST + TeX Live + Debian Developer
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Bob
2018-10-15 10:06:23 UTC
Permalink
Hi Norbert,

And I hope you had a wonderful weekend!

The output of dpkg -l texlive-binaries is:

Desired=Unknown/Install/Remove/Purge/Hold
|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                         Version Architecture        Description
+++-============================-===================-===================-=============================================================
un  texlive-binaries             <none> <none>              (no
description available)


--Bob



On 10/15/2018 01:26 AM, Norbert Preining wrote:
> Hi
>
> coming back to this after the weekend ;-)
>
> On Fri, 12 Oct 2018, Bob wrote:
>> The output of dpkg -l texlive-bin is:
>> dpkg-query: no packages found matching texlive-bin
> Sorry, stupid me, should have been
> dpkg -l texlive-binaries
>
> Norbert
>
> --
> PREINING Norbert http://www.preining.info
> Accelia Inc. + JAIST + TeX Live + Debian Developer
> GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
>
Norbert Preining
2018-10-15 10:21:27 UTC
Permalink
Hi,

> un  texlive-binaries             <none> <none>              (no description

Then I don't understand who or what did suggest you to update
texlive-binaries, since it is not installed.

Norbert

--
PREINING Norbert http://www.preining.info
Accelia Inc. + JAIST + TeX Live + Debian Developer
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Bob
2018-10-15 12:52:58 UTC
Permalink
Hi Norbert,

The update manager on linux mint is suggesting updating texlive-bin.

Based on Lars response, I looked around for "texlive-local" and found
the following directory:

/usr/share/doc/texlive-local/

containing (among other files) the following two files:

-rw-r--r-- 1 root root 194 Sep 28  2015 texlive-local.list
-rw-r--r-- 1 root root 230 Sep 28  2015 texlive-local.md5sums

The file texlive-local.list contains:

/.
/usr
/usr/share
/usr/share/doc
/usr/share/doc/texlive-local
/usr/share/doc/texlive-local/README.Debian
/usr/share/doc/texlive-local/copyright
/usr/share/doc/texlive-local/changelog.Debian.gz

The directory /usr/share/doc/texlive-local/ contains:

drwxr-xr-x    2 root root  4096 Sep 28  2015 .
drwxr-xr-x 2428 root root 73728 Sep 19 06:58 ..
-rw-r--r--    1 root root   141 Sep 28  2015 changelog.Debian.gz
-rw-r--r--    1 root root   936 Sep 28  2015 copyright
-rw-r--r--    1 root root  2716 Sep 28  2015 README.Debian


The file /usr/share/doc/texlive-local/README.Debian contains:

==================================
This is a dummy package that makes Debian's package management
system believe that equivalents to packages on which other
packages do depend on are actually installed.

The special dependencies used in this package are:

Provides: chktex, biblatex, biblatex-dw, cm-super, cm-super-minimal,
context,
 dvidvi, dvipng, feynmf, fragmaster, jadetex, lacheck, latex-beamer,
 latex-cjk-all, latex-cjk-chinese, latex-cjk-chinese-arphic-bkai00mp,
 latex-cjk-chinese-arphic-bsmi00lp, latex-cjk-chinese-arphic-gbsn00lp,
 latex-cjk-chinese-arphic-gkai00mp, latex-cjk-common, latex-cjk-japanese,
 latex-cjk-japanese-wadalab, latex-cjk-korean, latex-cjk-thai, latexdiff,
 latexmk, latex-sanskrit, latex-xcolor, lcdf-typetools, lmodern, luatex,
 musixtex, passivetex, pgf, preview-latex-style, prosper, ps2eps, psutils,
 purifyeps, t1utils, tex4ht, tex4ht-common, tex-gyre, texlive,
texlive-base,
 texlive-bibtex-extra, texlive-binaries, texlive-common,
texlive-extra-utils,

(more package names that I skipped)

 thailatex, tipa, tipa-doc, xindy, xindy-rules, xmltex


Please note that this is a crude hack and if thoughtlessly used
might possibly do damage to your packaging system. And please
note as well that using it is not the recommended way of dealing
with broken dependencies. Better file a bug report instead.

Deinstallation of this package is only possible when all pending
dependency issues are properly resolved in some other way. A more
brutal approach for it's deinstallation is to create and install
the package configured using an empty control file.
========================

--Bob



On 10/15/2018 06:21 AM, Norbert Preining wrote:
> Hi,
>
>> un  texlive-binaries             <none> <none>              (no description
> Then I don't understand who or what did suggest you to update
> texlive-binaries, since it is not installed.
>
> Norbert
>
> --
> PREINING Norbert http://www.preining.info
> Accelia Inc. + JAIST + TeX Live + Debian Developer
> GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
>
Lars Madsen
2018-10-15 13:08:04 UTC
Permalink
dosn't that suggest you have a very old texlive-local already installed on your system (given that it says 2015)

you might need to make another.


/Lars Madsen
Institut for Matematik / Department of Mathematics
Aarhus Universitet / Aarhus University
Mere info: http://au.dk/***@math / More information: http://au.dk/en/***@math


________________________________________
From: tex-live <tex-live-bounces+daleif=***@tug.org> on behalf of Bob <***@bellsouth.net>
Sent: 15 October 2018 14:52
To: Norbert Preining
Cc: tex-***@tug.org
Subject: Re: [tex-live] Update texlive-bin or not?

Hi Norbert,

The update manager on linux mint is suggesting updating texlive-bin.

Based on Lars response, I looked around for "texlive-local" and found
the following directory:

/usr/share/doc/texlive-local/

containing (among other files) the following two files:

-rw-r--r-- 1 root root 194 Sep 28 2015 texlive-local.list
-rw-r--r-- 1 root root 230 Sep 28 2015 texlive-local.md5sums

The file texlive-local.list contains:

/.
/usr
/usr/share
/usr/share/doc
/usr/share/doc/texlive-local
/usr/share/doc/texlive-local/README.Debian
/usr/share/doc/texlive-local/copyright
/usr/share/doc/texlive-local/changelog.Debian.gz

The directory /usr/share/doc/texlive-local/ contains:

drwxr-xr-x 2 root root 4096 Sep 28 2015 .
drwxr-xr-x 2428 root root 73728 Sep 19 06:58 ..
-rw-r--r-- 1 root root 141 Sep 28 2015 changelog.Debian.gz
-rw-r--r-- 1 root root 936 Sep 28 2015 copyright
-rw-r--r-- 1 root root 2716 Sep 28 2015 README.Debian


The file /usr/share/doc/texlive-local/README.Debian contains:

==================================
This is a dummy package that makes Debian's package management
system believe that equivalents to packages on which other
packages do depend on are actually installed.

The special dependencies used in this package are:

Provides: chktex, biblatex, biblatex-dw, cm-super, cm-super-minimal,
context,
dvidvi, dvipng, feynmf, fragmaster, jadetex, lacheck, latex-beamer,
latex-cjk-all, latex-cjk-chinese, latex-cjk-chinese-arphic-bkai00mp,
latex-cjk-chinese-arphic-bsmi00lp, latex-cjk-chinese-arphic-gbsn00lp,
latex-cjk-chinese-arphic-gkai00mp, latex-cjk-common, latex-cjk-japanese,
latex-cjk-japanese-wadalab, latex-cjk-korean, latex-cjk-thai, latexdiff,
latexmk, latex-sanskrit, latex-xcolor, lcdf-typetools, lmodern, luatex,
musixtex, passivetex, pgf, preview-latex-style, prosper, ps2eps, psutils,
purifyeps, t1utils, tex4ht, tex4ht-common, tex-gyre, texlive,
texlive-base,
texlive-bibtex-extra, texlive-binaries, texlive-common,
texlive-extra-utils,

(more package names that I skipped)

thailatex, tipa, tipa-doc, xindy, xindy-rules, xmltex


Please note that this is a crude hack and if thoughtlessly used
might possibly do damage to your packaging system. And please
note as well that using it is not the recommended way of dealing
with broken dependencies. Better file a bug report instead.

Deinstallation of this package is only possible when all pending
dependency issues are properly resolved in some other way. A more
brutal approach for it's deinstallation is to create and install
the package configured using an empty control file.
========================

--Bob



On 10/15/2018 06:21 AM, Norbert Preining wrote:
> Hi,
>
>> un texlive-binaries <none> <none>              (no description
> Then I don't understand who or what did suggest you to update
> texlive-binaries, since it is not installed.
>
> Norbert
>
> --
> PREINING Norbert http://www.preining.info
> Accelia Inc. + JAIST + TeX Live + Debian Developer
> GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
>
Norbert Preining
2018-10-16 00:46:17 UTC
Permalink
Hi Bob,

> The update manager on linux mint is suggesting updating texlive-bin.

Then I don't understand mint, sorry. I know about dpkg and apt, and that
is the basis of mint, but it seems that mint's update manager does some
other things. You can try
dpkg --purge texlive-binaries
and see whether after this the update manager still suggests updates.

Other then that, I suggest what Lars mentioned, updating the
texlive-local package to a version 2018 ;-)

Best

Norbert

--
PREINING Norbert http://www.preining.info
Accelia Inc. + JAIST + TeX Live + Debian Developer
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Loading...