Re: [XeTeX] How to manually create the xelatex.fmt?

[Ross Moore]

Hi Herb,

On 21/10/2011, at 6:47 AM, Herbert Schulz wrote:

>> If TexLive had been around in 2002 and was statically linking to zlib,
>> it would have been affected too.  TeX does not link against zlib but
>> LaTeX and XeTeX do.
>> ...
> 
> Howdy,

> Also, you say ``TeX does not link against zlib but LaTeX and XeTeX do'' and I 
> don't understand that since LaTeX is simply a macro package that sits on top 
> of TeX and isn't linked to anything like zlib as far as I know. XeTeX is an 
> engine but I don't know what it's linked to.

The binary called 'latex' is actually a (hard or soft) link to the 
underlying binary named 'pdftex'.
This is what is statically linked to 'zlib'.

It is a different binary to 'xetex', so his statements
make perfect sense, from this (very pragmatic) point of view.

But yes, I had to think about it a bit, before being confident
about what was being said.

> 
> Good Luck,
> 
> Herb Schulz
> (herbs at wideopenwest dot com)



Cheers from Kerala.

Ross


Ross Moore   ross.mo...@mq.edu.au 
Mathematics Department   office: E7A-419  
Macquarie University tel: +61 (0)2 9850 8955
Sydney, Australia  2109  fax: +61 (0)2 9850 8114







--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Herbert Schulz]

On Oct 20, 2011, at 6:42 PM, Chris Travers wrote:

> On Thu, Oct 20, 2011 at 4:07 PM, Herbert Schulz  
> wrote:
> 
>> Howdy,
>> 
>> I'm not at all sure I understand what you're getting at but I'm interested 
>> in understanding it. Can you give an example where something like what you 
>> hypothesize in the last paragraph has happened with the binaries or packages 
>> supplied with TeX Live?
>> 
>> Another thing I don't is that you refer to LaTeX as library that one links 
>> to while I've always just considered it as a macro packages that builds upon 
>> the ~300 or so built-in low level commands supplied by TeX (and other 
>> engines that pass the trip test) to build a higher level language closer to 
>> the way people deal with documents.
>> 
> 
> TexLive isn't old enough for the major vulnerabilities in dependencies
> that come to mind to affect it.  So it hasn't happened yet.  But
> something similar would have affected the statically linked binaries
> if TexLive was available in 2001-2002.  What happened then is a
> cautionary tale about the evils of static linking.
> 
> At the time a large portion of the industry was writing software
> statically linked against zlib (which btw, LaTeX and XeTeX both link
> against, so if the TexLive stuff is statically linked, it would be in
> the same category), which is used for a number of compression and
> decompression routines.  Nobody thought anything of it.  The code was
> believed to be secure, and to perform better when statically linked,
> so everybody did it.
> 
> Then a vulnerability was discovered
> (http://www.cert.org/advisories/CA-2002-07.html).  It seemed that if
> certain improper data was fed to zlib, one could tamper with proper
> allocation and de-allocation of memory, causing programs to crash or,
> at least in theory, insert arbitrary executable commands into a
> running program on a binary level.  Now *everybody* had to issue
> security patches.   Because so much was statically linked to zlib,
> however, it wasn't enough to just update the library.  One had to
> install patched versions of the software.  If you were on Linux, it
> was surprising the number of packages that had to be updated, all
> because of a glitch in *one* library.  If you were on Windows, you
> weren't spared either.  A lot of Microsoft software was statically
> linked to the library, meaning Windows Update went crazy (I was
> working at Microsoft's Product Support Services at the time and I
> remember this distinctly).
> 
> If TexLive had been around in 2002 and was statically linking to zlib,
> it would have been affected too.  TeX does not link against zlib but
> LaTeX and XeTeX do.
> ...

Howdy,

Of course the reverse could just as likely happen. Some binary is statically 
linked to a perfectly stable zlib and along comes a new zlib that turns out, 
unknowingly for a long time, to have vulnerabilities so all binaries that are 
dynamically linked to zlib are now, unknowingly, vulnerable.

Also, you say ``TeX does not link against zlib but LaTeX and XeTeX do'' and I 
don't understand that since LaTeX is simply a macro package that sits on top of 
TeX and isn't linked to anything like zlib as far as I know. XeTeX is an engine 
but I don't know what it's linked to.

Good Luck,

Herb Schulz
(herbs at wideopenwest dot com)






--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Chris Travers]

On Thu, Oct 20, 2011 at 4:07 PM, Herbert Schulz  wrote:

> Howdy,
>
> I'm not at all sure I understand what you're getting at but I'm interested in 
> understanding it. Can you give an example where something like what you 
> hypothesize in the last paragraph has happened with the binaries or packages 
> supplied with TeX Live?
>
> Another thing I don't is that you refer to LaTeX as library that one links to 
> while I've always just considered it as a macro packages that builds upon the 
> ~300 or so built-in low level commands supplied by TeX (and other engines 
> that pass the trip test) to build a higher level language closer to the way 
> people deal with documents.
>

TexLive isn't old enough for the major vulnerabilities in dependencies
that come to mind to affect it.  So it hasn't happened yet.  But
something similar would have affected the statically linked binaries
if TexLive was available in 2001-2002.  What happened then is a
cautionary tale about the evils of static linking.

At the time a large portion of the industry was writing software
statically linked against zlib (which btw, LaTeX and XeTeX both link
against, so if the TexLive stuff is statically linked, it would be in
the same category), which is used for a number of compression and
decompression routines.  Nobody thought anything of it.  The code was
believed to be secure, and to perform better when statically linked,
so everybody did it.

Then a vulnerability was discovered
(http://www.cert.org/advisories/CA-2002-07.html).  It seemed that if
certain improper data was fed to zlib, one could tamper with proper
allocation and de-allocation of memory, causing programs to crash or,
at least in theory, insert arbitrary executable commands into a
running program on a binary level.  Now *everybody* had to issue
security patches.   Because so much was statically linked to zlib,
however, it wasn't enough to just update the library.  One had to
install patched versions of the software.  If you were on Linux, it
was surprising the number of packages that had to be updated, all
because of a glitch in *one* library.  If you were on Windows, you
weren't spared either.  A lot of Microsoft software was statically
linked to the library, meaning Windows Update went crazy (I was
working at Microsoft's Product Support Services at the time and I
remember this distinctly).

If TexLive had been around in 2002 and was statically linking to zlib,
it would have been affected too.  TeX does not link against zlib but
LaTeX and XeTeX do.

Similarly, arbitrary code execution vulnerabilities have been found in
2005 in libjpeg (also linked to by LaTeX and XeTeX).  Again these
predate TexLive.

So my answer is that TexLive binaries, distributed as they currently
are, are simply too young to have hit the major cases of these
problems so far.  However, the library dependencies are anything but
trivial-- ldd gives me 17 libraries that xetex is linked against and
15 that latex is linked against.  It seems for those of us with a
longer memory, extensive static linking is asking for trouble

Best Wishes,
Chris Travers



--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Herbert Schulz]

On Oct 20, 2011, at 5:51 PM, Chris Travers wrote:

> On Thu, Oct 20, 2011 at 8:25 AM, Peter Dyballa  wrote:
>> 
>> Am 20.10.2011 um 16:54 schrieb Chris Travers:
>> 
>>> One of the other commentors talks about documents that don't render on
>>> all versions of TexLive.  If a client of mine is depending on this
>>> working, upgrading the various stuff from CTAN in order to get a
>>> security fix in an underlying program is a non-starter because it may
>>> break things, just as it breaks other documents.
>> 
> You wrote:
>>> You're mixing up things! TeX is a set of a few binaries, some of them are 
>>> the TeX engines (pdfTeX, XeTeX, LuaTeX, conTeXt). The majority of the TeX 
>>> software are text files. If a change in a library is breaking the TeX 
>>> engine, then the change itself is faulty. If you're using a TeX function 
>>> (library call) of a future version of that software, then something has to 
>>> fail. If you're using an old function (library call) that has been changed, 
>>> then you can't assume something useful will happen to come out.<<
> 
> My reply:
> I'm not the one mixing things up.  What I am saying is perhaps a bit
> different.  If you are tying the .sty upgrades to binary upgrades,
> then an upgrade in a binary requires .sty upgrades, and these can
> break document generation systems.
> 
> Think about it this way.  Suppose you are doing magazine layout in
> LaTeX.  You start with open ended problems.  You can pursue all
> sorts of courses in solving them.  You want up to date packages which
> have as few bugs that other people have run into as possible.  I think
> we all agree on that.
> 
> However, suppose you have a piece of software that generates documents
> in LaTeX.  This design is done once and thereafter it is run in a
> predictable fashion.  Once you have done your testing, you can assume
> that barring unexpected and invalid inputs on the part of a user, it
> will function correctly forever.  Note the user here isn't writing
> LaTeX documents.  The user is just doing data entry, so all input can
> be sanitized of LaTeX commands.  Consequently, predictability is key
> here, and the last thing you want done is to change the behavior
> under the program just because another more important upgrade needs
> it.  The needs in this environment are completely different from the
> needs of the LaTeX user.
> 
> So what sorts of fixes does the latter environment need?  Well, let me
> make up a hypthetical security vulnerability-- keep in mind this
> software is not running on the user's system.  Suppose a vulnerability
> is found where if a user sends in a specific UTF-16 string and the
> software expects UTF-8, that it causes a buffer overflow somewhere
> (this can happen because UTF-16 strings sometimes contain null bytes
> while UTF-8 can still use null bytes as string terminators), and this
> allows an attacker to now run arbitrary code on the server.  Let's say
> furthermore that the problem isn't with LaTeX but with some other
> library it is linked to.  Now, if you are a LaTeX user, and on a
> workstation, then this is an important security fix, and there is
> little harm in updating everything in TexLive.  But if you are doing
> stuff on a server, this is a critical fix, and you definitely don't
> want to be updating unrelated stuff at the same time.
> 
> Hope this helps,
> Chris Travers


Howdy,

I'm not at all sure I understand what you're getting at but I'm interested in 
understanding it. Can you give an example where something like what you 
hypothesize in the last paragraph has happened with the binaries or packages 
supplied with TeX Live?

Another thing I don't is that you refer to LaTeX as library that one links to 
while I've always just considered it as a macro packages that builds upon the 
~300 or so built-in low level commands supplied by TeX (and other engines that 
pass the trip test) to build a higher level language closer to the way people 
deal with documents.

Good Luck,

Herb Schulz
(herbs at wideopenwest dot com)






--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Chris Travers]

On Thu, Oct 20, 2011 at 8:25 AM, Peter Dyballa  wrote:
>
> Am 20.10.2011 um 16:54 schrieb Chris Travers:
>
>> One of the other commentors talks about documents that don't render on
>> all versions of TexLive.  If a client of mine is depending on this
>> working, upgrading the various stuff from CTAN in order to get a
>> security fix in an underlying program is a non-starter because it may
>> break things, just as it breaks other documents.
>
You wrote:
>> You're mixing up things! TeX is a set of a few binaries, some of them are 
>> the TeX engines (pdfTeX, XeTeX, LuaTeX, conTeXt). The majority of the TeX 
>> software are text files. If a change in a library is breaking the TeX 
>> engine, then the change itself is faulty. If you're using a TeX function 
>> (library call) of a future version of that software, then something has to 
>> fail. If you're using an old function (library call) that has been changed, 
>> then you can't assume something useful will happen to come out.<<

My reply:
I'm not the one mixing things up.  What I am saying is perhaps a bit
different.  If you are tying the .sty upgrades to binary upgrades,
then an upgrade in a binary requires .sty upgrades, and these can
break document generation systems.

Think about it this way.  Suppose you are doing magazine layout in
LaTeX.  You start with open ended problems.  You can pursue all
sorts of courses in solving them.  You want up to date packages which
have as few bugs that other people have run into as possible.  I think
we all agree on that.

However, suppose you have a piece of software that generates documents
in LaTeX.  This design is done once and thereafter it is run in a
predictable fashion.  Once you have done your testing, you can assume
that barring unexpected and invalid inputs on the part of a user, it
will function correctly forever.  Note the user here isn't writing
LaTeX documents.  The user is just doing data entry, so all input can
be sanitized of LaTeX commands.  Consequently, predictability is key
here, and the last thing you want done is to change the behavior
under the program just because another more important upgrade needs
it.  The needs in this environment are completely different from the
needs of the LaTeX user.

So what sorts of fixes does the latter environment need?  Well, let me
make up a hypthetical security vulnerability-- keep in mind this
software is not running on the user's system.  Suppose a vulnerability
is found where if a user sends in a specific UTF-16 string and the
software expects UTF-8, that it causes a buffer overflow somewhere
(this can happen because UTF-16 strings sometimes contain null bytes
while UTF-8 can still use null bytes as string terminators), and this
allows an attacker to now run arbitrary code on the server.  Let's say
furthermore that the problem isn't with LaTeX but with some other
library it is linked to.  Now, if you are a LaTeX user, and on a
workstation, then this is an important security fix, and there is
little harm in updating everything in TexLive.  But if you are doing
stuff on a server, this is a critical fix, and you definitely don't
want to be updating unrelated stuff at the same time.

Hope this helps,
Chris Travers



--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] traditional to simplified Chinese character conversion utility or data base

[Daniel Greenhoe]

I seem to have a working solution now. Yesterday I wrote a c program
to convert the Unihan_variants.txt file (suggested by Arthur) to an
ascii TECkit (suggested by Zdenek) map, then used TECkit's
teckit_compile utility to convert that to a binary map, and then used
TECkit's txtconv utility (also suggested by Zdenek) to map the
traditional characters to simplified. The map files contain 12,730
unicode to unicode mapping relations each. More testing would
definitely be good (no guarantees at this point).

If anyone has interest, they can download this zip file:
  http://banyan.cm.nctu.edu.tw/~dgreenhoe/groups/var2map.zip

The zip file includes the c source code, makefile, mapping file, and
tec file, as well as a Windows executable. The included tec file is
based on the Unicode 6.1.0 standard. If a new standard becomes
available, var2map.exe and teckit_complile.exe can be run again to
update the binary mapping file.

Using make, you can change the directory paths in the makefile and enter
  "make all"
on the command line for a kind of demo. The demo maps some Latin and
traditional characters (in trad.tex) to Latin and simplified
characters (in simp.tex).

On Thu, Oct 20, 2011 at 11:47 PM, BPJ  wrote:
> I got the thought that this might be done at least approximatively by ...
>  $ grep 'kSimplifiedVariant' Unihan_Variants.txt \
>  |perl -ple's/kSimplifiedVariant/>/' >>tex-chi-sim-trad.map
> tex-text.map, plus some very little manual touching up
> of debris after a comment line in Unihan_Variants.txt and
> adding some descriptive comments.

It looks like this solution from BPJ does essentially the same thing
as the above mentioned c program. In addition, this solution by BPJ
has the additional benefit, because it is a perl script, of being
cross-platform without having to run a c compiler.

As a follow-up to Andy's suggestion of the Tong Wen code: I did look
into the code. I found what appears might be a good set of data bases
for the simplified to traditional conversion, but I didn't seem to
find a traditional to simplified solution. I did join a mailing list
for the project and posted a request for assistance, but so far have
not received any reply. Maybe the project has become dormant.

Thank you very much to everyone who gave me help on this --- Zdenek
for the TECnik suggestion, Andy for the Tong Wen suggestion, Arthur
for the Unihan_Variants suggestion, and BPJ for the perl suggestion. I
appreciate the help very much --- I don't know if I would have ever
arrived at a solution without it.

One of the next tasks is to find quality fonts (preferably OpenType)
for Simplified Chinese, including fonts with Ruby text  (Zhu-Yin or
Pin-Yin). If anyone has suggestions of useful font repositories,
please let me know. Thanks!

Dan




On Thu, Oct 20, 2011 at 11:47 PM, BPJ  wrote:
> I got the thought that this might be done at least
> approximatively by simply running the the following
> command in the terminal:
>
>  $ grep 'kSimplifiedVariant' Unihan_Variants.txt \
>      |perl -ple's/kSimplifiedVariant/>/' >>tex-chi-sim-trad.map
>
> where Unihan_Variants.txt is the file from the Unicode
> Unihan database and tex-chi-sim-trad.map is a copy of
> tex-text.map, plus some very little manual touching up
> of debris after a comment line in Unihan_Variants.txt and
> adding some descriptive comments. The results are attached.
>
> /bpj
>
> On 2011-10-20 00:44, Daniel Greenhoe wrote:
>>
>> Hi Arthur,
>>
>> On Thu, Oct 20, 2011 at 1:02 AM, Arthur Reutenauer
>>   wrote:
>>>
>>>  Unicode has that in the Unihan database:
>>>  look up Unihan_Variants.txt in Unihan.zip
>>> (latest version
>>> http://www.unicode.org/Public/6.1.0/ucd/Unihan-6.1.0d1.zip )
>>
>> It looks like I can extract everything I need from Unihan_Variants.txt.
>> Thank you so much for your help! I appreciate it very much.
>>
>> Dan
>>
>> On Thu, Oct 20, 2011 at 1:02 AM, Arthur Reutenauer
>>   wrote:
>>>
>>> On Tue, Oct 18, 2011 at 05:49:28AM +0800, Daniel Greenhoe wrote:

                                     Does anyone know of any data base
 with a traditional to simplified character mapping such that I could
 maybe write the utility myself?
>>>
>>>  Unicode has that in the Unihan database: look up Unihan_Variants.txt
>>> in Unihan.zip (latest version
>>> http://www.unicode.org/Public/6.1.0/ucd/Unihan-6.1.0d1.zip )
>>>
>>>        Arthur
>>>
>>>
>>> --
>>> Subscriptions, Archive, and List information, etc.:
>>>  http://tug.org/mailman/listinfo/xetex
>>>
>>
>>
>>
>> --
>> Subscriptions, Archive, and List information, etc.:
>>   http://tug.org/mailman/listinfo/xetex
>
>
>
>
> --
> Subscriptions, Archive, and List information, etc.:
>  http://tug.org/mailman/listinfo/xetex
>
>



--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/l

Re: [XeTeX] How to manually create the xelatex.fmt?

[Jan Foniok]

>>  the universe: it's self-contained. And expanding...
> 
> And that's exactly what's wrong and what needs to be changed...

It will be hard to stop the universe expanding. We might try to get the UN 
Security Council vote on that, though.

> -- 
> Petr Tomasek 

Please don't be so dogmatic, Petr. TeXlive works just fine for many people, 
including myself. In fact, much better than any Linux distribution's TeX 
packages would. For many others it might be the other way round.

Jan Foniok


--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Zdenek Wagner]

2011/10/20 Petr Tomasek :
>> ...
>> offers a stable multiplatform solution. I would not believe that in
>> each distro they develop their own kernel, their own HW drivers, their
>> own GTK, their own TCP/IP stack, their own web browsers. I have never
>> heard of Debian/Mozilla, Fedora/Mozilla, Mandriva/Mozilla etc. So why
>> linux distros cannot incorporate TeX Live?
>
> The reason is exactly that TeX-Live is (Linux-)distros unfriendly as it is not
> easily to package it for a particular Linux distribution (and the main reason 
> is
> that it tries to duplicate things that should be done on system level - like 
> the
> package management).
>
TeX Live fills the gap. Now it seems that up-to-date packages may be
available for Fedora but before TL there was no systematic packaging
for Linux distros although TeX exists for decades, CTAN exists, if I
remember it well, for almost 20 years. Yet the Linux distributers did
not create packaging scheme, teTeX was just a small subset. The
userscould install the basic system and then were forced to grab
packages from CTAN, without any packaging, without any manager being
aware of the users do, and moreover the dependencies were unknown so
that users were forced to grab packages by trials and errors. TeX Live
is an external tool but it _does_ provide packaging, updates etc.

>> Why everybody wants to repeat the job his/her own way but terribly delayed?
>>
>> I know it should be reported on the distros bugzillas, not here...
>
> --
> Petr Tomasek 
> Jabber: but...@jabbim.cz
>
> 
> EA 355:001  DU DU DU DU
> EA 355:002  TU TU TU TU
> EA 355:003  NU NU NU NU NU NU NU
> EA 355:004  NA NA NA NA NA
> 
>
>
>
>
> --
> Subscriptions, Archive, and List information, etc.:
>  http://tug.org/mailman/listinfo/xetex
>



-- 
Zdeněk Wagner
http://hroch486.icpf.cas.cz/wagner/
http://icebearsoft.euweb.cz



--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Petr Tomasek]

On Thu, Oct 20, 2011 at 09:30:29PM +0100, Philip TAYLOR (Webmaster, Ret'd) 
wrote:
> 
> 
> Petr Tomasek wrote:
> 
> >The reason is exactly that TeX-Live is (Linux-)distros unfriendly as it is 
> >not
> >easily to package it for a particular Linux distribution (and the main 
> >reason is
> >that it tries to duplicate things that should be done on system level - 
> >like the
> >package management).
> 
> And to which "package management" suite would you suggest they delegate
> when offering TeX Live for Windows ?
> 
> Philip Taylor

Frankly, I don't care.

But it shouldn't it be too hard to make a build system which would generate
native packages for the more developed systems having a good package management
system themselves (like various Linux distributions ;-) and shiping own
package management for the dummier OSes ;-)

P.T.

-- 
Petr Tomasek 
Jabber: but...@jabbim.cz


EA 355:001  DU DU DU DU
EA 355:002  TU TU TU TU
EA 355:003  NU NU NU NU NU NU NU
EA 355:004  NA NA NA NA NA





--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Philip TAYLOR (Webmaster, Ret'd)]

Petr Tomasek wrote:


The reason is exactly that TeX-Live is (Linux-)distros unfriendly as it is not
easily to package it for a particular Linux distribution (and the main reason is
that it tries to duplicate things that should be done on system level - like the
package management).


And to which "package management" suite would you suggest they delegate
when offering TeX Live for Windows ?

Philip Taylor


--
Subscriptions, Archive, and List information, etc.:
 http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Petr Tomasek]

> ...
> offers a stable multiplatform solution. I would not believe that in
> each distro they develop their own kernel, their own HW drivers, their
> own GTK, their own TCP/IP stack, their own web browsers. I have never
> heard of Debian/Mozilla, Fedora/Mozilla, Mandriva/Mozilla etc. So why
> linux distros cannot incorporate TeX Live?

The reason is exactly that TeX-Live is (Linux-)distros unfriendly as it is not
easily to package it for a particular Linux distribution (and the main reason is
that it tries to duplicate things that should be done on system level - like the
package management).

> Why everybody wants to repeat the job his/her own way but terribly delayed?
> 
> I know it should be reported on the distros bugzillas, not here...

-- 
Petr Tomasek 
Jabber: but...@jabbim.cz


EA 355:001  DU DU DU DU
EA 355:002  TU TU TU TU
EA 355:003  NU NU NU NU NU NU NU
EA 355:004  NA NA NA NA NA





--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Zdenek Wagner]

2011/10/20 Petr Tomasek :
> On Thu, Oct 20, 2011 at 04:24:47PM +0200, Peter Dyballa wrote:
>>
>> Am 20.10.2011 um 16:12 schrieb Chris Travers:
>>
>> > Not disturbing other dependencies that production software depends on.
>>
>> It can't. It does not carry shared libraries, DLLs, or such, that make 
>> ld_config or such go mad. TeX Live is like the universe: it's 
>> self-contained. And expanding...
>
> And that's exactly what's wrong and what needs to be changed...
>
If expansion is wrong that all SW is wrong. But seriously, I remember
situation when documents that compiled on MiKTeX in Windows and on
emTeX in OS/2 did not compile on teTeX in Linux because a lot of
packages were missing. A Linux user was forced to download them from
CTAN and install. There was no update mechanism, users were force to
follow ctan-ann and install new versions themselves. The situation has
not improved much. TeX documents are said to compile on any platform
but it is not true. You can compile documents on Windows, on Mac, on
OS/2 but if you stick with TeX from a Linux distro, you may have
problems that packages will be missing or obsolete or buggy and not
fixed although the new version was released years ago. If RHEL user
reports me that my package does not work with natbib, what should I
advice? It was fixed in 2008 but he uses an obsolete version. TeX Live
offers a stable multiplatform solution. I would not believe that in
each distro they develop their own kernel, their own HW drivers, their
own GTK, their own TCP/IP stack, their own web browsers. I have never
heard of Debian/Mozilla, Fedora/Mozilla, Mandriva/Mozilla etc. So why
linux distros cannot incorporate TeX Live? Why everybody wants to
repeat the job his/her own way but terribly delayed?

I know it should be reported on the distros bugzillas, not here...

> --
> Petr Tomasek 
> Jabber: but...@jabbim.cz
>
> 
> EA 355:001  DU DU DU DU
> EA 355:002  TU TU TU TU
> EA 355:003  NU NU NU NU NU NU NU
> EA 355:004  NA NA NA NA NA
> 
>
>
>
>
> --
> Subscriptions, Archive, and List information, etc.:
>  http://tug.org/mailman/listinfo/xetex
>



-- 
Zdeněk Wagner
http://hroch486.icpf.cas.cz/wagner/
http://icebearsoft.euweb.cz



--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Vafa Khalighi]

ConTeXt is not an engine but that is a format just like LaTeٓ is.

On Fri, Oct 21, 2011 at 2:25 AM, Peter Dyballa  wrote:

>
> Am 20.10.2011 um 16:54 schrieb Chris Travers:
>
> > One of the other commentors talks about documents that don't render on
> > all versions of TexLive.  If a client of mine is depending on this
> > working, upgrading the various stuff from CTAN in order to get a
> > security fix in an underlying program is a non-starter because it may
> > break things, just as it breaks other documents.
>
> You're mixing up things! TeX is a set of a few binaries, some of them are
> the TeX engines (pdfTeX, XeTeX, LuaTeX, conTeXt). The majority of the TeX
> software are text files. If a change in a library is breaking the TeX
> engine, then the change itself is faulty. If you're using a TeX function
> (library call) of a future version of that software, then something has to
> fail. If you're using an old function (library call) that has been changed,
> then you can't assume something useful will happen to come out.
>
> --
> Greetings
>
>  Pete
>
> Life is the only flaw in an otherwise perfect nonexistence
>– Schopenhauer
>
>
>
>
> --
> Subscriptions, Archive, and List information, etc.:
>  http://tug.org/mailman/listinfo/xetex
>


--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Peter Dyballa]

Am 20.10.2011 um 17:08 schrieb Petr Tomasek:

> And that's exactly what's wrong and what needs to be changed...

Yes, I wouldn't stand the pain when the big rip will happen. This will feel 
like the middle ages. Before this we will get very bloated, which should hurt 
as well. I also prefer the big crash.

--
Greetings

  Pete

"Debugging? Klingons do not debug! Our software does not coddle the weak."




--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Peter Dyballa]

Am 20.10.2011 um 16:54 schrieb Chris Travers:

> One of the other commentors talks about documents that don't render on
> all versions of TexLive.  If a client of mine is depending on this
> working, upgrading the various stuff from CTAN in order to get a
> security fix in an underlying program is a non-starter because it may
> break things, just as it breaks other documents.

You're mixing up things! TeX is a set of a few binaries, some of them are the 
TeX engines (pdfTeX, XeTeX, LuaTeX, conTeXt). The majority of the TeX software 
are text files. If a change in a library is breaking the TeX engine, then the 
change itself is faulty. If you're using a TeX function (library call) of a 
future version of that software, then something has to fail. If you're using an 
old function (library call) that has been changed, then you can't assume 
something useful will happen to come out.

--
Greetings

  Pete

Life is the only flaw in an otherwise perfect nonexistence
– Schopenhauer




--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Ulrike Fischer]

Am Thu, 20 Oct 2011 07:54:52 -0700 schrieb Chris Travers:

>> It can't. It does not carry shared libraries, DLLs, or such, that
>> make ld_config or such go mad. TeX Live is like the universe:
>> it's self-contained. And expanding...

> One of the other commentors talks about documents that don't render on
> all versions of TexLive.  If a client of mine is depending on this
> working, upgrading the various stuff from CTAN in order to get a
> security fix in an underlying program is a non-starter because it may
> break things, just as it breaks other documents.

This scenario is very rare. I actually can remember only two cases
when "engine" changes affected fatally documents: 

1. When the TeXSystems changed from tex to pdftex as underlying
engine some documents with faulty \ifpdf-test broke.

2. When for security settings writing access to parent/absolute
pathes were restricted some document broke too. 

In both cases only badly written documents had problems. 

Beside this: If there is a security hole and if fixing it affects
documents it doesn't matter who makes the fix: you get the problem
anyway - the only way to avoid it is not to fix the security issue.
Do you really suggest that users continue to work with a system
which has a known security hole only to avoid trouble with some
documents?  

-- 
Ulrike Fischer 



--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Petr Tomasek]

On Thu, Oct 20, 2011 at 04:24:47PM +0200, Peter Dyballa wrote:
> 
> Am 20.10.2011 um 16:12 schrieb Chris Travers:
> 
> > Not disturbing other dependencies that production software depends on.
> 
> It can't. It does not carry shared libraries, DLLs, or such, that make 
> ld_config or such go mad. TeX Live is like the universe: it's self-contained. 
> And expanding...

And that's exactly what's wrong and what needs to be changed...

-- 
Petr Tomasek 
Jabber: but...@jabbim.cz


EA 355:001  DU DU DU DU
EA 355:002  TU TU TU TU
EA 355:003  NU NU NU NU NU NU NU
EA 355:004  NA NA NA NA NA





--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Chris Travers]

On Thu, Oct 20, 2011 at 7:24 AM, Peter Dyballa  wrote:
>
> Am 20.10.2011 um 16:12 schrieb Chris Travers:
>
>> Not disturbing other dependencies that production software depends on.
>
> It can't. It does not carry shared libraries, DLLs, or such, that make 
> ld_config or such go mad. TeX Live is like the universe: it's self-contained. 
> And expanding...

One of the other commentors talks about documents that don't render on
all versions of TexLive.  If a client of mine is depending on this
working, upgrading the various stuff from CTAN in order to get a
security fix in an underlying program is a non-starter because it may
break things, just as it breaks other documents.

Best Wishes,
Chris Travers


--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Peter Dyballa]

Am 20.10.2011 um 16:12 schrieb Chris Travers:

> Not disturbing other dependencies that production software depends on.

It can't. It does not carry shared libraries, DLLs, or such, that make 
ld_config or such go mad. TeX Live is like the universe: it's self-contained. 
And expanding...

--
Greetings

  Pete

I hope to die before I *have* to use Microsoft Word.
- Donald E. Knuth, 2001-10-02 in Tübingen




--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

[XeTeX] Customizing Index - Adding chapter heading and verse number to index entries

[A u]

I would like to provide the chapter title and the verse number for each
entry in the index. This is unusual but the book I am working on requires
such formatting.

In the output I want the chapter title to appear between the indexed text
and the verse number. For verses I am using the verse environment but do not
show here.

In the output shown below, the first line is the header, repeated on each
page of the index. Then, based on the three example verses, the desired
output:

Indexed text, Chapter Name, Verse Number.

Fairest... First... 1

decease... Second... 1

thine... Third... 4

I would like to suppress page numbers in the index.

\documentclass[12pt,a4paper]{book}
\usepackage{index}
\usepackage{idxlayout}
\makeindex

\begin{document}
\printindex

\chapter*{First}
  From \index*{fairest} creatures we desire increase,
  That thereby beauty's rose might never die ... |1|

\chapter*{Second}
  But as the riper should by time \index*{decease},
  His tender heir might bear his memory ... |1|

\chapter*{Third}
  But thou contracted to \index*{thine} own bright eyes,
  Feed'st thy light's flame with self-substantial fuel ... |4|
\end{document}


--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Chris Travers]

On Thu, Oct 20, 2011 at 6:55 AM, Peter Dyballa  wrote:
>
> Am 20.10.2011 um 13:24 schrieb Chris Travers:
>
>> So if libz needs a security update, I can get it without replacing
>> everything else
>
> What do you gain with that? What is the difference between overwriting 5 MB 
> or 50 MB of disk space?
>
U

Not disturbing other dependencies that production software depends on.

Best Wishes,
Chris Travers


--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Peter Dyballa]

Am 20.10.2011 um 13:32 schrieb Susan Dittmar:

> Could you tell me how to do that for openSUSE from the top of your head?

No. I never created the specification for an RPM or DEB package in Linux (I 
think I edited a few of them). Once it's created the package manager will build 
the package and put it somewhere in the file system. Then you can use the same 
package package manager to install the package at the specified place in the 
file system. This sounds easy. (I'm performing a bit of DEB packaging in Mac OS 
X for the Fink package manager.)

--
Greetings

  Pete

Behold the warranty … the bold print giveth and the fine print taketh away.




--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] ftnxtra

[Karljurgen Feuerherm]

Thanks. It worked in this example, but didn't work in my book. I tried
moving the second block of lets to various places below ftnxtra, no
effect. I don't know what makes the difference.

Perhaps I'll have to deal with this differently.

K


>>> On Thu, Oct 20, 2011 at  9:21 AM, in message
,
Vafa
Khalighi  wrote:
> Not perfect but you can try this:
>
>  \documentclass[12pt,letterpaper,twoside]{book}
>
> \let\mytabular\tabular
>
> \let\myendtabular\endtabular
>
> \usepackage{geometry}
>
> \usepackage{ftnxtra}
>
> \let\tabular\mytabular
>
> \let\endtabular\myendtabular
>
> \begin{document}
>
> \begin{table}
>
> \begin{tabular}[h]{|c|}
>
> \hline
>
> Table cell text\footnote{Testing footnote}
>
> \end{tabular}
>
> \end{table}
>
> \end{document}
>
>
> On Fri, Oct 21, 2011 at 12:13 AM, Karljurgen Feuerherm
> wrote:
>
>> Hello,
>>
>> Following up on the footnote in tables issue I brought up a short
while
>> back, I tried Vafa's suggestion to use ftnxtra.
>>
>> The example below works, until I uncomment the \table{} lines. Since
I
>> needed caption, that was the essential issue... Does anyone know
what's
>> up and/or what to do about it?
>>
>> Thanks
>>
>> K
>> 
>> \documentclass[12pt,letterpaper,twoside]{book}
>>
>> \usepackage{geometry}
>> \usepackage{ftnxtra}
>>
>> \begin{document}
>> %   \begin{table}
>>\begin{tabular}[h]{|c|}
>>\hline
>>Table cell text\footnote{Testing footnote}
>>\end{tabular}
>> %   \end{table}
>> \end{document}
>>
>>
>> --
>> Subscriptions, Archive, and List information, etc.:
>>  http://tug.org/mailman/listinfo/xetex
>>



--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Zdenek Wagner]

2011/10/20 Chris Travers :
> On Thu, Oct 20, 2011 at 6:16 AM, Ulrike Fischer  wrote:
>> Am Thu, 20 Oct 2011 13:32:00 +0200 schrieb Susan Dittmar:
>>
>>> Helping users with the day-to-day administrational
>>> work was the main reason why linux distributions have been invented.
>>
>> Well this may have been the reason. And this is also the reason why
>> package managers like the one from miktex has been invented (and I
>> like the ease with which I can install packages today.)
>
> Package managers have their roles to play.  They are important for
> some users, less so for others.
>>
Package managers are important. A few years ago I was accutomed to
compiling SW from sources. It is easy for simple programs. However,
try to compile a complex program as eg Gnome Subtitles. It is a very
hard task. That's why I like package managers because I need not
bother with complex dependencies. Or to be not so extremistic, perl-tk
from CPAN does not work on RHEL distros because it is too new. You
have to install older version of perl-tk by yum which works fine. It
is quite normal in RHEL distros that there are additional repositories
(EPEL, rpmfusion, ...). So why should we be fierced by TeX Live as
another external system?

>> But looking at the discussion here *now* package managers in Linux
>> distros are meant to prevent users to do fatal damage to their
>> system, to avoid dramatic security problems, to avert chaos. They
>> are no longer mainly a help, they are a mean of control.
>
> And in some environments that is a win.   But keep in mind that none
> of these package managers are synonymous with repositories.  I
> understand there are TexLive 2011 repos for my distro of Fedora but I
> can't develop on them because those are not available for RHEL 6.   I
> don't know anyone who sticks with only the stock repositories.
>
> However, when a piece of software also may handle credit card data
> (which LedgerSMB sometimes does), the rules change very quickly.  The
> credit card industry makes certain demands in exchange for the
> privilege to process cards, and one of these is to stick with software
> which gets security fixes from a vendor, and to stay current with all
> security updates.  Saying that one should just install a new TexLive
> distro every year might not even meet those demands, esp. when
> everything is statically linked.
>
>>
>> It looks as if windows and linux have changed their roles:
>> Long time windows users were the ones which were supposed to be so
>> dump that they could only use applications which could be installed
>> by simple click on a setup.exe and who must be protected from more
>> complicated tasks. And everybody feared that windows would gain to
>> much control over the applications installed on the user pc
>> (microsoft got attacked when it dared to bundle a user application
>> like the internet explorer with the OS). But now it looks as if the
>> users of the so-called "open and free" OS Linux are tying themselves
>> to their disto manufacturer and their installation tools in a way no
>> windows user has ever been tyed to a windows OS.
>
> You know, above, I think I said that there are only two really
> acceptable ways to install lInux software:
> 1)  Via the distro's package manager (whether from the distro's repo,
> from a third party repo, or third party download) or
> 2)  Compiling from source.
>
> There are a lot of times when #2 makes more sense.  However it makes
> PCI-DSS compliance quite a bit harder and more burdensome.
>
> Best Wishes,
> Chris Travers
>
>
> --
> Subscriptions, Archive, and List information, etc.:
>  http://tug.org/mailman/listinfo/xetex
>



-- 
Zdeněk Wagner
http://hroch486.icpf.cas.cz/wagner/
http://icebearsoft.euweb.cz



--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Arthur Reutenauer]

> I do not think, it makes any difference.
> 
> -jobname=STRING set the job name to STRING
> 
> -progname=STRINGset program (and fmt) name to STRING

  -jobname doesn't make any difference because it's set from the base
name of the first input (in that case, xelatex.ini), but -progname may
make a difference to kpathsea (although it would really be far-fetched
if it caused XeTeX to load a different latex.ltx -- but you never
know...)

Arthur


--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Peter Dyballa]

Am 20.10.2011 um 13:24 schrieb Chris Travers:

> So if libz needs a security update, I can get it without replacing
> everything else

What do you gain with that? What is the difference between overwriting 5 MB or 
50 MB of disk space?

--
Greetings

  Pete

Bake pizza not war!




--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Vafa Khalighi]

I do not think, it makes any difference.

-jobname=STRING set the job name to STRING

-progname=STRINGset program (and fmt) name to STRING

On Tue, Oct 18, 2011 at 9:18 PM, Philip TAYLOR (Webmaster, Ret'd) <
p.tay...@rhul.ac.uk> wrote:

>
>
> Vafa Khalighi wrote:
>
>  There are two ways to create xelatex.fmt:
>>
>> 1) xetex -ini -jobname=xelatex -progname=xelatex -etex xelatex.ini
>>
>
> What does this accomplish that "xetex -ini -etex xelatex.ini" does not ?
>
> Philip Taylor
>


--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Chris Travers]

On Thu, Oct 20, 2011 at 6:16 AM, Ulrike Fischer  wrote:
> Am Thu, 20 Oct 2011 13:32:00 +0200 schrieb Susan Dittmar:
>
>> Helping users with the day-to-day administrational
>> work was the main reason why linux distributions have been invented.
>
> Well this may have been the reason. And this is also the reason why
> package managers like the one from miktex has been invented (and I
> like the ease with which I can install packages today.)

Package managers have their roles to play.  They are important for
some users, less so for others.
>
> But looking at the discussion here *now* package managers in Linux
> distros are meant to prevent users to do fatal damage to their
> system, to avoid dramatic security problems, to avert chaos. They
> are no longer mainly a help, they are a mean of control.

And in some environments that is a win.   But keep in mind that none
of these package managers are synonymous with repositories.  I
understand there are TexLive 2011 repos for my distro of Fedora but I
can't develop on them because those are not available for RHEL 6.   I
don't know anyone who sticks with only the stock repositories.

However, when a piece of software also may handle credit card data
(which LedgerSMB sometimes does), the rules change very quickly.  The
credit card industry makes certain demands in exchange for the
privilege to process cards, and one of these is to stick with software
which gets security fixes from a vendor, and to stay current with all
security updates.  Saying that one should just install a new TexLive
distro every year might not even meet those demands, esp. when
everything is statically linked.

>
> It looks as if windows and linux have changed their roles:
> Long time windows users were the ones which were supposed to be so
> dump that they could only use applications which could be installed
> by simple click on a setup.exe and who must be protected from more
> complicated tasks. And everybody feared that windows would gain to
> much control over the applications installed on the user pc
> (microsoft got attacked when it dared to bundle a user application
> like the internet explorer with the OS). But now it looks as if the
> users of the so-called "open and free" OS Linux are tying themselves
> to their disto manufacturer and their installation tools in a way no
> windows user has ever been tyed to a windows OS.

You know, above, I think I said that there are only two really
acceptable ways to install lInux software:
1)  Via the distro's package manager (whether from the distro's repo,
from a third party repo, or third party download) or
2)  Compiling from source.

There are a lot of times when #2 makes more sense.  However it makes
PCI-DSS compliance quite a bit harder and more burdensome.

Best Wishes,
Chris Travers


--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] ftnxtra

[Vafa Khalighi]

Not perfect but you can try this:

 \documentclass[12pt,letterpaper,twoside]{book}

\let\mytabular\tabular

\let\myendtabular\endtabular

\usepackage{geometry}

\usepackage{ftnxtra}

\let\tabular\mytabular

\let\endtabular\myendtabular

\begin{document}

\begin{table}

\begin{tabular}[h]{|c|}

\hline

Table cell text\footnote{Testing footnote}

\end{tabular}

\end{table}

\end{document}


On Fri, Oct 21, 2011 at 12:13 AM, Karljurgen Feuerherm wrote:

> Hello,
>
> Following up on the footnote in tables issue I brought up a short while
> back, I tried Vafa's suggestion to use ftnxtra.
>
> The example below works, until I uncomment the \table{} lines. Since I
> needed caption, that was the essential issue... Does anyone know what's
> up and/or what to do about it?
>
> Thanks
>
> K
> 
> \documentclass[12pt,letterpaper,twoside]{book}
>
> \usepackage{geometry}
> \usepackage{ftnxtra}
>
> \begin{document}
> %   \begin{table}
>\begin{tabular}[h]{|c|}
>\hline
>Table cell text\footnote{Testing footnote}
>\end{tabular}
> %   \end{table}
> \end{document}
>
>
> --
> Subscriptions, Archive, and List information, etc.:
>  http://tug.org/mailman/listinfo/xetex
>


--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Ulrike Fischer]

Am Thu, 20 Oct 2011 13:32:00 +0200 schrieb Susan Dittmar:

> Helping users with the day-to-day administrational
> work was the main reason why linux distributions have been invented.

Well this may have been the reason. And this is also the reason why
package managers like the one from miktex has been invented (and I
like the ease with which I can install packages today.)

But looking at the discussion here *now* package managers in Linux
distros are meant to prevent users to do fatal damage to their
system, to avoid dramatic security problems, to avert chaos. They
are no longer mainly a help, they are a mean of control.

It looks as if windows and linux have changed their roles: 
Long time windows users were the ones which were supposed to be so
dump that they could only use applications which could be installed
by simple click on a setup.exe and who must be protected from more
complicated tasks. And everybody feared that windows would gain to
much control over the applications installed on the user pc
(microsoft got attacked when it dared to bundle a user application
like the internet explorer with the OS). But now it looks as if the
users of the so-called "open and free" OS Linux are tying themselves
to their disto manufacturer and their installation tools in a way no
windows user has ever been tyed to a windows OS. 


-- 
Ulrike Fischer 



--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

[XeTeX] ftnxtra

[Karljurgen Feuerherm]

Hello,

Following up on the footnote in tables issue I brought up a short while
back, I tried Vafa's suggestion to use ftnxtra.

The example below works, until I uncomment the \table{} lines. Since I
needed caption, that was the essential issue... Does anyone know what's
up and/or what to do about it?

Thanks

K

\documentclass[12pt,letterpaper,twoside]{book}

\usepackage{geometry}
\usepackage{ftnxtra}

\begin{document}
%   \begin{table}
\begin{tabular}[h]{|c|}
\hline
Table cell text\footnote{Testing footnote}
\end{tabular}
%   \end{table}
\end{document}


--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Chris Travers]

On Thu, Oct 20, 2011 at 5:24 AM, Petr Tomasek  wrote:

>
> An opportunity to make chaos in the system?
> No, thanks!
>
> (P.S. The best would be to make some convertor which would convert the 
> TeX-Live packages
> into native ones. Anything else is a problem...)
>
Just to offer a counter-point here.

If I was doing a lot of heavy-duty design work (as it is, the design
work I do is lighter-weight, even with my own books etc), I'd probably
keep an up-to-date TeX-Live installation installed.  I don't think
this is always a bad idea.  In fact I there is an important role for
such a tool.

The thing is, though, just because it's a good tool for some
environments doesn't mean it's a good tool for everything.  Not
everything is a nail, and not even all nails need the same kinds of
hammers..

Best wishes,
Chris Travers


--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Chris Travers]

2011/10/20 Zdenek Wagner :

> I have server side applications based on TL. I use them from time to
> time (none of them is currently active). The remote user cannot write
> the document, it is always prepared by some SW tool (PHP, XSLT, ...).
> And \write18 is disabled for such applications. On the other hand,
> there are servers providing TL and users can type their documents
> directly, see http://tex.mendelu.cz/ for instance.
>
> If the current version of TL is 2011 but the native packaged version
> in a Linux distro is 2007, are you sure that there are not bugs and
> security holes? Do you know how \write18 is handled? Are you sure that
> they do not allow \input /etc/passwd and \input /etc/shadow? It is
> disabled by me in my TL based server side applications.

Ok, two quick points I can't help but pass up.

1)  Any server programmer worth his salt is going to properly sanitize
user input before putting it into a template.  I am not 100% confident
that we do a perfect job, but I can tell you that if \write18 or
\input /etc/passwd ended up in an invoice it would be the sysadmin, or
a third party developer contracted to build templates, and not the
user who put it there.   We do the same for HTML because we don't want
nasty little things like cross-site scripting.  If you allow users to
input arbitrary code into your templates, you get what you deserve.*

* There is a caveat here in that the software does allow a subset of
users to edit the templates, including the latex commands, but this is
disabled by default on the filesystem level and for good reason.
There are few users who find this is worth the inherent security
risks, but there are a few.

2)  If your accounting system has access to /etc/shadow, I think the
fact that it could be input into a LaTeX document is the least of your
worries.  Seriously. there is something to be said about server
software running with restrained permissions (which is why the Apache
worker processes run with limited permissions, why PostgreSQL refuses
to run as root, etc).

We started LedgerSMB because we were focused on security and the
project we forked from was not.  This means restricted permissions,
input sanitation, and the whole bit.  Heck the most recent version of
our software doesn't even have permission to access the database if a
user isn't logged in, and then it only has the permissions granted to
that user (meaning that SQL injection issues, if they exist, are
suddenly a lot less interesting).

As your examples demonstrate, without input sanitation, and restrained
permissions, the ways in which a programming language can be abused
are just too difficult to prevent.  The solutions are banning *all*
escape sequences, and running with no more permissions than absolutely
necessary.  Then these problems go away.

The nastier bugs (and ones that other libraries may have a role to
play in addressing) occur when invalid data is sent to the template
and this causes processing errors, such as buffer overflows, stack
overflows, and the like.  In these cases, it could be possible to
attack such a system without passing in LaTeX commands.  Replacing the
underlying faulty library fixes the problem, which of course is
impossible when everything is statically linked.

Best Wishes,
Chris Travers


--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Petr Tomasek]

On Wed, Oct 19, 2011 at 03:10:19PM +0200, Peter Dyballa wrote:
> 
> Am 19.10.2011 um 12:19 schrieb Chris Travers:
> 
> > If RHEL 6 (released about a year ago) is sticking to TeXLive 2007, we all 
> > have problems.
> 
> The only problem is that of understanding. It's like the fifth wheel or the 
> tool to change wheels that come with new car. They're not really usable, 
> they're more kind of alibis. And that's the situation of TeX in Linux.
> 
> Because it's not necessary to build a second rail of distribution via DEB or 
> RPM packages. TeX Live comes with its own package manager and in packages and 
> in meta-packages. Use this opportunity!

An opportunity to make chaos in the system?
No, thanks!

(P.S. The best would be to make some convertor which would convert the TeX-Live 
packages
into native ones. Anything else is a problem...)

P.T.

-- 
Petr Tomasek 
Jabber: but...@jabbim.cz


EA 355:001  DU DU DU DU
EA 355:002  TU TU TU TU
EA 355:003  NU NU NU NU NU NU NU
EA 355:004  NA NA NA NA NA





--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Susan Dittmar]

Quoting Peter Dyballa (peter_dyba...@web.de):
> What keeps you from installing TeX Live temporarily in /tmp and converting it 
> into a "native package"?

Me personally? I never did that before and would have to delve into how to
create a native package. I had a look at this some time ago and decided my
need was not big enough for the effort it seemed to take. Could you tell me
how to do that for openSUSE from the top of your head? If it was easy, I'm
sure an up to date TeX were included in this distribution (and all the
others).

I have some friends who use Linux at home. Although intelligent people,
information technologies cannot hold their interest, and thus they are
nearly computer-illiterate. I taught them enough so they can make the
necessary updates using the distribution's packager.  Do I really want to
have to teach them a different way of updating for every tiny program they
use?

Admitted, TeXlive is not a tiny thing. Still it is just one program suite
among a lot of others. Helping users with the day-to-day administrational
work was the main reason why linux distributions have been invented. To
demand that users do their updates on a per-program base and by hand means
a big step backwards in this respect...

I really love tlmgr. I do use it extensively. And I am tremendously
grateful for all the effort put into that. But please rather think about
supporting distros so they package up to date TeX (or even trigger tlgmr)
instead of demanding that the end user uses yet another updating tool.

Susan


--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Susan Dittmar]

Quoting Zdenek Wagner (zdenek.wag...@gmail.com):
> Of course, I never update anything in a middle of an important task.
> That's why I still have CentOS 4 on one of my computers.

Well, "in the middle of an important task" is valid in a production system
every single minute. With this policy you will never update on such a
system. And that's why there are so many old systems out there, and why
Chris ran into the problem that created this thread.

Susan



--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Susan Dittmar]

Quoting Zdenek Wagner (zdenek.wag...@gmail.com):
> If the current version of TL is 2011 but the native packaged version
> in a Linux distro is 2007, are you sure that there are not bugs and
> security holes? Do you know how \write18 is handled? Are you sure that
> they do not allow \input /etc/passwd and \input /etc/shadow? It is
> disabled by me in my TL based server side applications.

Valid questions, but, as I understand, not the kind of TeX service Chris
provides. You are talking about giving access to TeX engine on your machine
to someone coming from remote. Chris' customers use their own TeX engine on
their own computer/server. Chris doesn't have any control over this TeX
engine. Maybe Chris could invest thoughts about preventing users to input
code (product names, product descriptions and such) containing potentially
problematic TeX commands (like the dreaded \write18), but that's a
completely different toppic from the aspects of using TeX as backbone to
accounting software discussed up to now. It might even be moot unless the
accounting software grants permissions the user doesn't already have.

Susan


--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Zdenek Wagner]

2011/10/20 Chris Travers :
> The general point is that where one is doing server-side document
> generation, there are sufficient reasons *not* to use external binary
> blobs with it's own package manager that doesn't talk to or integrate
> with anything else, which has a short support cycle, and which is
> statically linked to all its dependencies.
>
> Use of distro packages may not be perfect, but the only two options
> are that or compiling from source, realistically.
>
I have server side applications based on TL. I use them from time to
time (none of them is currently active). The remote user cannot write
the document, it is always prepared by some SW tool (PHP, XSLT, ...).
And \write18 is disabled for such applications. On the other hand,
there are servers providing TL and users can type their documents
directly, see http://tex.mendelu.cz/ for instance.

If the current version of TL is 2011 but the native packaged version
in a Linux distro is 2007, are you sure that there are not bugs and
security holes? Do you know how \write18 is handled? Are you sure that
they do not allow \input /etc/passwd and \input /etc/shadow? It is
disabled by me in my TL based server side applications.

> Best Wishes,
> Chris Travers
>
>
> --
> Subscriptions, Archive, and List information, etc.:
>  http://tug.org/mailman/listinfo/xetex
>



-- 
Zdeněk Wagner
http://hroch486.icpf.cas.cz/wagner/
http://icebearsoft.euweb.cz



--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Zdenek Wagner]

2011/10/20 Chris Travers :
> 2011/10/20 Zdenek Wagner :
>
>> It would be a good way if the native packages were up-to-date and if
>> they allowed me to install not only the current version but even older
>> versions. As a matter of fact, I first verify that everything works
>> and after that I switch PATH. Twice I needed to test a document with
>> an old TL because I found that it does not work with the current
>> version. This is the greatest benefit of TL. I know what I am writing.
>> It happend several times that the native package of Octave included an
>> incompatible change. Two such upgrades were so nasty that each of them
>> forced me to spend two weeks of work just to make my code running.
>>
>
> BTW, that's *exactly* why you don't want to update existing important
> systems once they are shown to be working without extensive testing
> and staging, and why staying on older versions for working systems
> that automatically generate documents is usually the wise course of
> action.
>
There are two big reasons for update:

1. The new hardware is not supported by the old Linux distro

2. The necessary SW is not available as a package for the old distro
and cannot be compiled from SourceForge sources because glibc in the
distro is obsolete

Of course, I never update anything in a middle of an important task.
That's why I still have CentOS 4 on one of my computers.

> Best Wishes,
> Chris Travers
>
>
> --
> Subscriptions, Archive, and List information, etc.:
>  http://tug.org/mailman/listinfo/xetex
>



-- 
Zdeněk Wagner
http://hroch486.icpf.cas.cz/wagner/
http://icebearsoft.euweb.cz



--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Chris Travers]

The general point is that where one is doing server-side document
generation, there are sufficient reasons *not* to use external binary
blobs with it's own package manager that doesn't talk to or integrate
with anything else, which has a short support cycle, and which is
statically linked to all its dependencies.

Use of distro packages may not be perfect, but the only two options
are that or compiling from source, realistically.

Best Wishes,
Chris Travers


--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Chris Travers]

On Thu, Oct 20, 2011 at 4:05 AM, Peter Dyballa  wrote:
>
> Am 20.10.2011 um 12:53 schrieb Chris Travers:
>
>> However, statically linking things strikes me as even worse from a
>> stability/security perspective (which is what is critical with server
>> software).  It means that if there is a bug in any of the libraries
>> you have possibly linked to, you have to upgrade everything.
>
> This is what the TeX Live package manager performs. The providers of TeX Live 
> do the whole job.
>
I think you miss the point.  When something went wrong with zlib in
2002, software from the Apache Web Server to Microsoft Office required
security patches.  Now, I take it you figure that TexLive 2007, 2008,
2009, 2010, will not get such security patches  So that means if
such a problem affected you, everyone would have to upgrade to the
latest version, possibly breaking any automated document generation in
the process, *just to get the security fix.*

This is why external TexLive distributions are bad ideas on server
systems, though they are great for workstations, and why many of us
then end up working with the distro-supplied packages, as they are not
statically linked.


[root@chris-dev2 ledgersmb_1.3]# ldd /usr/bin/latex
linux-gate.so.1 =>  (0x00f3a000)
libpng12.so.0 => /usr/lib/libpng12.so.0 (0x003ae000)
libz.so.1 => /lib/libz.so.1 (0x00d6b000)
libkpathsea.so.4 => /usr/lib/libkpathsea.so.4 (0x00d8)
libpoppler.so.5 => /usr/lib/libpoppler.so.5 (0x04516000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x040c)
libm.so.6 => /lib/libm.so.6 (0x00d1b000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x040a)
libc.so.6 => /lib/libc.so.6 (0x00b8e000)
liblcms.so.1 => /usr/lib/liblcms.so.1 (0x04ae1000)
libjpeg.so.62 => /usr/lib/libjpeg.so.62 (0x0478e000)
libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x003d8000)
libfontconfig.so.1 => /usr/lib/libfontconfig.so.1 (0x00485000)
libopenjpeg.so.2 => /usr/lib/libopenjpeg.so.2 (0x005af000)
/lib/ld-linux.so.2 (0x00b6c000)
libexpat.so.1 => /lib/libexpat.so.1 (0x00384000)

So if libz needs a security update, I can get it without replacing
everything else

Best Wishes,
Chris Travers



--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Petr Tomasek]

On Wed, Oct 19, 2011 at 03:20:15PM +0200, Ulrike Fischer wrote:
> Am Wed, 19 Oct 2011 05:59:16 -0700 schrieb Chris Travers:
> 
> > This matches my needs very well.  If my clients are running accounting
> > systems, the last thing I want is an upgrade of TexLive to break their
> > ability to generate invoices.
> 
> Normally you get more problems if you can't update ;-)
> 
> > If there are bugs in older versions, I can work around those bugs,
> > but the problem of getting a document that will only render with
> > one version or another is not acceptable to my application.  
> 
> Then you shouldn't rely on an external TeXLive installation.

That's why external TeXLive intallation are GENERALLY a bad idea.


-- 
Petr Tomasek 
Jabber: but...@jabbim.cz


EA 355:001  DU DU DU DU
EA 355:002  TU TU TU TU
EA 355:003  NU NU NU NU NU NU NU
EA 355:004  NA NA NA NA NA





--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Petr Tomasek]

On Wed, Oct 19, 2011 at 01:45:29PM +0200, Ulrike Fischer wrote:
> Am Wed, 19 Oct 2011 03:19:48 -0700 schrieb Chris Travers:
> 
> > And obviously this puts a lot us in bad positions.  If RHEL 6
> > (released about a year ago) is sticking to TeXLive 2007, we all have
> > problems.  The question is what the community can reasonably do, and
> > what developers can be expected to do navigating these issues.
> 
> Well I'm a windows user so actually I'm not really affected. But
> imho the linux distros should rethink their installation methods and
> installation advices. It is absurd that 10 or more distros invest a
> lot of main power in making packages when they lack the main power
> to keep them up-to-date.  

Actually, with most of free software this is hardly a problem
as most of it is nowaday written properly and packaging a new
version usually means putting a tarball of the new version
into a specific location a increasing the version number in the
.spec file (for .rpms) and maybe adding a changelog entry.

The only problem is with software that tries to be more "clever"
and do things which should be left for to the underlying system...

P.T.

-- 
Petr Tomasek 
Jabber: but...@jabbim.cz


EA 355:001  DU DU DU DU
EA 355:002  TU TU TU TU
EA 355:003  NU NU NU NU NU NU NU
EA 355:004  NA NA NA NA NA





--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Peter Dyballa]

Am 20.10.2011 um 12:53 schrieb Chris Travers:

> However, statically linking things strikes me as even worse from a
> stability/security perspective (which is what is critical with server
> software).  It means that if there is a bug in any of the libraries
> you have possibly linked to, you have to upgrade everything. 

This is what the TeX Live package manager performs. The providers of TeX Live 
do the whole job.

--
Greetings

  Pete

Sometimes I think the surest sign that intelligent life exists elsewhere in the 
universe is that none of it has tried to contact us.
– Bill Watterson, in his comic strip Calvin and Hobbes




--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Petr Tomasek]

On Wed, Oct 19, 2011 at 09:53:48AM +0200, Ulrike Fischer wrote:
> Am Tue, 18 Oct 2011 07:39:06 -0700 schrieb Chris Travers:
> 
> >> So the limit is five years (but only for the latex kernel).
> >> The version date of my (current) latex.ltx ist
> >> \edef\fmtversion{2011/06/27}
> 
> >>> Or is XeTeX not intended to be used in these environments?
> 
> >> I would say that if your latex is more than five years old, your
> >> xetex binaries and packages aren't up-to-date either. And as xetex
> >> is rather young this can be quite a problem. Regardless if you want
> >> to ship out only xetex documents or xetex documents + binaries: You
> >> should be aware that other people can have up-to-date systems and so
> >> you should make tests on such systems too (and just in case you
> >> don't know:  you can't use a fmt generated by one xetex version with
> >> another xetex version).
> 
> > Of course.  I don't expect .fmt files to be portable.  What is helpful
> > is to know how to resolve the issue so I can put a faq entry in and
> > direct people to it when they ask on the mailing list.  (And if they
> > can't get it, charge for support.)  I believe I have gotten that, so I
> > am satisfied with the resolution.
> > 
> > However, so that there are no misunderstandings   The issue here
> > is being forced to choose between supporting XeTeX on many platforms
> > and being able to support the platform's package manager.  I don't see
> > anyone here suggesting a way around that.  For developers distributing
> > software, that's kind of an issue.
> 
> The problem is that there seems to a mounting number on Linux users
> which are reluctant to install software without using there package
> manager. And there seems to be a mounting number of  maintainers of
> linux distros (there just was a quite heated discussion in d.c.t.t.)
> which enforce this reluctance by telling people that they set their
> system at risk if they install e.g. a new TeXLive without using the
> disto package manager. 

And they are obviously right.

> 
> On the other side the linux distros seems to be either unwilling or
> unable to update the packages they support. Your list is quite
> impressing in this respect:
> 
>  
> > Debian Lenny:  TexLive 2007
> > Debian Squeeze:  TexLive 2009
> > Debian Sid:  TexLive 2009
> > Ubuntu 10.04 LTS:  TexLive 2009
> > Red Hat Enterprise 6:  TexLive 2007
> > That means that the most recent versions of CentOS and Scientific
> > Linux also use 2007.
> 
> This is all (partly horribly) outdated. The current TeXLive version
> is 2011 and they are currently working on 2012. 

Maybe the problem is that the packages of TeX-Live are not easily upgradable...

> As the maintainer of the KOMA-packages pointed out this makes
> support rather difficult: He constantly gets reports about bugs
> which have been resolved years ago. 
> 
> What would you think of a linux distro which would force you to use
> a virus protection software with signature files five years old? 

Hm, and I thought than prof. Knuth wanted TeX to be as stable as possible
and not be subject to exactly such problems...

(BTW, that's one of the reasons, I only use plan-TeX/XeTeX...)

-- 
Petr Tomasek 
Jabber: but...@jabbim.cz


EA 355:001  DU DU DU DU
EA 355:002  TU TU TU TU
EA 355:003  NU NU NU NU NU NU NU
EA 355:004  NA NA NA NA NA





--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Chris Travers]

2011/10/20 Zdenek Wagner :

> It would be a good way if the native packages were up-to-date and if
> they allowed me to install not only the current version but even older
> versions. As a matter of fact, I first verify that everything works
> and after that I switch PATH. Twice I needed to test a document with
> an old TL because I found that it does not work with the current
> version. This is the greatest benefit of TL. I know what I am writing.
> It happend several times that the native package of Octave included an
> incompatible change. Two such upgrades were so nasty that each of them
> forced me to spend two weeks of work just to make my code running.
>

BTW, that's *exactly* why you don't want to update existing important
systems once they are shown to be working without extensive testing
and staging, and why staying on older versions for working systems
that automatically generate documents is usually the wise course of
action.

Best Wishes,
Chris Travers


--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Chris Travers]

2011/10/20 Zdenek Wagner :
> 2011/10/20 Petr Tomasek :
>> On Tue, Oct 18, 2011 at 03:14:56PM +0200, Ulrike Fischer wrote:
>>> Am Tue, 18 Oct 2011 05:43:57 -0700 schrieb Chris Travers:
>>>
>>> > This has all been very helpful.  At least I have things narrowed down
>>> > a bit here:
>>> >
>>> >
>>> > # fmtutil-sys --byfmt xelatex
>>> >
>>>
>>> > ! LaTeX source files more than 5 years old!.
>>> > l.545 ...aTeX source files more than 5 years old!}
>>>
>>> >
>>> > Any idea of what I do about this?
>>>
>>> The best is to get and install a new TeXLive 2011 with newer latex
>>> sources. You can also try to fool latex by changing your pc date.
>>
>> No, it is actually the worst thing to do. Most Linux distributions have their
>> own packaging system and using alien blob (like the TeXLive) has all
>> the disadvantages it can: possbily breaking compatibility if some system
>> library is updated, not upgrading this blob using system tools if
>> securty vulnerabilities are found can lead to serious security problems, 
>> etc...
>>
> That's why TL is linked statically with the exception of tools
> dependent on fontconfig (xetex, luatex, xdvipdfmx).

I think Petr overstates the case a bit.  I can think of plenty of
disadvantages that using a blob doesn't have.  But it has enough that
for software that needs to be stable, it's worth avoiding.

However, statically linking things strikes me as even worse from a
stability/security perspective (which is what is critical with server
software).  It means that if there is a bug in any of the libraries
you have possibly linked to, you have to upgrade everything.   I am
remembering a certain double free bug in zlib a number of years ago
that resulted in security advisories and patches for a huge swath of
software because everything had statically linked to zlib and
derivatives.   Certainly something like isn't a reason to update
everything in CTAN..


Best Wishes,
Chris Travers



--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Peter Dyballa]

Am 20.10.2011 um 12:32 schrieb Petr Tomasek:

> This is the best way to hell. Native packages should be used and not some
> stupid external blob!

Can it be that you see stupidity because you can't see tlmgr and that the blob 
is similar to any Linux distribution?

What keeps you from installing TeX Live temporarily in /tmp and converting it 
into a "native package"?

--
Greetings

  Pete

Imbecility, n.:
A kind of divine inspiration, or sacred fire affecting censorious 
critics of this dictionary.
– Ambrose Bierce: _The Devil's Dictionary_




--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Zdenek Wagner]

2011/10/20 Petr Tomasek :
> On Tue, Oct 18, 2011 at 05:16:12PM +0200, Peter Dyballa wrote:
>>
>> Am 18.10.2011 um 16:39 schrieb Chris Travers:
>>
>> > Here's a breakdown of OS support for TexLive versions for anyone 
>> > interested:
>> >
>> > Debian Lenny:  TexLive 2007
>> > Debian Squeeze:  TexLive 2009
>> > Debian Sid:  TexLive 2009
>> > Ubuntu 10.04 LTS:  TexLive 2009
>> > Red Hat Enterprise 6:  TexLive 2007
>> > That means that the most recent versions of CentOS and Scientific
>> > Linux also use 2007.
>>
>> Forget these RPM or DEB based re-packings! (The support from their 
>> distributors/repackagers can be a bit less than optimal.) Install TeX Live 
>> 2005, 2006, 2007, 2008, 2009, 2010, 2011!
>
> This is the best way to hell. Native packages should be used and not some
> stupid external blob!
>
It would be a good way if the native packages were up-to-date and if
they allowed me to install not only the current version but even older
versions. As a matter of fact, I first verify that everything works
and after that I switch PATH. Twice I needed to test a document with
an old TL because I found that it does not work with the current
version. This is the greatest benefit of TL. I know what I am writing.
It happend several times that the native package of Octave included an
incompatible change. Two such upgrades were so nasty that each of them
forced me to spend two weeks of work just to make my code running.

> P.T.
>
> --
> Petr Tomasek 
> Jabber: but...@jabbim.cz
>
>
>
> --
> Subscriptions, Archive, and List information, etc.:
>  http://tug.org/mailman/listinfo/xetex
>



-- 
Zdeněk Wagner
http://hroch486.icpf.cas.cz/wagner/
http://icebearsoft.euweb.cz



--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Zdenek Wagner]

2011/10/20 Petr Tomasek :
> On Tue, Oct 18, 2011 at 03:14:56PM +0200, Ulrike Fischer wrote:
>> Am Tue, 18 Oct 2011 05:43:57 -0700 schrieb Chris Travers:
>>
>> > This has all been very helpful.  At least I have things narrowed down
>> > a bit here:
>> >
>> >
>> > # fmtutil-sys --byfmt xelatex
>> >
>>
>> > ! LaTeX source files more than 5 years old!.
>> > l.545 ...aTeX source files more than 5 years old!}
>>
>> >
>> > Any idea of what I do about this?
>>
>> The best is to get and install a new TeXLive 2011 with newer latex
>> sources. You can also try to fool latex by changing your pc date.
>
> No, it is actually the worst thing to do. Most Linux distributions have their
> own packaging system and using alien blob (like the TeXLive) has all
> the disadvantages it can: possbily breaking compatibility if some system
> library is updated, not upgrading this blob using system tools if
> securty vulnerabilities are found can lead to serious security problems, 
> etc...
>
That's why TL is linked statically with the exception of tools
dependent on fontconfig (xetex, luatex, xdvipdfmx).

> That's why I always compiled XeTeX from the SVN, but even that is broken since
> about 2 years :-/
>
I have only a problem with Nafees fonts, xdvipdfmx cannot find them in
CentOS 4 and 5 while everything works fine in Fedora 13. I tried with
TL 2008, 2009, 20010 and 2011, the result is the same and even
Khaled's advices did not help me to make it work.

> P.T.
>
> --
> Petr Tomasek 
> Jabber: but...@jabbim.cz
>
> 
> EA 355:001  DU DU DU DU
> EA 355:002  TU TU TU TU
> EA 355:003  NU NU NU NU NU NU NU
> EA 355:004  NA NA NA NA NA
> 
>
>
>
>
> --
> Subscriptions, Archive, and List information, etc.:
>  http://tug.org/mailman/listinfo/xetex
>



-- 
Zdeněk Wagner
http://hroch486.icpf.cas.cz/wagner/
http://icebearsoft.euweb.cz



--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Petr Tomasek]

On Tue, Oct 18, 2011 at 05:16:12PM +0200, Peter Dyballa wrote:
> 
> Am 18.10.2011 um 16:39 schrieb Chris Travers:
> 
> > Here's a breakdown of OS support for TexLive versions for anyone interested:
> > 
> > Debian Lenny:  TexLive 2007
> > Debian Squeeze:  TexLive 2009
> > Debian Sid:  TexLive 2009
> > Ubuntu 10.04 LTS:  TexLive 2009
> > Red Hat Enterprise 6:  TexLive 2007
> > That means that the most recent versions of CentOS and Scientific
> > Linux also use 2007.
> 
> Forget these RPM or DEB based re-packings! (The support from their 
> distributors/repackagers can be a bit less than optimal.) Install TeX Live 
> 2005, 2006, 2007, 2008, 2009, 2010, 2011!

This is the best way to hell. Native packages should be used and not some
stupid external blob!

P.T.

-- 
Petr Tomasek 
Jabber: but...@jabbim.cz



--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Petr Tomasek]

On Tue, Oct 18, 2011 at 03:14:56PM +0200, Ulrike Fischer wrote:
> Am Tue, 18 Oct 2011 05:43:57 -0700 schrieb Chris Travers:
> 
> > This has all been very helpful.  At least I have things narrowed down
> > a bit here:
> > 
> > 
> > # fmtutil-sys --byfmt xelatex
> > 
> 
> > ! LaTeX source files more than 5 years old!.
> > l.545 ...aTeX source files more than 5 years old!}
> 
> > 
> > Any idea of what I do about this?
> 
> The best is to get and install a new TeXLive 2011 with newer latex
> sources. You can also try to fool latex by changing your pc date. 

No, it is actually the worst thing to do. Most Linux distributions have their
own packaging system and using alien blob (like the TeXLive) has all
the disadvantages it can: possbily breaking compatibility if some system
library is updated, not upgrading this blob using system tools if
securty vulnerabilities are found can lead to serious security problems, etc...

That's why I always compiled XeTeX from the SVN, but even that is broken since
about 2 years :-/

P.T.

-- 
Petr Tomasek 
Jabber: but...@jabbim.cz


EA 355:001  DU DU DU DU
EA 355:002  TU TU TU TU
EA 355:003  NU NU NU NU NU NU NU
EA 355:004  NA NA NA NA NA





--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Mary Ellen Foster]

On 18 October 2011 15:39, Chris Travers  wrote:

> Here's a breakdown of OS support for TexLive versions for anyone
> interested:
>
> Debian Lenny:  TexLive 2007
> Debian Squeeze:  TexLive 2009
> Debian Sid:  TexLive 2009
> Ubuntu 10.04 LTS:  TexLive 2009
> Red Hat Enterprise 6:  TexLive 2007
> That means that the most recent versions of CentOS and Scientific
> Linux also use 2007.
>

For what it's worth, there is a current effort to get more recent TexLive
packages created for Fedora (which will eventually feed into RHEL, CentOS,
etc.). The big issue as I understand it is licensing ...

More details here: http://fedoraproject.org/wiki/Features/TeXLive

I've been running the unofficial TL 2011 packages for a while now with few
issues.

MEF

-- 
Mary Ellen Foster -- http://www.macs.hw.ac.uk/~mef3/
Interaction Lab -- http://www.macs.hw.ac.uk/InteractionLab
School of Mathematical and Computer Sciences, Heriot-Watt University

Heriot-Watt University is a Scottish charity registered under charity
number SC000278


--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex

Re: [XeTeX] How to manually create the xelatex.fmt?

[Susan Dittmar]

Chris, you are *not* alone in your need for stability in the sense of
"everything that worked up to now still has to work with the new version".
I have the same requirement, and quite a lot of the professional
typesetters on this list do, too. So even if it does not look like that to
you---I know I was one of those asking you to update---there *is* interest
in that same thing here.

I think the problem here arises because most of the people on this list are
TeX users themselves, not TeX service providers. 

Quoting Herbert Schulz (he...@wideopenwest.com):
> On Oct 19, 2011, at 9:09 AM, Chris Travers wrote:
> > I think "stable" in terms of "you can safely use this to render your
> > documents" and "stable" in terms of "no unnecessary changed so we know
> > the software using this clearly and predictably works every time" are
> > different senses of the word "stable."  I need the latter once the
> > software is installed, you are talking the former.
> 
> Of course there is another sense of ``stable'': we're not going to change
> anything even if it doesn't work and has bugs because it's better to know
> your enemy than to find an ew enemy or friend.

You are right, and that's the danger whenever you need a system in the
second listed sense of "stable". A danger Chris, and others with his needs,
is very aware of.

I think it's quite well that this point is being discussed here again.
Perhaps it serves to remind package writers how important backwards
compatibility is, and what a hell they create for their users whenever
backwards compatibility is broken.

Susan



--
Subscriptions, Archive, and List information, etc.:
  http://tug.org/mailman/listinfo/xetex