Patched packages uploaded for Mageia 5 and Cauldron.

Advisory:
========================

Updated yodl packages fix security vulnerability:

Invalid memory read in queue_push could lead to Denial of service
(CVE-2016-10375).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10375
https://lists.opensuse.org/opensuse-updates/2017-06/msg00026.html
========================

Updated packages in core/updates_testing:
========================
yodl-3.00.0-7.1.mga5
yodl-doc-3.00.0-7.1.mga5

from yodl-3.00.0-7.1.mga5.src.rpm

Assignee: bugsquad => qa-bugs
Whiteboard: MGA5TOO => (none)
Version: Cauldron => 5

Bachground
---------
No previous updates for this thing.

"Yet oneOther Document Language[!] The idea of Yodl is that you write up a  document in a pre-language, then  use the tools e.g. yodl2html to convert it to some final document language. Current converters are for HTML, man, LaTeX, text and an experimental xml converter."
Home page: https://fbb-git.github.io/yodl/ which leads to good documentation.
Man pages are good.
"First, yodl is called, producing a raw output file and an associated index file; 
Then, yodlpost is called, converting these two files into a final document."

Programs/scripts provided by the pkg:
 /usr/bin/yodl              The main program ? called by the convert scripts ?
 /usr/bin/yodl2html         converts to HTML
 /usr/bin/yodl2latex        converts to LaTeX output
 /usr/bin/yodl2man          converts to nroff `man’ format
 /usr/bin/yodl2txt          converts  to  plain  ASCII
 /usr/bin/yodl2whatever     Refers to the 4  above
 /usr/bin/yodl2xml          presumably converts to xml (experimental)
 /usr/bin/yodlpost          Yodl post-processor
 /usr/bin/yodlstriproff     strip ASCII control characters
 /usr/bin/yodlverbinsert    Generate verb-sections from parts of a file

I cannot find an example YODL (.yo) file to play with; perhaps you can - it would help a lot. Short of writing one...

CC: (none) => lewyssmith

With reference to comment 2:

There are a number of .yo files in /usr/share/yodl/ so you could try playing with those.  No time just now myself but if you could leave it a couple of days...

It is often worth looking in /usr/share/<packagename>/ for helpful files.  The other way is to use mlocate to see if the package provides anything.  e.g.
$ sudo updatedb
$ locate ".yo"

CC: (none) => tarazed25

@Lewis
Shall play with those files and see if they are any use.

Not making any headway with those files.

I can see why. There are several groups per document type that it produces:
 [std.]html|latex|man|txt|xml.yo
and they look as if they are used by the various yodl2<format> programs.
I shall search again briefly for a meaningful example.yo file, and if nothing turns up, just go for the clean update.

Testing M5 x64

Give up, could find absolutely no sample files. The doc pkg looks like the on-line documentation.

BEFORE update: yodl-3.00.0-7.mga5, yodl-doc-3.00.0-7.mga5
AFTER the clean update: yodl-3.00.0-7.1.mga5, yodl-doc-3.00.0-7.1.mga5

OK

Whiteboard: advisory => advisory MGA5-64-OK

Maybe a bit late now but there is a sort of HelloWorld type file at
http://www.tldp.org/LDP/LG/issue09/yodl.html

This hails from 1996 and needed a couple of edits.  I tried to process it but hit a couple of errors - need to study the howto.

Attaching the file.

Created attachment 9432 [details]
Example document file

Its utility is not yet confirmed.

x86_64 and Mate

Using Karel Kubat's sample file to investigate yodl capabilities before updating.

$ yodl2html -i hello.idx -t helloworld.yo

The -t produces a trace on STDOUT as the file is processed.  The result is an HTML file which looks fine in a browser.

$ yodl2man -i hello.idx helloworld.yo
produced nroff tagged output suitable for a man page.
$ cat helloworld.man
.TH "Test article for YODL" "1996"
.PP

.SH "Test article for YODL"

.SH "Karel Kubat"

.SH "1996"
..............................

yodl2txt produced bare text as expected.

yodl2latex created a LaTeX file.  Installed latex and tried to run tex.
$ tex helloworld.latex
This is TeX, Version 3.1415926 (TeX Live 2013/Mageia)
(./helloworld.latex
! Undefined control sequence.
l.1 \documentclass
                  {article}
? 

There seemed to be a problem with each line, possibly because I don't have the latex infrastructure set up but the conversion looks authentic from what I can remember from decades ago.
Example error:
! I can't find file `{/usr/share/yodl/xlatin1.tex}'.
l.5 \input{/usr/share/yodl/xlatin1.tex}
Errors recorded in helloworld.log.

$ yodl2xml -i hello.idx helloworld.yo
generated legitimate XML code which could be viewed with highlighting in vim or emacs.

No suitable data with which to test yodlstriproff.
It would be used in this manner I think:
$ cat datafile | yodlstriproff > outputfile

yodlverbinsert extracts text verbatim from specially commented sections in C or C++ files but the man pages are a bit vague about exactly how it is to be used.  It looks like it processes a marked program file and sends the extracted text to  STDOUT.   A yodl file can include external files so perhaps all this utility does is what a user could achieve using a familiar text editor like emacs (yank a highlighted region and write it to a file) though maybe it wraps the text in verbatim tags.  This requires a little research.

@Len
Many thanks for finding a real YODL file to play with (puzzled that it is of type .idx rather than .yo) ; and for attaching it; and for your extensive tests on same. The file & your tests Comment 8 make a valuable test reference if we ever encounter this thing again.

@Lewis
No, the yodl file is .yo.  The index file with .idx is a byproduct of the command which the user specifies, or can specify, AFAIK.  I don't think it is necessary to specify it.  I can follow that up.

Tried a conversion without the -i option and no .idx file was produced.
$ yodl2html helloworld.yo
$ ls -l helloworld.*
-rw------- 1 lcl lcl 1747 Jun 27 20:54 helloworld.html
-rw------- 1 lcl lcl 1313 Jun 27 15:56 helloworld.latex
-rw-r--r-- 1 lcl lcl 1087 Jun 27 16:06 helloworld.log
-rw------- 1 lcl lcl 1001 Jun 27 15:50 helloworld.man
-rw------- 1 lcl lcl  714 Jun 27 15:55 helloworld.txt
-rw------- 1 lcl lcl 2173 Jun 27 16:08 helloworld.xml
-rw-r--r-- 1 lcl lcl  992 Jun 27 15:28 helloworld.yo

Updated yodl in a 32-bit mga5.1 virtualbox.
Ran all of the conversion utilities on helloworld.yo to generate alternative document formats as in comment 13.

As far as it goes, this is good for i586.

I should like to prepare an annotated test file, a tidier version of the previous notes and also follow up the include and verbatim insertion business because yodl looks like a pretty useful tool, but for the time being this can probaly be validated.

Rerunning the latex test on x86_64 with warnings suppressed generated something.
$ yodl2latex -w helloworld.yo
Yodl2latex 3.00.0
Yodl is processing a(n) article
Document title: Test article for YODL
No post-processing required for this latex conversion
$ latex helloworld.latex
This is pdfTeX, Version 3.1415926-2.5-1.40.14 (TeX Live 2013/Mageia)
 restricted \write18 enabled.
entering extended mode
(./helloworld.latex
LaTeX2e <2011/06/27>
Babel <3.9f> and hyphenation patterns for 78 languages loaded.
(/usr/share/texmf-dist/tex/latex/base/article.cls
Document Class: article 2007/10/19 v1.4h Standard LaTeX document class
(/usr/share/texmf-dist/tex/latex/base/size10.clo))
(/usr/share/texmf-dist/tex/latex/base/fontenc.sty
(/usr/share/texmf-dist/tex/latex/base/t1enc.def)) (/usr/share/yodl/xlatin1.tex)

No file helloworld.aux.
No file helloworld.toc.

LaTeX Warning: Reference `first' on page 1 undefined on input line 28.

(/usr/share/texmf-dist/tex/latex/base/t1cmtt.fd)
(/usr/share/texmf-dist/tex/latex/base/omscmr.fd) [1] [2] (./helloworld.aux)

LaTeX Warning: There were undefined references.


LaTeX Warning: Label(s) may have changed. Rerun to get cross-references right.

 )
Output written on helloworld.dvi (2 pages, 1780 bytes).
Transcript written on helloworld.log.
$ ls -l helloworld.dvi
-rw-r--r-- 1 lcl lcl 1780 Jun 27 23:33 helloworld.dvi
$ dvi2tty helloworld.dvi
This shows a somewhat garbled typeset page in the terminal; not something which could be printed, but a brave attempt.

So, yodl does its best with latex formatting and this test in no way invalidates the earlier conclusion, MGA5-64-OK.

Created attachment 9447 [details]
Summary of functionality tests on helloworld.yo

This may be extended later to address the use of yodlstriproff and yodlverbinsert.

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0192.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

@Lewis
yodl will probably come back because I suspect that there are original bugs in the LaTeX and XML converters which are not associated with this update.  I shall report what has been seen in the hope that somebody can fix the problems or point out where I might have gone wrong.

Created attachment 9448 [details]
Summary of functionality tests on helloworld.yo

Found some errors in the original text and also some errors in the XML output file which need to be addressed via a bug report.

Attachment 9447 is obsolete: 0 => 1