Hi!

We currently have three different versions of teTeX in pkgsrc.
Because of the high rate of vulnerabilities found in xpdf
code (which is included in all teTeX versions), maintaining
them has become quite a bit of effort.

Currently, only the teTeX3 packages are patched for the latest
vulnerabilities. For the 1 and 2 versions, the following
vulnerabilities are not fixed:
teTeX-bin-1.[0-9]*      1731,denial-of-service  http://secunia.com/advisories/17916/
teTeX-bin-2.[0-9]*      1732,denial-of-service  http://secunia.com/advisories/17916/
teTeX-bin-1.[0-9]*      1734,arbitrary-code-execution   http://secunia.com/advisories/17916/
teTeX-bin-2.[0-9]*      1735,arbitrary-code-execution   http://secunia.com/advisories/17916/
teTeX-bin-1.[0-9]*      1737,denial-of-service  http://secunia.com/advisories/18329/
teTeX-bin-2.[0-9]*      1738,denial-of-service  http://secunia.com/advisories/18329/
teTeX-bin-1.[0-9]*      1740,arbitrary-code-execution   http://secunia.com/advisories/18329/
teTeX-bin-2.[0-9]*      1741,arbitrary-code-execution   http://secunia.com/advisories/18329/

Is there a point in keeping the old teTeX versions?

Is someone interested in maintaining them actively?

Without an active maintainer, I don't think we should keep them in
pkgsrc. If noone speaks up, I'll probably remove at least the following
packages from pkgsrc in about two weeks:

print/teTeX1
print/teTeX1-bin
print/teTeX1-share
print/teTeX1-sharesrc

teTeX1-only dependencies:
devel/cweb
print/dvipdfm
print/ja-dvipdfm
print/tex-eurosym
print/texfamily
print/texfamily-share

If someone wants to update these packages so they work with newer
teTeX versions (for those where it makes sense[1]), I'd appreciate it.

I'm not yet sure what to do about the teTeX2 packages.
teTeX2 dependencies are:
print/ja-jsclasses
print/ja-ptex
print/ja-ptex-bin
print/ja-ptex-share
print/ja-vfxdvik
print/tex-textpos

Updates for teTeX3 are definitely welcome here too....

Cheers,
 Thomas

[1] At least tex-eurosym is included in newer teTeX versions.