Ubuntu
mathjax package

[MIR] mathjax

Bug #1878937 reported by Lukas Märdian
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mathjax (Ubuntu)
Fix Released
Undecided
Didier Roche-Tolomelli

Bug Description

[Availability]
Currently in Ubuntu universe. Built for all supported architectures. In sync with Debian.

[Rationale]
This package is a new dependency of the 'sphinx-doc' package (src:sphinx, as of version 2.3.1-1) that we already support.

[Security]
No known security issues:
https://security-tracker.debian.org/tracker/source-package/sphinx
https://launchpad.net/ubuntu/+source/sphinx/+cve

Past issue CVE-2018-1999024 affects only versions < 2.7.4:
https://security-tracker.debian.org/tracker/CVE-2018-1999024

No security relevant binaries contained. No files in /sbin or /usr/sbin, no system services/daemons or other security relevant constraints.

[Quality assurance]
* The package provides a JS library, which can be used easily from
  /usr/share/javascript/mathjax/ without further documentation.

* No debconf dialogs.

* No critical outstanding bugs which affect the usability. Upstream provides regular bugfix releases for the 2.7.* branch at https://github.com/mathjax/MathJax/releases

* No bugs in Ubuntu.
  https://bugs.launchpad.net/ubuntu/+source/mathjax

* Debian marks 1 out of 2 bugs 'Important':
  https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=mathjax
  BTS#919981: Ugly formulas in jupyter
  -> Affects the rendering in 'jupyter', which is in Ubuntu universe.
     Does not seem to be a critical bug.

* Upstream lists 25 issues, which were not marked to be fixed or postponed.
  None of those seems to be critical:
  https://github.com/mathjax/MathJax/issues?q=is%3Aissue+is%3Aopen+sort%3Acreated-desc+no%3Amilestone+-label%3A%22Feature+Request%22+-label%3AFixed+-label%3A%22Expected+Behavior%22+-label%3ADuplicate+-label%3AAccepted+-label%3AAbandoned+-label%3A%22Address+Later%22+-label%3AQuestion+-label%3Av3

* Ubuntu is in sync with Debian. Debian last updated the package 2018-05-15.
  Looking for a new maintainer, due to a new major upstream release (3.0).
  Debian-JS-Maintainers team took over and is preparing 3.0 release in Salsa.
  https://tracker.debian.org/pkg/mathjax
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950424
  https://salsa.debian.org/js-team/mathjax

* No exotic hardware required.

* No autopkgtests. No build tests.

* debian/watch available.

* lintian --pedantic shows 3 relevant, non-critical warnings:
  P: mathjax source: package-uses-old-debhelper-compat-version 11
  P: mathjax source: rules-requires-root-missing
  P: mathjax source: uses-debhelper-compat-file

* Does not rely on obsolete/demoted packages.

[UI standards]
Not a user facing application.

[Dependencies]
All binary dependencies and recommends are provided by the source package itself.

yui-compressor (universe) is only in Build-Depends.

[Standards compliance]
Uses mostly debhelper and meets FHS and Debian Policy Standards-Version 4.1.4.

[Maintenance]
Simple package, which can be synced from Debian, especially as the Debian-JS-Maintainers team is taking over this package from the original Maintainer.
Otherwise, Ubuntu Foundations should be assigned.

[Background information]
MathJax is a JavaScript library/display engine for mathematics that works in all browsers. It is used by sphinx-doc (main) to render their documentation pages.

Francis Ginther (fginther)
tags: added: id-5ebd6bcd427ff64baa4b9993
Christian Ehrhardt  (paelzer)
Changed in mathjax (Ubuntu):
assignee: nobody → Didier Roche (didrocks)
Revision history for this message
Didier Roche-Tolomelli (didrocks) wrote :

All looks good on the MIR side.
I’m not a big fan that we have the minimized MathJax.js source directly shipped rather than rebuilding it from the unpacked version that we shipped as well, but no rule is preventing this for javascript package. Note that this is manually overriden in:
./debian/source/lintian-overrides:
mathjax source: source-is-missing
mathjax source: source-contains-prebuilt-javascript-object

It ships its vendored version of combiner and compressor.

The code itself doesn’t seem to use particular tricks which should emit warnings to us.

I would like though that a bug and fix is filed upstream to avoid having this ogg being executable:
W: libjs-mathjax: executable-not-elf-or-script usr/share/javascript/mathjax/unpacked/extensions/a11y/invalid_keypress.ogg

ubuntu-foundations is not assigned though, mind poking them? I’m happy to +1 on the MIR once this is done.

Changed in mathjax (Ubuntu):
status: New → Incomplete
Revision history for this message
Lukas Märdian (slyon) wrote :

Thank you Didier for your feedback!

I am part of "ubuntu-foundations", so I will work on this. Do you want me to prepare an update for the mathjax package, fixing the executable flag of "invalid_keypress.ogg", or is it enough to have it upstream, trickling in via Debian updates?

I filed a corresponding bug upstream:
https://github.com/mathjax/MathJax/issues/2443

And proposed a fix via PR#2444:
https://github.com/mathjax/MathJax/pull/2444

Changed in mathjax (Ubuntu):
status: Incomplete → New
Revision history for this message
Dmitry Shachnev (mitya57) wrote :

> I’m not a big fan that we have the minimized MathJax.js source directly shipped rather than rebuilding it from the unpacked version

Actually no, the source is repacked during build:

https://sources.debian.org/src/mathjax/2.7.4+dfsg-1/debian/rules/#L19

(I am the current mathjax maintainer in Debian, but really looking for a new one.)

Revision history for this message
Didier Roche-Tolomelli (didrocks) wrote :

@Lukas, @Dmitry: if you can, via debian, fix the executable flag, that would be awesome.

Thanks for explaining the repack during the build, I missed it. I feel more confident :)

@Lukas: please get foundation-team subscribed to this package so that we can track responsabilities when issues arise.

Once the upload with the executable bits fix is done, I’m happy to promote it (given that the subscription is done).

Changed in mathjax (Ubuntu):
status: New → Incomplete
Revision history for this message
Dmitry Shachnev (mitya57) wrote :

> if you can, via debian, fix the executable flag, that would be awesome.

I will do it in Debian later today or tomorrow.

Revision history for this message
Lukas Märdian (slyon) wrote :

@Didier: Done. I've subscribed "Ubuntu Foundations Bugs" to the mathjax package.

@Dimitry: Thank you very much for fixing it in Debian. Apparently quilt/patch cannot be used to change file permissions... I prepared a workaround, but I'm not sure if this is the proper way to do it. Feel free to make use of my debdiff: https://paste.ubuntu.com/p/97C4YvnkmP/

Revision history for this message
Steve Langasek (vorlon) wrote :

foundations-bugs now subscribed to mathjax.

Revision history for this message
Dmitry Shachnev (mitya57) wrote :

I updated mathjax to the latest version in 2.7 series (2.7.8), and I had to exclude the whole extensions/a11y directory because all files there are now minified (and it is not easy to build at least mathjax-sre.js because it requires new versions of Google Closure library and Closure compiler).

So the problem of executable invalid_keypress.ogg is now “fixed” by no longer having that file in the tarball.

https://tracker.debian.org/news/1146978/accepted-mathjax-278dfsg-1-source-into-unstable/

Lukas Märdian (slyon)
Changed in mathjax (Ubuntu):
status: Incomplete → New
Revision history for this message
Didier Roche-Tolomelli (didrocks) wrote :

Perfect! Once it migrated to the release pocket, I’ll promote it. Do you mind pinging me once it’s the case?

Marking as triaged meanwhile.

Changed in mathjax (Ubuntu):
status: New → Triaged
Revision history for this message
Matthias Klose (doko) wrote :

now promoted in -proposed.

Override component to main
mathjax 2.7.8+dfsg-1 in groovy: universe/web -> main
fonts-mathjax 2.7.8+dfsg-1 in groovy amd64: universe/fonts/optional/100% -> main
fonts-mathjax 2.7.8+dfsg-1 in groovy arm64: universe/fonts/optional/100% -> main
fonts-mathjax 2.7.8+dfsg-1 in groovy armhf: universe/fonts/optional/100% -> main
fonts-mathjax 2.7.8+dfsg-1 in groovy i386: universe/fonts/optional/100% -> main
fonts-mathjax 2.7.8+dfsg-1 in groovy ppc64el: universe/fonts/optional/100% -> main
fonts-mathjax 2.7.8+dfsg-1 in groovy riscv64: universe/fonts/optional/100% -> main
fonts-mathjax 2.7.8+dfsg-1 in groovy s390x: universe/fonts/optional/100% -> main
fonts-mathjax-extras 2.7.8+dfsg-1 in groovy amd64: universe/fonts/optional/100% -> main
fonts-mathjax-extras 2.7.8+dfsg-1 in groovy arm64: universe/fonts/optional/100% -> main
fonts-mathjax-extras 2.7.8+dfsg-1 in groovy armhf: universe/fonts/optional/100% -> main
fonts-mathjax-extras 2.7.8+dfsg-1 in groovy i386: universe/fonts/optional/100% -> main
fonts-mathjax-extras 2.7.8+dfsg-1 in groovy ppc64el: universe/fonts/optional/100% -> main
fonts-mathjax-extras 2.7.8+dfsg-1 in groovy riscv64: universe/fonts/optional/100% -> main
fonts-mathjax-extras 2.7.8+dfsg-1 in groovy s390x: universe/fonts/optional/100% -> main
libjs-mathjax 2.7.8+dfsg-1 in groovy amd64: universe/web/extra/100% -> main
libjs-mathjax 2.7.8+dfsg-1 in groovy arm64: universe/web/extra/100% -> main
libjs-mathjax 2.7.8+dfsg-1 in groovy armhf: universe/web/extra/100% -> main
libjs-mathjax 2.7.8+dfsg-1 in groovy i386: universe/web/extra/100% -> main
libjs-mathjax 2.7.8+dfsg-1 in groovy ppc64el: universe/web/extra/100% -> main
libjs-mathjax 2.7.8+dfsg-1 in groovy riscv64: universe/web/extra/100% -> main
libjs-mathjax 2.7.8+dfsg-1 in groovy s390x: universe/web/extra/100% -> main
22 publications overridden.

Didier Roche-Tolomelli (didrocks)
Changed in mathjax (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.