[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Building AbiWord without libwmf and removing libwmf from Guix
|
From: |
Leo Famulari |
|
Subject: |
Building AbiWord without libwmf and removing libwmf from Guix |
|
Date: |
Sat, 27 May 2017 13:06:00 -0400 |
|
User-agent: |
Mutt/1.8.2 (2017-04-18) |
The last update to libwmf was twelve years ago, in 2005. In the
meantime, a large number of security issues have been discovered in this
library. These bugs are fixed somewhat haphazardly by the distributions.
While working on patching CVE-2016-9011 in libwmf, and backporting fixes
for CVE-2016-{9317,10167,10168} in the ancient bundled libgd, I find
myself wondering if we need this library at all. The patches from this
12 year span of 3rd party fixes begin to conflict with each other...
Libwmf is only used as a "plugin" by AbiWord, and AbiWord can be
configured to build without it.
Otherwise, someone needs to overhaul and update our libwmf patch series.
I've included a WIP patch that includes the fixes. Not all of the new
patches apply.
WDYT?
0001-WIP-libwmf-Fix-CVE-2016-9011-9317-10167-10168.patch
Description: Text document
signature.asc
Description: PGP signature
- Building AbiWord without libwmf and removing libwmf from Guix,
Leo Famulari <=