Re: Maintenance or successors? (was Re: Buffer overflow in the StringQuotedWord() function)

[William Bader]

>Building Lout means you have to edit the Makefile.

>This isn't difficult as such but you have to be _very_ careful since

>some of the directories you must specify must exist -- and some must not exist.

I think that you can build lout with 'make all' without any edits, but for the install, I usually change PREFIX  from /home/jeff to /usr/local and then change LOUTLIBDIR, LOUTDOCDIR and MANDIR from $(PREFIX)/... to $(PREFIX)/lib/... , and I think that the makefile needs a few places that use 'mkdir -p'.

If you have any specific places that you change, let me know.

Now that https://github.com/william8000/lout hasn't had any problems, I have about 1000 lines of my own fixes and small enhancements that I can commit. It includes changes to the makefile, fixes for crashes on pages that create complicated geometries, fixes for a calculation that could leave images in a Graph misaligned by a few points on a letter or A4 page, and support for embedding PDFs and bitmapped images.

So in that repository, 3.40 is the last release by Dr. Kingston. 3.41 is 3.40 + the CVE fixes (that will hopefully have distributions keep lout). 3.42 will be 3.41 + my changes (which should not break the processing or appearance of any existing lout files, except for placing some objects more accurately).

Regards, William

 

---

From: Lout-users <lout-users-bounces+williambader=hotmail.com@nongnu.org> on behalf of Mark Summerfield <mark@qtrac.eu>
Sent: Friday, December 18, 2020 10:41 AM
To: Yannig Robert via "Users of the Lout document typesetting system." <lout-users@nongnu.org>
Subject: Re: Maintenance or successors? (was Re: Buffer overflow in the StringQuotedWord() function)

 

Building Lout means you have to edit the Makefile.

This isn't difficult as such but you have to be _very_ careful since

some of the directories you must specify must exist -- and some must not

exist.

Best wishes,

On Fri, 18 Dec 2020 16:17:34 +0100
Yannig Robert via "Users of the Lout document typesetting system."
<lout-users@nongnu.org> wrote:
> Hello all,
>
>
> Even if I just started using it a year ago (a bit late to the party!), I
> am really glad that Lout is living on as unlike Latex I seem to be able
> to use it without loosing my sanity!
>
> There were talks earlier that Debian was dropping Lout. Does this means
> that those of us who use a Debian based OS soon will need to compile it
> ? Are there instructions somewhere for those like me who aren't experts?
>
> Regards
>
> Yannig
>
>
> On 18/12/2020 06:01, William Bader wrote:
> > I have a version of lout with the CVEs fixed at
> > https://github.com/william8000/lout
> > <https://github.com/william8000/lout> The repository has commits for
> > all of the lout 3.xx releases that I could find and then a final
> > commit that fixes the CVEs and updates the release to 3.41.
> > I can try to fix future bugs and CVEs as they are reported.
> > Regards, William
> >
> >
> > ------------------------------------------------------------------------
> > *From:* Lout-users
> > <lout-users-bounces+williambader=hotmail.com@nongnu.org> on behalf of
> > Ludovic Courtès <ludo@gnu.org>
> > *Sent:* Wednesday, December 16, 2020 5:59 AM
> > *To:* Mark Carroll <mtbc@ixod.org>
> > *Cc:* lout-users@nongnu.org <lout-users@nongnu.org>
> > *Subject:* Re: Maintenance or successors? (was Re: Buffer overflow in
> > the StringQuotedWord() function)
> > Hi,
> >
> > Mark Carroll <mtbc@ixod.org> skribis:
> > 
> > > Thank you very much indeed for all the work already done on Lout,
> > > it's a real gem, both in software and documentation. Unfortunately,
> > > I have not used C (or C++) much since the nineties so I rather doubt
> > > that I am suited to attempt to safely address outstanding CVEs; my
> > > recent history is in fixing Java ones instead! Might somebody else
> > > be up for the catchup and ongoing maintenance work? Otherwise, I
> > > hope that this is not badly off-topic: If Basser Lout is no longer
> > > maintained then I suppose it raises the question of if anyone here
> > > has migrated to anything that does not pale in comparison, is there
> > > any agreeable successor? Maybe there is some other mailing list
> > > worth following about the wider state of document formatters?
> > >
> > > I've used Lout for my own documents but, in using things like XeTeX
> > > with TikZ in the day job and such, I've yet to find a match for
> > > Lout's sheer cleanliness, it is positively a pleasure to use; I
> > > guess the functional approach really works, a worthwhile research
> > > experiment indeed. At least after I have employed tips from others
> > > about getting it to recognize various kinds of fonts, Basser Lout is
> > > one of the few pieces of software I use where the surprises tend to
> > > be more pleasant than not. "I wonder if this would work? Yes, it
> > > does!" 
> >
> > I’m late to the discussion but I agree with everything you wrote:
> > having used LaTeX (+ Beamer, etc.) for some time now, it always feels
> > clunky and brittle compared to Lout.  The functional approach of Lout
> > makes it much more pleasant to work with, and more predictable too.
> >
> > I’m not aware of any other functional document formatting tool.
> > 
> > > I wonder if I'll end up seeing how far I can get with Haskell's
> > > bindings to Cairo and if useful guidance would come from the text
> > > about Nonpareil which, admittedly, it's a long time since I looked
> > > at. Some combination of Lout's Expert's Guide and other "lessons
> > > learned" could be valuable inspiration; as you've previously
> > > observed, "Text handling is a maze where many have lost their way,"
> > > so it would be great to at least continue to benefit from how Lout
> > > advances the field. 
> >
> > That’s probably the way to go even though, like you write, this may be
> > an endless quest.  :-)
> >
> > Thanks,
> > Ludo’.
> > 



--
Mark Summerfield, Qtrac Ltd.
    DiffPDF - easy to use PDF comparison application
        http://www.qtrac.eu/diffpdf.html