Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 472832

Summary: app-text/jmupdf has bundled version of app-text/mupdf
Product: Gentoo Linux Reporter: Michael Weber (RETIRED) <xmw>
Component: Current packagesAssignee: Michael Weber (RETIRED) <xmw>
Status: RESOLVED OBSOLETE    
Severity: normal CC: esigra, java
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://code.google.com/p/jmupdf/issues/detail?id=22
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 251464    

Description Michael Weber (RETIRED) gentoo-dev 2013-06-10 08:41:12 UTC 
the update is non-trivial,
first steps were done with app-text/jmupdf[system-mupdf].
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2017-04-29 09:37:05 UTC 
I guess this affects all app-text/mupdf security bugs.
Comment 2 James Le Cuirot gentoo-dev 2017-08-30 22:19:38 UTC 
Michael, how would you feel about last-riting this? Upstream is dead, it bundles a vulnerable mupdf, nothing actually depends on it, and if it really doesn't build with Java 8 (as the deps imply) then it's blocking the removal of Java 7.
Comment 3 Larry the Git Cow gentoo-dev 2017-11-05 13:56:35 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97bb1cdc9c44c3c242349a286632b554f359de84

commit 97bb1cdc9c44c3c242349a286632b554f359de84
Author:     James Le Cuirot <chewi@gentoo.org>
AuthorDate: 2017-11-05 13:54:00 +0000
Commit:     James Le Cuirot <chewi@gentoo.org>
CommitDate: 2017-11-05 13:54:00 +0000

    profiles: Mask app-text/jmupdf
    
    Upstream dead, bundles a vulnerable mupdf, nothing depends on it, and
    blocks the removal of Java 7. Removal in 30 days.
    
    Bug: https://bugs.gentoo.org/472832

 profiles/package.mask | 5 +++++
 1 file changed, 5 insertions(+)}
Comment 4 Bodo Graumann 2017-11-14 09:16:22 UTC 
You forgot about jtweakpdf-1.1. Given it is not in the tree yet. But there is https://bugs.gentoo.org/331981
I'm not using it regularly, but it is a nice tool to have...
Comment 5 James Le Cuirot gentoo-dev 2017-11-14 09:54:53 UTC 
(In reply to Bodo Graumann from comment #4)
> You forgot about jtweakpdf-1.1. Given it is not in the tree yet. But there
> is https://bugs.gentoo.org/331981
> I'm not using it regularly, but it is a nice tool to have...

Okay but someone who cares enough will need to do something about jmupdf. I can live with a dead upstream but the vulnerabilities are a showstopper. The Java 7 requirement may not be a problem once we get Java 9 because it can build against older releases more easily.
Comment 6 James Le Cuirot gentoo-dev 2017-12-06 21:56:48 UTC 
app-text/jmupdf has been last-rited. Sorry folks.