Summary: | app-text/jmupdf has bundled version of app-text/mupdf | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Michael Weber (RETIRED) <xmw> |
Component: | Current packages | Assignee: | Michael Weber (RETIRED) <xmw> |
Status: | RESOLVED OBSOLETE | ||
Severity: | normal | CC: | esigra, java |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://code.google.com/p/jmupdf/issues/detail?id=22 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 251464 |
Description
Michael Weber (RETIRED)
2013-06-10 08:41:12 UTC
I guess this affects all app-text/mupdf security bugs. Michael, how would you feel about last-riting this? Upstream is dead, it bundles a vulnerable mupdf, nothing actually depends on it, and if it really doesn't build with Java 8 (as the deps imply) then it's blocking the removal of Java 7. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97bb1cdc9c44c3c242349a286632b554f359de84 commit 97bb1cdc9c44c3c242349a286632b554f359de84 Author: James Le Cuirot <chewi@gentoo.org> AuthorDate: 2017-11-05 13:54:00 +0000 Commit: James Le Cuirot <chewi@gentoo.org> CommitDate: 2017-11-05 13:54:00 +0000 profiles: Mask app-text/jmupdf Upstream dead, bundles a vulnerable mupdf, nothing depends on it, and blocks the removal of Java 7. Removal in 30 days. Bug: https://bugs.gentoo.org/472832 profiles/package.mask | 5 +++++ 1 file changed, 5 insertions(+)} You forgot about jtweakpdf-1.1. Given it is not in the tree yet. But there is https://bugs.gentoo.org/331981 I'm not using it regularly, but it is a nice tool to have... (In reply to Bodo Graumann from comment #4) > You forgot about jtweakpdf-1.1. Given it is not in the tree yet. But there > is https://bugs.gentoo.org/331981 > I'm not using it regularly, but it is a nice tool to have... Okay but someone who cares enough will need to do something about jmupdf. I can live with a dead upstream but the vulnerabilities are a showstopper. The Java 7 requirement may not be a problem once we get Java 9 because it can build against older releases more easily. app-text/jmupdf has been last-rited. Sorry folks. |