[Bug 1208381] New: Drop gumbo-parser from the distribution
https://bugzilla.suse.com/show_bug.cgi?id=1208381 Bug ID: 1208381 Summary: Drop gumbo-parser from the distribution Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: jengelh@inai.de Reporter: mrueckert@suse.com QA Contact: qa-bugs@suse.de CC: dmueller@suse.com, llyyr.public@gmail.com, mimi.vx@gmail.com, socvirnyl.estela@gmail.com Found By: --- Blocker: --- In https://github.com/sparklemotion/nokogiri/issues/2318 I asked why it was possible to build against the system copy of gumbo-parser. The reply was "the upstream copy is insecure and should not be used with user generated content" I asked google for clarification about the status and last night I got the reply that the project is now declared dead. https://twitter.com/arw/status/1626016312467271682 osc whatdependson openSUSE:Factory/gumbo-parser standard x86_64 gumbo-parser : claws-mail gromox mupdf python-PyMuPDF sioyek zathura-plugin-pdf-mupdf -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208381 https://bugzilla.suse.com/show_bug.cgi?id=1208381#c1 --- Comment #1 from Jan Engelhardt <jengelh@inai.de> --- gromox is now no longer depending on gumbo. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208381 https://bugzilla.suse.com/show_bug.cgi?id=1208381#c2 --- Comment #2 from llyyr <llyyr.public@gmail.com> --- submitted SRs for mupdf and zathura-plugin-pdf-mupdf https://build.opensuse.org/request/show/1069780 https://build.opensuse.org/request/show/1069779 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208381 Wolfgang Engel <wolfgang.engel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |wolfgang.engel@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208381 https://bugzilla.suse.com/show_bug.cgi?id=1208381#c4 --- Comment #4 from Jan Engelhardt <jengelh@inai.de> --- Are there some CVE numbers we can present to software projects? To nudge them... -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208381 https://bugzilla.suse.com/show_bug.cgi?id=1208381#c6 --- Comment #6 from Marcus R�ckert <mrueckert@suse.com> --- (In reply to Jan Engelhardt from comment #4)
Are there some CVE numbers we can present to software projects? To nudge them...
see the initial comment (nokogiri and twitter link) upstream (google) declared the project dead. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208381 https://bugzilla.suse.com/show_bug.cgi?id=1208381#c7 --- Comment #7 from Marcus R�ckert <mrueckert@suse.com> --- https://github.com/google/gumbo-parser/blob/master/README.md -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208381 https://bugzilla.suse.com/show_bug.cgi?id=1208381#c8 Jan Engelhardt <jengelh@inai.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #8 from Jan Engelhardt <jengelh@inai.de> --- gumbo is gone. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com