From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mark H Weaver <mhw@netris.org>
Subject: Re: Building AbiWord without libwmf and removing libwmf from Guix
Date: Sat, 27 May 2017 15:41:41 -0400
Message-ID: <87tw46140a.fsf@netris.org>
References: <20170527170600.GA16269@jasmine>
Mime-Version: 1.0
Content-Type: text/plain
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:48211)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mhw@netris.org>) id 1dEhb5-0004bp-2R
	for guix-devel@gnu.org; Sat, 27 May 2017 15:42:00 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mhw@netris.org>) id 1dEhb0-0005m1-7G
	for guix-devel@gnu.org; Sat, 27 May 2017 15:41:59 -0400
Received: from world.peace.net ([50.252.239.5]:36648)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <mhw@netris.org>) id 1dEhb0-0005lx-3l
	for guix-devel@gnu.org; Sat, 27 May 2017 15:41:54 -0400
In-Reply-To: <20170527170600.GA16269@jasmine> (Leo Famulari's message of "Sat,
	27 May 2017 13:06:00 -0400")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Leo Famulari <leo@famulari.name>
Cc: guix-devel@gnu.org

Leo Famulari <leo@famulari.name> writes:

> The last update to libwmf was twelve years ago, in 2005. In the
> meantime, a large number of security issues have been discovered in this
> library. These bugs are fixed somewhat haphazardly by the distributions.
>
> While working on patching CVE-2016-9011 in libwmf, and backporting fixes
> for CVE-2016-{9317,10167,10168} in the ancient bundled libgd, I find
> myself wondering if we need this library at all. The patches from this
> 12 year span of 3rd party fixes begin to conflict with each other...
>
> Libwmf is only used as a "plugin" by AbiWord, and AbiWord can be
> configured to build without it.

What functionality would be lost?  I guess that AbiWord would lose the
ability to open some kinds of files, but it would be good to know
whether or not such files are still in common use.

      Mark