| Summary: | Cannot install 'sweethome3d' due to missing dependency 'itext-core' | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Lewis Smith <lewyssmith> |
| Component: | RPM Packages | Assignee: | David GEIGER <geiger.david68210> |
| Status: | RESOLVED WONTFIX | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | mageia, olivier.placais |
| Version: | Cauldron | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | sweethome3d-6.3-1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
Lewis Smith
2020-11-15 22:01:00 CET
This looks relevant: https://ml.mageia.org/l/arc/dev/2020-09/msg00118.html itext is really problematic as it is really old, and newer versions fixed serious security issues but also went non-open-source IIRC. CC:
(none) =>
mageia Thanks for your observations. > itext is really problematic as it is really old, and newer versions fixed > serious security issues but also went non-open-source IIRC. Is there any reason why we cannot carry forward 'itext' from Mageia 7 to 8? The off-line nature of the Sweethome application makes security issues of doubtful relevance.(There is also an on-line version...) http://www.sweethome3d.com/license.jsp "Sweet Home 3D includes also the following libraries distributed under licenses less restrictive than GNU GPL: ... iText PDF print library version 2.1.7 distributed under GNU Lesser General Public License," http://www.sweethome3d.com/history.jsp Version 2.2, December 26, 2009 Updated iText to version 2.1.7 (caution: from version 5.0.0, iText isn't distributed under GNU LGPL license anymore). [No more recent mention of 'itext'] SH3D Version 6.3, April 15, 2020 [in Cauldron; 2 more recent bugfix versios] I found no mention of itext security issues in their forum, although there is one Linux/Ubuntu install thread from Jan 2020: http://www.sweethome3d.com/support/forum/viewthread_thread,9957 which includes routine references to libitext-java_2.1.7 Old though it may be, it is still around.
Olivier Placais
2021-01-09 20:56:11 CET
CC:
(none) =>
olivier.placais Pinging. Either we include the M7 itext in M8, or have to drop sweethome3d. If itext has carried on since 2009, why drop it now rather than sooner? removed from Cauldron (mga8)! We can re-add it as a backport if we can fix it later Status:
NEW =>
RESOLVED It would have helped to say that the old 'sweethome' pkg requiring 'itext' is hopefully being replaced by a new one 'sunflow-sweethome3d', which does not! In which case - thank you! Trying that, perhaps too soon: $ sudo urpmi sunflow-sweethome3d worked. But I could not run it. No menu entry. $ urpmq -l sunflow-sweethome3d /usr/share/doc/sunflow-sweethome3d /usr/share/doc/sunflow-sweethome3d/README.md /usr/share/java/sunflow-0.07.3i.jar /usr/share/maven-metadata/sunflow-sweethome3d.xml /usr/share/maven-poms/sunflow-0.07.3i.pom $ /usr/share/java/sunflow-0.07.3i.jar bash: /usr/share/java/sunflow-0.07.3i.jar: Permission denied $ ls -l /usr/share/java/sunflow-0.07.3i.jar -rw-r--r-- 1 root root 589799 Chw 14 2020 Is this correct? I changed it to all 'x': $ /usr/share/java/sunflow-0.07.3i.jar bash: /usr/share/java/sunflow-0.07.3i.jar: cannot execute binary file: Exec format error $ java /usr/share/java/sunflow-0.07.3i.jar Error: Could not find or load main class .usr.share.java.sunflow-0.07.3i.jar Caused by: java.lang.ClassNotFoundException: /usr/share/java/sunflow-0/07/3i/jar Hope this helps. |