[MacPorts] #68593: gettext @0.21.1: newer version available

[MacPorts]

#68593: gettext @0.21.1: newer version available
------------------------+------------------------
  Reporter:  tifrueh    |      Owner:  ryandesign
      Type:  update     |     Status:  closed
  Priority:  Normal     |  Milestone:
 Component:  ports      |    Version:  2.8.1
Resolution:  duplicate  |   Keywords:
      Port:  gettext    |
------------------------+------------------------

Comment (by ryandesign):

 Replying to [comment:2 tifrueh]:
 > ''Note: Looking at the Arch Linux package I saw that `libtextstyle` is
 being disabled there, due to it depending on `libcroco` which is
 supposedly unmaintained and insecure. Might it be a good idea to do the
 same thing on MacPorts?''

 As it says in `port info libtextstyle`, "This library is part of gettext
 and a prerequisite for tools like msgfmt and friends". `msgfmt` is used by
 zillions of ports. In addition, bison depends on libtextstyle.

 gettext used to have the ability to use an external (MacPorts) version of
 libcroco but that capability was removed from upstream gettext and the
 MacPorts gettext port with the 0.21.x update. I'm not familiar with
 libcroco or gettext's use of it. I do see that
 [https://gitlab.gnome.org/Archive/libcroco libcroco has been archived] and
 I do see that [https://gitlab.gnome.org/Archive/libcroco/-/issues/8 the
 most recently filed bug report] is a CVE that was not fixed upstream. The
 MacPorts libcroco port did get
 [changeset:698a3c4277751f712a7b627ad0da38e19c61556d/macports-ports a patch
 for that CVE]. I do not see that patch having been applied to the version
 of libcroco included in the gettext repository.

 Please bring your concerns to the developers of gettext since they are the
 ones who would have to add the patch for the CVE or rewrite libtextstyle
 to use a different library if they agree that libcroco is insecure.

-- 
Ticket URL: <https://trac.macports.org/ticket/68593#comment:4>
MacPorts <https://www.macports.org/>
Ports system for macOS