Bug 3763 - Fancy plugin uses insecure webkitgtk+ 2 library
Summary: Fancy plugin uses insecure webkitgtk+ 2 library
Status: NEW
Alias: None
Product: Claws Mail
Classification: Unclassified
Component: Plugins/Fancy (show other bugs)
Version: 3.14.1
Hardware: PC Linux
: P3 enhancement
Assignee: users
URL:
Depends on:
Blocks:
 
Reported: 2017-01-20 17:45 CET by waldner
Modified: 2018-07-03 11:43 CEST (History)
5 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description waldner 2017-01-20 17:45:52 CET
The library has lots of security bugs that will not be fixed, arch linux has removed the fancy plugin from claws-mail. Is a fancy replacement scheduled at some point?

https://www.archlinux.org/todo/phasing-out-webkitgtk2/
Comment 1 Michael Schwendt 2017-01-20 18:06:58 CET
There is a similar movement at the Fedora Project:

  Proposal: remove insecure WebKitGTK+ packages for F27
  https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/AKVB363GFCHHJ5MTHGVYHYT6NLLTF5VM/
Comment 2 Mihai Dontu 2017-02-09 13:56:49 CET
Gentoo removed the plugin too: https://bugs.gentoo.org/show_bug.cgi?id=608612
Comment 3 waldner 2017-02-12 15:55:23 CET
Arch Linux is now offering dillo as a replacement, which however in my opinion is far inferior.
Comment 4 Ricardo Mones 2017-02-17 10:42:16 CET
FWIW, the corresponding Debian bug: https://bugs.debian.org/790199
Comment 5 Paul Natsuo Kishimoto 2017-10-20 21:06:24 CEST
As of version 17.10/19 October 2017, the fancy plugin is no longer available in Ubuntu, because of this issue.

Downstream bug:
https://bugs.launchpad.net/ubuntu/+source/claws-mail/+bug/1724999
Comment 6 Paul Natsuo Kishimoto 2017-11-03 20:45:23 CET
Hi all,

This bug has has a non-negligible effect on my productivity. Although I'm not an experienced C/Gtk dev, purely out of idleness I started poking at this to see how much work was involved.

Incomplete code is at: https://github.com/khaeru/claws/pull/1