Re: Maintenance or successors? (was Re: Buffer overflow in the StringQuotedWord() function)

[William Bader]

I have a version of lout with the CVEs fixed at https://github.com/william8000/lout

The repository has commits for all of the lout 3.xx releases that I could find and then a final commit that fixes the CVEs and updates the release to 3.41.

I can try to fix future bugs and CVEs as they are reported.

Regards, William

---

From: Lout-users <lout-users-bounces+williambader=hotmail.com@nongnu.org> on behalf of Ludovic Courtès <ludo@gnu.org>
Sent: Wednesday, December 16, 2020 5:59 AM
To: Mark Carroll <mtbc@ixod.org>
Cc: lout-users@nongnu.org <lout-users@nongnu.org>
Subject: Re: Maintenance or successors? (was Re: Buffer overflow in the StringQuotedWord() function)

 

Hi,

Mark Carroll <mtbc@ixod.org> skribis:

> Thank you very much indeed for all the work already done on Lout, it's a
> real gem, both in software and documentation. Unfortunately, I have not
> used C (or C++) much since the nineties so I rather doubt that I am
> suited to attempt to safely address outstanding CVEs; my recent history
> is in fixing Java ones instead! Might somebody else be up for the
> catchup and ongoing maintenance work? Otherwise, I hope that this is not
> badly off-topic: If Basser Lout is no longer maintained then I suppose
> it raises the question of if anyone here has migrated to anything that
> does not pale in comparison, is there any agreeable successor? Maybe
> there is some other mailing list worth following about the wider state
> of document formatters?
>
> I've used Lout for my own documents but, in using things like XeTeX with
> TikZ in the day job and such, I've yet to find a match for Lout's sheer
> cleanliness, it is positively a pleasure to use; I guess the functional
> approach really works, a worthwhile research experiment indeed. At least
> after I have employed tips from others about getting it to recognize
> various kinds of fonts, Basser Lout is one of the few pieces of software
> I use where the surprises tend to be more pleasant than not. "I wonder
> if this would work? Yes, it does!"

I’m late to the discussion but I agree with everything you wrote: having
used LaTeX (+ Beamer, etc.) for some time now, it always feels clunky
and brittle compared to Lout.  The functional approach of Lout makes it
much more pleasant to work with, and more predictable too.

I’m not aware of any other functional document formatting tool.

> I wonder if I'll end up seeing how far I can get with Haskell's bindings
> to Cairo and if useful guidance would come from the text about Nonpareil
> which, admittedly, it's a long time since I looked at. Some combination
> of Lout's Expert's Guide and other "lessons learned" could be valuable
> inspiration; as you've previously observed, "Text handling is a maze
> where many have lost their way," so it would be great to at least
> continue to benefit from how Lout advances the field.

That’s probably the way to go even though, like you write, this may be
an endless quest.  :-)

Thanks,
Ludo’.