This is the mail archive of the
mailing list for the Cygwin project.
Re: HEADSUP: pcre security announcement
First a question to the maintainers in general:
There's a dependency in pcre's setup.hint which pulls in the old libpcre
which I created ages ago and which lacks versioning support. I just
checked and we don't have any package left which requires the old libpcre.
Shouldn't we finally pull this crap from the distro?
On Sep 6 16:51, Yaakov S wrote:
> Corinna Vinschen wrote:
> > Two weeks and no response. Unfortunately we have this security issue
> > and also a couple of packages relying on libpcre. So we would need either
> > a quick response from Ronald or somebody willing to take over the package
> > fairly quickly.
> > Anybody, please?
> Here you go. Since a lot of key programs (i.e. grep) depend on this,
> please test and make sure that this doesn't break anything.
First of all, many many thank for taking over. This is definitely
worth a gold star. IIIIGOOOOR!
Did you run the testsuite? Did you already install it on your machine
instead of the current pcre? Otherwise, seriously, how do we test this
package expect for installing it?!? I did some simple grep -P tests
which still work, AFAICS, and ...
... the packaging looks good, so, if you don't mind, I don't mind to
upload it immediately and throw the Cygwin community into cold water.
I just would like to remove the libpcre dependency, even if we don't
remove the libpcre package.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader mailto:email@example.com
Red Hat, Inc.