This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: HEADSUP: pcre security announcement
On Wed, 7 Sep 2005, Corinna Vinschen wrote:
> First a question to the maintainers in general:
>
> There's a dependency in pcre's setup.hint which pulls in the old libpcre
> which I created ages ago and which lacks versioning support. I just
> checked and we don't have any package left which requires the old
> libpcre.
>
> Shouldn't we finally pull this crap from the distro?
I'd definitely remove it from pcre's setup.hint, but leave it in the
obsolete category, as there may be self-compiled binaries depending on it.
> On Sep 6 16:51, Yaakov S wrote:
> > Corinna Vinschen wrote:
> > > Two weeks and no response. Unfortunately we have this security
> > > issue and also a couple of packages relying on libpcre. So we would
> > > need either a quick response from Ronald or somebody willing to take
> > > over the package fairly quickly.
> > >
> > > Anybody, please?
> >
> > Here you go. Since a lot of key programs (i.e. grep) depend on this,
> > please test and make sure that this doesn't break anything.
>
> First of all, many many thank for taking over. This is definitely
> worth a gold star. IIIIGOOOOR!
Huh, did I miss something? ;-)
BTW, should Alan Hourihane get a few as well?
> Did you run the testsuite? Did you already install it on your machine
> instead of the current pcre? Otherwise, seriously, how do we test this
> package expect for installing it?!? I did some simple grep -P tests
> which still work, AFAICS, and ...
>
> > ftp://sunsite.dk/projects/cygwinports/release/pcre/pcre-6.3-1-src.tar.bz2
> > ftp://sunsite.dk/projects/cygwinports/release/pcre/pcre-6.3-1.tar.bz2
> > ftp://sunsite.dk/projects/cygwinports/release/pcre/setup.hint
> > ftp://sunsite.dk/projects/cygwinports/release/pcre/libpcre0/libpcre0-6.3-1.tar.bz2
> > ftp://sunsite.dk/projects/cygwinports/release/pcre/libpcre0/setup.hint
> > ftp://sunsite.dk/projects/cygwinports/release/pcre/pcre-devel/pcre-devel-6.3-1.tar.bz2
> > ftp://sunsite.dk/projects/cygwinports/release/pcre/pcre-devel/setup.hint
> > ftp://sunsite.dk/projects/cygwinports/release/pcre/pcre-doc/pcre-doc-6.3-1.tar.bz2
> > ftp://sunsite.dk/projects/cygwinports/release/pcre/pcre-doc/setup.hint
>
> ... the packaging looks good, so, if you don't mind, I don't mind to
> upload it immediately and throw the Cygwin community into cold water.
Hehe, how exquisitely mean... :-)
> I just would like to remove the libpcre dependency, even if we don't
> remove the libpcre package.
Igor
--
http://cs.nyu.edu/~pechtcha/
|\ _,,,---,,_ pechtcha@cs.nyu.edu
ZZZzz /,`.-'`' -. ;-;;,_ igor@watson.ibm.com
|,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D.
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
If there's any real truth it's that the entire multidimensional infinity
of the Universe is almost certainly being run by a bunch of maniacs. /DA