This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [ITP-adopt] curl 7.15.0

From: "Yaakov S (Cygwin Ports)" <yselkowitz at users dot sourceforge dot net>
To: cygwin-apps at cygwin dot com
Date: Wed, 23 Nov 2005 13:06:54 -0600
Subject: Re: [ITP-adopt] curl 7.15.0
References: <4383E819.7D0BCA54@dessent.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brian Dessent wrote:
> I would like to adopt these packages and maintain them.  The current
> packaged version is somewhat old anyway, and I believe that someone
> mentioned it being vulnerable to a security flaw.  Below are packages
> for 7.15.0.

First, thank you for taking on curl.

A few questions:

1) I don't think that we should keep libcurl2 as-is, being that it's
vulnerable.  Either we could drop it entirely (and recompile
vorbis-tools against libcurl3 immediately), or rebuild curl-7.11 with
the following patch:

http://curl.haxx.se/libcurl-ntlmbuf.patch

2) curl-7.15 can use c-ares and libidn, both recently proposed by
Gerrit.  c-ares was approved, but libidn had some packaging issues.
Maybe you could work with him to get those in the distro, then link
curl-7.15.0 with them as well (either now or for -2).

Yaakov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDhL3OpiWmPGlmQSMRAosrAKDAHQ9ldfW/N2YZXg3Fk/IZzfyyUwCfXhW+
uIrEEuZEr5AvuGArVPEeC+8=
=ZUpH
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: [ITP-adopt] curl 7.15.0
  - From: Brian Dessent

References:
- [ITP-adopt] curl 7.15.0
  - From: Brian Dessent

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]