[ITP-adopt] curl 7.15.0
Yaakov S (Cygwin Ports)
yselkowitz@users.sourceforge.net
Wed Nov 23 19:07:00 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brian Dessent wrote:
> I would like to adopt these packages and maintain them. The current
> packaged version is somewhat old anyway, and I believe that someone
> mentioned it being vulnerable to a security flaw. Below are packages
> for 7.15.0.
First, thank you for taking on curl.
A few questions:
1) I don't think that we should keep libcurl2 as-is, being that it's
vulnerable. Either we could drop it entirely (and recompile
vorbis-tools against libcurl3 immediately), or rebuild curl-7.11 with
the following patch:
http://curl.haxx.se/libcurl-ntlmbuf.patch
2) curl-7.15 can use c-ares and libidn, both recently proposed by
Gerrit. c-ares was approved, but libidn had some packaging issues.
Maybe you could work with him to get those in the distro, then link
curl-7.15.0 with them as well (either now or for -2).
Yaakov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDhL3OpiWmPGlmQSMRAosrAKDAHQ9ldfW/N2YZXg3Fk/IZzfyyUwCfXhW+
uIrEEuZEr5AvuGArVPEeC+8=
=ZUpH
-----END PGP SIGNATURE-----
More information about the Cygwin-apps
mailing list