HEADSUP: pcre security announcement

Igor Pechtchanski pechtcha@cs.nyu.edu
Wed Sep 7 12:48:00 GMT 2005 

On Wed, 7 Sep 2005, Corinna Vinschen wrote:

> First a question to the maintainers in general:
>
> There's a dependency in pcre's setup.hint which pulls in the old libpcre
> which I created ages ago and which lacks versioning support.  I just
> checked and we don't have any package left which requires the old
> libpcre.
>
> Shouldn't we finally pull this crap from the distro?

I'd definitely remove it from pcre's setup.hint, but leave it in the
obsolete category, as there may be self-compiled binaries depending on it.

> On Sep  6 16:51, Yaakov S wrote:
> > Corinna Vinschen wrote:
> > > Two weeks and no response.  Unfortunately we have this security
> > > issue and also a couple of packages relying on libpcre.  So we would
> > > need either a quick response from Ronald or somebody willing to take
> > > over the package fairly quickly.
> > >
> > > Anybody, please?
> >
> > Here you go.  Since a lot of key programs (i.e. grep) depend on this,
> > please test and make sure that this doesn't break anything.
>
> First of all, many many thank for taking over.  This is definitely
> worth a gold star.  IIIIGOOOOR!

Huh, did I miss something? ;-)
BTW, should Alan Hourihane get a few as well?

> Did you run the testsuite?  Did you already install it on your machine
> instead of the current pcre?  Otherwise, seriously, how do we test this
> package expect for installing it?!?  I did some simple grep -P tests
> which still work, AFAICS, and ...
>
> > ftp://sunsite.dk/projects/cygwinports/release/pcre/pcre-6.3-1-src.tar.bz2
> > ftp://sunsite.dk/projects/cygwinports/release/pcre/pcre-6.3-1.tar.bz2
> > ftp://sunsite.dk/projects/cygwinports/release/pcre/setup.hint
> > ftp://sunsite.dk/projects/cygwinports/release/pcre/libpcre0/libpcre0-6.3-1.tar.bz2
> > ftp://sunsite.dk/projects/cygwinports/release/pcre/libpcre0/setup.hint
> > ftp://sunsite.dk/projects/cygwinports/release/pcre/pcre-devel/pcre-devel-6.3-1.tar.bz2
> > ftp://sunsite.dk/projects/cygwinports/release/pcre/pcre-devel/setup.hint
> > ftp://sunsite.dk/projects/cygwinports/release/pcre/pcre-doc/pcre-doc-6.3-1.tar.bz2
> > ftp://sunsite.dk/projects/cygwinports/release/pcre/pcre-doc/setup.hint
>
> ... the packaging looks good, so, if you don't mind, I don't mind to
> upload it immediately and throw the Cygwin community into cold water.

Hehe, how exquisitely mean... :-)

> I just would like to remove the libpcre dependency, even if we don't
> remove the libpcre package.

	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha@cs.nyu.edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor@watson.ibm.com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

If there's any real truth it's that the entire multidimensional infinity
of the Universe is almost certainly being run by a bunch of maniacs. /DA

More information about the Cygwin-apps mailing list